About this Policy
1.1 Thank you for your interest in Isotopx products. Your data privacy is important to us and we want to reassure you about how we use your personal information.
1.2 This privacy notification sets out how Isotopx handles your personal information, including when and why it is collected and used, as well as how it is kept secure.
1.3 You will find our contact details at the end of this policy which you can use if you have any questions.
1.4 This policy was last updated on 9th May 2018
Who we are
2.1 Isotopx Ltd is based in the United Kingdom (UK) with affiliates in the United States (US). For the purpose of this privacy notification, the term ‘we’ and ‘us’ refers to Isotopx Ltd as a whole.
2.2 Isotopx Ltd will be known as the data ‘controller’ of your personal information, deciding how your personal information is managed.
What information do we hold and when do we collect it
3.1 Personal information you provide
3.1.1 Information you provide us and which we store is: who you are (names), contact details (email, work address, phone number) and IP address.
3.2 When do we collect this personal information?
3.2.1 Information is collected:
- When you purchase a product or service,
- When you contact us by any means with queries, complaints etc in formats such as: email, correspondence over the phone or information you have provided voluntarily,
- In order to facilitate the receipt of goods if you are one of our suppliers and pay you accordingly,
- Where necessary, complete an End User Understanding (EUU) see section 4.2.1.
3.2.2 We use an analytics software tool which analyses user interaction with our website. This is achieved using web cookies and enables us to see the website pages visited, time spent on those pages and the date visited.
3.2.3 The analytics tool does not reveal any personal information to us, and only provides generic locations; e.g narrows down usage to cities as well as service provider. This information is gathered to form general reports on website traffic flows, monitor user behaviour on the website and analyse how users access our website. See section 4.4.
3.3 Section 4 below goes into more detail about how we use the above data, in line with our legal basis for doing so.
How your Personal Information is used
4.1 Contract as a legal basis
4.1.1 Under GDPR, ‘Contract’ legal basis article 6 (1)(b) “processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract”
4.1.2 We use ‘Contract’ as the legal basis for processing. When do we use that information?
- For general administration, including storing commercial sales information, (Quotes / Sales Orders) and supplier contact information to fulfil our contractual obligations,
- To fix diagnosis issues only. We store IP addresses to access your instrument PC when asked to fix diagnosis issues with your instrument, following your explicit contractual agreement,
- To correspond and communicate with you regarding a current order or potential order,
4.2 Legal Compliance
4.2.1 In some instances, we will require the use of your personal data to:
- Complete an End User Understanding (EUU) document. The completed EUU you provide us, is used to identify the final end user only and is shared with the United Kingdom Government, Department for International Trade. If you are asked to provide your personal data, your personal data enables us to comply with United Kingdom legislation and consequently complete your order,
- When we have been asked by the UK fraud and crime agencies, Isotopx will disclose your personal information to fulfil our legal obligations.
4.3 Legitimate Interests
4.3.1 Where we require the use of your personal data to pursue our legitimate interests, it is used in a way which is expected as part of running our business and which does not directly or indirectly impact your rights, freedoms or interests. For example, in ways such as:
Internal analysis and reporting of website traffic to ensure our website is as effective as possible (discussed above in 3.2.2),
- Comply with your request to exercise your rights,
- Preventing fraud,
- Contact you via email when you have asked for assistance or requested further information about Isotopx products or services,
- If you are our supplier, we use and store personal data of the individuals that we’ve communicated with within your organisation in order to facilitate the receipt of goods from you. In addition, we hold your financial details, so that we can pay you for those goods,
- If you follow Isotopx on Facebook or LinkedIn you may receive communications from us about our latest services, products and product releases,
- If you have signed up to TIMS list servers, where you have opted-in to communications from various parties, we will be part of this, and on occasions contact you via email about where you will find our conference stand, details about the talks we’ll be giving as well as any events that we host.
How do we keep your information safe?
5.1 While data security is never guaranteed, we take the protection of your personal information seriously. We take proactive steps to ensure your personal information is protected, from measures such as secure anti-virus software, strong internet firewalls and cloud technology.
5.2 Our main security measures are:
Transfer of personal information in encrypted format e.g names & delivery addresses,
Up to date software which provides strong security patches,
Personal information referred to in section 4.1.2 is protected under as a ‘Need to Know’ basis,
IT firewalls to prevent malware and ransomware,
5.3 If you are based in the European Economic Area (EEA), the data that is collected about you in the EEA, may be transferred outside the EEA. In this instance, processing of your personal data would only take place and be handled by our staff located outside the EEA. It is not shared with any third parties. This processing could be used to complete an order for you, take contact details or form part of general administration outlined in section 4.
All this work outside the EEA does not depart from our commitment to GDPR and data security outlined in sections 5.1 and 5.2.
6.1 Your rights as the ‘Data Subject’
6.1.1 Under GDPR, you as the ‘Data Subject’ have greater rights over how your data can be used. In exercising these rights, we will always seek to resolve your requests within 30 days, however, in most cases we will require proof of identity, which will help us locate your personal information faster.
6.1.2 In our response to your access request, we will provide you with a copy of the personal information we hold on you, in a commonly used format (eg xls file) via encrypted email.
6.1.4 If you think that your personal data has not been handled in an appropriate manner, you have the right to complain by contacting the ICO via their website at www.ico.org.uk/concerns.
How long do we keep your information for?
7.1 We retain your personal information for as long as the business requires it. As soon as that information is no longer needed by the business, that information is deleted.
We restrict access to your personal information, so that only those that need to see it do and those that don’t, cannot.
8.1 You can contact us using the following email address at firstname.lastname@example.org.