Data Protection Policy

Introduction

Cryoniss works to the principles of Good Laboratory Practice (GLP), Good Clinical Practice

(GCP) and Good Manufacturing Practice (GMP). Samples are regulated by the Health and Safety

Executive, Animal Plant and Health Agency and the Human Tissue Authority. Alongside these

Cryoniss adheres to regulations pertaining to The Medicines for Human Use (Clinical Trials) Regulations 2004 and European Medicines Agency reflection paper for laboratories carrying out clinical analysis. To enable handling of medicinal products, Cryoniss complies with the EC guidelines for GDP of Medicinal Products for Human Use, Directive 2001/83/EC Community Code relating to Medicinal Products for Human Use and Regulations 43-45 of the Human Medicines Regulations 2012.

Cryoniss procedures and processes have been developed to ensure sample and product integrity and security is of the highest priority, alongside our customer service. If upon reading this document you feel that our processes could be improved, please raise this to the Documents Manager.

Cryoniss’s data protection policy for the use of personal data.  

The General Data Protection Regulation (GDPR) came into force on May 25th 2018 in all member states, to harmonise data privacy laws across Europe. Since Brexit, the Data Protection Act 2018 (DPA 2018) continues to apply. The provisions of the EU GDPR were incorporated directly into UK law at the end of the transition period and now the UK GDPR sits alongside the DPA 2018 with some technical amendments so that it works in a UK-only context.

Controller contact details: 

Cryoniss Ltd. 

Registered address Alderley Park, Mereside, Macclesfield, SK10 4TG, United Kingdom  

Tel: 01625 460235

enquiries@cryoniss.com

Your Personal Data – What is it?

“Personal Data” or “Personal Identifying Information” is any information about a living individual which allows them to be identified, such as a name, email address or photograph. This includes information which in combination can identify an individual. Processing of your Personal Data is governed by data protection legislation, including the General Data Protection Regulation (“GDPR”) and other legislation relating to personal data and rights such as the Human Rights Act. A description of what personal data Cryoniss processes and for what purposes is set out in this Privacy Policy.

Our commitment to privacy

Cryoniss Limited ("Cryoniss") maintains, at all times, the highest regard for privacy of its staff, users and associates. We take your privacy, and our responsibility under data protection legislation, very seriously. We believe this to be an important part of our service to all parties with whom we have a relationship. We want you to be able to interact with Cryoniss in a worry-free and safe environment.

Cryoniss are committed to upholding the principles of data protection. Data must be:

  • Used lawfully, fairly and in a transparent way;

  • Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes;

  • Relevant to the purposes we have told you about and limited only to those purposes;

  • Accurate and kept up to date;

  • Kept only as long as necessary for the purposes we have told you about;

  • Kept and destroyed securely including ensuring that appropriate technical and security measures are in place to protect your personal data, to protect data from loss, misuse, unauthorised access and disclosure.

The specific data gathered and processed by Cryoniss will depend upon the relationship between Cryoniss and the individual concerned. Below you will find information on processing of data for different categories of individual.

Clients, Potential Clients and Collection and Delivery Contacts

Cryoniss process the following information:

  • Names and titles

  • Contact details such as telephone numbers, addresses and email addresses

  • Where you pay for activities, financial identifiers such as bank account numbers

  • On occasion, a copy of identification such as a passport or driver’s licence

We use your personal data for some or all of the following purposes: -

  • Communication regarding shipments

  • Provision of quotes and pricing

  • Production of shipment paperwork

  • Customs and regulatory clearance

  • Invoicing for services

  • Credit checks

  • Screening for Denied Parties

  • Provision of reports

  • Requesting voluntary feedback on services and how these can be improved Communication of offers or new services which we feel may be of interest to you

  • Self-assessment of our performance to improve the service received.

Purpose of Collection.

Cryoniss strictly adheres to all relevant legislation. Your personal data is being processed to allow Cryoniss to deliver our service – we retain information that is necessary to provide quotes and subsequent associated financial transactions. This includes processing necessary to communicate shipment events to all parties to the transaction. Cryoniss may also use the information for the purpose of improving our service to you and other users, for customer administration and, from time-to-time, to communicate information that we feel may be relevant and of benefit to you, such as implementation of new services.

Data necessary for delivery of service is collected directly from individuals or from third-parties who are subject to the same transaction, e.g. consignee name provided by the customer. Personal Data used for the purposes of marketing may also be obtained through industry events and exhibitions, marketing databases and research social media sites such as LinkedIn. 

