This privacy notice explains the types of personal data we may collect about you when you interact with us, why we collect this data, how we use it, and how we keep it safe.
Oxford Nanopore is committed to protecting and respecting your privacy and personal data. If you have any questions, please get in touch with us. We have appointed a Data Protection Officer who is responsible for all matters concerning data privacy and protection, including this privacy notice.
2. Who we are and how to contact us
Oxford Nanopore Technologies plc (“Oxford Nanopore”, “we”) is a public limited company headquartered in Oxford (UK). Our company number is 05386273 and our registered address is Gosling Building, Edmund Halley Road, Oxford Science Park, Oxford, United Kingdom, OX4 4DQ.
You can contact our Data Protection Officer by email to firstname.lastname@example.org or by post to:
Data Protection Officer, Oxford Nanopore, Gosling Building, Edmund Halley Road, Oxford Science Park, Oxford, United Kingdom, OX4 4DQ.
3. When and how we collect personal data
Personal data means any information about an individual from which that person can be identified. We collect personal data in the following circumstances:
- When you visit any of our websites;
- When you subscribe to receive news and information from Oxford Nanopore;
- When you create an Oxford Nanopore Community account with us;
- When you make an online purchase;
- When you use an Oxford Nanopore service;
- When you attend an Oxford Nanopore event;
- When you engage with us on social media;
- When you download or install one of our apps;
- When you contact us by any means, including using the chat facility on our websites.
We collect data in the following ways:
- Directly from you when you complete forms on our website or correspond with us by email, post, telephone, live chat, or other means;
- From third parties or publicly available sources, including:
- Analytics data from Google and HubSpot;
- Usage data from social media platforms when you engage with us on these.
4. What types of personal data we collect
We collect and use the following types of personal data:
- Contact details such as name, address, email address and telephone number;
- Transaction data such as details about products and services you have bought from us;
- Profile data such as your interests and preferences;
- Usage data such as information about how you use our website, products and services;
- Content you choose to share on or with the Oxford Nanopore Community; and
- Marketing data such as your preferences in receiving marketing messages from us.
We may also use financial details, such as payment card details, via our third-party payment services provider when you make an online purchase from us, but neither we nor our payment services provider store this information.
We also collect, use and share aggregated data such as statistical data on the proportion of website visitors using the various parts and features of the site.
We do not collect any sensitive personal data about you (details such as race, ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, genetic or biometric data, or information relating to your health).
5. How we use personal data
We may use the personal data we collect for one or more of the following purposes:
- To ensure that content from our website is presented in the most effective manner for you and for your computer;
- To provide you with information, products or services that you request from us, or which we feel may interest you;
- To carry out our obligations arising from any contracts entered into between you and us;
- To allow you to participate in interactive features of our services, when you choose to do so;
- To protect our rights;
- To investigate fraud or other misconduct; and
- To notify you about changes to our services.
6. The lawful bases on which we collect and use personal data
We only collect and use personal data on one or more of the following lawful bases:
You have freely given your explicit consent for us to collect and use the data for one or more specific purposes that we have clearly explained to you (such as sending you information about our products and services);
We need the information in order to be able to enter into or fulfil a contract with you (such as supplying the product you have ordered);
We have a legitimate interest in using the data in a way which might reasonably be expected as part of running our business, and which does not materially impact your rights or interests (such as using data to personalise your experience of our website).
7. How we protect personal data
The security of your personal data is important to us and we take steps reasonably necessary to safeguard your personal data in our custody and control from unauthorised access, use or disclosure.
With respect to personal data in our custody and control we have physical, administrative and technical security measures in place designed to:
- Prevent unauthorised persons from gaining access to data processing systems in which personal data are processed;
- Prevent persons entitled to use a data processing system in our custody and control from accessing personal data beyond their needs and authorisations;
- Protect personal data in electronic transit from unauthorized reading, copying, modification or removal;
- Maintain access logs to establish whether, and by whom, the personal data was entered into, modified on or removed from a data processing system;
- To limit data processing done by a data process working on our behalf to process data only in accordance with our instructions;
- Protect personal data against unintentional destruction or loss.
We also have organisational security measures in place, including measures to applicable to all employees, agents, contractors, or other parties working on our behalf who have access to personal data in our custody and control with respect to:
Appropriate training, and awareness of their responsibilities for data privacy;
Access is granted access to personal data only to the extent required to carry out their assigned duties. ONT makes reasonable efforts to secure personal data in our custody and control, and prevent unauthorised access or processing. We ask that you limit such personal data you share with us to that which is necessary.
8. How long we keep personal data for
We only keep personal data for as long as is necessary for the purpose for which it was collected, and to meet any applicable legal requirements and or in accordance with our data retention policy unless a shorter period is required under law.
At the end of that period, personal data is either securely deleted, or is anonymised and/or aggregated so that it can be used in a non-identifiable way for statistical analysis and business planning.
We may continue to keep your information beyond this if we are legally required to for example to prevent abuse, fraud, or to resolve disputes.
9. Who we share personal data with
We may share your personal data with other companies within our group, including subsidiaries and our holding company and its subsidiaries.
In the event that we choose to sell, transfer, or merge part our business, your personal data may be shared with potential counterparties provided that they are subject to confidentiality obligations. In the event of a sale of all or part of the business, your personal data will, where relevant, be transferred to the new owner or controlling party, under the terms of this Privacy Notice.
We will only share your personal data with law enforcement, regulatory or other Government bodies when required to do so, or to comply with a valid legal request such as a court order.
