1.1 This privacy notice (Privacy Notice) sets out the ways in which we, Clustermarket Limited (we, us, our), collect and use your personal data (your personal information) in connection with our business. It also explains what rights you have to access or change your personal data.
1.2 In this privacy notice, the capitalised terms below have the following meanings:
1.2.1 Customer: means a user of the online portal who requests and uses equipment, laboratory and technical services from a Provider.
1.2.2 Listing: information published on the Platform by Providers about available equipment, laboratory and technical services.
1.2.4 Provider: means a user of the Portal who makes available equipment, laboratory and technical services via the online portal.
1.3 The Platform is not intended for children. We do not knowingly collect or maintain the personal information of children under the age of 13. If you are under the age of 13, please do not access the Platform at any time or in any manner. We will take appropriate steps to delete the personal information of persons under the age of 13.
2. ABOUT US
2.1 We are a company registered in England under company number 09485659 with our registered address as set out below.
2.2 You can contact us as follows:
FAO: Johannes Solzbach (CEO)
Address: Devonshire House, 582 Honeypot Lane, Stanmore, Middlesex, HA7 1JS, London, UK
3. INFORMATION WE MAY COLLECT ABOUT YOU
3.1 Information that you provide to us.
3.1.1 We will collect any information that you provide to us when you:
(a) are making an enquiry over the phone, by email or on our Platform;
(b) submit correspondence to us by post, email or via our Platform;
(c) create a n account to use the Platform;
(d) update your profile and other account details;
(e) subscribe to our newsletter and mailing lists;
(f) fill in a form, conduct a search, post a Listing, respond to surveys, participate in promotions or use any other features of the Platform
(g) submit reviews and comments on the Platform;
(h) contact other Participants via the Platform;
(i) register to and/or attend our events or meetups, including where you attend as a presenter;
(j) submit a CV/application to a job vacancy;
(k) attend an interview or assessment;
(l) make an application for paid advertising on our Platform;
(m) enter into a contract with other users of the Platform; and
(n) ‘follow’, ‘like’, post to or interact with our social media accounts, including Facebook, LinkedIn, Twitter, Xing and Google+.
3.1.2 The information you provide to us might include:
(a) Identity and contact data: title, names, addresses, email addresses and phone numbers;
(b) Account profile data: if you’re registering for an account you may also provide a password, website details, employment sector, job title/position, language preferences, proof of authority to register an account on behalf of an eligible legal entity in the science or technology sectors;
(c) Business data: If you are using the Platform to provide access to equipment and services to other users, you may provide personal information when supplying details of your business’/institution’s equipment, facilities and services, which may include details about staff members and the services they offer. If you are using the Platform to receive access to equipment and services from other users, you may provide personal information e.g. details of staff members that will require services/access to facilities and equipment;
(d) Financial Data: If you are using the Platform to make financial transactions either as a Customer or a Provider, you will also provide payment details, which may include billing addresses, credit/debit card details and bank account details;
(e) Survey data: from time to time we might ask if you would be willing to participate in our surveys; if you agree, we will also collect any information that you provide as part of that survey;
(f) Employment and background data: If you are submitting a job application, are attending or presenting at one of our events, or are providing information for advertising/marketing on the Platform, you may also provide additional information about your academic and work history, qualifications, skills, projects and research that you are involved in, references, proof of your entitlement to work in the UK, your national security number, your passport or other identity document details and any other such similar information that you may provide us; and
(g) Sensitive information: If you are submitting a job application, you may provide information about your race or ethnicity, religious beliefs, sexual orientation, health and whether or not you have any disability.
