Privacy Policy

Overview

InSyBio Group (“InSyBio”), which is consists of InSyBIo PC, InSyBio Ltd and InSyBio Inc., respects its customers and understands that you are concerned about privacy. We have posted this Privacy Policy to let you know what kind of information we collect, how it is handled and with whom it may be shared. As we continue to develop our website and take advantage of technologies to improve the products and services we offer, this Privacy Policy will likely change. We encourage you to refer to this Privacy Policy on an ongoing basis so that you understand the current policies that apply to the information you provide to us. Any updates to this Privacy Policy will be prominently displayed on our website.

Applicability of this Privacy Policy

This Privacy Policy applies to all information collected by InSyBio as described in the subsections of the section “What Information we collect about you”. Although the Site may provide links to Third Party websites, such websites are not covered by this Privacy Policy. These links are provided for your convenience only, and InSyBio assumes no responsibility for the privacy or security of information you provide to any Third Party through linked websites or any other means. “Third Parties” mean any person or entity other than InSyBio and you.

Data Controller

All the companies consisting InSyBio Group are acting as Data Controllers.

InSyBio Ltd.

Reg. No 8715590.

Innovations House, 19 Staple Gardens, Winchester, SO23 8SR, United Kingdom

e-mail: info@insybio.com

Data Controller Lead: Mr. Labros Digonis

InSyBio PC.

Reg. No 134984416000.

Patras Science Park building, Platani, Patras, 26504, Greece

e-mail: info@insybio.com

Data Controller Lead: Dr. Konstantinos Theofilatos

InSyBio Inc.

Med2Market: 2101 E. St. Elmo, Bldg. 1, Ste. 100, Austin, TX 78744, USA

e-mail: info@insybio.com

EU Representative: InSyBio Ltd.

Please be assured that InSyBio Ltd. is registered with the Information Commissioner and guarantees that all information you provide will be kept private and will not be passed on to any other organisation, except the ones that are strictly referred to this policy.

What Information we collect about you

This section shows groups of people whom we collect information about. It then details (for each group) Data Collection; what we use your personal information for; the legal basis for processing; how long we keep it; categories of personal data; and who we share your data with.

People who visit and browse our website

Data Collection

This information may be collected through the use of a “cookie.” Cookies are small text files that are stored on your hard drive to store your preferences. Cookies themselves do not contain any personally identifiable information. You may delete InSyBio cookies from your computer, but doing so may impair your use of the Site. More informations about the cookies and how to manage them, you can find at the section “About Cookies”.

InSyBio may also use “web beacons” on the Site from time to time. Web beacons are small pieces of code placed on a web page to track or monitor the behavior and collect data about the visitors viewing a web page. For example, web beacons can be used to count the users who visit a web page or to deliver a cookie to the browser of a visitor viewing that page.

InSyBio may also use certain statistical analysis services, such as Google Analytics, to generate statistics in the aggregate about visitors to the Site. Google Analytics is a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses cookies to analyze how users use the Site. Google’s commitment and compliance to data protection laws is described at https://privacy.google.com/businesses/compliance/

Categories of Personal Data

Our web server automatically recognizes your IP address, web browser version, the referring page, and the site you came from. Sometimes it is possible to identify your organization or employer from the IP address. We may also collect information about the content on the Site you access, the platform operating system you use, and the date, time, and duration of your visit to the Site.

Data Retention period

We will keep the visiting log files and statistics no more than 5 years.

Purposes of the processing

The information that is gathered is used for creating reports on the statistics of visits in this website.

Legal Basis for processing

We process your information under the legitimate interest basis for processing.

Legitimate Interest

We use diagnostic analytics to assess the number of visitors, sessions, page views, etc. in order to optimise future marketing campaigns and redesign of the website in order to provide a better experience to the visitors.

Who we share your data with

We share some of your data with other organisations and individuals who process data on InSyBio’s behalf (Data Processors). The use of the data we share is strictly limited, by contract, to those purposes.

With the companies of InSyBio Group

The collected data is shared among the companies of InSyBio Group.

With our IT Software & IT Support Service Providers

We share your personal data that we hold with our IT and IT support Service Providers to ensure that you get the best possible service.

People who contact us by Email

Data Collection

We collect data about you in a variety of ways, starting at the point of your email to us where we will collect the data from you directly. We also update this data through your subsequent contact with us. Also, we collect data through the electronic contact form of our website.

