Privacy notice

1        Introduction

Cresset Biomolecular Discovery Limited, trading as Cresset, is registered as a company in England and Wales: 4151475. Our registered office address is New Cambridge House, Bassingbourn Road, Litlington, SG8 0SS, UK.

​As Data Controller, Cresset respects the privacy of the companies and individuals that register and use our website ( and use our Services. The terms of this Privacy notice apply to your use of our applications, our websites or purchasing our products or services (“Services”). You can access these Services via our website, applications on devices, APIs and through third parties. You may contact our Data Controller at if you have questions or concerns regarding this privacy notice or concerns regarding your personal information and processing of data by Cresset.

This privacy notice is designed to describe who we are, how and why we obtain, store and process personal data which can identify you and under what circumstances it will be shared. Keeping your information secure is one of Cresset’s most important responsibilities. We will update this notice from time to time and shall indicate on our website when changes have been made.

2        Information we collect directly from you

In the course of your interaction with our websites and our Services, your data may be processed by the following companies:

  • Cresset Group
  • DocuSign
  • Egnyte
  • Freshworks Inc
  • Google
  • HubSpot
  • LinkedIn
  • Microsoft
  • PandaDoc
  • Spotler
  • Twitter
  • Zoho Corporation

Information is collected from you via web forms on our website, during meetings, or when you use our Services. The information we collect is clearly set out at the point of collection. In addition, we may collect the following personal information about you:

  • Application and website usage data

  • File transfer and viewing data

  • Operating system version, location/region of IP

  • For mobile app users: device type, operating system, and app version, build number, unique user id

  • Browser type and version

  • Network provider

  • Page interaction information

  • Download history

  • Email interaction data

  • Chat logs from customer service interactions

  • User journey on website or app

  • Customer segmentation data

  • Opt-in/out records for marketing

  • Terms and conditions acceptance logs

  • Role/position in company (for B2B)

  • Company affiliation (for B2B)

We may also collect your IP address and use cookies unless you configure your web browser not to accept them. This website uses Google Analytics, a web analytics service provided by Google, Inc. (‘Google’). Google Analytics uses ‘cookies’, which are text files placed on your computer, to help the website analyze how users use the website. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google transfers this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. If you refuse the use of cookies by selecting the appropriate settings on your browser you will not be able to use the full functionality of this website. By using this website, you consent to the processing of personal data about you by Google in the manner and for the purposes set out above. You can opt-out of Google Analytics tracking if you prefer.

3        California Consumer Privacy Act (“CCPA”)

If you are a resident of California, the CCPA offers you important rights which you can exercise. In summary, those include the right to request certain information regarding Cresset’s disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please write to Please include your name, mailing address, and email address if you want to receive a response by email. Otherwise, we will respond by postal mail within the time required by applicable law. Cresset will not sell your information to anyone.

4        EU General Data Protection Regulation (EU) 2016/679 (“GDPR”) and UK General Data Protection Regulation

If you are based in the EU or the UK, under the GDPR you have certain rights which you can exercise free of charge. In summary, those rights include:

  • The right to access your personal information;
  • The right to rectification of inaccurate personal information;
  • The right to erasure (the right to be forgotten);
  • The right to data portability;
  • The right to object at any time to processing of your personal information for direct marketing;
  • The right to object to decision-making based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you;
  • The right to restrict the processing of your personal information in certain circumstances; and
  • The right to file a complaint with a supervisory authority;
  • You may also file a complaint by emailing

For further information on each of those rights, including the circumstances in which they apply, see the guidance from the European Data Protection Board at

5        Cresset’s global privacy practices

Cresset is a global business and as one, will store and process the information we collect or process in the United States in accordance with this privacy notice (our sub-processors may store and process data outside the United States, the UK and the EEA). Notwithstanding the previous, Cresset, also understands that different regions and countries around the world have different privacy expectations. Cresset takes measures to ensure that any data transfers comply with applicable data protection laws and that your personal information remains protected to the standards described in this privacy notice.

Where applicable law requires us to ensure that an international data transfer is governed by a data transfer mechanism, we use one or more of the approved mechanisms, e.g. EU Standard Contractual Clauses with a data recipient outside the EEA or the UK, or verification that the recipient has implemented Binding Corporate Rules.

6        Information we collect from other sources

We also collect information about you from other sources and combine this information with personal data provided by you. This helps us to update, expand and analyze our records, identify new customers and create more tailored advertising to provide services of interest to you. In particular, we collect personal data from third-party providers of business contact information, including professional contact details, employment-related information such as job titles, and device / location-related information such as IP addresses for purposes of responding to an interest you have in our Services, targeted advertising, delivering relevant email content, event promotion and profiling.

We obtain information through partners, vendors, distributors, recruitment agencies, suppliers and other third parties. These enterprises largely fall into the following categories: partners, hosts or vendors at events or trade shows, research partners and enterprises that deploy Cresset technology or third-party offerings that include Cresset technology.

7        Why we collect it

We collect personal data for the purpose of enriching your interaction and experience with our suite of products and Services. Here is how your data is used, sorted by our lawful basis for each activity:

Legitimate interests:

  • Personalization of website experience: We collect data to tailor your experience, ensuring that you find relevant products and content during your visits.
  • Conducting surveys: We may reach out to solicit your feedback on our Services to continuously improve our offerings. These may be conducted through platforms like Zoho Survey.
  • Software and service enhancement: Data is used to identify trends and understand how to improve the functionality and features of our software and Services.


