Privacy and Data Protection Policy
Hypha Discovery is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website, then you can be assured that it will only be used in accordance with this privacy statement. Hypha Discovery may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes.
Hypha Discovery Data Protection Policy
On the 25th May 2018 the General Data Protection Regulation (GDPR) replaced the Data Protection Act. The law gives you greater control over the information organisations hold on you and how your data is used. A decision was made following the exit of the UK from the EU on 1st January 2021, that the General Data Protection Regulation (GDPR) will be retained in UK law and will continue to be read alongside the Data Protection Act 2018, with technical amendments to ensure it can function in UK law.
The Information Commissioner remains the UK’s independent supervisory authority on data protection. The UK has and will maintain high standards of protection for personal data which includes the same regulatory framework for data protection as the EU and therefore is clearly essentially equivalent to the EU on data protection. Further information on this can be accessed at https://www.gov.uk/government/publications/explanatory-framework-for-adequacy-discussions.
Our data protection policy aims to provide clarity about how, when, and why we collect information about you.
1. About Us
2. What information do we hold?
We will collect, process and store personal information about you which will include:
- your name and email address when you contact us for information or to subscribe to our newsletters on our website; and
- in relation to business contacts: organisation, name, address, email address, telephone number, links to and copies of publicly available information and communications related to our business relationship with you.
Most of the information described above comes directly from you but we do obtain some from third parties, for example, personal information may be passed to us by customers who, as your employer, may have designated you as their contact person.
3. How and why do we use your personal information?
We will use your information for the purpose of legitimate interests being pursued by us in relation to the products and services we provide. For example, we will use your information to contact you to carry our obligations arising from any contracts entered between you and us, to discuss our services (and any changes to them); to respond to any questions you have raised; to deal with administrative matters such as contacting you for business purposes and any financial transactions.
We may also use your information in order to comply with any legal obligation that we have, in connection with any legal proceedings, or in order to establish, exercise or defend our legal rights.
Where we have relied on our legitimate interests to process your personal data, you may contact us to obtain more information on this.
4. Who do we share your information with?
Your information will be shared internally amongst selected staff who need this information in order to carry out their duties in line with the purposes set out above. We may need to share your personal information with others from time to time, including:
- our professional advisers, such as our accounting and legal advisers where they require information in order to provide advice to us;
- if another entity acquires us or our assets, your information may be disclosed to that entity as part of the due diligence process and, if the acquisition goes ahead, your information will be transferred to that entity; and
- our service providers, for example those who operate our email handling, or provide and support our management and data storage systems.
We will also disclose your personal information if we are required to do so by law or to a law enforcement agency.
5. Where is your information stored?
Your personal data will be stored locally by us and in a secure database, stored and backed up on servers located in the U.S. Our database provider is certified to ISO/IEC 27001 and is SOC 2 compliant with high standards of physical and network security. All data transmissions are encrypted using TLS 1.2 protocols, using certificates issued by SHA 256 based CA. The latest and strong ciphers are used including AES_CBC/AES_GCM 256 bit/128-bit keys for encryption, SHA2 for message authentication and ECDHE_RSA as the key exchange mechanism.
The database provider participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework, with respect to transfer of data to the U.S. The EU-U.S. Privacy Shield Framework was designed by the U.S. Department of Commerce and European Commission to provide companies on both sides of the Atlantic with a mechanism to comply with EU data protection requirements when transferring personal data from the European Union to the United States in support of transatlantic commerce. The Privacy Shield Framework provides a set of robust and enforceable protections for the personal data of EU individuals. The Framework provides transparency regarding how participating companies use personal data, strong U.S. government oversight, and increased cooperation with EU data protection authorities (DPAs). The European Commission deemed the Privacy Shield Framework adequate to enable data transfers under EU law.
6. How long will we keep your information?
We will securely erase your information if we decide that we no longer need it.
7. Your rights
You have the following rights regarding your information:
What does this mean?
7.1 Right to be informed
7.2 Right of access
7.3 Right to rectification
You are entitled to have your information corrected if it is inaccurate or incomplete.
7.4 Right to erasure
This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there is no compelling reason for us to keep using it. This is not a general right to erasure; there are exceptions.
7.5 Right to restrict processing
You have rights to ‘block’ or suppress further use of your information. When processing is restricted, we can still store your information, but may not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in future.
7.6 Right to data portability
You have the right to obtain and reuse your personal data in a structured, commonly used and machine-readable format in certain circumstances. In addition, where certain conditions apply, you have the right to have such information transferred directly to a third party.
7.7 Right to withdraw consent
If you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal data with your consent up to that point is unlawful).
7.8 Right to object to processing
In addition to the above rights, you also have the right to object to certain types of processing, in certain circumstances. In particular, the right to object to the processing of your personal data based on our legitimate interests’ grounds (including processing for direct marketing).
To exercise any of these rights at, any time, you can contact us at firstname.lastname@example.org or via the unsubscribe feature in newsletters and related communications you receive from us.
8. Website and newsletter registration
If you register for the newsletters, you will need to provide your name, email address and association (e.g., company) and country plus any additional information voluntarily given. By registering for the newsletter, you consent to use of the information you have provided. Hypha Discovery Limited will use the information provided for the purposes of administering the newsletter service and for contacting you with any relevant information regarding our services and products. The information will be stored securely and will not be shared with third parties.
The website may contain links to and from websites of our strategic partner(s), conference providers or to related content and publications. These websites have their own privacy policies and we do not accept any responsibility or liability for their policies.
9. Google Analytics
12. Contacting us and making a complaint
Hypha Discovery is a UK-based CRO supporting pharmaceutical and agrochemical companies worldwide through the production of metabolites and new derivatives of drugs and agrochemicals in discovery and development.