Categories of Personal Data

Name
Email address.
Contents of your email and our responses.

Data Retention period

We will keep the email correspondence until the subject of the email has been addressed by us and for no longer than 10 years.

Purposes of the processing

Personal information which you supply will be used to:

To respond to your email

Legal Basis for processing

We process your information under the legitimate interest basis for processing.

Legitimate Interest

People who send email expect this processing to take place so that they can have a response to their email.

Who we share your data with

With the companies of InSyBio Group

The collected data is shared among the companies of InSyBio Group.

With our IT Software & IT Support Service Providers

We share your personal data that we hold with our IT and IT support Service Providers to ensure that you get the best possible service.

People who sign up for our Newsletters

Data Collection

We collect data about you in a variety of ways, starting at the point where you sign up for our newsletter. We also update this data through your subsequent contact with us.

Some of these e-mails use Third Party services that can track your response through the use of custom links within the e-mail and by recording the download of images embedded within the HTML from the Third Party’s server. This allows InSyBio to deduce whether you have opened the message and, if you click on a hyperlink in the message to visit the Site, to associate each web page you visit on the Site with the specific e-mail address to which the message was sent.

IMPORTANT: In some instances, the e-mail we send to you may contain personally identifiable information about yourself, or may include a link to access portions of InSyBio’ Site or systems that contain personally identifiable information about yourself. Forwarding these e-mails to Third Parties may permit such Third Parties to have access to personally identifiable information about yourself. You therefore should be very careful about forwarding any emails you receive from InSyBio to any Third Parties.

Categories of personal data

We will keep the following categories of personal data:

Name
E-mail

Data retention period

We will keep your details while this remains useful to InSyBio, unless you withdraw your consent.

Purposes of the processing

We occasionally send e-mails to customers and other contacts in order to update them on our products and the activities of our business. In the bottom of each such e-mail there are guidelines on how to unsubscribe. If you do so, the e-mail address from which your request is sent will no longer receive any unsolicited e-mail from InSyBio.

We use e-mail diagnostic analytics to assess the number of e-mail clicks, opens, receives in order to optimise future marketing campaigns.

Legal basis for processing

We process your information under the consent basis for processing.

Consent

You have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

Who we share your data with

With the companies of InSyBio Group

The collected data is shared among the companies of InSyBio Group.

With our Marketing and Bulk Email Provider

We share your name and preferred email address to our e-mail marketing provider, so that we can send you the newsletters; updates; details of up-coming meetings, conferences or events that you might be interested in ; and details of products or services that we think you might be interested in.

InSyBio uses MailChimp as Marketing Email Provider and SendGrid as e-mail sending gateway. Both providers have strict policies on the protection personal data and are compliant with GPDR as it is stated on https://kb.mailchimp.com/accounts/management/gdpr-faq and https://sendgrid.com/resource/general-data-protection-regulation/

With our IT Software & IT Support Service Providers

We share your personal data that we hold with our IT and IT support Service Providers to ensure that you get the best possible service.

People who apply for a job

Data Collection

We collect data about you in a variety of ways, starting at the point where you send us by email your job application. We also update this data through your subsequent contact with us.

Categories of personal data

We will keep the following categories of personal data:

Name
E-mail
Personal Details included in your Curriculum Vitae attached to the application.

Data Retention period

We will keep your application’s information no more than 5 years.

Purposes of the processing

Résumés and other materials submitted by job applicants are used for applicant screening and hiring purposes, and for general human resource related purposes. .

Legal Basis for processing

We process your information under the legitimate interest basis for processing.

Legitimate Interest

People that apply for a job are expecting the process of their application data for hiring purposes.

Who we share your data with

With the companies of InSyBio Group

The collected data is shared among the companies of InSyBio Group.

With our IT Software & IT Support Service Providers

We share your personal data that we hold with our IT and IT support Service Providers to ensure that you get the best possible service.

People who use InSyBio Suite

Data Collection

We collect data about you in a variety of ways, starting at the where you directly by e-mail or verbally give us the appropriate information for creating account in our Software. Also, data is collected by the registration form for the demo version of the InSyBio Suite. Apart for the data provided by you, our software along with the cloud architecture used in order to operate, are automatic collecting data through logging process. Type of logs that are containing personal data are:

Infrastructure Applications (i.e. web server, database, etc.) error and access logs.
Operating System error and access logs.
Cloud Infrastructure error and access logs.
InSyBio Suite access logs.

