Effective Date: May 17, 2018
Sepha, Ltd. (“Sepha,” we,” “us,” or “our“) is committed to respecting your privacy. In support of our commitment, we developed this privacy notice to be transparent about the data we collect about you and how it is used and shared, as well as the choices and rights available to you with respect to the data we maintain about you. This privacy notice applies to:
- Information about you shared with us by third parties for our own use, as well as publicly-available information collected by us.
Sepha will be the controller of your personal data and responsible for the processing of such data by or on behalf of Sepha.
I. Information We Collect and How We Use It
Collection and Use of Personal Data
Personal Data Collected
We collect information that can be used to identify or contact a person (we refer to this as “personal data“). Personal data includes information that does not directly identify you by name or include your contact information, but which may be used to identify that a specific computer or device has accessed our website and online services and which if combined with certain other information could be used to identify you. The types of personal data we collect and process include:
|´ Full name´ Contact information (work or home postal address; work, mobile or home telephone number; work or personal email address)´ Employer or agency, industry, and job title´ Delivery and payment information´ Survey response data´ Education and experience information (CV information; professional experience; employment history; education; certifications; personal interests)||´ Engagement information (order, engagement and collaboration history; contractual relationship information; inquiries, feedback and comments; content contained in email exchanges with us)´ IP address´ Log data´ Cookie data (including third-party cookies and related data)´ Location data´ Social media use and utilization|
We collect personal data when you provide it to us directly (e.g., when you submit a contact form through our website or provide us with your business card at a trade show); when generated by your activity on our website and online services (e.g., the amount of time spent on a particular page of our website); when shared with us by our business partners (e.g., email marketing vendors, trade show sponsors, or HR staffing agencies); and when available through publicly-available sources (e.g., information shared by you on LinkedIn).
Use of Personal Data
We collect, use, store, organize, structure, disclose, or otherwise process personal data as described below:
- We process personal data for the purposes for which such personal data was provided. For example, if you share your name and contact information with us when submitting an inquiry or requesting information through our website, we will use this information to respond to you and provide you with the information requested. If you register to access an online portal or other online service requiring registration, we will use the information submitted by you to provide you with access to the relevant service and to maintain your account. If you purchase a product or service from us, we will use the personal data provided by you to fulfill the order and satisfy related contractual obligations, including to process your payment, facilitate delivery, and comply with any applicable service or warranty obligations (in these situations, we may also save your payment information so that you can use it the next time you want to order a product or service from us).
- To send you news and information about products and services that may be of interest to you, including to personalize your online service experience and to deliver content and product and service offerings relevant to your interests, including targeted offers and ads through our website and online services, third-party sites, and via email or text message.
- To send important notices, such as communications about purchases and changes to our terms, conditions, and policies. Because this information is important to your interaction with us, you generally may not opt out of receiving these communications.
- To help maintain the safety, security, and integrity of our website and online services, products, databases and other technology assets.
- For internal administrative purposes, such as auditing, data analysis, and research to improve our products, services, and customer communications. This includes processing for purposes of statistical analysis, including Google Analytics.
- If you enter a sweepstake, contest or similar promotion, we use the information you provide to administer such programs.
- To arrange interviews, consider you for employment, and personnel administration (to the extent you apply for a job through our website and online services).
- Where we have legal obligations to process the personal data and for legal proceedings and government investigations (such as pursuant to warrants, subpoenas, and court legal orders).
- To manage data subject requests.
- For internal investigations of possible misconduct or failure to comply with our policies and procedures.
The applicable legal bases for our processing of your personal data include the following:
- Based on your consent: In some cases, at the point at which you provide personal data, we may ask you for your consent to collect and process your personal data. If you provide us with your consent, you may later withdraw your consent (or opt-out) by contacting us as described below. If you withdraw your consent it will not affect any processing of your personal data that has already occurred. Where we process your personal data based on consent, we will provide more detailed information to you at the time when we obtain your consent.
- Compliance with applicable laws or performance of a contract: In specific circumstances, we may need to process your personal data to comply with a relevant law/regulation or to fulfill our obligations under a contract with you. Where we process your personal data to meet our legal obligations, you will likely not be permitted to object to this processing activity, but you will usually have the right to access or review this information unless it would impede our legal obligations. Where we are processing your personal data to fulfill our obligations under a contract with you, you might not be able to object to this processing, or if you do choose to opt-out or object to our processing, it may impact our ability to perform a contractual obligation that you are owed.
