Privacy Policy
SHIMADZU UK LIMITED
PRIVACY POLICY FOR WEB SHOP FOR BUSINESS CUSTOMERS
Thank you for your interest in our website. The protection of your privacy is very important to us. This privacy policy’s purpose is to inform you in detail about the handling of your data when you visit and use our website, including any data you may provide through this website when you sign up to our newsletter or purchase a product from our webshop.
This website is not intended for children, and we do not knowingly collect data relating to children.
I. THE PERSONAL DATA WE COLLECT ABOUT YOU, HOW WE COLLECT IT, AND WHAT WE USE IT FOR
General
Personal data, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
- Identity Data includes first name, last name, business you work for, title and gender.
- Contact Data includes billing address, delivery address, email address, telephone numbers and fax number.
- Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
- Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
- Profile Data includes your login details (username and password), purchases or orders made by you, your interests, preferences, feedback and survey responses.
- Usage Data includes information about how you use our website, products and services.
- Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity.
We use different methods to collect data from and about you including through:
- Direct interactions. You may give us your personal data by filling in forms or by corresponding with us by post, phone, email or otherwise.
- Automated technologies or interactions. As you interact with our website, we will automatically collect technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies. We may also receive data about you if you visit other websites employing our cookies. Please see our cookie section below for further details.
- Third parties. We will receive personal data about you from various third parties as set out below:
o Technical Data and Usage Data from (a) analytics providers such as Google based outside the UK and Lead Forensics based inside the UK; and (b) advertising networks such as Google, Twitter and LinkedIn based outside the UK; and
o Contact Data and Transaction Data from providers of technical, payment and delivery services based bothinside and outside the UK.
o Identity Data and Contact Data from publicly available sources such as Companies House based inside the UK.
We have set out below, a description of all the purposes we plan to use the personal data we collect for.
Please note that we will only use your personal data for the purposes for which we collected it (as set out below), unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
1 HOSTING AND ADMINISTRATION OF OUR WEBSITE
When you view our website, we collect Technical Data automatically using cookies, server logs and other similar technologies. The data collected is technically necessary for us to display our website and to ensure its stability and security. The legal basis for this is our legitimate interests in administering and protecting this website (see section III below for more information).
2 USER ACCOUNT REGISTRATION AND ORDERS
If you set up a user account with us we will collect information directly from you which may include the following personal data: Identity Data, Contact Data and Profile Data. We will use this data to fulfil our contract(s) with you (see section III below for more information).
If you place an online order on our website, we collect data directly from you which may include the following personal data: Identity Data, Contact Data, Profile Data, Financial Data and Transaction Data. We use this data in order to perform our contract with you including processing your order, managing payments and to collect money owed to us (see section III below for more information).
We may also use some personal data (Contact Data, Transaction Data, Profile Data, Usage Data and Marketing and Communications Data) that you provide to us when registering or placing an order to send you information about new products and services by post or telephone. If we list you as an existing customer, we may send you information for our own, similar products, unless you have objected. The legal basis for this is our legitimate interests (to develop our products and grow our business) (see section III below for more information).
3 NEWSLETTER
We offer a newsletter to provide you with targeted information about our products and events, seminars and webinars as well as general news about our company. The newsletter will only be sent to you if you registered for and consented to the newsletter being sent. After entering your e-mail you will receive a confirmation e-mail to the specified e-mail address. The newsletter will only be sent after explicit confirmation by clicking on a link provided in the confirmation e-mail (so-called double opt-in). With the newsletter registration form your Identity Data, Contact Data, Technical Data and Marketing and Communications Data are stored. The legal basis for the processing of your data within the scope of registration for the newsletter and sending is your consent (see section III below for more information). You can unsubscribe from the newsletter by clicking the unsubscribe button in each newsletter.
4 EVENTS OR COMPETITIONS
When you register on our site for an event, webinar or competition, we will process some personal data including Identity Data, Contact Data (which you provide directly to us) and Technical Data (which will be collected automatically) in order to enable you to partake in the event, webinar or competition. The legal basis for the processing of this personal data dependent on the event, webinar or competition will be either (i) on the basis of your consent; or (ii) if the registration aims at the performance of a contract, to perform a contract with you (see section III below for more information).
5 RESPONDING TO YOU CONTACTING US
When you contact us to make an enquiry we will collect any personal data which you voluntarily provide to us. If you contact us via the contact form on our website we will process your Identity Data and Contact Data.
We will process the personal data transmitted to us to respond to your enquiry. The legal basis for this is our legitimate interests in responding to enquiries (see section III below for more information).
