Privacy Policy UK/EEA
Last updated: 21/03/2023
This Privacy Policy applies to you if you are located within the United Kingdom, European Union (EU) or European Economic Area (EEA), or interacting with Repligen entities (including representatives) located in these territories. The notice is prepared to explain how Repligen deals with your personal data when you use our website https://www.repligen.com, utilise any of our services or otherwise interact with us. “Personal data” here means any information that we process about you that relates to you or that can be used to identify you - for example, your name, email, company or payment card information.
Repligen Corporation manages this website and is a joint controller with the relevant Repligen group companies you interact with for any personal data you provide when using the Repligen website (this simply means we are jointly responsible for your personal data). Where you interact with and provide personal data to a Repligen group company other than on this website, that Repligen group company will be the sole Controller of that personal data. References to “Repligen”, “we”, “us” or “our” in this Privacy Policy are to Repligen Corporation, 41 Seyton Street Building 1, Suite 100 Waltham, Massachusetts 02453, USA and each of the Repligen group companies listed here (to the extent you interact or have a relationship with these companies).
If you have any questions about which of the above companies is the Controller of your personal data or would like to contact any of the companies listed above, please email us at [email protected] or if more convenient you can contact the relevant Repligen entity on the details provided in the list above.
Quick Guide to Contents
- How We Use Your Personal Data
- How We Share Your Personal Data
- International Transfers
- Personal Data Retention
- Your Data Rights
- Changes to this Privacy Policy
- How to Contact Us
HOW WE USE YOUR PERSONAL DATA
We collect personal data about you, either directly from you, from a third-party source or by automated means (when you use our website for example). Under data protection law we can only use your personal data where we have a lawful bases (justification), and this can be either “to carry out a contract with you or to take steps on your instruction prior to entering a contract with you”; “where we have a legal obligation”; where you have given us your consent”; or “where it is necessary for our legitimate interests” (this means that we have a business or commercial interests in using your personal data).
The table below sets out clearly how we collect and use your personal data and the lawful bases we rely on for using your personal data. Where we have said that using or keeping your personal data is “necessary for our legitimate interests”, we have carried out an assessment to ensure this is not unfair to you.
Please note that if you choose not to provide personal data requested by us, or refuse our use of your personal data, we may not be able to provide you with the services you have requested where this personal data is necessary or these services may be delayed.
Information you give us
Personal data we collect | How we use your personal data and our lawful basis |
---|---|
Website Account You give us personal data about you when you create a customer account on our website. This is generally information including your name, email address, company, address and phone number. When you use your account, we collect additional information on your order history and any additional addresses you include on your account. |
Legitimate Interest
|
Purchases/Orders You give us personal data about you when you place an order on any of our online stores. This is generally information including the contents of your shopping cart, your name, email address, telephone number, shipping address, billing address, delivery preferences and payment details (e.g. credit/debit card/GooglePay). |
Performance of Contract If you are making a purchase as an individual, we use your personal data to complete and fulfil your purchases on our online store, including processing your payments, sending you an order confirmation, sending you updates on your order and having your order delivered to you. Legitimate Interests If you are making a purchase on behalf of a company, we use your personal data to complete and fulfil your purchases made on our online store, including processing your payments, sending you an order confirmation, sending you updates on your order and having your order delivered to your company. Comply with a Legal Obligation To comply with any relevant consumer laws in relation to purchases you make, including regarding giving you certain information and issuing replacements, credits or refunds (if applicable). |
Event or Webinar Registration You give us personal data about you when you register for any of our events or webinars. This is generally information including your name, email address, telephone number, company name, job title, location (city, country and Zip), details of the relevant event or webinar, and your contact and marketing preference. Where payment is required for an event or webinar, we will also give us your payment details (bank card details and billing address). |
Legitimate Interests We use your personal data to complete and fulfil your registration for any of our events or webinars, including sending you a confirmation message so you know your registration is confirmed, sending you updates on the event or webinar you have registered for and providing you with access to relevant content related to your registered event or webinar. |
Marketing Communications and Updates You give us personal data about you when you subscribe to receive marketing communications and updates from us or we are otherwise legally allowed to send you such marketing communications. This is generally information including your email address and your marketing preferences (i.e. the updates you want to receive). |
Consent We use your personal data to send you marketing communications via your personal email (and to manage our marketing processes) where you have provided your consent to receive these communications. We will only do this in line with your marketing preferences and Legitimate Interests We use your personal data to send you marketing communications via your business email (and to manage our marketing processes) where we are legally allowed to send such communications. You can opt-out of receiving these communications at any time by selecting the unsubscribe link in any email we send you, or by contacting us. |
