Purpose of GDPR policy

CatSci and its subsidiaries (“we”, “us”, “our”) are committed to protecting and respecting your personal data. This Privacy Notice, and any other documents referred to, explain in detail the types of personal data we may collect about you when you interact with us and how we use, store, and keep safe your data. It also details your rights and how you can stop the use of your personal data.

We collect personal data about you if you choose to provide information to us when you opt in or show interest in receiving updates from CatSci, or when you apply for a job vacancy within our company.

Among the types of Personal Data that our Website collects, by itself or through third parties, there are: Cookies; Usage Data; first name; last name; phone number; company name; email address.

Complete details on each type of Personal Data collected are provided in the dedicated sections of this privacy policy or by specific explanation texts displayed prior to the Data collection.

Personal Data may be freely provided by the User, or, in case of Usage Data, collected automatically when using this Website.

Unless specified otherwise, all Data requested by this Website is mandatory and failure to provide this Data may make it impossible for this Website to provide its services. In cases where this Website specifically states that some Data is not mandatory, Users are free not to communicate this Data without consequences to the availability or the functioning of the Service.

Users who are uncertain about which Personal Data is mandatory are welcome to contact the Owner (CatSci Ltd).

Any use of Cookies – or of other tracking tools – by this Website or by the owners of third-party services used by this Website serves the purpose of providing the Service required by the User, in addition to any other purposes described in the present document and in the Cookie Policy, if available.

Users are responsible for any third-party Personal Data obtained, published or shared through this Website and confirm that they have the third party’s consent to provide the Data to the Owner.

For the purpose of the relevant data protection legislation, which includes the UK General Data Protection Regulation (UK GDPR) the data owner and controller is:

CatSci Ltd.

CBTC2, Capital Business Park

Wentloog, Cardiff

CF3 2PX

United Kingdom

(F.A.O Data Owner & Controller)

Owner contact email: GDPR@catsci.com

How do we process your data

The Owner takes appropriate security measures to prevent unauthorised access, disclosure, modification, or unauthorised destruction of the Data.

The Data processing is carried out using computers and/or IT enabled tools, following organisational procedures and modes strictly related to the purposes indicated. In addition to the Owner, in some cases, the Data may be accessible to certain types of persons in charge, involved with the operation of this Website (administration, sales, marketing, legal, system administration) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as Data Processors by the Owner. The updated list of these parties may be requested from the Owner at any time.

Place of processing

The Data is processed at the Owner’s operating offices and in any other places where the parties involved in the processing are located.

Depending on the User’s location, data transfers may involve transferring the User’s Data to a country other than their own. To find out more about the place of processing of such transferred Data, Users can check the section containing details about the processing of Personal Data.

Users are also entitled to learn about the legal basis of Data transfers to a country outside the European Union or to any international organization governed by public international law or set up by two or more countries, such as the UN, and about the security measures taken by the Owner to safeguard their Data.

If any such transfer takes place, Users can find out more by checking the relevant sections of this document or inquire with the Owner using the information provided in the contact section.

We will treat your data with the utmost care and take appropriate steps to protect it and we have defined security and privacy controls, processes and procedures to protect your data.

Our systems comply with high-standard business-grade specifications, including:

Secure access to all transactional areas of our websites and apps using ‘https’ technology.
Access to your personal data being password-protected and sensitive data (such as payment card information) being secured by SSL encryption.
Regularly monitoring our system for possible vulnerabilities and attacks.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

When we collect your data

The occasions on which we collect your data include, but are not limited to:

When you visit our website and enter information about yourself.
When you contact us or correspond with us by any means with enquiries, complaints etc.
When you engage with us on social media.
When you visit premises, which have CCTV cameras.
When you choose to complete a survey, research or feedback form.
When you provide your personal or employment details to enter a prize draw, competition or to receive any other communication.
When you fill in any forms, for example an Accident Form should an incident occur in one of our premises.
When enter a legally binding agreement or contract.
When you have given a third-party permission to share the information, they hold about you with us.

How we use data

The law on data protection sets out several different reasons for which a company may collect and process your personal data, including:

In specific situations, we can collect and process your data with your consent – for example when you opt in to receiving information or updates from us.
Legitimate interest. In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom, or interests – for example when you have shown interest in receiving information or updates from us. Where we are relying on legitimate interests as the lawful; basis for processing your personal data you have a right to object.
Contractual obligations. In certain circumstances, we need your personal data to comply with our contractual obligations.
Legal compliance. If the law requires us to, we may need to collect and process your data.

In some limited circumstances, we may also need to collect and process special category personal data about you. We will only do so on the basis of your explicit consent or where there is specific legal basis for doing so.

We will also use your personal data in the following ways:

To carry out our obligations arising from any contracts or agreements entered between you and us.
To notify you about updates and information about our services and job vacancies that we think may be of interest to you.
To provide you with information about other services and job vacancies we offer that are similar to those that you have already enquired about.
To administer any of our prize draws or competitions which you enter, based on your consent given at the time of entering.
To help us make improvements to our systems, products and services.
For research and marketing purposes.
To respond to your queries and complaints.
To ensure that content from our site and other services and activities is presented in the most effective manner for you and for your computer.
To protect our company, customers, premises, assets and staff from crime.
To comply with our contractual or legal obligations to share data with law enforcement.
To send you communications required by law or which are necessary to inform you about our changes to the services we provide you.