- Our legitimate interest: We may process your personal data based on our legitimate interests in communicating with you and managing our interactions with you regarding our products and services, scientific research, and educational opportunities. In addition to other rights you may have as described below, you have the right to object to such processing. You can register your objection by contacting us as described below.
Collection and Use of Non-Personal Data
Non-Personal Data Collected
When you use our website and online services, we also collect certain non-personal data that does not, on its own, identify any individual. The types of non-personal data we collect and process include:
- Location data. Depending on the website and online services and your computer or device permissions, we may collect information about your device’s approximate (g., country or zip code) or precise location (“location data“). Various technologies may be used to collect this location information, such as IP address, GPS, and other sensors that may provide information on nearby devices, Wi-Fi access points, and cell towers. We will only collect your computer’s or device’s precise location with your consent.
- Aggregated data. In addition, when we aggregate or anonymize information (including personal data), such aggregated or anonymized information is considered non‑personal data for the purposes of this privacy notice.
Use of Non-Personal Data
We may collect, use, transfer, and disclose non-personal data for any purpose. However, if we combine non-personal data with personal data, the combined information will be treated as personal data for as long as it remains combined. We use non-personal data for a number of legitimate business purposes, some of which are described below:
- We collect log data, location data, and cookie data so that we can better understand website user behavior and improve our products, services, and advertising.
- We collect information regarding user activities on our website and online services. This information is aggregated and used to help us provide more useful information to our customers and website users, and to understand which parts of our website and online services are of most interest. Aggregated data is considered non‑personal data for the purposes of this privacy notice.
- We use non-personal data (including log data, location data, and cookie data) to understand and analyze trends, to administer the website and online services, to learn about user behavior on the website and online services, to improve our products and services, and to gather demographic information about our user base as a whole.
We may also collect similar data from emails sent to you to help us track which emails are opened and which links are clicked by recipients. In some of our email messages, we use a “click-through URL” linked to content on our website and online services. When customers click one of these URLs, they pass through a separate web server before arriving at the destination page on our website and online services. We track this click-through data to help us determine interest in topics and measure the effectiveness of our customer communications. If you prefer not to be tracked in this way, you should not click text or graphic links in the email messages.
Where permitted by law, we may combine the personal data you provide to us through the website and online services with information we collect through other Sepha website and online services, our offline records, and information provided to us by third parties. Where permitted by law and feasible, we may also combine your personal data with information collected through your use of the website and online services (such as log data, location data, and cookie data), in which case we will treat any information that is combined or associated with your personal data as personal data for as long as it can reasonably be linked with your personal data. We use this consolidated information to improve our website and online services and product offerings, enhance our marketing and research activities, communicate information to you, and for any other legitimate purpose described in this privacy notice.
II. How Personal Data is Shared and Transferred
Personal Data Shared with Third Parties
We disclose your personal data to third parties who provide us with various business services (e.g., monitoring and maintaining our website or internal business applications, preparing newsletters and mailings, and payments of commissions or other amounts). These service providers and contractors are restricted from using this personal data in any way other than to provide services on our behalf and subject to our documented instructions only.
We may also share your personal data with our affiliates (e.g., for internal administrative purposes or where a Sepha affiliate supports one of our business functions). The names and locations of such affiliates can be found here and here.
We may also disclose information we collect to legal counsel, law enforcement, and other appropriate authorities in special cases, including: (i) when we have a reason to believe that such disclosure is necessary to identify, contact, or bring a legal action against someone who may be causing injury to or interference with our rights and property or those of any other person; or (ii) when we believe that it is required by applicable laws, court orders, or government regulations.
If all or part of Sepha is merged into another entity, the information we have about you may be transferred to a third party as part of that transaction. Your information may also be included among the assets affected by financing agreements undertaken by us.
International Transfers of Personal Data
In some instances, the service providers, business partners, Sepha affiliates, and others that we share personal data with are in other countries. The level of protection for your personal data in these other countries may not be the same as the level of protection in your country. In these cases, we protect any information transferred to third countries using appropriate safeguards, such as contractual clauses approved by relevant supervisory authorities (where required and applicable). All Sepha affiliates outside of the European Union that access or receive your personal data are subject to data protection contracts approved by the European Commission and that impose on such affiliates a level of protection for your personal data equivalent to European data protection requirements.
