Privacy Policy

Protecting your privacy

This Privacy Policy aims to provide you with information about how we handle data at BioAberdeen Ltd.

We talk in detail about the data we hold, what we do with this data, when we share it outside of BioAberdeen Ltd (and with whom) and how we protect your privacy. You can read more about your rights around data and contact us as well.

It is important that you read this Policy together with any other policies we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data.

We may update our Privacy Policy from time to time. When we do, we will communicate any changes to you and publish the updated Policy on our website. We would encourage you to visit our website regularly to stay informed of the purposes for which we process your data and your rights to control how we process it.

Controller

BioAberdeen is the controller and responsible for your personal data. If you have any questions about this Policy, including any requests to exercise your legal rights, please contact BioAberdeen using the details set out below.

Contact Details

BioAberdeen

Full name of legal entity: BioAberdeen Ltd

Email address: dataprotection@onebiohub.com

Postal address: BioAberdeen Ltd, ONE BioHub, Forresterhill Road, Aberdeen, AB25 2XE

Telephone number: +44 (0) 1224 047197

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

What this Privacy Policy explains

The information we collect

  • How we will use it

  • Where we collect it from

  • How long we store it

  • Our legal basis for processing your personal data

  • Your rights and how you can see, update or delete your personal data

  • Disclosures of your Personal Data

  • Securing your data

What information do we collect and what do we use it for?

Personal data is information that relates to an identified or identifiable individual. For example, it can include information such as your name, date of birth, email address, postal address, telephone number and payment details.

We may collect, use, store and share different kinds of personal data about you which we have grouped together as follows:

  • Identity Data includes first name, maiden name, last name, username or similar identifier, title, date of birth and gender

  • Contact Data includes address, email address and telephone numbers

  • Stakeholder Data includes information provided as part of a business activity which can include one or many of the kinds of personal data listed

  • Financial Data includes bank account and payment card details

  • Transaction Data includes details about payments to and from you

  • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website

  • Usage Data includes information about how you use our website or booking system, as well as the frequency and pattern of your service use

  • Marketing and Communications Data includes your preferences in receiving marketing from us and your communication preferences

Most commonly, we will use your personal data in the following circumstances:

  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests

  • Where we need to perform the contract we are about to enter into or have entered into with you

  • Where we need to comply with a legal or regulatory obligation

  • Keep a record of your relationship with us

  • Ensure we know how you prefer to be contacted

  • When you create an account with us

  • Process payments for our products and services

  • Understand how we can improve our services and information

  • To keep you updated with news and forthcoming events

 

How we obtain your data

We may obtain your personal information through a number of different sources:

  • Direct interactions. Information you give to us when you contact us by any means with queries, referrals and requests

  • When you book any kind of appointment with us or book to attend an event, for example workshops, training events, seminars, conferences and awards

  • When you visit us at an event, such as a trade show or exhibition

  • Via our website when you sign up for a newsletter, fill out a feedback form or complete the ‘contact us’ form,

  • Referrals from Partner organisations

  • Information that we learn about you through our relationship with you

  • Information that we gather from publicly available sources, such as the press, company registers and online search engines. Information that you make public on social media e.g. Facebook, Twitter, LinkedIn.

Core Services – growth programmes, cohorts, projects etc.

To achieve its strategic objectives, BioAberdeen Ltd will manage and deliver projects which engage with companies and individuals throughout the region and beyond. This may include, but will not be limited to, the delivery of business support and business support programmes, masterclasses, mentoring, network events. The legal basis for collecting this data is contractual where we enter in a contract with you or legitimate interest in all other cases. If you cease to work with us, we will hold the data for five years afterwards. We currently hold this data in a Business CRM system.

Sharing with third parties

BioAberdeen Ltd shall share information with Opportunity North East Ltd, including its subsidiary companies, and other third party Partners such as Scottish Enterprise, University of Aberdeen and Robert Gordon University, to run events, programmes, and initiatives.

Opportunity North East Ltd is a key operational partner who operates ONE BioHub and delivers activities and events on behalf of BioAberdeen Ltd.

