Here’s how we protect your data and respect your privacy.
1. Our role in your privacy
Your privacy is important to us, and so is being transparent about how we collect, use, and share information about you. If you are a Repositive customer or subscriber, or are just visiting our website, this policy applies to you. Any data we collect is solely for the purposes of delivering our services to you. We do not sell your data to third parties under any circumstances.
2. Types of data we collect
From the moment you interact with Repositive, we are collecting data. We collect data from anyone that browses our website, customers of Repositive, and those who sign contracts with us. Sometimes you provide us with data, other times data about you is collected automatically.
Here’s the information about you that we collect:
- Personal data, such as: your name, email address, contact details, and password.
Commercial data, such as: your project-related data, including data on the commercial transactions you enter into with researchers as a result of an introduction by Repositive. All commercial data is protected by our Confidentiality Undertaking. This also includes our communications with you, such as our general emails, meeting notes, and other correspondence.
- If you are a contract research organisation (‘CRO’), we collect: essential metadata and raw genomic data. We define essential metadata as any information that describes the model, such as the model ID, primary site, cancer subtype, tumour origin, metastasis recurrence, and model type. We define raw genomic data as any data that comes from an assay performed on the original tissue that has not been processed. This includes sequencing and/or microarray data from DNA or RNA.
- If you are a biopharma (‘researcher’), we collect: your Cancer Model Scout (‘CMS’) enquiries.
- Our Confidentiality Undertaking covers more about how we collect and use this data, as it is commercially sensitive and not in the public domain.
Technical data, such as: information collected from our cookies, including your IP address, login information, browser type, time zone, plug-ins, operating system, and how you use our website, such as your URL clickstreams, pages you’ve viewed, page response times, download errors, how long you stay on our pages, what you do on those pages, and how often you visit our website.
- Information from other sources, such as: third-party login sites, like Twitter and LinkedIn, general aggregated anonymous data, like our third-party analytics provider, Google Analytics, and press releases.
We collect this information when you:
- browse our website;
- contact us with an enquiry;
- create an account or become a member;
- sign up to marketing communications, including emails and newsletters;
- give consent to third-party login sites, such as Twitter and LinkedIn; and
- consent to cookie use.
We do not collect any ‘special categories of personal data’ which reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, or process any genetic or biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. Any such personal data will be removed from our Platform.
We DO NOT sell your data to third parties under any circumstances.
You can choose to not provide us with personal data
At any time, you can choose to not provide us with personal data. If you choose to do this, you can still continue to browse our website and its pages.
3. How and why we use your data
We collect and process information about you only where we have a legal basis for doing so and where it is necessary.
The applicable EU data protection laws are set out in Article 6 of the GDPR. This means that we collect and use your information only where:
you have given us clear consent to process your personal data for a specific purpose;
the processing is necessary for the performance of a contract that we have entered into;
it is necessary for us to comply with a legal obligation, compliance or regulatory function, or disclosure in connection with any potential sale of our business; or
where we have a legitimate interest in processing your personal data, except where such interests are overridden by your interests, rights, and freedoms.
Our legitimate interests include:
- providing our service
We use information about you to provide our services to you, including to confirm your requests, process transactions with you, provide customer support, and to operate and maintain the security of our website.
- providing listings in our inventory
If you are a CRO, we may add your derived data to our Cancer Models Platform. We define ‘derived data’ as information that has been derived from analysing and processing raw genomic data.
- improving our website
We are always looking for ways to improve our services and make them more useful to you. We use your information to test features, interact with feedback platforms, and analyse how people use our website.
marketing and promoting our services
We use your contact information and website behaviour to send promotional communications that may be of specific interest to you. We do this through email, by displaying Repositive ads on other companies’ websites and platforms like Twitter, LinkedIn, and Google. These communications are aimed at driving engagement and maximising what you get out of our services. You can opt out of receiving our emails at any time.
If you have consented to our use of your information for a specific purpose, you have the right to change your mind at any time.
4. Storage and security of your data
Repositive operates on Google Cloud servers, which use industry leading services to safeguard and secure the information we store. Some of the data centres that store our cloud-based information are located in the United States.
Under the GDPR, personal data can only be transferred outside of the EEA where there is adequate protection, meaning that the country provides an equivalent level of protection with EU law. Where your data is stored in the U.S., it is protected by the EU-US Privacy Shield, and the European Commission has determined that this framework adequately protects personal data.
Google Cloud complies with the EU-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use and retention of personal information from European Union member countries.
All data that is collected is securely transmitted to our servers in the Cloud. For more information on our efforts to ensure that your data is held in a secure manner, please see our Data Security and Compliance policy.
While we implement safeguards designed to protect your information, no security system is impenetrable and due to the inherent nature of the Internet, we cannot guarantee that data, during transmission through the Internet or while stored on our systems or otherwise in our care, is absolutely safe from intrusion by others. If you believe your privacy has been breached, please contact us immediately at email@example.com.
You can choose to turn off cookies in your browser
You can disable and delete cookies through your browser settings. If you turn cookies off, you can continue to use our website and browse its pages, but it may not work as effectively.
Your privacy rights
Right to access information we hold about you
You have the right to ask us for supplementary information about:
- the categories of data we’re processing,
- the purposes of data processing,
- the categories of third parties to whom the data may be disclosed,
- how long your data will be stored, and
- your other rights regarding our use of your data
We will provide you with the information within one month of your request, unless doing so would adversely affect the rights and freedoms of others (e.g. another person’s confidentiality or intellectual property rights). We’ll tell you if we can’t meet your request for that reason.
Right to have personal data rectified
You have the right to have us rectify any personal data held by us that is inaccurate or incomplete.
Right to be ‘forgotten’ by us
You have the right to ask us to erase any personal data we hold about you if it is no longer necessary for us to hold that data. However, we may have a legal obligation to track the processing of personal data on our platform and to maintain a record of this use to establish or defend legal claims.
Right to lodge a complaint regarding our use of your data
You have the right to complain, but please tell us first so that we have a chance to address your concerns. If we fail in this, you can address any complaint to the UK Information Commissioner’s Office, either by calling their helpline or as directed on their website at www.ico.org.uk.
You can exercise your rights as described by sending us an email at firstname.lastname@example.org.
Please see our Confidentiality Undertaking for more information on how we treat your information.
If you have any concerns about your privacy at Repositive, please email us at email@example.com or write to us at Repositive Limited, Betjeman House, 104 Hills Road, Cambridge CB2 1LQ, UK.