Privacy Notice

1. Introduction

Oxford nanoSystems Limited understands that your privacy is important to you and that you care about how your personal data is used. We are committed to protecting personal data and to fair and transparent processing.

Please read this privacy notice: it will help you to understand how we collect and use personal data from individuals, our clients, suppliers or others during the course of our business.

In accordance with UK data protection laws, we have implemented this privacy notice to inform you of the types of data we process about you. We also include within this notice the reasons for processing your data, the lawful basis that permits us to process it, how long we keep your data for and your rights regarding your data.

2. Who We Are

Oxford nanoSystems Limited (“OnS”, “we” or “us”), a limited company registered in England under company number 07523447, whose registered address is Unit 11 Blacklands Way, Abingdon Business Park, Abingdon, OX14 1DY.  Oxford nanoSystems Limited is the ‘data controller’ for the purposes of the relevant data protection legislation.

Our contact details are:

  • Email address: dataprotection@oxfordnanosystems.com.
  • Telephone number: +44 1235 521138.
  • Postal address: Oxford nanoSystems Ltd, Unit 11 Blacklands Way, Abingdon Business Park, Abingdon, OX14 1DY, United Kingdom.

3. Scope of This Policy

This notice applies to personal data that we collect and store in connection with:

  • your use of our website at www.oxfordnanosystems.com (“Site”); or
  • current, past or potential business or other relationships with clients, suppliers, advisors, partners or other organisations during the course of our business.

For the purposes of this Policy, ‘personal data’ is as defined in the Data Protection Act 2018 and the ‘UK GDPR’ as defined in that Act (collectively, “the Data Protection Legislation”) as any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.

4. Data Protection Principles

All personal data obtained and held by us will be processed according to a set of core principles. In accordance with these principles, we will ensure that:

  • processing is fair, lawful and transparent
  • data is collected for specific, explicit, and legitimate purposes
  • data collected is adequate, relevant and limited to what is necessary for the purposes of processing
  • data is kept accurate and up to date. Data which is found to be inaccurate will be rectified or erased without delay
  • data is not kept for longer than is necessary for its given purpose
  • data is processed in a manner that ensures appropriate security of personal data including protection against unauthorised or unlawful processing, accidental loss, destruction or damage by using appropriate technical or organisation measures
  • we comply with the Data Protection Legislation for any international transfers of personal data

5. What Data Do We Collect and How?

Depending upon how you contact or otherwise communicate with us, we may collect and hold some or all of the personal and non-personal data set out in the table below, using the methods also set out in the table.

Data CollectedHow We Collect the Data
Identity Information including name, title (from which gender may be inferred), etc.when you contact us via email, phone or by using the contact form on our Site, or when enter into communications with us about our products or services.
Contact information including address, email address, messaging service addresses, telephone number, skype addresses, social media addresses, etc.when you contact us via email, phone or by using the contact form on our Site, or when enter into communications with us about our products or services.
Business information including business name, job title, profession, lines of reporting, etc.when you contact us via email, phone or by using the contact form on our Site, or when enter into communications with us about our products or services.
Profile information including business areas of interests, purchase history, etc.when you contact us via email, phone or by using the contact form on our Site, or when enter into communications with us about our products or services.
Technical information including IP address, browser type and version, operating system, device type, etc.when you contact us via email, phone or by using the contact form on our Site, or when enter into communications with us about our products or services.

We do not collect or process any ‘special category’ personal data from individuals in connection with current, past or potential business or other relationships with clients, suppliers, advisors, partners or other organisations during the course of our business (“special category data” means data relating to your health, sex life, sexual orientation, race, ethnic origin, political opinion, religion, trade union membership, genetic and biometric data).

6. Lawful Bases for Processing

We rely on several lawful basis of processing when we collect and use personal data to operate our business and provide products and services to our clients. These include:

  • Contract – in order to perform contractual obligations we may have with an individual or to take steps to enter into a contract with an individual.
  • Consent – where an individual has freely given consent at the time their personal data was provided to us.
  • Legitimate interests – the legitimate interests of our business (e.g. to provide our services, to develop or protect our business, or to keep people informed about relevant products and services).  We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
  • Legal obligations – in order to comply with the legal and regulatory obligations we are subject to as a commercial business.