In some cases, we provide information to these third parties as part of the business activity with individual businesses, so we consider this stakeholder data. The legal basis for collecting and sharing this data is legitimate interest. We retain for five years after a business has ceased to work with us and for a further five years in anonymised form as part of statistics or other aggregated data.

We will not share your information with anyone outside BioAberdeen Ltd except:

  • where we are required by law and by law enforcement agencies, judicial bodies, government entities, tax authorities or regulatory bodies

  • in anonymised form as part of statistics or other aggregated data shared with third parties; or

  • where permitted by law, it is necessary for our legitimate interests or those of a third party and it is not inconsistent with the purposes listed above.

Data Processors

Our authorised data processors are subject to comprehensive due diligence in-line with current data protection legislation. When acting as our authorised data processors, our service providers are required to only process data in accordance with our instructions, in line with this Policy, and are subject to appropriate confidentiality and security obligations.

Here’s the policy we apply to those organisations to keep your data safe and protect your privacy:

  • We provide only the information they need to perform their specific services.

  • They may only use your data for the exact purposes we specify in our contract with them.

  • We work closely with them to ensure that your privacy is respected and protected at all times

  • If we stop using their services, any of your data held by them will either be deleted or rendered anonymous.

BioAberdeen Ltd will not share your information with third parties for their own marketing purposes.

Digital Services

Website

We collect information from you when you connect with us, by completing the ‘Register for ONE BioHub updates’, the 'Enquiry frorm’ and the ‘Contact us' form on the ONEBIOHUB.COM website.

We will treat all the information you provide to us as personal data. The personal data we will collect from you will be first name, surname, email address, company name and sector preferences.

If you are a business customer or stakeholder, we generally do not rely on consent as a legal basis for processing your personal data. The legal basis for collecting data is Legitimate Interest. We will retain this data for five years from the last known activity.

You can ask us to stop sending you notifications at any time by following the opt-out links on any email sent to you OR by contacting us at any time.

Where you opt out of receiving these notifications, this will not apply to personal data provided to us as a result of a product/service purchase, product/service experience or other transactions.

We currently hold this data in a Business CRM system.

We do not collect or store your personal information (e.g. your name or address) in our website analytics. To evaluate how our website can be improved, we store information about what pages you visit, how long you are on the site, how you got here and what you clicked on.

Booking System

BioAberdeen Ltd provides a booking system to allow ONE BioHub Hot Desk Users, Internal & Co-Working Partners and Tenants to book desks, meeting rooms and events. To do so, persons are required to complete an ‘Enquiry Form ‘on either the ONE BioHub website or at ONE BioHub in person. You may be asked to submit your first name, surname, email address and telephone number.

On receiving the request, we will create a tentative account using the data provided and invite you by email to confirm your account. On confirmation, further information may be required to process payments (please refer to payments section).

Persons will be able to login using their social profiles such as Facebook, Google, Microsoft and Twitter. To find out more information about the use of social profiles, please visit and read the individual platforms’ Privacy Notices.

The legal basis for collecting this data is Contractual. We will retain this data for five years upon which it is securely destroyed.

Payments

Where you are required to pay for a service, payment may be collected by credit card through Eventbrite, Stripe or another online payment platform who all, by law, adhere to the Payment Card Industry Data Security Standard (PCI-DSS). ONE has no access to any credit card data input to these systems. Please refer to the terms and conditions and privacy policies on the online payment platform to understand how they will handle your data and ensure your privacy.

Events

We may collect your business identity data and contact data at events arranged by us, our Partners or other Stakeholders. These events can include workshops, industry talks & meet-ups, training events, seminars, conferences, and awards.

As this information is provided as part of a business activity, we consider this stakeholder data. The legal basis for collecting this data is legitimate interest. We retain for five years after a business has ceased to work with us.

Social Media

When you use a social media platform and interact with BioAberdeen Ltd, you do so by consenting to the terms & conditions of such platforms. This can include Facebook, Twitter, Instagram, LinkedIn, Pinterest, and YouTube. For more information, please see their individual Terms & Conditions and privacy policies.

Direct Marketing

We will send you marketing emails and newsletters to keep you updated on our products and services. You can at any time opt out of receiving these emails.