Employees– including applicants, candidates and former employees

Note, not all data listed below will be gathered for applicants or candidates. Some information will only be relevant once an offer of employment has been made and accepted. 

  • Names, titles, and aliases, photographs.

  • Start date / leaving date

  • Contact details such as telephone numbers, addresses, and email addresses.

  • Where they are relevant to our legal obligations, or where you provide them to us, we may process information such as gender, age, date of birth, marital status, nationality, education/work history, academic/professional qualifications, employment details, hobbies, family composition, and dependants.

  • Non-financial identifiers such as passport numbers, driving licence numbers, vehicle registration numbers, taxpayer identification numbers, staff identification numbers, tax reference codes, and national insurance numbers.

  • Financial identifiers such as bank account numbers, payment/transaction identifiers, policy numbers, and claim numbers.

  • Financial information such as National Insurance number, pay and pay records, tax code, tax and benefits contributions, expenses claimed.

  • Next of kin and emergency contact information.

  • Recruitment information* (including copies of right to work documentation, references and other information included in a CV or cover letter or as part of the application process and referral source (e.g. agency, staff referral)).

  • Location of employment or workplace.

Other staff data (not covered above) including; level, performance management information, languages and proficiency; licences/certificates, immigration status; employment status; information for disciplinary and grievance proceedings; and personal biographies.

  • Information about your use of our information and communications systems.

We use your personal data for some or all of the following purposes: -

  • Making a decision about your recruitment or appointment.

  • For security purposes.

  • Determining the terms on which you work for us.

  • Checking you are legally entitled to work in the country concerned.

  • Paying you and, if you are an employee, deducting tax and National Insurance contributions.

  • Providing any contractual benefits to you.

  • Liaising with your benefits provider.

  • Administering the contract, we have entered into with you.

  • Management and planning, including accounting and auditing.

  • Conducting performance reviews, managing performance and determining performance requirements.

  • Making decisions about salary reviews and compensation.

  • Assessing qualifications for a particular job or task, including decisions about promotions.

  • Conducting grievance or disciplinary proceedings.

  • Making decisions about your continued employment or engagement.

  • Making arrangements for the termination of our working relationship.

  • Education, training and development requirements.

  • Dealing with legal disputes involving you, including accidents at work.

  • Ascertaining your fitness to work.

  • Managing sickness absence.

  • Complying with health and safety obligations.

  • To prevent fraud.

  • To monitor your use of our information and communication systems to ensure compliance with our IT policies.

To ensure network and information security, including preventing unauthorised access to our computer and electronic communications systems and preventing malicious software distribution.

  • To conduct data analytics studies to review and better understand employee retention and attrition rates.

  • Equal opportunities monitoring.

  • To undertake activity consistent with our statutory functions and powers including any delegated functions.

  • To maintain our own accounts and records;

  • To seek your views or comments;

  • To process a job application;

  • To provide a reference.

  • To help build a more effective team through better communication.

  • Administration of our business interests including achieving industry and customer recognition for the services we offer.

Purpose of Collection.

Your personal data is being processed to allow Cryoniss to assess your suitability for employment or to establish and manage an employee/employer relationship.

Suppliers

Cryoniss process the following information:

  • Names and titles

  • Contact details such as telephone numbers, addresses and email addresses

  • Where you pay for activities, financial identifiers such as bank account numbers

  • On occasion, a copy of identification such as a passport or driver’s licence.

We use your personal data for some or all of the following purposes

  • Communication regarding shipments

  • Provision of quotes and pricing

  • Production of shipment paperwork

  • Customs and regulatory clearance

  • Invoicing for services

Credit checks

  • Screening for Denied Parties – See this document for further information

  • Provision of reports

  • Audit purposes with a view to assessing the relationship

  • Internal audit with a view to identifying areas of improvement.

Legal Basis for Processing Your Personal Data

Information relating to our customers or enquiries and quotes is processed subject to delivery of our service and is therefore necessary for the performance of a contract or in order to take steps at the individuals request prior to entering into a contract. Copies of identification will only be requested when required to meet our legal obligations in relation to security. Similarly, personal data of appointed or potential suppliers is necessary for the performance of a contract between Cryoniss and the other contracting party.

Processing of personal data relating to shippers or recipients of packages is necessary for the legitimate interests of Cryoniss, our customers and those of the individuals in question.