Categories of personal data

We will keep the following categories of personal data:

Personal Details
- Email
- Name
- Address
- Organization
- Country
Logs Details
- IP
- User ID
- User actions

Data retention period

Account details are stored while the account is active and for three years after its deactivation. Log files are kept no more than 10 years, except some logs that are destroyed earlier when the life-cycle of the associated virtual machine ends.

Purposes of the processing

Personal information which you supply will be used

To identify security vulnerabilities of the software
To identify the cause of possible security breach (forensics purposes)
To detect and prevent fraud
To detect and prevent unauthorized access
To provide better services to our customers

Legal Basis for processing

We process your information under the legitimate interest basis for processing.

Legitimate Interest

We collect and store personal data in our applications logs for the limited and legitimate purpose of detecting and preventing fraud and unauthorized system access, and ensuring the security of our systems.

Who we share your data with

With the companies of InSyBio Group

The collected data is shared among the companies of InSyBio Group.

With our IT Software & IT Support Service Providers

We share your personal data that we hold with our IT and IT support Service Providers to ensure that you get the best possible service.

Customers

Data Collection

We collect data about you in a variety of ways, starting at the point where you place an order for our services or our software, where we will collect the data from you directly. We also update this data through your subsequent contact with us.

Categories of personal data

We will keep the following categories of personal data:

Personal Details
- Name
- Finance Address
- Delivery Address
- Purchase Details
- Details of Product/Service
- Date of Purchase
- Payment Details
- Delivery address

Data retention period

We will keep an electronic record of your purchases, invoices and payment records on our system until they are not needed.

Purposes of the processing

Personal information which you supply will be used

To provide the goods and service requests
To collect payment
To send you details of other goods and services

Legal basis for processing

We process your information, with the exception of financial information under the performance of a contract basis for processing.

We will process your financial information under the Legal basis for processing.

Who we share your data with

With the companies of InSyBio Group

The collected data is shared among the companies of InSyBio Group.

With our IT Software & IT Support Service Providers

We share your personal data that we hold with our IT and IT support Service Providers to ensure that you get the best possible service.

With our accounting service providers

We share all the aforementioned information with our companies’ accountants, so that they can provide their accounting services.

With our accounting software providers

We share all the aforementioned information with the providers of accounting software to the companies of InSyBio Group, so that they can provide their services.

InSyBio Ltd and InSyBio Inc. use the products of Intuit which has strict policy for personal data protection as it is defined on https://security.intuit.com/index.php/privacy.

Current and Former Employees of InSyBio

Data Collection

We collect data about you in a variety of ways, starting at the point of recruitment where we will collect the data from you directly. This includes the information you would normally put in a CV or application form, and any cover letter. It also includes notes made by our selection panel during a selection interview. We collect further information directly from you when you complete forms at the start of your employment, for example, your bank, next of kin details and your health questionnaire. Other details may be collected directly from you in the form of official documentation such as your driving licence, passport or other right to work evidence.

We will collect data about you from third parties, such as employment agencies, if you come to us via an agency, and former employers when gathering references.

Categories of personal data

Your personal details including your name, address, date of birth, email address, phone numbers
Your photograph
Gender
Marital status
Dependants, next of kin and their contact numbers
Medical or health information including whether or not you have a disability
Information used for equality, diversity and inclusion monitoring about your sexual orientation, religion or belief and ethnic origin
Information included on your CV or application form, including references, education history and employment history
Documentation relating to your right to work in the UK, USA or Greece (according the referred company of the InSyBio group)
Driving licence
Bank details
Tax codes
National Insurance number
Current and previous job titles, job descriptions, pay grades, pension entitlement, hours of work and other terms and conditions relating to your employment with us
Letters of concern, formal warnings and other documentation with regard to any disciplinary proceedings
Records of any grievance processes instigated by you
Internal performance information including measurements against targets, formal warnings and related documentation with regard to capability procedures, appraisal forms
Leave records including annual leave, family leave, sickness absence etc

Data retention period

We will keep your HR record, including copies of recruitment paperwork, job descriptions, contracts of employment, appraisals, sickness absence, holiday, training, grievance and disciplinary records until termination of your contract + 6 years

We will keep all financial records, including payroll and payment of expenses until they are not needed.

