Bringing tissue repair to life

 

Privacy Policy

Who we are

Our website address is: http://www.videregen.com/

PURPOSE OF THIS PRIVACY NOTICE 

This is Videregen Ltd’s (we, us or our) Privacy Policy for our external business activities relating to our use of the Personal Data of: 

  • users of our website; 
  • employees of our customers, suppliers and potential customers & suppliers; and 
  • others who may be interested in our business. 

This Privacy Notice aims to give you information on how we collect and process your Personal Data through your use of this website and other sources, when you engage with us. 

CONTROLLER 

Please contact the CFO (dougquinn@videregen.com) if you have any queries relating to our Group and data protection or if you wish to exercise your rights. 

Our processing of Personal Data is regulated by the Information Commissioner’s Office (ICO) (www.ico.org.uk). 

This version was last updated on 8th January 2020, previous versions can be obtained by contacting us. 

THE DATA WE COLLECT ABOUT YOU 

Personal Data means any information about an individual from which that person can be identified. 

We may collect, use, store and transfer different kinds of Personal Data about you, which we have grouped together as follows: 

  • Identity Data – name, title, date of birth and gender. 
  • Contact Data – email address, telephone numbers, addresses. 
  • Technical Data – internet protocol (IP) address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website. 
  • Usage Data – information about how you use our website. 
  • Marketing and Communications Data – your preferences in receiving marketing from us and your communication preferences. 

HOW IS YOUR PERSONAL DATA COLLECTED? 

  • You may give us Identity and Contact Data by filling in forms or by corresponding with us. 
  • We may automatically collect Technical and Usage Data about your equipment, browsing actions and patterns. We collect this Personal Data by using cookies and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies. Please see our Cookie Policy for further details. 

HOW WE USE YOUR PERSONAL DATA 

We will only use your Personal Data when the law allows us to. Most commonly, we will use your Personal Data where: 

  • it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests; or 
  • we need to comply with a legal or regulatory obligation. 

We do not rely on consent as a legal basis for processing your Personal Data. 

PURPOSES FOR WHICH WE WILL USE YOUR PERSONAL DATA 

Business purposes 

The purposes for which personal data may be used by us, including personnel, administrative, financial, regulatory, payroll and business development purposes. 

Business purposes include the following: 

  • Compliance with our legal, regulatory and corporate governance obligations and good practice. 
  • Gathering information as part of investigations by regulatory bodies or in connection with legal proceedings or requests. 
  • Investigating complaints. 
  • Marketing our business. 
  • Improving services. 
 

Supplier Employee Data 

Data Held  Reason for Processing  Lawful Basis for Processing Data  Retention Policy 
Names, addresses, bank details, VAT registration details, amounts billed, daily rates or contract rates.  To facilitate our relationships with our external suppliers.  Legitimate interest, to engage those suppliers.  6 years from the end of the last company financial year they relate to, or longer if they show a transaction that covers more than one of the company’s accounting periods for HMRC tax  requirements. 
 

Investors’ Data 

Data Held  Reason for Processing  Lawful Basis for Processing Data  Retention Policy 
Names, addresses, shareholding. To identify those holding shares in the business. Performance of a contract (if direct relationship with that investor). Legal obligation.To be retained indefinitely for as long as schedules, certificates etc. remain active
 

Website user Data

Data Held  Reason for Processing  Lawful Basis for Processing Data  Retention Policy 
Identity Data Contact Data Technical Data Usage Data.  Promoting our products and services on the internet and acting as a portal for requests for information.  Necessary for our legitimate interests, to maintain a website providing information about our Group and  products and services.  12 months from the end of the calendar year in which the information was received. 
 

We may process your Personal Data for more than one lawful ground depending on the specific purpose for which we are using your data. 

No patient data is held by us, third party data collectors hold the data relating to testing of our products including sensitive medical information. While we do not come in to contact with any personal data through these agreement, as we benefit from these activities we keep our contracts with third party contractors under review to ensure activities are carried out in accordance with Date Protection legislation. 

MARKETING 

When carrying out electronic marketing of our products and/or services, we do not market to individuals, only on a business to business basis (including healthcare organisations). 

If you receive marketing communications from us, you can ask us to stop sending you marketing communications at any time either by contacting our CFO or by using the unsubscribe link on our marketing communications. 

COOKIES 

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. For more information about the cookies we use, please see our cookie policy. 

CHANGE OF PURPOSE 

We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to have an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us. 

Please note that we may process your Personal Data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law. 

DISCLOSURE OF YOUR PERSONAL DATA 

We may have to share your Personal Data with the parties set out below for the purposes in the table above: 

  • Internal third parties within our Group. 
  • Third party providers carrying out services on our behalf. 
  • Our regulators. 
  • Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. 

We require all third parties to respect the security of your Personal Data and to treat it in accordance with the law. 

We do not allow our third party service providers to use your Personal Data for their own purposes and only permit them to process your Personal Data for specified purposes and in accordance with our instructions. 

INTERNATIONAL TRANSFERS 

Whenever we transfer your Personal Data out of the European Economic Area, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is met: 

  • That country has been deemed to provide an adequate level of protection for Personal Data by the European Commission. 
  • Where we use certain service providers, we may use specific contracts approved by the European Commission which give Personal Data the same protection it has in Europe. 
  • Where we use providers based in the United States of America, we may transfer data to them if they are part of ‘Privacy Shield’ which requires them to provide similar protection to Personal Data shared between the European Union and the United States of America. 

DATA SECURITY 

We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality. 

We have put in place procedures to deal with any suspected Personal Data breach and will notify you and any applicable regulator of a breach where we are legally required to do so. 

DATA RETENTION 

We will only retain your Personal Data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. 

To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements. 

YOUR LEGAL RIGHTS 

Under certain circumstances, you have the following rights under data protection laws in relation to your Personal Data: 

  • Request access. 
  • Request correction. 
  • Request erasure. 
  • Object to processing. 
  • Request restriction. 
  • Request transfer. 
  • Withdraw consent. 

If you wish to exercise any of the rights set out above, please contact our CFO. 

You also have the right to lodge a complaint with our supervisory authority, the ICO (www.ico.org.uk). 

NO FEE USUALLY REQUIRED – You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances. 

WHAT WE MAY NEED FROM YOU – We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. 

TIME LIMIT TO RESPOND – We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.