This privacy policy sets out how Genestack uses and protects any information that you give Genestack when you use this website and any of Genestack's software (the Services).
We are committed to ensuring that your privacy is protected. Any information you provide when using these Services will only be used in accordance with this policy.
Bioinformatics Data and Applications
We store and process on your behalf bioinformatics data and applications, associated metadata, and other information related to this data. Where the data and applications are not open source or open licenced then you agree to and accept full responsibility for obtaining all necessary permissions and informed consents before storing it within the Services.
You are responsible for pseudonymising any personal data of any human data subject that would link them to their genomics data and/or medical information before you store this as metadata within the Services.
You are responsible for removing any personal data you have placed as metadata within the Services that we discover as a by-product of normal maintenance and support activities.
Your Account within the Services
When you register and create a profile within the Services we will store securely your personal information and the password you create.
You will be responsible for all actions taken under an authenticated login.
We recommend that you select a strong password and do not divulge that password to anyone.
We will never request or solicit you to provide your password in any form.
We recommend that at the end of your work within the Services you sign out using the menu function to prevent others from accessing your information and data.
You are responsible for the security and protection of any API tokens you generate within the Services.
We will ensure that the data and application you upload is kept confidential, until such time as you decide to collaborate with others and share this information through the Services.
We do have processes that on your request, or if your account is unused, can delete your account. The detail of this process is at Section 7.
Collecting personal information
We may collect, store, and use the following kinds of personal information:
Information that you provide to us when registering with the Services: your name and email address for the purpose of subscribing you to our email notifications and/or newsletters and to maintain your account within the Services.
We capture your IP address in our system logs. These are only used as valuable diagnostic data to conduct engineering investigations into issues and incidents that might arise.
Information contained in or relating to any communication that you send to us (including customer support queries via email, live chat conversations, the communication content and metadata associated with the communication).
Using personal information
Personal information submitted to us through the Services will be used for the purposes specified in this policy or on the relevant pages of the Services. We may use your personal information to:
administer the Services and business;
personalise the Services for you;
enable your use of the Services;
send you non-marketing communications to advise you on critical issues such as the availability of the Services and any security notifications related to the Services;
send you other non-marketing email notifications about your account, but which you may opt-out of;
send you our email newsletter, from which you may unsubscribe at any time by emailing marketing@genestack.com;
send you marketing communications relating to our business which we think may be of interest to you, by post or by email or similar technology (you can inform us at any time if you no longer require marketing communications by emailing marketing@genestack.com);
deal with enquiries and complaints made by or about you relating to the Services;
verify compliance with the terms and conditions governing the use of our Services;
we will not, without your express consent, supply your personal information to any third party for the purpose of their or any other third party's direct marketing, nor for any other purpose except those listed below in the "Disclosing personal information" section below.
Disclosing personal information
We may disclose your personal information to any of our employees, officers, insurers, professional advisers, agents, suppliers, or subcontractors insofar as reasonably necessary for the purposes set out in this policy. We may disclose your personal information:
to the extent that we are required to do so by law;
in connection with any ongoing or prospective legal proceedings;
in order to establish, exercise or defend our legal rights;
to the purchaser (or prospective purchaser) of any business or asset that we are (or are contemplating) selling;
except as provided in this policy, we will not provide your personal information to third parties.
Retaining personal information
This section sets out our data retention policies and procedure, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal information.
Personal information that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
Notwithstanding the other provisions of this section, we will retain documents (including electronic documents) containing personal data:
to the extent that we are required to do so by law;
if we believe that the documents may be relevant to any ongoing or prospective legal proceedings; and
in order to establish, exercise or defend our legal rights.
If you notify us that you wish to terminate your account, or your licence expires, your account and data that you have uploaded to the service will be deleted within the next 30 days of receipt of the request or end of license.
International data transfers
All data within the Services is hosted within Amazon Web Services, supporting functions are provided by Google Business Suite. Both are compliant with EU-US Privacy Shield Principles.
Information that we collect may be transferred to the following countries which do not have data protection laws equivalent to those in force in the European Economic Area: Russia.
You expressly agree to the transfers of personal information described in this section.
Security of personal information and genomics information in the Services
We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information or genomics information you store within the Services.
We will operate an ISO27001 certified Information Security Management System to maintain and operate the security of the Services.
We will store all the information you provide on secure servers.
All data transmitted to and from the Services will be protected using TLS protocols.
Use of cookies by the Services
Cookies are small text files that are placed on your computer by the Services. They are widely used in order to make the Services work, or work more efficiently, as well as to provide information to the owners of the Services.
We use a cookie to manage your user session within the Services. This is a non-persistent cookie that expires when you log-out or when your session times out. This cookie is essential for the Services to operate. If you delete and block this cookie from the site, the Services may not work.
We also use Google Analytics, which collects and processes data from your visit to this site. This is used to manage the performance, content, and relevance of pages to the visitors of our web site. The information obtained from these cookies is not sold, rented or leased to 3rd parties, and it is not used for advertising. To find how Google uses data you can visit https://www.google.com/policies/privacy/partners/, or any other URL Google may provide from time to time. We anonymise all IP addresses in data we capture from Google Analytics. You may reject the use of this cookie and the performance of the site will not be impacted.
Bioinformatics Applications
Genestack bioinformatics applications made available publicly through the Services may use local storage on the end user client machine during processing and operations.
The full details of what storage is used is contained in the "read-me" files for each application.
Amendments
We may update this policy from time to time.
You should check this page occasionally to ensure you are happy with any changes to this policy.
We may notify you of changes to this policy by email.
Your rights
You may instruct us to provide you with any personal information we hold about you; provision of such information will be subject to:
the payment of a fee (currently fixed at GBP 10); and
the supply of appropriate evidence of your identity;
requests can take up to 40 days to process;
we may withhold personal information that you request to the extent permitted by law.
You may instruct us at any time not to process your personal information.
In practice, you will usually either expressly agree in advance to our use of your personal information to send you newsletters, or we will provide you with an opportunity to opt out of the use of your personal information for this purpose.
Third party websites
The Services includes hyperlinks to, and details of, third party websites.
We have no control over, and are not responsible for, the privacy policies and practices of third parties.
Updating information
Please let us know if the personal information that we hold about you needs to be corrected or updated.
Data protection registration
We are registered as a data controller with the UK Information Commissioner's Office.
Our data protection registration number is ZA344149.
Our details
The Services are owned and operated by Genestack Ltd.
Genestack Ltd is registered in the United Kingdom at 82-88 Hills Road, Cambridge, CB2 1LQ, United Kingdom, company registered number is 7778793, VAT number is GB144965974.
You can contact us by writing to the business address given above, by using the Services contact form, by email to support@genestack.com.