Purposes of the processing

Personal information which you supply will be used

To carry out the employment contract that we have entered into with you
To ensure you are paid, and that sick pay or maternity/paternity pay is correctly administered
To ensure tax and National Insurance is paid
To carry out checks in relation to your right to work in the UK, USA orGreece
To make reasonable adjustments for disabled employees.
To make decisions about who to offer initial employment to, and subsequent internal appointments, promotions etc
To make decisions about salary and other benefits
To provide contractual benefits to you
To maintain comprehensive up to date personnel records about you to ensure, for example, that we have correct contact points in the event of an emergency, and that we have up to date contact details for you at home, in case we need to write to you (for example if you are off sick, long-term)
To effectively monitor both your conduct and your performance and to undertake disciplinary or capability procedures if the need arises
To offer an appropriate complaint process for you against decisions made about you via a grievance procedure
To assess your training needs
To implement an effective sickness absence management system including monitoring the amount of leave and subsequent actions to be taken including management of statutory and occupational sick pay, and the making of reasonable adjustments
To obtain expert medical opinion when making decisions about your fitness for work, and reasonable adjustments
To manage statutory leave and pay systems such as maternity leave and pay etc
To complete business planning and restructuring exercises
To deal with legal claims made against us
To prevent fraud
To ensure our administrative and IT systems are secure and robust against unauthorised access
To provide you with a company credit card

Legal basis for processing

The legal basis for processing this information is the performance of a contract

Who we share your data with

With the companies of InSyBio Group

The collected data is shared among the companies of InSyBio Group.

With our IT Software & IT Support Service Providers

We share your personal data that we hold with our IT and IT support Service Providers to ensure that you get the best possible service.

With Workplace Pension Provider

Limited data will be shared with the pension provider so that we can provide this staff benefit

With National Taxation Offices

Limited data will be shared with the national taxation offices as defined by the national laws.

Professional Contacts

Data Collection

We collect data about you in a variety of ways, starting at the point you either first contact us or we first contact you regarding a professional collaboration.

Data retention period

We will keep an electronic record of you while we have a relationship with you + 5 years.

Purposes of the processing

Personal information which you supply will be used to enable us you to contact you about our collaboration.

Legal basis for processing

We process your information under the legitimate interest basis for processing your data

Legitimate Interest

Professional Contacts expect us to keep their data so that we can contact them regarding current or new professional collaborations.

Who we share your data with

With the companies of InSyBio Group

The collected data is shared among the companies of InSyBio Group.

With our IT Software & IT Support Service Providers

We share your personal data that we hold with our IT and IT support Service Providers to ensure that you get the best possible service.

Your Rights

You have rights under data protection law that you can exercise against InSyBio but these do not apply in all circumstances. You can exercise those rights free of charge except in very limited circumstances, which will be explained to you if relevant.

For more information about all these rights, and how to exercise them against InSyBio, please contact any of the companies of InSyBio Group.

Here is a short description of your rights.

Right to Lodge a complaint with a Supervisory Authority

You have the right to lodge a complaint with a supervisory authority for each company of the InSyBio Group.

For InSyBio Ltd. and InSyBio Inc., the Supervisory Authority is the Information Commissioner (https://ico.org.uk) who can be contacted on 0303 123 113.

For InSyBio PC. the Supervisory Authority is the Hellenic Data Protection Authority (http://www.dpa.gr/) who can be contacted on +30 210 6475600 or contact@dpa.gr.

Right of Access (Article 15)

You have the right of access to your personal data, to obtain confirmation that it is being processed, and to obtain certain prescribed information about how it is processed.

Right to rectification (Article 16)

You have the right to obtain from us, without undue delay, the rectification of inaccurate personal data concerning you. Taking into account the purposes of processing, you shall have the right to have incomplete data completed. This can usually be done easily emailing info@insybio.com.

Right to erasure “the right to be forgotten” (Article 17)

In certain circumstances, you have the right to have your personal data erased. It is unlikely to be possible to do this if, for example, InSyBio has a legal duty to retain or process your information.

Right of restriction of processing (Article 18)

In certain circumstances, you have the right to obtain from InSyBio a restriction of processing.

Notification obligation regarding rectification or erasure or restriction of processing (Article 19)

We will communicate any rectification or erasure of personal data concerning you to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort.

