Privacy and Data Protection Policy

On the 25^th May 2018 the General Data Protection Regulation (GDPR) replaced the Data Protection Act. The law gives you greater control over the information organisations hold on you and how your data is used.  A decision was made following the exit of the UK from the EU on 1^st January 2021, that the General Data Protection Regulation (GDPR) will be retained in UK law and will continue to be read alongside the Data Protection Act 2018, with technical amendments to ensure it can function in UK law.

The Information Commissioner remains the UK’s independent supervisory authority on data protection. The UK has and will maintain high standards of protection for personal data which includes the same regulatory framework for data protection as the EU and therefore is clearly essentially equivalent to the EU on data protection. Further information on this can be accessed at https://www.gov.uk/government/publications/explanatory-framework-for-adequacy-discussions.

Our data protection policy aims to provide clarity about how, when, and why we collect information about you.

1. About Us

This Privacy Policy covers the use of your information by Hypha Discovery Limited in its capacity as a data Controller. 

2. What information do we hold?

We will collect, process and store personal information about you which will include:

• your name and email address when you contact us for information or to subscribe to our newsletters on our website; and
• in relation to business contacts: organisation, name, address, email address, telephone number, links to and copies of publicly available information and communications related to our business relationship with you.

Most of the information described above comes directly from you but we do obtain some from third parties, for example, personal information may be passed to us by customers who, as your employer, may have designated you as their contact person.

3. How and why do we use your personal information?

We will use your information for the purpose of legitimate interests being pursued by us in relation to the products and services we provide. For example, we will use your information to contact you to carry our obligations arising from any contracts entered between you and us, to discuss our services (and any changes to them); to respond to any questions you have raised; to deal with administrative matters such as contacting you for business purposes and any financial transactions.

We may also provide marketing information to you in relation to our services where you have given your consent, or because we are otherwise legally entitled to do so and it is in our legitimate interests to provide such information to you. If you do not wish to be contacted in this way, you can tell us by contacting us using the details set out at the end of the Privacy Policy or using the “unsubscribe” option in newsletters sent to you. We will never share your data with third parties for other marketing purposes unless we have your express consent to do so.

We may also use your information in order to comply with any legal obligation that we have, in connection with any legal proceedings, or in order to establish, exercise or defend our legal rights.

Where we have relied on our legitimate interests to process your personal data, you may contact us to obtain more information on this.

4. Who do we share your information with?

Your information will be shared internally amongst selected staff who need this information in order to carry out their duties in line with the purposes set out above. We may need to share your personal information with others from time to time, including:

• our professional advisers, such as our accounting and legal advisers where they require information in order to provide advice to us;
• if another entity acquires us or our assets, your information may be disclosed to that entity as part of the due diligence process and, if the acquisition goes ahead, your information will be transferred to that entity; and
• our service providers, for example those who operate our email handling, or provide and support our management and data storage systems.

We will also disclose your personal information if we are required to do so by law or to a law enforcement agency.

5. Where is your information stored?

Your personal data will be stored locally by us and in a secure database, stored and backed up on servers located in the U.S. Our database provider is certified to ISO/IEC 27001 and is SOC 2 compliant with high standards of physical and network security. All data transmissions are encrypted using TLS 1.2 protocols, using certificates issued by SHA 256 based CA. The latest and strong ciphers are used including AES_CBC/AES_GCM 256 bit/128-bit keys for encryption, SHA2 for message authentication and ECDHE_RSA as the key exchange mechanism.

The database provider participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework, with respect to transfer of data to the U.S. The EU-U.S. Privacy Shield Framework was designed by the U.S. Department of Commerce and European Commission to provide companies on both sides of the Atlantic with a mechanism to comply with EU data protection requirements when transferring personal data from the European Union to the United States in support of transatlantic commerce. The Privacy Shield Framework provides a set of robust and enforceable protections for the personal data of EU individuals. The Framework provides transparency regarding how participating companies use personal data, strong U.S. government oversight, and increased cooperation with EU data protection authorities (DPAs). The European Commission deemed the Privacy Shield Framework adequate to enable data transfers under EU law.

If you would like further information on the security of our database, you can contact us using the details set out at the end of this Privacy Policy.

6. How long will we keep your information?

We only keep your information for as long as is reasonably necessary for the purposes set out in this Privacy Policy and to fulfil our legal obligations.

We will securely erase your information if we decide that we no longer need it.

7. Your rights

You have the following rights regarding your information:

7.8 Right to object to processing
In addition to the above rights, you also have the right to object to certain types of processing, in certain circumstances. In particular, the right to object to the processing of your personal data based on our legitimate interests’ grounds (including processing for direct marketing).

To exercise any of these rights at, any time, you can contact us at mail@hyphadiscovery.com or via the unsubscribe feature in newsletters and related communications you receive from us.

8. Website and newsletter registration

If you register for the newsletters, you will need to provide your name, email address and association (e.g., company) and country plus any additional information voluntarily given. By registering for the newsletter, you consent to use of the information you have provided. Hypha Discovery Limited will use the information provided for the purposes of administering the newsletter service and for contacting you with any relevant information regarding our services and products. The information will be stored securely and will not be shared with third parties.

The website may contain links to and from websites of our strategic partner(s), conference providers or to related content and publications. These websites have their own privacy policies and we do not accept any responsibility or liability for their policies.

9. Google Analytics

Our website uses Google Analytics, a web analytics service provided by Google, Inc. (‘Google’). Google Analytics uses cookies (text files placed on your computer) to help the website operators analyse how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google.

10. Cookies

When you visit our website, we use cookies, which are small pieces of information that allow them to maintain your connection to the website. This website may use cookies for detecting what kind of device you have in order to present content in the best way, for display purposes and/or for other purposes. These cookies do not collect or store any personally identifiable information. You can refuse the use of cookies.

How to refuse the use of cookies

By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above. You may refuse the use of cookies by selecting the appropriate settings in your browser.

11. Changes to this Privacy Policy

From time to time, we may make changes to this Privacy Policy to ensure that it is accurate and up to date and to reflect any changes in the law. This policy was last updated on 18 June 2021. Any changes we may make to our Policy in the future will be posted to this page on our website.

12. Contacting us and making a complaint

Please contact us if you have any questions or complaints about this Privacy Policy or about how we handle your information by emailing mail@hyphadiscovery.com or in writing to Hypha Discovery Limited, 154B Brook Drive, Milton Park, Oxfordshire, OX14 4SD, United Kingdom.