For specific cases where we process personal data, please see Sections 6.1 – 6.6 below.

6.1 Client or prospective client contacts

Using customer relationship management (CRM) systems, we process personal data about contacts, these are existing clients, prospective clients and individuals connected with them. This personal data includes name, employer identity, job title and business contact details.

Typically, we collect the personal data directly from the individuals themselves or from public sources such as public registers, social media and professional networking sites, news articles and internet searches.

Such personal data will be accessible to our staff and used for the following purposes:

  • Developing, managing and administering our business
  • Providing information about us and the services we provide
  • Identifying the business needs of our clients or prospective clients
  • Performing analytics, including producing metrics for our leadership, such as on trends, relationship maps, sales intelligence and progress against account business goals
  • Analysing interactions between our people and our contacts to provide information to our management on relationships and trends, including the use of an automated analytical tool to evaluate the frequency and timing of interactions with contacts.

6.2 Journalists, influencers and key opinion leaders

We process the personal data of journalists and other influencers or key opinion leaders in the media and the industry sector(s) in which we operate.  This personal data includes name, employer identity or media associations, job title and business contact details.

Typically, we collect the personal data directly from the individual themselves, from third parties such as media databases or from public sources such as public registers, social media and professional networking sites, news articles and internet searches.

Such personal data will be accessible to our staff and used for the following purposes:

  • Promoting our business and services
  • Issuing press releases and highlighting messages that may be of interest on specific industry topics
  • Invitations to events or other activities
  • Planning business contacts and potential partnerships

6.3 Suppliers and related individuals

We only process personal data about our suppliers (this includes subcontractors and any individuals associated with them) where it is necessary for us to receive goods and services, contract, manage our relationship and help provide services to our clients (where relevant).

Typically, we collect personal data directly from our suppliers but sometimes from third parties as a part of due diligence.

We use personal data in these circumstances for the following purposes:

  • Providing goods and services: where a supplier helps us to deliver goods or services to our clients, we process the personal data of its people involved to help manage our relationship and to deliver those services to our clients.
  • Managing our business: in order to run our business effectively we will need to process personal data for multiple reasons, including managing our client relationships, developing our business and services, hosting events, and to manage and administer our website, IT systems and applications.
  • Quality, risk and security management systems: to protect our information and our clients’ information (including personal data), we use security measures that involve detecting, investigating and resolving security threats. As a part of the security monitoring we do, personal data will be processed (e.g. automated scanning of emails to identify threats). We may process personal data obtained from publicly available sources (e.g. sanctions lists, criminal convictions databases, and internet searches) to identify any risks relating to organisations and associated individuals that may prevent us from working with a client or providing a particular service.
  • Providing information about our services: we will use business contact details to provide information about us, our services and activities, including events that we believe will be of interest.
  • Complying with legal or regulatory obligations: we are subject to various legal and regulatory obligations that require us to keep records which may contain personal data.

6.4 Marketing

With your permission and/or where permitted by law, we may also use your personal data for marketing purposes, which may include contacting you by email, telephone, text message and/or post with information, news, and offers on our products and/or services. You will not be sent any unlawful marketing or spam. We will always work to fully protect your rights and comply with our obligations under the Data Protection Legislation and the Privacy and Electronic Communications (EC Directive) Regulations 2003, and you will always have the opportunity to opt-out (by unsubscribing using the links provided in our emails, the other unsubscribe methods specified in the communication or by contacting).

6.5 Web Site and Cookies

We automatically collect a limited amount of personal data about visitors to Site (for example on browsing patterns) by using cookies. Cookies are a small text files placed on your computer or device by our Site when you visit certain parts of our Site and/or when you use certain features of our Site.

Our Site may place and access certain first-party cookies on your computer or device. First-party cookies are those placed directly by us and are used only by us. We use cookies to facilitate and improve your experience of our Site and to provide and improve our products and services. By using our Site you may also receive certain third-party cookies on your computer or device. Third-party cookies are those placed by websites, services, and/or parties other than us. In addition, our Site may also use certain analytics services provided by Google, Inc, which also use cookies. Website analytics refers to a set of tools used to collect and analyse usage statistics, enabling us to better understand how people use our Site.