In any event, we only share personal data with our affiliates and third parties performing services on our behalf if such affiliates and third parties provide sufficient guarantees to implement appropriate technical and organizational measures in such a manner that the processing they conduct will meet the requirements of applicable law and ensure the protection of your personal data.
III. Your Rights
You have various rights with respect to the collection, use, transfer and processing of your personal data, as described below. However, we reserve the right to limit these rights at any time where permitted under applicable law, including where your identity cannot be reasonably verified or to the extent your rights adversely affect the rights and freedoms of others. To exercise any of the rights below, please contact us using the applicable contact information below.
You have the right to obtain confirmation as to whether or not your personal data is being processed by us. Where we are processing your personal data, you have the right to access the data and to obtain certain information about the processing of such data.
Right to Rectification
You have the right to obtain rectification of any personal data that is inaccurate or incomplete, including by means of providing a supplementary statement.
Right to Erasure
You have the right to have your personal data erased where one of the following applies:
- Your personal data is no longer necessary with regards to the purposes for which it was collected.
- You withdraw your consent (where the processing is based on such consent).
- You object to the processing where such processing is based on our (or a third party’s) legitimate interest and there are no overriding legitimate grounds for the processing.
- Your personal data must be erased to comply with a legal obligation under applicable law.
However, this right to erasure will not apply to the extent the processing is necessary for:
- Compliance with a legal obligation which requires processing; or
- Archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes, to the extent permitted under applicable law.
Right to Restriction of Processing
You have the right to restrict the processing of your personal data where one of the following applies:
- The accuracy of the personal data is contested.
- The processing is unlawful and you oppose the erasure of your personal data and request the restriction of its use instead.
- We no longer need the personal data for the purposes of the processing, but it is required for the establishment, exercise or defense of legal claims.
- Where the processing is based on our (or a third party’s) legitimate interest and you have objected to processing (as described immediately below).
Right to Object
You have the right to object (on grounds relating to your situation) at any time to the processing of your personal data for direct marketing purposes or where the processing is based on our (or a third party’s) legitimate interest. When objecting to processing based on our legitimate interest, we will no longer process your personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise, or defense of legal claims.
Right to Withdraw Consent
Where the processing of your personal data is based on your consent, you have the right to withdraw such consent at any time, without affecting the lawfulness of processing based on consent before such withdrawal.
Right to Data Portability
You have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format, and have the right to transmit such data to another entity without hindrance from us, where each of the following conditions are met:
- Your request does not adversely affect the rights of others;
- Your request does not adversely affect our rights (including intellectual property rights);
- The processing is based on your consent or the performance of a contract to which you are a party; and
- The processing is carried out by automated means.
Right Not to Be Subject to Solely Automated Decisions
You have the right not to be subject to a decision based solely on automated processing (including profiling) which produces legal effects concerning you or similarly significantly affects you, unless permitted under applicable law.
Right to Submit a Complaint to Supervisory Authorities
You have the right to lodge a complaint with an applicable data protection authority. You have the right to lodge such a compliant in the European country of your habitual residence, place of work, or place of an alleged infringement if you consider that the processing of your personal data infringes applicable EU data protection laws. A list of all European supervisory authorities and their respective contact information is available here.
IV. How We Protect Personal Data
We provide reasonable technical, physical, and organizational safeguards to protect your personal data, including safeguards designed to protect personal data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed which may lead to physical, material or non-material damage. To the extent appropriate or required by applicable law, these security measures include:
- Access to personal data is limited to authorized employees and service providers who need access to perform the activities described in this privacy notice on our behalf.
- Personal data is pseudonymized where appropriate or required by law, and sensitive personal data transferred to or stored on any mobile device is encrypted using industry-accepted encryption solutions.
- Sepha personnel engaged in the processing of personal data are informed of the confidential nature of personal data, receive appropriate training on their responsibilities, and are obligated pursuant to Sepha policy to maintain the confidentiality of personal data.
- The effectiveness of our security measures is regularly tested, assessed, and evaluated to ensure the ongoing security of processing systems.
- Internet-connected databases containing personal data are monitored for unauthorized intrusions using network-based and/or host-based intrusion detection mechanisms.