3.2 Information we collect about you:
(a) Information contained in correspondence: We will collect any information contained in any correspondence between us. For example, if you contact us using a query button on our Platform or by email or telephone, we may keep a record of that correspondence;
(b) Information transmitted on the Platform: We will collect information that you upload or post to your Platform account (e.g. in reviews, details of products, facilities and services you offer, availability dates) and/or any correspondence or interactions that you may have with other Platform users;
(c) Platform usage data: We will collect information about your interactions with the Platform, including information such as login data, IP address, page views, searches made on the Platform, booking details (including the location of the bookings), information submitted in connection with Listings, requests, orders, pre-approvals, confirmations, agreements between you and other Platform users and other actions on the Platform;
(d) Transactional data: We will collect information related to your transactions on the Platform, including the date and time, the amounts charged and other related transaction details; and
(e) Technical data: We will also collect certain information about how you use our Platform and the device that you use to access our Platform, even where you have not created an account or logged in. This might include your geographical location, device information (such as your hardware model, mobile network information, unique device identifiers), the data transmitted by your browser (such as your IP address, date and type of the request, content of the request regarding the specific site, time zone settings, access status/HTTP status code, volume of data transmitted, browser type and version, language settings, time zone settings referral source, length of visit to the Platform, date and time of the request, operating system and interface) number of page views, the search queries you make on the Platform and similar information.
3.2.2 This information may be collected by a third-party website analytics service provider on our behalf and/or may be collected using cookies or similar technologies. For more information on cookies please read paragraph 6 below.
3.3 “Special categories” of particularly sensitive personal information require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal information. We have in place an appropriate policy document and safeguards which we are required by law to maintain when processing such data. We process special categories of personal inform ation where it is needed in the public interest for equal opportunities monitoring.
3.4 Information we receive from third parties
3.4.1 In certain circumstances, we will receive information about you from third parties. For example:
(a) Platform users: we may receive personal information from other Platform users, who may be based inside or outside the EU, for example information that is posted or uploaded by other users (e.g. reviews by users, details about the services you offer, your expertise etc.), information relating to transactions and/or correspondence between Platform users;
(b) Fraud detection agencies: Where permitted or required by law, we may receive information about you, including demographic data or fraud detection information from third party service providers and/or partners who are based inside and outside the EU;
(c) Employers, recruitment agencies and referees: if you are a job applicant we may contact your recruiter, current and former employers and/or referees, who may be based inside or outside the EU, to provide information about you and your application;
(d) Service providers: we may collect personal information from our Platform developer, IT support provider, customer service support provider, survey tool providers and payment services provider (who are based inside and outside the EU);
(e) Platform security: we will collect information from our Platform security service partners who are based inside and outside the EU, about any misuse to the Platform, for instance, the introduction of viruses, Trojans, worms, logic bombs, Platform attacks or any other material or action that is malicious or harmful; and
(f) Publicly available sources: we currently use publicly available sources such as Companies House, for instance to carry out identity and compliance checks.
3.4.2 We might also receive information about you from third parties if you have indicated to such third party that you would like to hear from us.
4. HOW WE USE INFORMATION ABOUT YOU AND RECIPIENTS OF YOUR INFORMATION
4.1 We will use your information for the purposes listed below either on the basis of:
4.1.1 performance of your contract with us and the provision of our services to you;
4.1.2 your consent (where we request it);
4.1.3 where we need to comply with a legal or regulatory obligation; or
4.1.4 our legitimate interests (see paragraph 4.2 below).