6 MANAGING OUR RELATIONSHIP WITH YOU
Occassionally we may need to process personal data we have collected from you directly including your Identity Data, Contact Data, Profile Data and Marketing and Communications Data in order to manage our relationship with you including notifying you about changes to our terms or privacy policy. The legal basis for this is our legitimate interests in responding to enquiries (see section III below for more information).
7 IMPROVING OUR WEBSITE, PRODUCTS, MARKETING, CUSTOMER RELATIONSHIPS AND EXPERIENCES
We use Technical Data and Usage Data collected automatically when you interact with us via our website and our emails to you for data analytics purposes to improve our website, products/services, marketing, customer relationships and experiences. The legal basis for this is our legitimate interests in defining types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy (see section III below for more information).
8 COOKIES
Cookies are small text files that are stored on your computer. Some cookies we use are deleted from your hard disk after the end of the browser session (so-called session cookies), others are used for repeated visits and stored in the user’s browser for a predefined time (so-called persistent cookies). First-party cookies are set by our website. Third-party cookies are set by third-party organisations that are not operators of the website.
By law, we may store cookies on your device if they are absolutely necessary for the operation of this site (“Required Cookies”). For all other cookie types (which we have split into “Analysis Cookies” and “Marketing Cookies”) we need your permission. The legal Basis for the usage of Required Cookies is our legitimate interest in administering and protecting this website (see section III below for more information). For all other Cookies the legal basis is your consent (see section III below for more information).You can give, change or withdraw your consent at any time via the Cookie-Banner on our website. You can deactivate the use of such cookies in the settings of your browser. However, this may lead to some parts of this website becoming inaccessible or lead to it not functioning properly .
The cookies used on this website are:
|
First Party Cookies |
||
|
Name |
Purpose: |
Duration |
|
has_js |
Is used to control the screen. |
Until closing the browser |
|
JSESSIONID |
Cookie for the platform session. Used on the Web site by the Java Server Page (JSP) to help the server
maintain anonymous user sessions. |
Until closing the browser |
|
_gat |
See the URL below for more details: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage?hl=en |
1 Minute |
|
_ga |
2 Years |
|
|
_gid |
2 Days |
|
|
__utma |
2 Years |
|
|
__utmb |
30 Minutes |
|
|
__utmc |
Until closing the browser |
|
|
__utmt |
10 Minutes |
|
|
__utmz |
6 Months |
|
|
CGISESSID |
Is used to prevent illegal access. |
Until closing the browser |
|
_mkto_trk |
Logs the last visit and activity. |
2 Years |
|
_pk_ref |
This information is used to provide better and more personalized
services, market research and the development of new products and new services. |
2 Years |
|
_pk_id |
||
|
_pk_ses |
||
|
healthcareReferense |
Is used to control the screen. |
Until closing the browser |
|
cookie_agreed |
Preserves the result of the consent to the use of cookies. |
2 Years oder 1 Month |
|
cookie-agreed-marketo |
||
|
cookie-agreed-matomo |
||
|
UserMatchHistory |
See the URL below for more details: |
1 Month |
|
bcookie |
444 Days |
|
|
lang |
Until closing the browser |
|
|
lidc |
1 Day |
|
|
_ga |
2 Years |
|
|
SID |
Until closing the browser |
|
|
VID |
1 Year |
|
|
Third-Party Cookies |
||
|
Name |
Purpose: |
Duration |
|
GPS |
Registers a unique ID on mobile devices to enable tracking based on GPS geographic location. |
1 Day |
|
PREF |
Saves the user’s selection and other information (especially the main language, the number of search results displayed on a page, the Google ON/OFF self search filter). |
1 Year |
|
VISITOR_INFO1_LIVE |
The cookie set by YouTube to measure the capacity of the user line and
determine whether the player is new or old. |
18 Months |
|
YSC |
The cookie set by the YouTube video service on the page embedded in YouTube video |
Until closing the browser |
|
NID |
The cookie set by Google to store user preferences and other information. |
6 Months |
|
GAPS |
Google sets the number of
cookies on the pages that contain Google Calendar.
Although we have no control over the cookies set by
Google, they appear to contain a mixture of information to measure the number and behavior of Google
Calendar users, as well as information about which
calendar you are viewing and which tab you are
currently on. |
2 Years |
|
_js_datr |
See the URL below for more details: |
2 Years |
|
_js_reg_fb_gate |
Until closing the browser |
|
|
_js_reg_fb_ref |
Until closing the browser |
|
|
locale |
7 Days |
|
|
sb |
2 Years |
|
|
wd |
7 Days |
|
|
tfw_exp |
See the URL below for more details: https://help.twitter.com/en/rules-and-policies/twitter-cookies |
2 Days |
|
_twitter_sess |
Until closing the browser |
|
|
ct0 |
6 Hours |
|
|
external_referer |
7 Days |
|
|
guest_id |
2 Years |
|
|
personalization_id |
2 Years |
To deactivate the use of third party cookies, you may need to visit the relevant consumer page of the third party to manage the use of these types of cookies.