- Service providers and other third parties engaged by us to process personal data on our behalf are contractually obligated to process personal data only on our documented instructions and must provide similar security measures as those used by us or as required under applicable law.
Although we strive to provide reasonable and appropriate security for the personal data we process and maintain, no security system can prevent all potential security breaches. In particular, email or forms sent using our website and online services may not be secure. You should take special care before deciding to send us information via email. Further, if you create an account through our website and online services, it is your responsibility to protect your access credentials from unauthorized access or use.
V. Retention and Deletion of Personal Data
We implement and maintain reasonable restrictions on the retention of personal data and generally dispose of such personal data once it is no longer necessary for the purposes for which it was collected or further processed. However, we may continue to store archived copies of your personal data for legitimate business purposes and as necessary to comply with applicable law. In addition, we may continue to store anonymous, aggregated or anonymized information for any legitimate business use described in this privacy notice.
VI. Links to Third-Party Websites
VII. How to Contact Us
If you have any questions about this privacy notice, our use of your personal data, or your rights with respect to such use, you may contact us using the contact information below:
|Sepha, Ltd.Unit 25 Carrowreagh Business ParkCarrowreagh Road, DundonaldBelfast BT16 1QQUnited Kingdom+44 (0)2890 484848 • firstname.lastname@example.org|
VIII. Changes to Our Privacy Notice
We reserve the right to amend this privacy notice at our discretion and at any time. When we change it, we will post the updated notice on our website and online services, and it will be effective as of the date posted. Your continued use of our website and online services following the posting of changes will constitute your acceptance of such changes.
- Pixel Tags. Pixel tags (also known as web beacons) are small blocks of code installed on our website and online services which enable our online partners to serve cookies when you visit our website and online services and are generally used in combination with cookies to track activity user on our website and online services, receive relevant log data and cookie data, and perform other activities relating to the monitoring and analysis of the use and performance of our website and online services.
- Software Development Kits. Software development kits (also called SDKs) function like third-party cookies and pixel tags, but operate in the mobile app environment where cookies and pixel tags cannot function as effectively. Instead of using cookies and pixels tags, we may install pieces of code (the SDK) provided by our online partners (such as advertising companies, ad networks, and analytics providers) in our mobile apps for these online partners to monitor and analyze the use and performance of our mobile apps and services.
- Statistical Identifiers. Statistical identifiers refer to identifiers created using certain device information and log data. Collectively, this information makes your browser or device sufficiently distinct for a server or similar system to reasonably determine that it is encountering the same browser or device over time. Statistical identifiers enable us and our partners to uniquely identify your browser or device for the same purposes as cookies. Statistical identifiers may be associated with your personal data (such as your email address). However, if we associate non-personal data with personal data, the combined information will be treated as personal data for as long as it remains combined.
II. How Cookies and Similar Technologies are Used
Cookies and similar technologies used on our website and online services (including the information obtained through such use) fall into four categories:
|Essential||Our website and online services utilize first- and third-party cookies and similar technologies that are necessary to operate our business and maintain our website and online services, including verifying and authenticating website users; preventing fraud and securing our website and online services and databases; payment processing; enabling users to move around our website and online services and use their features; and complying with applicable laws and industry standards. These cookies and similar technologies do not gather information about you that could be used for marketing or tracking your browsing activity. This category of cookies generally cannot be disabled.|
|Performance||Our website and online services may utilize first- and third-party cookies and similar technologies to provide enhanced features and remember user preferences, including identifying return users when visiting our website (e.g., to remember your login credentials); keeping track of user preferences, interests, and past items viewed or utilized (e.g., preferred language or past purchases); and providing social features that allow users to interact with social media services through our website and online services (e.g., Facebook or Twitter, as further described below).|
|Analytics||Our website and online services may utilize first- and third-party cookies and similar technologies for analytics, product development, and market research purposes, including analyzing how users arrive at and engage with our website and online services; tracking and measuring the performance and effectiveness of our website and online services; optimizing the location of ads, website features, and other content on our website and online services; statistical reporting in connection with website activity; analyzing user preferences and behaviors and market characteristics and trends in order to develop and improve our products and services, websites, and ads; segmenting audiences to test features of our website and online services; and conducting research about our consumers, products, and online services.|
|Advertising||Our website and online services may utilize first- and third-party cookies and similar technologies to deliver, track, and measure ads both on and off our website and online services, including ads relevant to your interests (e.g., ads based on your past interaction with our website or based on predictions about your interests derived from your browsing activities on different websites over time); and ads based on your location, demographics, or device characteristics. Cookies are also used for tracking and measuring the reach and frequency of ads and regulating the delivery of such ads (e.g., capping the number of times you see a particular ad).|
For example, we may use third-party cookies to deliver our ads on third-party websites through a common form of online advertising known as “retargeting.” Retargeting works by serving ads on one website based on an individual’s activities on a different website (e.g., if you view a product or service on our website, you may later see ads for our products and services when you visit a third-party website). To do this, we allow our online partners (such as Google or other ad network vendors) to serve their own third-party cookies when users visit our website and online services, allowing these online partners to recognize users who have previously visited our website and online services. When these users visit a third-party website that includes features provided by our online partners (e.g., where our online partners have purchased ad space), our online partners can recognize the users’ interest in our products and services and deliver one of our ads on the third-party website.
