Privacy and Data Protection Policy
Hypha Discovery is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website, then you can be assured that it will only be used in accordance with this privacy statement. Hypha Discovery may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes.
Hypha Discovery Data Protection Policy
UK Data Protection Act 2018
The UK Data Protection Act 2018 provides a framework for how personal information is used by organisations within the UK. It is the UK’s implementation of the General Data Protection Regulations (GDPR). Everyone using personal data must abide by the following data protection principles:
- Used fairly, lawfully and transparently
- Used for specified, explicit purposes
- Used in a way that is adequate, relevant and limited to only what is necessary
- Accurate and, where necessary, kept up to date
- Kept for no longer than is necessary
- Handled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage
Under this act you have the right to find out what an organisation stores about you. These include the right to:
- Be informed about how your data is being used
- Access personal data
- Have incorrect data updated
- Have data erased
- Stop or restrict the processing of your data
- Data portability (allowing you to get and reuse your data for different services)
- Object to how your data is processed in certain circumstances
Hypha Discovery’s data protection policy aims to provide clarity about how, when, and why we collect information about you.
- About Us
- What information do we hold?
We will collect, process and store personal information about you which will include:
- your name and email address when you contact us for information or to subscribe to our newsletters or blogs on our website or company LinkedIn page; and
- in relation to business contacts: organisation, name, address, work email address, work telephone number, links to and copies of publicly available information and communications related to our business relationship with you.
Most of the information described above comes directly from you but we do obtain some from third parties, for example, personal information may be passed to us by consultants or agents who may have designated you as their contact person.
- How and why do we use your personal information?
We will use your information for the purpose of legitimate interests being pursued by us in relation to the products and services we provide. For example, we will use your information to contact you to carry out our obligations arising from any contracts entered between you and us, to discuss our services (and any changes to them); to respond to any questions you have raised; to deal with administrative matters such as contacting you for business purposes and any financial transactions.
We may additionally use your information in order to comply with any legal obligation that we have, in connection with any legal proceedings, or in order to establish, exercise or defend our legal rights.
Where we have relied on our legitimate interests to process your personal data, you may contact us to obtain more information on this.
- Who do we share your information with?
Your information will be shared internally amongst selected staff who need this information in order to carry out their duties in line with the purposes set out above. We may need to share your personal information with others from time to time, including:
- our professional advisers, such as our accounting and legal advisers where they require information in order to provide advice to us or issue invoices;
- if another entity acquires us or our assets, your information may be disclosed to that entity as part of the due diligence process and, if the acquisition goes ahead, your information will be transferred to that entity; and
- our service providers, for example those who operate our email handling, or provide and support our IT and data storage systems.
We will also disclose your personal information if we are required to do so by law or to a law enforcement agency.
- Where is your information stored?
Your personal data may be stored locally by us and in a secure CRM (Zoho), stored and backed up on servers located in the U.S. Security details are located at https://www.zoho.com/security.html
A comprehensive faq on Zoho security is located at https://www.zoho.com/security-faq.html
Information on Zoho’s compliance certifications is located at https://www.zoho.com/compliance.html, The following certifications apply:
- ISO/IEC 27001
- ISO/IEC 27701
- ISO/IEC 27017
- ISO/IEC 27018
- ISO 9001
Information on Zoho’s compliance with the UK Data Protection Act 2018 is located at https://www.zoho.com/en-uk/privacy.html
- How long will we keep your information?
We will erase your information if we decide that we no longer need it.
- Your rights
You have the following rights regarding your information:
What does this mean?
7.1 Right to be informed
7.2 Right of access
You have the right to obtain access to your information (if we are processing it), and other certain other information (similar to that provided in this Policy).
7.3 Right to rectification
You are entitled to have your information corrected if it is inaccurate or incomplete.
7.4 Right to erasure
This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there is no reason for us to keep using it. This is not a general right to erasure; there are exceptions.
7.5 Right to restrict processing
You have rights to ‘block’ or suppress further use of your information. When processing is restricted, we can still store your information, but may not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’, to make sure the restriction is respected in future.
7.6 Right to data portability
You have the right to obtain and reuse your personal data in a structured, commonly used and machine-readable format in certain circumstances. In addition, where certain conditions apply, you have the right to have such information transferred directly to a third party.
7.7 Right to withdraw consent
If you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal data with your consent up to that point is unlawful).
7.8 Right to object to processing
In addition to the above rights, you also have the right to object to certain types of processing, in certain circumstances. In particular, the right to object to the processing of your personal data based on our legitimate interests’ grounds (including processing for direct business-to-business marketing).
To exercise any of these rights at, any time, you can contact us at firstname.lastname@example.org or via the unsubscribe feature in newsletters and related notifications you receive from us.
- Website and newsletter registration
If you register for the newsletters, blogs or webinars, you will need to provide your name, email address and association (e.g., company) and country plus any additional information voluntarily given. By registering for our scientific communications, you consent to use of the information you have provided. Hypha Discovery Limited will use the information provided for the purposes of administering the newsletter service and for contacting you with any relevant information regarding our events, services and products. The information will be stored securely as detailed in section 5 of this policy, and will not be shared with third parties.
The website may contain links to and from websites of our strategic partner(s), conference providers or to related content and publications. These websites have their own privacy policies and we do not accept any responsibility or liability for their policies.
- Google Analytics
Hypha Discovery’s website has transitioned to use of Google Analytics 4 (GA4), a web analytics service provided by Google, Inc. (‘Google’). Google Analytics helps us to understand how people use our website. GA4 aims to address the most recent data protection developments regarding the use of analytical cookies and the transfers tied to such processing. GA4 adopts a privacy by design approach, including the anonymisation of IP addresses. GA4 will thus not store or transfer any IP address of the users it tracks. In addition, GA4’s service terms do not permit users to collect ‘Personally Identifiable Information’ including, but not limited to, the collection of email addresses, phone numbers, device IDs and other identification numbers. Google gives its users an option to share GA4 data with other Google products like Google Signals and Google Ads; Hypha Discovery has elected to not share Google Analytics 4 data with Google Signals, however the data will be shared with the Google Ads platform. When a user accepts cookies they will opt in to this, however you will be opted out if you elect not to accept the cookies.
To opt out of being tracked by Google Analytics
Visit ttp://tools.google.com/dlpage/gaoptout to download an Opt-out Browser Add-on to prevent tracking by Google Analytics across all websites. This provides website visitors with the ability to prevent their data from being used by Google Analytics. If you want to opt out, download and install the add-on for your web browser. The Google Analytics opt-out add-on is designed to be compatible with Chrome, Safari, Firefox and Microsoft Edge.
- Contacting us and making a complaint
Hypha Discovery is a UK-based CRO supporting pharmaceutical and agrochemical companies worldwide through the production of metabolites and new derivatives of drugs and agrochemicals in discovery and development.