II. DATA TRANSMISSION TO THIRD PARTIES AND INTERNATIONALLY
Your data will not be passed on to third parties unless we have a lawful basis for doing so. Where third parties do receive your personal data from us or on our behalf, we have taken legal, technical and organisational measures and carried out regular checks to ensure that they comply with the provisions of the data protection laws.
Whenever we transfer your personal data outside the UK, appropriate safeguards are in place to ensure that the level of protection guaranteed by the UK GDPR is not undermined.
III. LEGAL BASIS FOR THE COLLECTION AND PROCESSING OF PERSONAL DATA
As far as we obtain your consent for the processing of personal data, Art.6(1)(a) UK GDPR serves as the legal basis for the processing of your personal data.
When processing your personal data to fulfil a contract between you and Shimadzu UK Limited, Art.6(1)(b) UK GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.
As far as the processing of personal data is necessary for the fulfilment of a legal obligation to which we are subject, Art.6(1)(c) UK GDPR serves as legal basis.
If processing is necessary for our legitimate interests or a third party’s and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art.6(1)(f) UK GDPR serves as the legal basis for processing.
IV. DATA SECURITY
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
V. DATA DELETION AND STORAGE DURATION
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
Details of retention periods for different aspects of your personal data are set out in our retention policy which is available on request.
VI. YOUR RIGHTS AND COMPLAINTS
1 YOUR RIGHTS
Under certain circumstances you have rights under data protection laws in relation to your personal data, including:
• the right of access (Art. 15 UK GDPR) – You have the right to ask us for copies of your personal information;
• the right to correction (Art. 16 UK GDPR) - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete;
• the right to limitation of processing (Art. 18 UK GDPR) - You have the right to ask us to restrict the processing of your personal information in certain circumstances;
• the right to erasure (Art. 17 UK GDPR) - You have the right to ask us to erase your personal information in certain circumstances;
• the right to object (Art. 21 UK GDPR) - You have the the right to object to the processing of your personal information in certain circumstances;
• the right to withdraw consent (Art. 7(3) UK GDPR) - Where we are relying on consent to process your personal data you have the right to withdraw your consent. This will not however affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you; and
• the right to data transferability (Art. 20 UK GDPR) - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
Please contact Shimadzu’s data protection officer if you wish to exercise any of your rights.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights) unless your request is clearly unfounded, repetitive or excessive in which case we may charge a reasonable fee. Alternatively, we could refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
2 HOW TO COMPLAIN
If you have any concerns about our use of your personal information you can make a complaint to us by contacting our data protection officer. You may also at any time make a complaint to the Information Commissioner’s Office (ICO), the UK regulator for data protection issues (www.ico.org.uk), if you believe that the processing of personal data concerning you is contrary to data protection legislation (Art. 77 UK GDPR). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
VII. IDENTITY AND CONTACT DETAILS OF THE CONTROLLER & DATA PROTECTION OFFICER
The person responsible for your personal data within the meaning of The General Data Protection Regulation (UK GDPR) is Shimadzu UK Limited (“Shimadzu”, “we”, “us” or “our” in this privacy policy).
If you have any questions relating to how we process your personal data, or would like to exercise any of your legal rights please contact our data protection officer using the details set out below:
- Postal Address:
Data Protection Officer, Shimadzu UK Limited, Centre of Excellence, Mill Court, Featherstone Road, Wolverton Mill South, Milton Keynes, MK12 5RE - Telelphone:
+44 (0) 1908 - 552209 - Email Address:
info@shimadzu.co.uk dsb@shimadzu.co.uk
IX. LINKS TO THIRD-PARTY WEBSITES & APPLICATIONS
Our websites may contain links to third-party websites and applications. Clicking on those links or enabling those connections may allow those third-parties to collected or share data about you. This privacy policy does does not apply to those third-party websites and applications as they are not controlled by us. When you leave our websites we encourage you to read the privacy policy of every website or application you visit.
X. CHANGES TO THIS PRIVACY POLICY
We keep this privacy policy under regular review and may amend it at any time. This version was last updated on 22 March 2023. Historic versions can be obtained by contacting us.