  1. For business customers, our lawful basis is legitimate interest as it’s necessary to inform business customers and stakeholders about our products/services to grow their business offering and ours. Your information will be securely destroyed five years after your last interaction with BioAberdeen Ltd.

  2. For consumers, our lawful basis is consent and will be securely destroyed 2 months after consent is withdrawn.

Security

We ensure that there are appropriate technical controls and security measures in place designed to protect and prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We undertake regular reviews of who has access to information that we hold to ensure that your information is only accessible by appropriately trained staff, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Your Rights

Under the General Data Protection Regulations, you have rights as an individual which you can exercise in relation to the information, we hold about you.

We commit to ensure that any data we process is correct and up to date. It is your obligation to make us aware of any changes to your personal information.

In some situations, you may have the;

  • Right to be informed. This means that we must tell you how we use your data, and this is the purpose of this privacy notice.

  • Right to request access. You have the right to access the data that we hold on you. To do so, you should make a subject access request.

  • Right to request correction. If any data that we hold about you is incomplete or inaccurate, you are able to require us to correct it.

  • Right to request erasure. If you would like us to stop processing your data, you have the right to ask us to delete it from our systems where you believe there is no reason for us to continue processing it.

  • Right to object to the inclusion of any information. In situations where we are relying on a legitimate interest (or those of a third party) you have the right to object to the way we use your data where we are using it.

  • Right to request the restriction of processing. You have the right to ask us to stop the processing of data of your personal information. We will stop processing the data (whilst still holding it) until we have ensured that the data is correct.

  • Right to portability. You may transfer the data that we hold on you for your own purposes.

  • Right to request the transfer. You have the right to request the transfer of your personal information to another party.

Individuals can find out if we hold any personal information by making a ‘right of access’ request. More information can be found at https://ico.org.uk.

If we do hold information about you, we will:

  • Give you a description of it;

  • Tell you why we are holding it;

  • Tell how long we keep in for and the lawful basis for doing so;

  • Tell you who it could be disclosed to; and

  • Let you have a copy of the information in an a commonly used electronic format, unless the individual requests otherwise.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

Data Retention

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.

We may retain your personal data for a longer period where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person, or in the event of a complaint, or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

Cookies

Our website uses three cookies. A cookie is a small file of letters and numbers that we put on your computer if you agree.

These cookies allow us to distinguish you from other users of the website which helps us to provide you with a good experience when you browse our website and also allows us to improve our site.

The cookies we use are ‘analytical’ cookies and help us to understand how visitors interact with our website by collecting and reporting information anonymously. They allow us to recognise and count the number of visitors and to see how visitors move around the site when they’re using it.

This helps us to improve the way our website works, for example by making sure users are finding what they need easily. Read more about the individual analytical cookies we use and how to recognise them here.

Links to third party websites

This website may contain links to carefully selected third party websites. These links are provided solely for your information and convenience. When you use these links, you will leave this website and enter a site which BioAberdeen Ltd has no control over.

This Privacy Policy does not cover your use of these sites or govern the personal information which you may provide. To protect your privacy, we suggest that you review the individual privacy statement on any third party website before using the site or submitting any personal information. We do not vouch for, or endorse, any third party websites.

BioAberdeen Ltd will at all times respect your privacy and confidentiality and keep your personal details secure from unauthorised access, use or disclosure. BioAberdeen Ltd will not sell, rent, trade, or otherwise knowingly share or provide your personal information to any third party unless we have your permission or are required by law or where we have entered into an agreement for a third party to undertake some of the information processing services detailed below on our behalf. However in certain circumstances, detailed above in relation to use of C.V’s, we may be required to share certain information with relevant trusted third parties.

Where permission has been granted, BioAberdeen Ltd may use your personal details for marketing purposes.

You have the right to see personal data (as defined under the United Kingdom Data Protection Act) that we keep about you upon receipt of a written request. Any request should be sent to the Data Protection Officer at our head office address above. We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Changes to our Privacy Policy

We may from time to time need to change our Privacy Policy. Any such changes will be identified on our website. Please review our Privacy Policy regularly to make sure you keep up to date with any changes. If we make material changes we will notify you by email.

This privacy policy was updated on 11th January 2024.