Privacy Policy

 

Senseon takes the privacy of individual personal information seriously.  This Privacy Policy describes how Senseon processes and protects such information.

 

Introduction – General Data Protection Regulation (“GDPR”)

Senseon is committed to ensuring it is compliant with Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data, the General Data Protection Regulation or “GDPR” and the UK Data Protection Act 2018 which reflects the GDPR (“DPA”).  The GDPR and DPA are referred to together in this Privacy Policy as the “Data Protection Legislation”. 

This Privacy Policy applies to all individuals with whom Senseon comes into contact in the course of its business (except for Senseon’s own employees).  This includes individuals employed by Senseon’s customers, suppliers or other third parties with whom Senseon deals. 

 

Interpretation

In this Privacy Policy, we refer to:

Personal Data” or “Personal Information”:  this means information capable of identifying an individual, being “personal data” as defined in the Data Protection Legislation. 

Processing” and related expressions:  this means any operation Senseon performs on Personal Data, such as collection, organising, storing, updating, using, disclosing and erasing it. 

You”, “your” and/or the “Data Subject”:  this means an individual who can be identified from or as a result of the Personal Data.

 

Who we are and How to Contact Us

This Privacy Policy is issued by Senseon Tech Limited incorporated and registered in England and Wales with company number 11032394 whose registered office is at 100 Pall Mall, London, England, SW1Y 5NQ and referred to in this Privacy Policy as “Senseon”, “we” or “us”

Senseon is the data controller (as defined in the Data Protection Legislation) of the Personal Data which it processes as described in this Privacy Policy. 

In relation to Senseon’s processing of Personal Data or for any other data protection or data privacy matters, Senseon’s contact details are as follows: Frances@Senseon.io].

 

Typical Data Subjects

Senseon typically (but without limitation) processes Personal Information relating to the following categories of data subject:

  • individuals employed or otherwise engaged by its customers, suppliers and other businesses, organisations or authorities with whom it deals; and

  • individuals whose details we collect from sources in a B2B context and contact because it is in our legitimate interests; and

  • individuals who interact with Senseon on their own account.

 

Types of Personal Data Typically Processed

Senseon typically (but without limitation) processes Personal Data consisting of contact information, such as name, email address, physical address and, where the data subjects are themselves its customers or suppliers, bank account and payment card information. 

 

Purposes for which Senseon Processes Personal Data

Senseon processes Personal Data for the following purposes.

  • to manage its business and its relationship with its customers, including providing them with products and/or services, communicating with them and maintaining its relationship with them you effectively, lawfully and appropriately.

  • to manage its relationship with its suppliers, including procuring products and/or services from them, communicating with them and maintaining its relationship with them

  • to manage relationships with authorities, intermediaries and other third parties

  • to inform customers and potential customers about its products and services, including by direct marketing

  • to invite relevant individuals to events

  • to inform suppliers and potential suppliers about its requirements

  • to provide features on its websites

  • to develop and improve its products and services

  • for account and promotional purposes

  • to comply with any legal obligations it may have including requests from Governmental Authorities, law enforcement agencies or to comply with legal processes

  • for internal administration

  • to detect and prevent fraud

  • to ensure information and networking security

  • to exercise its rights

  • to protect the rights, property or personal safety of its employees, third parties, business partners and the general public

  • in relation to its proposed corporate activities, such as a sale or merger.

These are referred to in this Privacy Policy as the purposes of processing.

 

Legal bases for Senseon’s processing of Personal Data

The legal bases on which Senseon processes Personal Data are as follows, depending on the purpose of the processing:

  • Legitimate Interests. In most cases, the purposes set out above represent the legitimate interests of Senseon in operating its business and the processing is necessary to achieve them and does not override the interests, fundamental rights or freedoms of the individuals concerned.

  • Performance of a contract.  In certain cases, Senseon needs to process Personal Data to perform a contract to which the data subject is a party or to take steps at the data subject’s request before entering into a contract, for example to provide goods or services to customers who are individuals or to purchase goods or services from suppliers who are individuals.

  • Legal Obligation.  Senseon may need to process Personal Data to comply with a legal obligation, such as an enforceable request from Government.

  • Consent  - in certain specific situations, Senseon may process Personal Data as a result of having obtained the specific freely given consent of the individual concerned.  When doing so, Senseon will inform the individual of the purpose of the processing and the individual can withdraw consent at any time.

 

Recipients of Personal Data

Senseon may disclose or transfer Personal Data to the following recipients:

  • third-party service providers for the purposes of providing services to Senseon itself

  • third-party service providers for the purposes of providing services to the customers and suppliers of Senseon or other persons with whom it deals;

  • [companies or organisations which are affiliated to Senseon, for example affiliates or subsidiary companies or other companies or organisations under common ownership with Senseon, in either case for administrative or internal purposes [and/or so that they can contact individuals or those engaging them with information about products or services which may be of interest to them]

  • authorities and other bodies who can compel Senseon to do so under applicable law.

 

Transfer of Personal Data outside the EU

Senseon may transfer Personal Data outside the EU, for example where any of the recipients described above are located outside the EU or in respect of any operations of Senseon outside the EU from time to time.  With respect to Personal Data, Senseon emphasises that Non-EU countries do not have the same data protection laws as the EU (or the UK) and therefore often do not provide the same safeguards.  On occasion, such transfer is necessary to perform a contract with an individual.  In other cases, where such transfer occurs, Senseon will ensure at least one of the following safeguards is implemented:

  • the transfer is to a country that has been deemed to provide an adequate level of protection for Personal Data by the European Commission; or

  • Senseon transfers the Personal Data under a specific contract with the recipient in a form (such as standard contractual clauses) approved by the European Commission; or

  • Senseon transfers the Personal Data under approved binding corporate rules of Senseon; or

  • where the transfer is to the USA, the recipient is within the EU-US Privacy Shield.

Copies of the relevant safeguards can be obtained from Senseon using the contact details set out above.

 

Period of storage of Personal Data

Senseon only keeps Personal Data for the period necessary for the purposes for which it processes it.  This is determined in accordance with its retention policy.

The criteria used to determine the retention periods of Senseon include: (i) the nature of the Personal Data; (ii) the length of time Senseon has a continuing relationship with the individual or the organisation engaging the individual; (iii) whether there is a legal obligation to which Senseon is subject requiring it to retain the Personal Data (iv) whether retention for a period is advisable in light of the Senseon’s legitimate interests (such as with regard to applicable statutes of limitations or regulatory investigations).  

Based on the above, Senseon’s policy is to retain Personal Data about individuals for 2 (two) years from the last contact with the individual or organisation concerned except where it relates to a transaction or includes financial data in which case Senseon retains it for up to seven (7) years from the data of the transaction or last active use of the financial data, except where statutory, regulatory, legal or security reasons require a longer period.

 

Rights of Individuals in relation to their Personal Data

Individuals have the following rights where Senseon processes their Personal Data:

  • to obtain confirmation as to whether or not Senseon processes their Personal Data;

  • to access a copy of their Personal Data that Senseon does process;

  • to request the correction of inaccurate Personal Data held by Senseon;

  • to request that Senseon erases their data or to object to Senseon continuing to process it;

  • where Senseon relies on having obtained consent for the purposes of the processing, the right to withdraw such consent, without affecting the lawfulness of processing before such withdrawal;

  • in certain cases to receive Personal Data, which they have provided to Senseon, in a structured, commonly used and machine readable format and to transmit it to another controller or have it directly so transmitted;

  • to lodge a complaint with their local data protection regulator — in the UK, this is the Information Commissioner’s Office, https://ico.org.uk/.

 

 

Europe 17260364v.1