We may share your personal data with third party service providers working on our behalf to collect, store, process, and safeguard your personal data, including:
- IT companies who support our website and other business systems;
- Operational companies such as distributors, resellers and delivery couriers;
- Marketing companies who help us manage our electronic communications with you.
- When we use third party service providers:
- We only share with them the information they need to perform their specific services;
- They may only use your data for the exact purposes we specify in our contract with them;
- We work closely with them to ensure that your privacy is respected and protected at all times;
- If we stop using their services, any of your data held by them will either be deleted or rendered anonymous.
10. Where we store and process personal data
The personal data we hold is stored and used within the countries within which Oxford Nanopore is legally registered, including the UK and the member countries of the EU or the EEA (the EU plus Iceland, Liechtenstein and Norway).
We may sometime share personal data that we collect from you to third-party data processors in countries that are outside these jurisdictions, for example, if required in order to fulfil your order, or provide support services. In addition, personnel working for Oxford Nanopore affiliates may access certain personal data to the extent necessary for their duties from other countries. If we do this, we require all our third-party service providers and data processors, including our affiliates, by written contract (such as a standard contractual clause), to implement appropriate security measures to protect your data. Third-party service providers may disclose Customer Data as necessary in connection with their performance of services and in accordance with our instructions. Third-party service providers may also disclose your data when required to comply with disclosure requirements imposed by court order, law, or a governmental or regulatory agency. Our third parties may be required to disclose your data to courts, parties to litigation, government authorities, regulators, or law enforcement.
Any transfer of your personal data will follow applicable laws and we will treat the information under the guiding principles of this privacy notice.
11. Your rights
You have the right:
- To be informed about the collection and use of your personal data by us, including the purposes we use the data for, and the lawfulness of those purposes. This privacy notice aims to give you this information, and you can contact us at any time.
- To request a copy of any personal data we hold about you.
- To ask us to correct the personal data we hold about you if it is incorrect, out of date or incomplete.
- To instruct us to stop using your personal data for direct marketing, either through specific channels, or all channels.
- To withdraw your consent for any processing that you have previously given consent to.
To exercise any of these rights, please contact our Data Protection Officer by email to email@example.com or by post at Data Protection Officer, Oxford Nanopore, Gosling Building, Edmund Halley Road, Oxford Science Park, Oxford, United Kingdom, OX4 4DQ.
In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.
To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this privacy notice. If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.
12. Contacting the Regulator
If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office. Details are available on the website of the Information Commissioner’s Office at www.ico.org.uk/concerns. The telephone number of the Information Commissioner’s Office is 0303 123 1113.
If you are based outside the UK, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence.
13. Your privacy rights - California customers
Accessing Person Data. We will provide you with the means to ensure that any of your personal data that we have collected is correct and current. You may review this information by contacting our Data Protection Officer by sending an email to firstname.lastname@example.org.
California Online Privacy Protection Act. As required by the California Online Privacy Protection Act (“California Act”) and the California Business and Professions Code, this Privacy Statement identifies the categories of personally identifiable information (as that term is defined in the California Act) that we collect about individual consumers who use or visit our website and the categories of third-party persons or entities with whom such personally identifiable information may be shared. See more about the California Act at http://consumercal.org/california-online-privacy-protection-act-caloppa…
California Consumer Privacy Act of 2018 (CCPA). You have the right to request, twice a year and free of charge, certain information about parties to whom we have disclosed or sold your personal data in the prior calendar year and a description of the categories of personal data shared. Additionally, upon request, twice a year and free of charge, we shall provide to you any information relating to your personal data and our processing of your personal data in a concise, transparent, intelligible and easily accessible form using clear and plain language. To make such a request, please send an email to email@example.com and please include the phrase "Personal Information Privacy Request" in the subject line, the domain name of the website you are inquiring about, along with your name, address and email address. You also may contact us via post to
Data Protection Officer, Oxford Nanopore, Gosling Building, Edmund Halley Road, Oxford Science Park, Oxford, United Kingdom, OX4 4DQ. You can also ask us to delete your personal data stored on our platform. If we receive a request to delete your data, we will ask you if you want your personal data to be removed entirely or if you want to be kept on a list of individuals who do not want to be contacted in the future (for a specified period or otherwise). We cannot keep a record of individuals whose personal data we have deleted so you may be contacted again by us, should we come into possession of your personal data at a later date. If you exercise your rights under the CCPA, we will not discriminate against you. Requests to know and requests to delete will be honored within 45 days; if more time is needed to respond, we will notify you. We will respond to your request to opt-out within 15 days. You may also designate an authorized agent to make a request on your behalf.
The CCPA allows Authorized Representatives or Agents (an “Agent”) to submit CCPA requests on your behalf. If you designate an Agent, we will have to verify that the you have granted said agent the authority to submit one of these requests. In order to make this verification, please have your Agent contact us at firstname.lastname@example.org with an email that includes: (i) the phrase "Personal Information Privacy Request" in the subject line; (ii) the domain name of the website you are inquiring about; (iii) the right you would like to exercise; (iv) your full name, birth date, address, email address and phone number; and (v) your Agent’s full name, birth date, email address and phone number. Once we have received this information, we will follow up with the Agent on the next steps and what to expect.
Alternative formats of this information are available to individuals with a disability. Please contact us at email@example.com for assistance.
14. If you have any questions
If you have any questions, please contact our Data Protection Officer by email at firstname.lastname@example.org or by post to Data Protection Officer, Oxford Nanopore, Gosling Building, Edmund Halley Road, Oxford Science Park, Oxford, United Kingdom, OX4 4DQ.