Our privacy and data protection policy
Data we may collect from you
- Information provided by you by filling in any of our forms on this website. Such information is initially collected, and processed on our behalf, in each case by Hubspot, Inc according to the following data processing agreement that we have in place with Hubspot, Inc: https://legal.hubspot.com/dpa.
- Data collected and processed by Hubspot may also be processed on our behalf by Microsoft, through our subscription with them for their Microsoft Office 365 offering. Details relating to how Microsoft process and store your data can be found here: https://www.microsoft.com/en-gb/trust-center/privacy.
- Details of visits to this website, including but not limited to traffic data, location data, and other communication data and the resources which you access.
Please note: we do not knowingly collect personal data from or about any person under the age of 16. Accordingly, this site is not intended for any person under the age of 16. If you are under 16 years old and wish to contact us, please get your parent or guardian to do so on your behalf.
How we collect our data
As noted above, we collect data from you by filling out the various forms on our website.
We may also collect information about your computer, including where available your IP address, operating system and browser type, for system administration. The collated statistical data about browsing actions is not used for purposes of identifying individuals.
We obtain information about your internet usage by using a cookie file, which is small text files that are placed onto ‘terminal equipment’ (e.g. your computer or smartphone) when you look at a website. Cookies are widely used in order to make websites work, or work more efficiently, as well as to provide web traffic information to the owners of the site to understand how it is being used. For example:
- to estimate audience size and usage patterns;
- to store preference information to enable us to customise the site to your interests;
- to speed up your searches; and/or
- to recognise you when you return to a website.
What do we do with your data?
We aim to collect and use only personal data that we can justify we need for our legitimate business purposes. Typically, that will be to provide you with information about Start Codon and any of its connected companies (including portfolio companies, where such is relevant, applicable and appropriate). However, and not withstanding this, we may disclose your personal information to:
- our subsidiaries and connected entities in the UK from time to time;
- third parties:
- if we or our connected entities enter into negotiations to sell or buy any business or assets (including businesses and/or assets of which they are the owner or legal holder), in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;
- if we, or our connected entities, sell substantially all of our assets or are acquired by a third party (in which case personal data held by it may be one of the transferred assets); and
Your personal data may also be transferred and stored at destinations outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who work for us, our subsidiaries or for one of our suppliers and/or distributors and/or parties working on our behalf. We will take all steps reasonably necessary to ensure that your personal data is treated securely in accordance with this Policy.
Types of cookies
We use third party analytics cookies from Google Analytics which are used for various purposes and stored on your computer or device for a period of time, as specified below:
_gat Used to throttle request rate (limits the number of “requests”). Expires after 1 minute.
_ga Used to distinguish users. Expires after 2 years.
_gid Used to throttle request rate (limits the number of “requests”). Expires after 24 hours.
The above-mentioned analytics help to make this website run more quickly and efficiently.
We also collate the following to help us understand the usage of this website:
CRAFT_CSRF_TOKEN. This cookie is used to prevent malicious attacks on your form submission. It is a required cookie functional cookie to protect your privacy and cannot be disabled. You can remove it from your browsers cookie storage, however when using our website another cookie might be generated.
CraftSessionId. This cookie is used to keep users logged in and does not collect any personal information, it is a required cookie for our website’s functionality and cannot be disabled. You can remove this cookie for your browsers cookie storage, however a new cookie might be generated while navigating the website.
PHP Session #. Please note that Craft and Craft cookies rely on PHP sessions to maintain sessions across web requests. That is done via the PHP session cookie. Craft names that cookie “CraftSessionId” by default, but it can be renamed via the phpSessionName config setting. This cookie will expire as soon as the session expires.
AMP-TOKEN “Active Mobile Pages” used on mobiles, the same way that cookies are used on html internet pages. Contains a token which can be used to retrieve a client ID or IP address. 30 seconds to 1 year.
_gac A persistent cookie which contains information which can be picked up by conversion tags. Conversion tags track what happens after a click on text or video or phone number with a hyperlink to understand user’s actions e.g. whether a document was downloaded after viewing a video. Expires after 90 days.
You may opt out of these analytics cookies if you so wish by changing the settings on your browser. In addition, Google Analytics has made an “add-on” available which you can install on your browser to achieve this. Also, you may refuse to accept cookies by clicking on the “no” when a cookie notice appears on the site. In each case you may be unable to access certain parts of this website.
You have a right to know whether we (being the data controller of your personal data) are processing your personal data and to request access to your personal data, including: the purpose of the processing of your personal data; the categories of personal data being processed; the recipients or categories of recipient to whom personal data is sent, including recipients who are established in the EEA and those established outside the EEA; and how long your personal data will be retained and how we make our decisions as to how long your personal data will be retained.
You also have the right to request changes to your personal data, by either correcting or supplementing the personal data we hold, and, in certain circumstances, you have the right to request the deletion of your personal data held by us.
If you have submitted information to us, you may get in touch at any time to ask for a copy of the information we hold about you and to have any mistakes corrected or apply any updates, or to ask us to cease to hold the information (including ceasing to subscribe from any newsletters, registrations or otherwise with us).
You have rights to receive your personal data in a structure, commonly-used and machine-readable format and to transmit your personal data to another data controller if certain criteria are met.
We do not charge a fee for providing a copy of your personal data being processed but we reserve the right to charge a reasonable administrative fee for additional requests.
Notwithstanding the above, nothing in this Policy impacts your rights for and in relation to any of your personal data held by Hubspot, Inc or Microsoft (as noted above) and you may exercise your rights in this regard directly through Hubspot, Inc or Microsoft, respectively.
You also have the right to make a complaint to our supervisory authority which is the Information Commissioner in the UK (https://ico.org.uk/). You may exercise any of the abovementioned rights by emailing our data protection office at email@example.com.