What personal data we collect

The personal data which we may collect depends upon the means by which you choose to engage with CatSci and the information that you choose to provide. This may include the following:

Personal data you choose to give us:

Your name, gender and date of birth.
Your address, postcode, e-mail address and mobile/telephone contact information.
Your financial information.
Your personal description and photograph.
Your business card details, for example job title and employer’s details or cv details when applying for a job vacancy.
Your social media username, if you interact with us through those channels, to help us respond to your comments, questions, or feedback.
Information about your qualifications and experience where relevant to your application for a job vacancy.

Information we may collect about you:

We generate personal data about you in the course of our dealings and correspondence with you. This includes keeping records of our engagement with you.
Your vehicle registration number may be recorded at some of our car parks for security and safety reasons.

To deliver the best possible web experience, we may automatically collect the following:

technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, geographic location, browser plug-in types and versions, operating system and platform.
information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time), services you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs) and methods used to browse away from the page and any phone number used to call us. We may track where you came to our site from and where you went when you left our site and how often you visit and use our site.
via cookies on our website to distinguish you from other users. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site. For detailed information on the cookies we use and the purposes for which we use them see our Cookie Policy.

Information we receive from other sources about you:

We may receive information about you if you use any of the other websites we operate or the other services we provide. We also work closely with third parties (for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, customer insight companies, credit reference agencies, recruitment agencies and job boards) and may receive information about you from them.
If you are applying for a job vacancy, we may undertake verification checks to establish if the information you have provided is correct, including taking up references about you.

Retention period

Personal Data shall be processed and stored for as long as required by the purpose they have been collected for.

Therefore:

Personal Data collected for purposes related to the performance of a contract between the Owner and the User shall be retained until such contract has been fully performed.
Personal Data collected for the purposes of the Owner’s legitimate interests shall be retained as long as needed to fulfil such purposes. Users may find specific information regarding the legitimate interests pursued by the Owner within the relevant sections of this document or by contacting the Owner.
The Owner may be allowed to retain Personal Data for a longer period whenever the User has given consent to such processing, as long as such consent is not withdrawn. Furthermore, the Owner may be obliged to retain Personal Data for a longer period whenever required to do so for the performance of a legal obligation or upon order of an authority.
Personal Data related to recruitment activities shall be deleted once the retention period expires. Therefore, the right to access, the right to erasure, the right to rectification and the right to data portability cannot be enforced, in this instance, after expiration of the retention period.

Who we share your data with

We may share your personal data with any member of our group, as defined in section 1159 of the UK Companies Act 2006.

In certain situations we may disclose your personal data to third parties:

In the event that we sell any business or assets, in which case we may disclose your personal data to the prospective buyer of such business or assets.
If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements; or to protect the rights, property, or safety of CatSci Ltd, our customers, or others.

We may sometimes share your personal data with selected, trusted third parties, including but not limited to:

Business partners, suppliers, and service providers for the performance of any contract we enter into with them or you.
IT companies who support and improve our website and other business systems.
Direct marketing, research and advertising companies that help us with our marketing strategy and communications with you.
Data insight companies to ensure your details are up to date and accurate.

We provide only the information to these trusted third parties that they need to perform their specific service. They are contractually bound to use your personal data that we share with them with the sole purpose of performing the services we have engaged them to provide.

The rights of Users

Users may exercise certain rights regarding their Data processed by the Owner.

Users have the right to do the following:

Withdraw their consent at any time. Users have the right to withdraw consent where they have previously given their consent to the processing of their Personal Data.
Object to processing of their Data. Users have the right to object to the processing of their Data if the processing is carried out on a legal basis other than consent. Further details are provided in the dedicated section below.
Access their Data. Users have the right to learn if Data is being processed by the Owner, obtain disclosure regarding certain aspects of the processing and obtain a copy of the Data undergoing processing.
Verify and seek rectification. Users have the right to verify the accuracy of their Data and ask for it to be updated or corrected.
Restrict the processing of their Data. Users have the right, under certain circumstances, to restrict the processing of their Data. In this case, the Owner will not process their Data for any purpose other than storing it.
Have their Personal Data deleted or otherwise removed. Users have the right, under certain circumstances, to obtain the erasure of their Data from the Owner.
Receive their Data and have it transferred to another controller. Users have the right to receive their Data in a structured, commonly used and machine-readable format and, if technically feasible, to have it transmitted to another controller without any hindrance. This provision is applicable provided that the Data is processed by automated means and that the processing is based on the User’s consent, on a contract which the User is part of or on pre-contractual obligations thereof.
Lodge a complaint. Users have the right to bring a claim before their competent data protection authority.

Details about the right to object to processing:

Where Personal Data is processed for a public interest, in the exercise of an official authority vested in the Owner or for the purposes of the legitimate interests pursued by the Owner, Users may object to such processing by providing a ground related to their particular situation to justify the objection.

Users must know that, however, should their Personal Data be processed for direct marketing purposes, they can object to that processing at any time without providing any justification. To learn, whether the Owner is processing Personal Data for direct marketing purposes, Users may refer to the relevant sections of this document.

How to exercise these rights:

Any requests to exercise User rights can be directed to the Owner through the contact details provided in this document. These requests can be exercised free of charge and will be addressed by the Owner as early as possible and always within one month.

Cookie Policy

This Website uses Trackers. To learn more, the User may consult the Cookie Policy.

Contact details

F.A.O Data Owner & Controller

CatSci Ltd.