  • Newsletters and email alerts: With your explicit consent, we'll send you newsletters and alerts to keep you updated on new product releases, updates, and special offers. These are often managed through platforms like Spotler.
  • Marketing and promotional activities: We may use your information to notify you of events you may be interested in, such as webinars, workshops, and conferences.

Contract fulfilment:

  • Service delivery: Certain personal data are necessary for us to fulfill our contractual obligations, including providing the products or Services you've purchased or signed up for.
  • Customer support: When you reach out to our support team via Freshdesk or other platforms, we use your information to identify you and assist you more efficiently.

8        Where we store the data we collect

We maintain physical, electronic and procedural safeguards that comply with all data protection laws and regulations applicable to the processing of personal information, including but not limited to the laws and regulations of the European Union, the European Economic Area and their member states, Switzerland, the United Kingdom, and the United States. We limit access to personal information to third parties and employees who have a business reason to know this information. We maintain strict internal policies against unauthorized disclosure or use of your personal information.

By using our Services, you are consenting to the collection, processing, storage, transfer, disclosure and other uses of your information as described in this privacy notice. The personal data that we collect from you is stored at destinations within and outside the European Economic Area (‘EEA’). It is also processed by staff operating outside the EEA who work for us or for one of our suppliers, partners or distributors. Such staff are engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to our website; any transmission is at your own risk.

9        Who we disclose it to

The personal data you provide to us will be disclosed to third parties, including our partners and distributors, where there is a legitimate interest to fulfil the Service requested by you. We will only share personal information to those third-party vendors or service providers to help us provide a Service to you. Examples of third parties we work with are our subsidiaries or affiliate companies, invoicing suppliers, information processors, financial institutions and professional advisors. These third parties only have access to personal information necessary for them to perform their services.

Cresset may be required to share your information in other circumstances, such as:

(i) assisting government enforcement agencies; (ii) investigating and defending Cresset against third party claims or allegations; and/or (iii) protecting the rights, property, or personal safety of Cresset or others, provided it does not outweigh your personal rights. If Cresset is forced to make such additional disclosures, Cresset will always use reasonable efforts to provide you prior notice.

Cresset will not share personal information with other non-affiliated third-party companies for their commercial use without your consent. In limited circumstances, if you express interest in our Services, but we determine one of our partners is better suited to supply that service, we may share your information with that partner, to enable you to obtain suitable services from them directly.

Cresset may share non-personal information, such as anonymous user data and traffic data, to better understand usage patterns and trends analysis for certain content, advertisements, promotions, services, and/or functionality of Cresset’s websites and desktop applications.

In certain circumstances we will need to disclose information about you if you breach this privacy notice or if you breach our Software License Agreement. We will also disclose your personal data if required to do so by law or by any Governmental body.

10    How long we retain your data

We retain personal data for the period necessary to provide the Services you have requested and fulfil the contractual obligation, including maintaining opt-out lists to fulfil advertising and marketing choices or to comply with mandatory record retention or legal hold requirements, as agreed in an individual consent; and to resolve disputes, and to otherwise fulfil the purposes, rights and obligations outlined in this privacy notice.

Retention periods can vary significantly based on the type of information and how it is used. Our retention periods are based on criteria that include legally mandated retention periods, pending or potential litigation, our intellectual property or ownership rights, contract requirements, operational directives or needs, and historical archiving. When personal data is removed from our systems, it will be deleted or destroyed using appropriate security protocols so that it cannot be reconstructed or read.

We will manage your interactions with us on a number of platforms. Cresset maintains a presence on social media websites including Twitter, Facebook, LinkedIn and YouTube. In addition, we use conference platforms, including Microsoft Teams, GoToMeeting, GoToWebinar and Zoom. If you send us a message via any of these channels we will capture this message in our internal systems.

11    Security

Keeping information about you secure is very important to us so our website will encrypt data using SSL or a comparable standard. However, no personal data transmission over the Internet can be guaranteed to be totally secure. As a result, whilst we strive to protect your personal information, we cannot ensure or warrant the security of any information which you send to us, and you do so at your own risk.

12    Third-party websites

Third-party websites and services we link to through our websites have their own privacy policies, independent of us. We hold no responsibility or liability for these independent policies. We encourage you to look for and review the privacy policies of any third-party website you visit.

13    Data on minors

We do not knowingly collect personal information of children under thirteen (13) and no part of our website is directed to personas under the age of thirteen (13).

14    Accessing and updating your personal information

We will always let you have a copy of personal information we have about you, should you request it, and you are entitled to correct it or request deletion if you wish. Provision of your personal information will be provided free of charge, unless the request is deemed to be manifestly unfounded, excessive or repetitive, in which case an administrative fee will be charged. All requests for information will be provided within a month.

15    Contact

If you have any questions or complaints relating to this privacy notice, or require further details on how we use and process the personal information we have about you, please contact us. We will respond to you promptly.

16    Notice owner

This notice is owned and maintained by Cresset Biomolecular Discovery Ltd.

17    Notice review date

Date last reviewed: September 2023