4.2 We may use your information for the following purposes:
4.2.1 To provide access to our Platform: to provide you with access to our Platform in a manner convenient and optimal and with personalised content relevant to you including sharing your information with our Platform hosts and developers (on the basis of our legitimate interest to ensure our Platform is presented in an effective and optimal manner);
4.2.2 To register your account: when you sign up to use Clustermarket’s Platform, we will use the details provided on your account registration form (on the basis of performing our contract with you);
4.2.3 To enable you to communicate and transact with other Platform users: the Portal is an online marketplace that enables users to communicate with and transact with each other to use products and facilities made available by Providers. We will use the information you have provided (such as your name and contact details) to enable you to communicate and transact with each other (on the basis of our contract with you);
4.2.4 To process and facilitate transactions with us and with Platform users: we will use your information to process bookings and payments, and to collect and recover money owed to us (on the basis of performing our contract with you and on the basis of our legitimate interest to recover debts due);
4.2.5 To help resolve disputes between Platform users: we may use your information when we elect to provide assistance in relation to any disputes between Platform users (on the basis of performing our contract with you);
4.2.7 User and customer support: to provide customer service and support (on the basis of our contract with you), deal with enquiries or complaints about the Platform and share your information with our Platform developer, IT support provider, payment services provider, live chat service provider, survey provider as necessary to provide customer support (on the basis of our legitimate interest in providing the correct products and services to our Platform users and to comply with our legal obligations);
4.2.8 Prize draws, competitions and surveys: to enable you to take part in prize draws, competitions and surveys (on the basis of our legitimate interest in studying how our Platform and services are used, to develop them and grow our business);
4.2.9 Recruitment: to process any job applications you submit to us, whether directly or via an agent or recruiter, including sharing this with our third party recruitment agency (on the basis of our legitimate interest to recruit new employees or contractors);
4.2.10 Marketing: to keep in contact with you about our news, events, new Platform features or services that we believe may interest you, provided that we have the requisite permission to do so, and sharing your information with our marketing services provider (either on the basis of your consent where we have requested it, or our legitimate interests to provide you with marketing communications where we may lawfully do so);
4.2.11 Analytics: to use data analytics to improve our Platform, products/services, marketing, customer relationships and experiences (on the basis of our legitimate interests in defining types of customers for our Platform and services, to keep our Platform updated and relevant, to develop our business and to inform our marketing strategy);
4.2.12 Research: to carry out aggregated and anonymised research about general engagement with our Platform (on the basis of our legitimate interest in providing the right kinds of products and services to our Platform users);
4.2.13 Social media interactions: to interact with users on social media platforms including Facebook, Google+, Twitter, Xing and Linkedin, for example, responding to comments and messages, posting, ‘retweeting’ and ‘liking’ posts (on the basis of our legitimate interest in promoting our brand and communicating with interested individuals);
4.2.14 Fraud and unlawful activity detection: to protect, investigate, and deter against fraudulent, unauthorised, or illegal activity, including identity fraud (on the basis of our legitimate interests to operate a safe and lawful business or where we have a legal obligation to do so); and
4.2.15 Compliance with policies, procedures and laws: to enable us to comply with our policies and procedures and enforce our legal rights, or to protect the rights, property or safety of our employees and share your information with our technical and legal advisors (on the basis of our legitimate interests to operate a safe and lawful business or where we have a legal obligation to do so).
4.3 Where we use your information for our legitimate interests, we make sure that we take into account any potential impact that such use may have on you. Our legitimate interests don’t automatically override yours and we won’t use your information if we believe your interests should override ours unless we have other grounds to do so (such as your consent or a legal obligation). If you have any concerns about our processing please refer to details of “Your Rights” in paragraph 9 below.