You may access our Site without providing any personal data at all. However, to use all features and functions available on our Site you may be required to submit or allow for the collection of certain data, such as cookies. You may restrict our use of cookies using the settings on your browser.

For more details, please refer to our Cookie Policy.

6.6 Visitors to our offices

Visitors to our offices must sign in at reception. A record is kept for a short period of time. This information is necessary for your safety in case of an emergency, so we know you are in the building and for the security of our people, visitors and the firm’s assets. There may also be instances where we need to retain records for the purposes of legal or regulatory compliance.  These records are kept secure and only shared where required for the detection or investigation of crime or to ensure the safety and security of our offices or staff.

7. Who We Share Your Data With

We only share personal data with others when absolutely necessary for the purposes for which we hold it and where appropriate contractual arrangements and security mechanisms are in place.

We will pass your personal data to:

  • Suppliers that support us and help provide services to our clients, such as providers of cloud-based software, IT systems, security, archiving storage and destruction, due diligence and background checks, marketing and payment services.
  • Professional advisors, auditors or insurers, where we are required by law or as reasonably required in the management of our business.
  • Law enforcement or other government and regulatory agencies or to other third parties, where we are required by law, the courts or any legal or regulatory authority we are subject to. We will only provide personal data in this circumstance where permitted or there is a legal requirement.
  • Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy policy.

Whilst we store personal data on servers within the UK or European Economic Area (EEA), we may need to transfer personal data outside the UK or EEA to third parties that help us run our business. Contractual obligations are imposed on the recipients of any data transferred in order to ensure all personal data is protected to the standard required by the UK’s Information Commissioner.

8. Protecting your data

The security of your personal information is important to us. Whilst no data transmission over the internet or any other network can be guaranteed as 100% secure, we seek to use reasonable physical, technical, and administrative safeguards to protect the information we process. We have internal policies and controls in place to protect personal data against loss, accidental destruction, misuse or disclosure, and to ensure that data is not accessed, except by our staff in the proper performance of their duties.

9. How Long do We Keep Personal Data?

We keep personal data only for as long as necessary and this will reflect the requirements of:

  • the actual or potential discussions, activity or service for which it is being processed
  • any legal, regulatory or contractual requirements
  • the time in which any litigation or investigations might arise from a contract or other legal relationship.

10. Individual Rights

Individuals have certain rights over their personal data that we process as a data controller.

If we process your personal data and you exercise any of your rights we will aim to respond promptly and within any required time limit. However, please note that the length of time it will take us to respond will be dependent on the nature and extent of your request.

You have a right to:

  • access – you can ask us for a copy of the personal data that we hold on you
  • rectification – if you become aware of any errors or inaccuracies concerning your personal data, please let us know and we will update these for you
  • withdraw consent – where we process personal data based on consent, you have a right to withdraw consent at any time. To stop receiving direct marketing emails from us, please click on the unsubscribe link in the relevant email or contact us
  • erasure/deletion – you can ask us to erase or delete your personal data when we no longer need it for the purposes it was obtained
  • data portability – you can ask for your personal data to be sent to you or to another organisation.  in a structured, commonly used, machine-readable format. Please note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you
  • automated decision making – if we make automated decisions about you, you can ask for those decisions to be reviewed
  • restrict or object to our processing – you can ask to restrict or object to our processing of your personal data (eg removal from a marketing subscription list).

If you would like to exercise any of these rights, please contact us at:  dataprotection@oxfordnanosystems.com.

11. Making a Complaint

If you think your data rights have been breached, please contact us and we will try our best to put things right.

You are also able to raise a complaint with the UK’s Information Commissioner (ICO).  

12. Changes to this Privacy Notice

We may change this privacy notice from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects personal data protection.

Any changes will be immediately posted on our Site and you will be deemed to have accepted the terms of the privacy notice on your first use of our Site following the alterations. We recommend that you check this page regularly to keep up-to-date. This privacy notice was last updated on 25 February 2021.

© 2021 Oxford nanoSystems Limited. All rights reserved.