Cresset Biomolecular Discovery Limited, trading as Cresset, is registered as a company in England and Wales: 4151475. Our registered office address is New Cambridge House, Bassingbourn Road, Litlington, SG8 0SS, UK.
As Data Controller, Cresset respects the privacy of the companies and individuals that register and use our website (https://www.cresset-group.com) and use our services. You can access the services (“Services”) via our website, applications on devices, APIS and through third parties. You may contact our Data Controller at email@example.com if you have questions or concerns regarding this privacy notice or concerns regarding your personal information and processing of data by Cresset.
This privacy notice is designed to describe who we are, how and why we obtain, store and process personal data which can identify you and under what circumstances it will be shared. Keeping your information secure is one of Cresset’s most important responsibilities. We will update this notice from time to time and shall indicate on our website when changes have been made.
2 Information we collect directly from you
In the course of your interaction with our websites and our Services, your data will be processed by the following companies:
- Cresset Group
- AMAZON AWS
Information is collected from you via web forms on our website, during meetings, or when you use our applications or purchase our products or services. The information we collect is clearly set out at the point of collection. In addition, we may collect the following personal information about you:
- Application and website usage data
- File transfer and viewing data
- Operating system version, location / region of IP
- For mobile app users: device type, operating system, and app version, build number, unique user id
3 California Consumer Privacy Act (“CCPA”)
If you are a resident of California, the CCPA offers you important rights which you can exercise. In summary, those include the right to request certain information regarding Cresset’s disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please write to firstname.lastname@example.org. Please include your name, mailing address, and email address if you want to receive a response by email. Otherwise, we will respond by postal mail within the time required by applicable law. Cresset will not sell your information to anyone.
4 EU General Data Protection Regulation (EU) 2016/679 (“GDPR”) and UK General Data Protection Regulation
If you are based in the EU or the UK, under the GDPR you have certain rights which you can exercise free of charge. In summary, those rights include:
- The right to access your personal information;
- The right to rectification of inaccurate personal information;
- The right to erasure (the right to be forgotten);
- The right to data portability;
- The right to object at any time to processing of your personal information for direct marketing;
- The right to object to decision-making based solely on automated processing, including
- profiling, which produces legal effects concerning you or similarly significantly affects you;
- The right to restrict the processing of your personal information in certain circumstances; and
- The right to file a complaint with a supervisory authority;
- You may also file a complaint by emailing email@example.com
For further information on each of those rights, including the circumstances in which they apply, see the guidance from the European Data Protection Board at http://www.edpb.europa.eu/edpb_en.
5 Cresset’s global privacy practices
Cresset is a global business and as one, will store and process the information we collect or process in the United States in accordance with this privacy notice (our sub-processors may store and process data outside the United States, the UK and the EEA). Notwithstanding the previous, Cresset, also understands that different regions and countries around the world have different privacy expectations. Cresset takes measures to ensure that any data transfers comply with applicable data protection laws and that your personal information remains protected to the standards described in this privacy notice.
Where applicable law requires us to ensure that an international data transfer is governed by a data transfer mechanism, we use one or more of the approved mechanisms, e.g., EU Standard Contractual Clauses with a data recipient outside the EEA or the UK, or verification that the recipient has implemented Binding Corporate Rules.
6 Information we collect from other sources
We also collect information about you from other sources and combine this information with personal data provided by you. This helps us to update, expand and analyze our records, identify new customers and create more tailored advertising to provide services of interest to you. In particular, we collect personal data from third-party providers of business contact information, including professional contact details, employment-related information such as job titles, and device / location-related information such as IP addresses for purposes of responding to an interest you have in our services, targeted advertising, delivering relevant email content, event promotion and profiling.
We obtain information through partners, vendors, distributors, recruitment agencies, suppliers and other third parties. These enterprises largely fall into the following categories: partners, hosts or vendors at events or trade shows, research partners and enterprises that deploy Cresset technology or third-party offerings that include Cresset technology.
7 Why we collect it
We collect information about you so that we can personalize your use of our website, send you newsletters or email alerts, conduct surveys, register you for events, enable and enhance your use of our software and services. Depending upon your selections at the point of data collection we will send you information about related products and services from us. If specific personal data is not provided it will not be possible for us to provide the products or Services you have requested.