5. WHO WE MIGHT SHARE YOUR INFORMATION WITH
5.1 In connection with the purposes and on the lawful grounds described above and in addition to the recipients of your information as described above, we may share your personal information with third parties that we work with such as:
5.1.1 Platform users: Other Platform users in the science and technology sectors who you use the Platform to transact, communicate with and review, who may be based both inside and outside the EU;
5.1.2 Partners, Clustermarket community members and collaborators: including small to medium enterprises and Providers who advertise on our Platform, science and technology accelerators, charities we sponsor, event hosts and partners (such as those involved in our Science Entrepreneur Club) based in the United Kingdom and Norway;
5.1.3 Clustermarket’s service providers: Service providers we work with to deliver our business, who are acting as processors and provide us with:
(a) platform development and hosting services based in India, Germany, Ireland, the United Kingdom and France;
(b) IT, system administration and security services based in India, United States and the United Kingdom;
(c) marketing and advertising services (including the Google Adwords service), analytics providers (including Google Analytics) based in the United States;
(d) survey tool services based in the United States;
(e) maps services (including Google Maps API), based in the United States;
(f) Social media plugin services including Facebook, Google+, Twitter, Xing and Linkedin based in the United States, United Kingdom and Germany;
(g) payment services based in the United States;
(h) identity verification, fraud prevention and detection services based in the United States;
(i) banking services based in the United Kingdom;
(j) legal, accountancy, auditing and insurance services based in the United Kingdom;
(k) recruitment service providers based in the United Kingdom;
5.1.4 Regulators and governmental bodies: HM Revenue & Customs, regulators, governmental bodies and other authorities acting as processors or joint controllers based in the United Kingdom who require reporting of processing activities in certain circumstances;
5.1.5 Prospective sellers and buyers of our business: any prospective seller or buyer of such business or assets, only in the event that we decide to sell or buy any business or assets; and
5.1.6 Other third parties (including professional advisers): any other third parties (including legal or other advisors, regulatory authorities, courts, law enforcement agencies and government agencies) based in the United Kingdom where necessary to enable us to enforce our legal rights, or to protect the rights, property or safety of our employees or where such disclosure may be permitted or required by law.
5.2 We require third parties to maintain appropriate security to protect your information from unauthorised access or processing.
6.3 If you do not wish for cookies to be installed on your device, you can change the settings on your browser or device to reject cookies. For more information about how to reject cookies using your internet browser settings please consult the “Help” section of your internet browser (or alternatively visit http://www.aboutcookies.org). Please note that, if you do set your Internet browser to reject cookies, you may not be able to access all of the functions of the Platform.
7. HOW WE LOOK AFTER YOUR INFORMATION AND HOW LONG WE KEEP IT FOR
7.1 We operate a policy of “privacy by design” by looking for opportunities to minimise the amount of personal information we hold about you. We use appropriate technological and operational security measures to protect your information against any unauthorised access or unlawful use, such as:
7.1.1 ensuring the digital security of our Platform by protecting it using Secure Sockets Layer (SSL) encryption;
7.1.2 ensuring that your access to the Portal is password protected;
7.1.3 ensuring the physical security of our offices or other sites;
7.1.4 ensuring the physical and digital security of our equipment and devices by using appropriate password protection;
7.1.5 maintaining a data protection policy for, and delivering data protection training to, our employees; and
7.1.6 limiting access to your personal information to those in our company who need to use it in the course of their work.
7.2 We will retain your information for as long as is necessary to provide you with the services that you have requested from us or for as long as we reasonably require to retain the information for our lawful business purposes, such as for the purposes of exercising our legal rights or where we are permitted to do. We operate a data retention policy and look to find ways to reduce the amount of information we hold about you and the length of time that we need to keep it. For example,
7.2.1 we archive our email and paper correspondence regularly and destroy information older than 10 years;
7.2.2 we retain information relating to bookings, refunds and Platform user queries for approximately 7 years;
7.2.3 we maintain a suppression list of email addresses of individuals who no longer wish to be contacted by us. So that we can comply with their wishes we must store this information permanently; and
7.2.4 we retain Account information for approximately 7 years after its deletion, after which point any personal data is anonymised.
8. HELP KEEP YOUR INFORMATION SAFE
8.1 You can also play a part in keeping your information safe by:
8.1.1 choosing a strong account password and changing it regularly;
8.1.2 using different passwords for different online accounts;
8.1.3 keeping your booking references and passwords confidential and avoiding sharing your login with others;
8.1.4 making sure you log out of the Portal each time you have finished using it. This is particularly important when using a shared computer;
8.1.5 letting us know if you know or suspect that your account or booking has been compromised, or if someone has accessed your account without your permission;
8.1.6 keeping your devices protected by using the latest version of your operating system and maintaining any necessary anti-virus software; and
8.1.7 being vigilant to any fraudulent emails that may appear to be from us. Any emails that we send will come from an email address ending in ‘@clustermarket.com’.