Right to data portability (Article 20)

In certain circumstances you will have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used machine readable format and you will have the right to transmit this data to another organisation.

Right to object (Article 21)

You have the right to object, on grounds relating to your situation, at any time to processing of your personal data, which is based on the legitimate interest basis for processing. We will no longer process the personal data unless we can demonstrate a compelling legitimate ground for the processing which overrides your interests, rights and freedoms.

Right not to be subject of automated decision-making (Article 22)

You have the right not to be a subject to a decision based solely on automated processing including profiling, subject to certain exclusions. InSyBio does not make any automated decisions.

Children

InSyBio is committed to protecting the privacy of children. Neither InSyBio nor any of its services are designed or intended to attract children under the age of 13. InSyBio does not collect personally identifiable information from any person that InSyBio knows to be under the age of 13.

Security

InSyBio has put in place reasonably appropriate physical, electronic, and/or procedural safeguards to protect your personally identifiable information. However, even with such measures, no one is able to guarantee that unauthorized Third Parties will not be able to bypass these measures or otherwise capture such information. InSyBio shall not be liable to you for any Third Party’s unauthorized access to or use of your personally identifiable information.

Incident response

If a security violation occurs which involves the unauthorised release of personal data, InSyBio has internal processes to inform the affected individuals. In an incident of data breach, InSyBio will

Work quickly to identify the clients which data affected by the violation.
Inform the Supervisory Authority about the incident
Contact each affected individuals to:
- Explain the situation;
- Provide them with information about the risks and possible harm the violation might cause to them and how they can minimise this;
- Provide them with information on how the violation occurred and how procedures are being changed to prevent a recurrence

About cookies

This website uses cookies. By using this website and agreeing to this policy, you consent to InSyBio’s use of cookies in accordance with the terms of this policy.

Cookies are files sent by web servers to web browsers, and stored by the web browsers. The information is then sent back to the server each time the browser requests a page from the server. This enables a web server to identify and track web browsers. There are two main kinds of cookies: session cookies and persistent cookies. Session cookies are deleted from your computer when you close your browser, whereas persistent cookies remain stored on your computer until deleted, or until they reach their expiry date.

Refusing cookies

Most browsers allow you to refuse to accept cookies.

In Internet Explorer, you can refuse all cookies by clicking “Tools”, “Internet Options”, “Privacy”, and selecting “Block all cookies” using the sliding selector.

In Firefox, you can adjust your cookies settings by clicking “Tools”, “Options” and “Privacy”.

Blocking cookies will have a negative impact upon the usability of some websites.

Cross-border data transfers

Information that InSyBio collects may be stored and processed in and transferred between any of the countries in which InSyBio operates to enable the use of the information in accordance with this privacy policy. You agree to such cross-border transfers of personal information.

Other Exceptions; Legal Requirements

InSyBio reserves the right at all times to: (a) use and disclose any information it reasonably believes necessary to satisfy any law, regulation, government request, court order, subpoena or other legal process; (b) edit or remove any information, in whole or in part, that in InSyBio’s sole discretion is objectionable, disruptive to the Site or in violation of the Terms and Conditions; (c) use and disclose any information when InSyBio believes it is necessary to prevent harm or injury, to prevent fraud, or to protect InSyBio’s legal interests; and (d) use and disclose any information in connection with an investigation of suspected or actual illegal activity.

InSyBio may also transfer personally identifiable information in the event we sell or transfer all or a portion of our business or assets, or otherwise undergo a change in control. Should such an event occur, we will use reasonable efforts to direct the transferee to use personally identifiable information in a manner that is consistent with this Privacy Policy.

Contact Point

Please contact InSyBio to learn more about its privacy practices or to change your privacy choices: info@insybio.com

Changes to this privacy notice

This notice was last updated on the 22nd May 2018.

InSyBio may amend this privacy notice from time to time to keep it up-to-date or to comply with legal requirements. If you have access to the internet, you should regularly check this privacy notice. If necessary, you may be notified of changes. Your contact details (as previously described) would be used for this purpose, based on the legal basis of compliance with legal obligations or legitimate interests (or both as relevant).

Document Versions

(current) 22/05/2018 – Compliance with EU GDPR
17/09/2013 – First Version of Private Policy for InSyBio Ltd.