Surveys You give us personal data about you when you participate in and complete any of our surveys. This is generally information including your name, contact information, and your survey responses. |
With your consent To register you for our surveys and to analyse the responses you have provided to our survey questions. |
Suppliers/Partners and Representatives You give us personal data about you when you enter into a supplier/partnership agreement or relationship with us or are a representative of a supplier/partner. This is generally information including your name, email, phone number, |
Legitimate Interest We use your personal data to contact you and to manage our relationship with you and/or your company where you are a supplier/partner or the representative of a supplier/partner with whom we have a business relationship. |
Contacting Us You give us personal data about you when you contact us or otherwise interact with us, including via the contact us web forms on our website, phone, email, post or social media. This is generally information including your name, company, job role, contact preference (email/phone number) and what you have contacted us about. |
Legitimate Interest To respond to your inquiries and fulfil your requests, for example, when you send us questions, suggestions, compliments or complaints, or when you request information about our products or other offerings. We may also take this information into account when improving our platform, products and services. |
Information we collect automatically
Personal data we collect | How we use your personal data and our lawful basis |
---|---|
Visiting our website We collect personal data about you automatically when you visit and interact with our website. Our servers keep an activity log unique to you that collects certain administrative and traffic information including your device details, device location, source IP address, time of access, date of access, web page(s) visited, language use, software crash reports and type of browser used. |
Legitimate Interest We use your personal data to make sure you are able to use our website, to monitor how our website is being used, to help us discover and fix any problems with our website and to determine what country you are in when you use our website. |
Cookies (and Similar Technologies) We collect personal data about you by automated means when you visit and use any of our websites or mobile apps through cookies and similar technologies (e.g. web beacons, pixel tags, etc.) placed on your device. Cookies and similar technologies are simple pieces of computer code which are designed to collect information from the device you use to access our website. The information collected may include a user ID assigned to you, your IP address, the content you have interacted with, duration of each visit and error messages you encounter. Please see our Cookie Policy here for more information on what cookies (and other similar technologies) are and how we use them. |
Consent
Legitimate Interest We use your personal data as strictly necessary to ensure you are able to use our website, to ensure security of our website and to record your cookie consent preferences. |
Information provided by third parties
Personal data we collect | How we use your personal data and our lawful basis |
---|---|
Personal data provided by your affiliated company Where you are an employee or representative of any of the company’s we have a relationship with (e.g. a customer, supplier or partner of Repligen), we may be provided with your personal data by your affiliated company during the course of this relationship. This generally information including your name, contact details, job title and company. |
Legitimate Interest We use your personal data strictly in the context of the business purposes with your affiliated company. |
Internal Business Purposes
Personal data we collect | How we use your personal data and our lawful basis |
---|---|
Fraud and Security Monitoring Our fraud and security monitoring processes may apply to any of the above personal data we collect about you. |
Legitimate Interests We use your personal data to carry out fraud and security monitoring within our business (e.g. to detect and prevent cyberattacks or attempts to commit identity theft.) |
Business Administration Our processes for ensuring the proper data to day running of our business may apply to any of the above personal data we collect about you. |
Legitimate Interests We use your personal data as necessary to operate our business efficiently. |
Legal Claims and Compliance with Legal Obligations Our processes for complying with our legal obligations and protecting our rights under the law may apply to any of the personal data we collect about you listed in this Privacy Policy. |
Legitimate Interests We use your personal data to effectively defend or bring claims to protect our legal rights and interests, to respond to investigations from regulators or law enforcement, and to audit our internal processes for compliance with legal and contractual requirements. Legal Obligation We use your personal data to comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities, and audit our internal processes for compliance with legal requirements. |
HOW WE SHARE YOUR PERSONAL DATA
We share your personal data for the following purposes and in line with this Privacy Policy:
General Sharing
- We share your personal data with trusted third parties who perform functions on our behalf and help us provide you with the services we offer and also in operating and maintaining our website. Third parties such as service providers (including website and cloud providers, database management providers, payment providers, business communication providers, email distribution providers, direct marketing and data collection providers, data storage and analysis providers, and customer service support providers), business consultants, and professional advisors (including lawyers and accountants). These third parties comply with similar and equally stringent undertakings of privacy and confidentiality.