9. INTERNATIONAL TRANSFERS OF YOUR INFORMATION
9.1 Our company is located in the UK.
9.2 Many of our external third parties are based outside the European Economic Area (EEA) so their processing of your personal data will involve a transfer of data outside the EEA.
9.3 Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
9.3.1 We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries;
9.3.2 Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, European Commission: Model contracts for the transfer of personal data to third countries; and
9.3.3 Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see European Commission: EU-US Privacy Shield.
10. Please contact us using the contact details at the top of this Privacy Notice if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
11. YOUR RIGHTS TO THE INFORMATION WE HOLD ABOUT YOU
11.1 You have certain rights in respect of the information that we hold about you, including:
11.1.1 the right to ask us not to process your personal data for marketing purposes;
11.1.2 the right to request access to the information that we hold about you;
11.1.3 in certain circumstances, the right to ask us to stop processing information about you; and
11.1.4 the right to lodge a complaint about us to the UK Information Commissioner’s Office (https://ico.org.uk/).
11.2 You may exercise your rights above by contacting us using the details in paragraph 2 of this Privacy Notice, or in the case of preventing processing for marketing activities also by checking certain boxes on forms that we use to collect your data to tell us that you don’t want to be involved in marketing.
11.3 From 25 May 2018, you will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances. We will try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
11.4 We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a sec urity measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
11.5 Please note that we may need to retain certain information for our own record-keeping and research purposes. We may also need to send you service-related communications relating to your Platform user account even when you have requested not to receive marketing communications.
11.6 From 25 May 2018, in accordance with the General Data Protection Regulation (GDPR) which will be in force from that date, you will have certain additional rights in respect of the information that we hold about you, including:
11.6.1 the right to lodge a complaint about us to the UK Information Commissioner’s Office (https://ico.org.uk/) or the relevant authority in your country of work or residence;
11.6.2 the right to withdraw your consent for our use of your information in reliance of your consent (refer to paragraph 4 to see when we are relying on your consent), which you can do by contacting us using any of the details at the top of this Privacy Notice;
11.6.3 the right to object to our using your information on the basis of our legitimate interests (refer to paragraph 4 above to see when we are relying on our legitimate interests); and
11.6.4 the right to receive a copy of any information we hold about you in connection with the performance of our contract with you or on the basis of your consent (or request that we transfer this to another service provider) in a structured, commonly-used, machine readable format; and
11.6.5 the right to ask us to limit or cease processing or erase information we hold about you in certain circumstances.
11.7 You may contact us with the details at the top of this Privacy Notice if you wish to action any of these additional rights and we will comply with your requests unless we have a lawful reason not to do so.
12. SHARING DATA DIRECTLY WITH THIRD PARTIES
12.1 You might end up providing personal information directly to third parties as a consequence of your interactions with our Platform and other services offered by Clustermarket. For example, your name and other personal information will be shared with other Platform users when you correspond with them via the Platform, you may provide your name and booking details directly to a Provider when you attend their facilities, or you may attend an event hosted by us where you communicate personal information directly with other attendees. Clustermarket is not responsible for how such third parties use personal data provided by you.
12.2 Please be responsible with personal information of others when using our Platform and the services available on it, and the services and facilities of (e.g. by following instructions to delete personal data from Provider equipment once your booking has finished). Clustermarket is not responsible for your misuse of personal information, or for the direct relationship between you and others when takes place outside of the Platform or our services.
13. THIRD-PARTY LINKS
13.1 The Platform may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our Platform, we encourage you to read the privacy notice of every website you visit.
14. CHANGES TO THIS PRIVACY NOTICE AND YOUR DUTY TO INFORM US OF CHANGES
14.1 We may make changes to this Privacy Notice from time to time. We will post any changes to our site, or notify you of any material changes by e-mail.
14.2 It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us by updating your profile account information or contacting us via the contact details at the top of this Privacy Notice.
This Privacy Notice was updated on 02/05/2018.