8 Where we store the data we collect
We maintain physical, electronic and procedural safeguards that comply with all data protection laws and regulations applicable to the processing of personal information, including but not limited to the laws and regulations of the European Union, the European Economic Area and their member states, Switzerland, the United Kingdom, and the United States. We limit access to personal information to third parties and employees who have a business reason to know this information. We maintain strict internal policies against unauthorized disclosure or use of your personal information.
By using our Services, you are consenting to the collection, processing, storage, transfer, disclosure and other uses of your information as described in this privacy notice. The personal data that we collect from you is stored at destinations within and outside the European Economic Area (‘EEA’). It is also processed by staff operating outside the EEA who work for us or for one of our suppliers, partners or distributors. Such staff are engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to our website; any transmission is at your own risk.
9 Who we disclose it to
The personal data you provide to us will be disclosed to third parties, including our partners and distributors, where there is a legitimate interest to fulfil the service requested by you. We will only share personal information to those third party vendors or service providers to help us provide a product or service to you. Examples of third parties we work with are our subsidiaries or affiliate companies, invoicing suppliers, information processors, financial institutions and professional advisors. These third parties only have access to personal information necessary for them to perform their services.
Cresset may be required to share your information in other circumstances, such as:
(i) assisting government enforcement agencies; (ii) investigating and defending Cresset against third party claims or allegations; and/or (iii) protecting the rights, property, or personal safety of Cresset or others, provided it does not outweigh your personal rights. If Cresset is forced to make such additional disclosures, Cresset will always use reasonable efforts to provide you prior notice.
Cresset will not share personal information with other non-affiliated third-party companies for their commercial use without your consent. In limited circumstances, if you express interest in our Services, but we determine one of our partners is better suited to supply that service, we may share your information with that partner, to enable you to obtain suitable services from them directly.
Cresset may share non-personal information, such as anonymous user data and traffic data, to better understand usage patterns and trends analysis for certain content, advertisements, promotions, services, and/or functionality of Cresset’s websites and desktop applications.
In certain circumstances we will need to disclose information about you if you breach this privacy notice or if you breach our Software License Agreement. We will also disclose your personal data if required to do so by law or by any Governmental body.
10 How long we retain your data
We retain personal data for the period necessary to provide the services you have requested and fulfil the contractual obligation, including maintaining opt-out lists to fulfil advertising and marketing choices or to comply with mandatory record retention or legal hold requirements, as agreed in an individual consent; and to resolve disputes, and to otherwise fulfil the purposes, rights and obligations outlined in this privacy notice.
Retention periods can vary significantly based on the type of information and how it is used. Our retention periods are based on criteria that include legally mandated retention periods, pending or potential litigation, our intellectual property or ownership rights, contract requirements, operational directives or needs, and historical archiving. When personal data is removed from our systems, it will be deleted or destroyed using appropriate security protocols so that it cannot be reconstructed or read.
We will manage your interactions with us on a number of platforms. Cresset maintains a presence on social media websites including Twitter, Facebook, LinkedIn and YouTube. In addition, we use conference platforms, including Microsoft Teams, GoToMeeting, GoToWebinar and Zoom. If you send us a message via any of these channels we will capture this message in our internal systems.
Keeping information about you secure is very important to us so our website will encrypt data using SSL or a comparable standard. However, no personal data transmission over the Internet can be guaranteed to be totally secure. As a result, whilst we strive to protect your personal information, we cannot ensure or warrant the security of any information which you send to us, and you do so at your own risk.
12 Third-party websites
Third-party websites and services we link to through our websites have their own privacy policies, independent of us. We hold no responsibility or liability for these independent policies. We encourage you to look for and review the privacy policies of any third-party website you visit.
13 Data on minors
We do not knowingly collect personal information of children under thirteen (13) and no part of our website is directed to personas under the age of thirteen (13).
14 Accessing and updating your personal information
We will always let you have a copy of personal information we have about you, should you request it, and you are entitled to correct it or request deletion if you wish. Provision of your personal information will be provided free of charge, unless the request is deemed to be manifestly unfounded, excessive or repetitive, in which case an administrative fee will be charged. All requests for information will be provided within a month.
If you have any questions or complaints relating to this privacy notice, or require further details on how we use and process the personal information we have about you, please contact us. We will respond to you promptly.
16 Notice owner
This notice is owned and maintained by Cresset Biomolecular Discovery Ltd.
17 Notice review date
Date last reviewed: March 2023