- We share your personal data with other Repligen group companies as necessary. Our group companies will only use the personal data we share in a manner consistent with this Privacy Policy. You can consult the list and location of the Repligen group companies here.
- We share your personal data if we are under a duty to do so, in order to comply with (or where we reasonably believe we are under a duty to comply with) any legal obligation; or in order to enforce any agreement we have in place with you; or to protect the rights, property, safety, or security of Repligen, third parties, users of our services or the public.
- We may share your personal data with a prospective or new owner of our business or company and their advisors, should we, or any of the Repligen group companies be the subject of a takeover, divestment or acquisition.
- We share your personal data where you give us express permission to do so in the course of your relationship with us from time to time.
INTERNATIONAL TRANSFERS
Our website is managed by our parent company Repligen Corporation, in the United States and personal data collected on our website is directly transmitted to the US. We also share personal data collected offline with Repligen Corporation, other Repligen group companies and service providers in the US for business operation purposes.
The US may have data protection laws less stringent than or otherwise different from the laws in effect in your country. Where we share your personal data with parties in the US or any countries not recognized as adequate for the transfer of your personal data, to the extent a safeguard is required under law for such transfers of your personal data, we have put in place the UK government approved international data transfer agreement/addendum (for UK transfers) and Standard Contractual Clauses approved by the EU Commission (for EEA transfers. Please contact us for further details on the safeguards in place.
PERSONAL DATA RETENTION
We will retain your personal data for as long as needed or permitted considering the purpose(s) for which it was obtained and consistent with applicable law.
The criteria we use to determine our retention periods include:
- Any permissions you give us with regards to your personal data;
- Our contractual obligations and rights in relation to the personal data involved;
- The length of time we have an ongoing relationship with you;
- Whether there is a legal obligation to which we are subject;
- Whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations); and
- Any guidelines issued by relevant legal and data protection authorities.
YOUR DATA RIGHTS
By law, you have a number of rights (subject to certain conditions and exceptions) when it comes to your personal data and can exercise any of these rights by contacting us.
You have the right to object to us processing your personal data where we rely on “legitimate interest” (see the “How We Use Your Personal Data” section above) as a lawful basis for processing your personal data or where we are processing your personal data for any direct marketing purposes (e.g. to send you newsletters and invites to Webinars).
You also have the right to:
- Request access to your personal data (commonly known as a “data subject access request”) and receive a copy of it, along with supplemental transparency information similar to what is provided in this notice.
- Request correction of the personal data that we hold about you if it is incomplete or inaccurate.
- Request erasure of your personal data where there is no good reason for us continuing to process it or where you have successfully exercised your right to object to our processing of your personal data.
- Request the restriction of processing of your personal data, for example, if you want us to establish its accuracy or the reason for processing it.
- Request portability of your personal data. If required to do so, we will provide you or another party with any personal data we have obtained from you, in a structured, machine readable and reusable format.
- Withdraw consent to the processing of your personal data at any time where we rely on your consent as a lawful basis for processing your personal data. This won’t affect anything we have used your personal data for before you withdraw your consent.
- Not be subject to decisions based solely on automated processing (including profiling) which have a legal effect on you or a similarly significant effect on you. This is relevant where we decide to use automated systems to process your personal data with no real human involvement. We do not currently engage in this type of processing activity.
- Lodge a complaint about the way we handle or process your personal data with a data protection regulator.
CHANGES TO THIS PRIVACY POLICY
We may periodically make changes to this Privacy Policy. We will notify you of any significant changes where we have a relationship with you and otherwise post updated versions here. We recommend that you revisit this Privacy Policy regularly.
HOW TO CONTACT US
If you wish to exercise any data subject rights or have any questions about this Privacy Policy or our information practices, please feel free to contact us at [email protected].