IV. Your Cookie Choices
Most browsers are set to accept cookies by default. However, browsers typically allow individuals to remove or block browser cookies if they choose. For more information on blocking and removing browser cookies, please review your browser’s Settings or Preferences tab. More information can be found here:
|Google Chrome||Internet Explorer||Mozilla Firefox||Safari (Desktop)|
|Opera||Opera Mobile||Android Browser||Safari (Mobile)|
For other browsers, please consult the documentation that your browser manufacturer provides.
In addition to removing and blocking browser cookies generally, the following opt-out mechanisms may be available if our website and online services utilize the third-party cookies listed below:
- Google Analytics. Our website and online services may use Google Analytics, a web analytics service provided by Google. Google Analytics utilizes cookies and similar technologies to collect and analyze information about the performance and use of our website and online services. More information on Google Analytics can be found here. If you would like to opt-out of having your information collected and used as described, please use the Google Analytics opt-out available here.
- Google Remarketing. Our website and online services may use Google’s Remarketing with Google Analytics to allow Google to use information about your visits to our website and online services and other unaffiliated websites to measure advertising effectiveness and serve ads about our products and services that may be of interest to you. As described above, Google places its own cookies when users visit our website and online services which enable Google to recognize users who have previously visited our website and online services when such users visit other unaffiliated sites that also use Google’s services and cookies. More information on Google’s Remarketing with Google Analytics can be found here. If you would like to opt-out of having your information collected and used as described, please use the Google Analytics opt-out available here.
- Facebook Custom Audiences. Our website and online services may use Facebook Custom Audiences to deliver ads on Facebook about our products and services that may be of interest to you. More information on Facebook Custom Audiences can be found here. If you would like to opt-out of having your information collected and used as described, please use the opt-out available here.
- Interest Based Advertising. Our website and online services may use first- and third-party cookies and similar technologies for targeted advertising based on user interests, demographics, and past browsing activity. If you would like to opt-out of having your information collected and used by us for these purposes, please visit here.
- Mobile Apps. For cookies and similar technologies used on mobile apps (such as software development kits) for certain targeted advertising activities, please follow the steps below to opt-out of having your information collected and used for such purposes (unless different instructions are provided by your mobile device manufacturer):
- iOS Users: Launch “Settings” > Tap on “Privacy” and scroll down and tap on “Advertising” > Toggle on “Limit Ad Tracking.” You can also reset your Advertising Identifier from here by tapping “Reset Advertising Identifier”.
- Android Users: Open your app drawer and launch the Google Setting app > Tap “Ads” under Services and enable the “Opt out of interest-based ads” option. You can also reset your advertising ID from here by tapping “Reset advertising ID”.
The list above identifies some of the third-party cookies we may use on our website and online services. However, we may use other third-party cookies and similar technologies on our website and online services that are not listed here. This list is subject to change at any time and without notice.
V. Social Plugins
VI. Do Not Track (DNT)
There are different ways you can prevent tracking of your online activity. One of them is setting a preference in your browser that alerts websites you visit that you do not want them to collect certain information about you. This is referred to as a Do-Not-Track (“DNT“) signal. Please note that currently our website and online services do not respond to these signals from web browsers. At this time, there is no universally accepted standard for what a company should do when a DNT signal is detected.