Data collected through use of online services and through feedback mechanisms such as our customer survey are subject to the same lawful bases for processing.

Information used for marketing purposes is processed in accordance with the legitimate interests of Cryoniss and is only processed for these purposes where we believe that these interests coincide with those of the data subject. Refer to the section on marketing for further information.

Processing of information pertaining to staff, applicants or candidates is necessary for the performance of a contract or in order to take steps at the individuals request prior to entering into a contract, subject to our legal obligations as an employer, or subject to our legal security and health and safety obligations.

Disclosure of Information

Cryoniss will keep in confidence any personal identifying information you provide, now or in the future, and will not monitor, edit or disclose that information to any person other than:

  • Cryoniss employees

  • Our agents, suppliers and contractors

  • Professional advisors or other third-parties who satisfy Cryoniss that they need to know the information

  • Individuals that are party to delivery of the service, such as recipients or other parties to the contract (e.g. procurement)

All such information is administered by Cryoniss and its third-party suppliers, affiliates and partners and will be used only for the administration of our offered services and in accordance with Cryoniss Terms and Conditions of Use and this Privacy Policy. Third-parties with whom information is shared are subject to review and detailed agreements concerning use of any data.

Where disclosure is not required for performance of our service Cryoniss will only disclose your information with your prior consent or if required to do so by law or in the good faith belief that such action is necessary. Such necessity could include: (1) conforming to law, judicial or agency order or other like instructions; (2) protecting and defending the rights or property of Cryoniss; (3) acting under exigent circumstances to protect the personal or informational safety of its members or the public.

Marketing

From time-to-time Cryoniss may wish to send you information regarding our services, such as new services, case studies and industry or business news that we feel would be of benefit to you. Cryoniss will only send such information when we believe that our legitimate interests are in line with your own. You have the right to request that marketing activity ceases at any time and Cryoniss will take immediate action to ensure that you no longer receive such communication. To enable us to complete your request we may retain limited contact details sufficient to ensure that we do not contact you at a later date : this information will be retained securely and used solely to identify your wishes with regard to marketing. All marketing materials will contain details of how to opt-out of receiving such information. Alternatively, you can contact our Data Protection Officer if you have any concerns regarding this, or any other processing activity.

How long does Cryoniss keep Personal Data?

Personal data is kept only for as long as required for the processing activity for which it was gathered. This retention period will vary dependent upon the specific requirements of associated processes. In general, information necessary for performance of a shipment will be kept for a minimum period of ten years, to support HMRC audits or provide tax information. After this period job records will either be securely destroyed or anonymised. Information relating to enquiries and quotes will be retained for three years. Other information, such as data from our customer survey or reporting used to support delivery of our services will be retained for varying periods dependent upon the need.

Cryoniss is permitted to retain data in order to defend or pursue claims and we will retain some personal data for as long as we believe it is necessary for this purpose. We will however, endeavour to only keep data for as long as it is needed and will delete it when no longer required.

Your Rights and Your Personal Data

When exercising any of the rights listed below, in order to process your request, we may need to verify your identity for your security. In such cases we will need you to respond with proof of your identity before you can exercise these rights. If you make a request, we have one month to respond to you. Please contact us at enquiries@cryoniss.com if you wish to make a request.

The following rights are available to users of Cryoniss’s services:

The Right of Access

  • You are entitled to review the data held by Cryoniss. At any point you can contact us to request access to the personal data we hold, details of processing, who can access the data and where we obtained the data. You will receive a response within 30 days of the date of request.

  • Requests to access personal data are not normally subject to a fee however additional requests for the same personal data or requests which are manifestly unfounded or excessive may be subject to an administrative charge.

The Right to Rectification – updates and corrections to data held by Cryoniss

  • If the data we hold on you is out of date, incomplete or incorrect, you can inform us and your data will be updated.

The Right to Erasure – also known as the ‘right to be forgotten’

  • If you feel that we should no longer be using your personal data or that we are unlawfully using your personal data, you can request that we erase the personal data we hold.

  • When we receive your request we will confirm whether the personal data has been deleted or the reason why it cannot be deleted (for example because we need it for to comply with a legal obligation).

The right to object to processing of your personal data or to restrict it to certain purposes only

  • You have the right to request that we stop processing your personal data or ask us to restrict processing. Upon receiving the request we will contact you and let you know if we are able to comply or if we have a legal obligation to continue to process your data.

The right to data portability

  • You have the right to request that we transfer some of your data to another controller. We will comply with your request, where it is feasible to do so, within one month of receiving your request.

Where processing is based on your consent, you may withdraw consent at any time

  • You can withdraw your consent easily by telephone, email, or by post (see Contact Details below).

 The right to lodge a complaint with the Information Commissioner’s Office.

  • You can contact the Information Commissioners Office on 

Tel: + 44 0303 123 1113

or via email

casework@ico.org.uk

Website:

www.ico.org.uk

or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.

Cryoniss Data Protection Officer: Caroline Eckersley

Contact Details: caroline.eckersley@cryoniss.com

This regulation applies to the processing of personal data. Personal data means any information relating to a natural person; these include name, address, telephone number and bank details.

Cryoniss is committed to protecting your privacy. 

Controller contact details: 

Cryoniss Ltd. 

Registered address Alderley Park, Mereside, Macclesfield, SK10 4TG, United Kingdom  

Tel: 01625 460235

Enquiries@cryoniss.com

The type of information we have:  

We currently collect and process some or all of the following information:  

  • First and surname.

  • Department and job function.

  • Company email address.

  • LinkedIn link

  • Company telephone number (including mobile)  Company address. 

  • What Cryoniss services you are interested in.

How we get the information and why we have it:

We have received the information either from you, your company or from a public source such as a company register, a website, a telephone directory, etc. In addition, our website currently uses cookies to assist in the technology used to enable your account on the website and also to use the e-commerce features enabled on the website and in order to evaluate your experience of our website. The cookie is used to store information, such as what time you visited our website, whether you have visited the site before, what site referred you or what you searched for to find us.

Cookies are also used to store your current order progress during an e-commerce transaction. This enables the website to remember what products you are ordering and where your order progress is up to. It would not be possible to buy products or services from this website without the use of these cookies.

We use your personal data for our CRM for the following reasons:

  1. So that we are able to store business contacts;

  2. So that we are able to offer support to the needs of the customer;

  3. SO that we are able to inform customers and interested parties about our products and services;

  4. So that we are able to fulfil a contract.

Under the GDPR, the lawful bases we rely on for processing this information are:  

  1. Your consent. You are able to remove your consent at any time. You can do this by emailing unsubscribe@cryoniss.com.

  2. We have a contractual obligation.

  3. We have a legitimate interest.

What we do with the information we have:

We conduct basic profiling for our marketing purposes to ensure relevant and targeted communications. This might be in the form of segmentation based on location or stated interests.  

We would like to use the data we have to occasionally send you details of products or services that we offer and that we have identified as likely to be of interest to you. If at any point you would like to opt-out of receiving communications from us, or if you would like to change the channel we use to contact you, please contact us at unsubscribe@cryoniss.com

In carrying out our business, including our obligations to you, we may use sub- contractors such as service engineers, quality insurance consultants, transport companies etc and we may share information with them. These may also include compliant organisations based outside the EU such as Google and Dropbox. We will ensure that they respect your privacy and abide by all data protection laws.  We will not sell or rent your personal data to any third-party companies. 

How we store your information:  

Your information is securely stored on the servers of selected third parties (like Microsoft Office365). Your personal data can only be accessed by authorised employees of Cryoniss Ltd, whose access has been verified by the Data Protection Officer and has deemed necessary for the effective carrying out of business Your personal data will be stored for as long as there is an active customer relationship with you or the company you work for. In the event contracts have been concluded with you or the company you work for, your personal data will be stored for as long as required by law. After that, it will be permanently erased, in line with GDPR. 

Your data protection rights: 

Under data protection law, you have rights including: 

Your right of access - You have the right to ask us for copies of your personal information.  

Your right to rectification - You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.  

Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.  

Your right to restriction of processing - You have the right to ask us to restrict the processing of your information in certain circumstances.  

Your right to object to processing - You have the right to object to the processing of your personal data in certain circumstances. 

Your right to data portability - You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances. You are not required to pay any charge for exercising your rights. 

If you make a request, we have one month to respond to you. Please contact us at enquiries@cryoniss.com if you wish to make a request. 

How to complain

If you believe that your right to data privacy is being violated, you have the right to file a complaint to the data protection authority (Information Commissioner’s Office).  Information Commissioner’s Office Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF Helpline number: 0303 123 1113

For more information please call us on +44 (0)1625 460235

Or email us at solutions@cryoniss.com