Biomni Ltd is committed to safeguarding your privacy. Contact us at if you have any questions or problems regarding the use of your Personal Data and we will gladly assist you.
Table of Contents
- Definitions used in this Policy
- Data protection principles we follow
- What rights do you have regarding your Personal Data
- What Personal Data we gather about you
- How we use your Personal Data
- Who else has access to your Personal Data
- How we secure your data
- Information about cookies
- Contact information
Personal Data – any information relating to an identified or identifiable natural person
Processing – any operation or set of operations which is performed on Personal Data or on sets of Personal Data
Data subject – a natural person whose Personal Data is being Processed
Child – a natural person under 16 years of age
We – Biomni Ltd
We will ensure that your personal data is processed lawfully, fairly, and transparently and that it will only be processed if at least one of the following bases applies:
- You have given your clear consent to the processing of your personal data for a specific purpose.
- Processing is necessary for the performance of a contract to which you are a party (or for us to take steps at your request prior to entering into a contract with you).
- Processing is necessary for our compliance with the law.
- Processing is necessary to protect someone’s life.
- Processing is necessary for us to perform a task in the public interest or in the exercise of official authority and the task/function has a clear basis in law.
- Processing is necessary for our legitimate interests or the legitimate interests of a third party, except where there is a good reason to protect your personal data which overrides those legitimate interests, such as allowing us to effectively and efficiently manage and administer the operation of our business, maintaining compliance with internal policies and procedures, monitoring the use of our copyrighted materials, offering optimal, up-to-date security and obtaining further knowledge of current threats to network security in order to update our security.
Biomni Data Processing Agreement
1.1 Definitions and interpretation
For the purpose of this Data Processing Agreement (“DPA”) all capitalised terms shall have the meaning given in the Tenjin Terms and Conditions, other than as set out below:
(a) “Data Breach” has the meaning given in Paragraph 1.9(a);
(b) “Data Protection Legislation” means:
(i) as applicable, the General Data Protection Regulation 2016/679 (EU);
(ii) the Privacy and Electronic Communications (EC Directive) Regulations 2003;
(iii) UK GDPR as defined in section 3(10) of the Data Protection Act 2018 (UK);
(iv) Data Protection Act 2018 (UK); and
(v) all other applicable laws in the United Kingdom, European Union and any other jurisdiction from which Biomni provides the Services (including judgments of any relevant court of law) and regulations relating to the processing of personal data, data privacy, electronic communications, marketing and/or data security,
in each case as from time to time in force and as from time to time amended, extended, consolidated, re-enacted, replaced, superseded or otherwise converted, succeeded, modified or incorporated into law and all orders, regulations, statutes, instruments and/or other subordinate legislation made under any of the above in any jurisdiction from time to time;
(c) “Data Subject Rights” means the rights of any data subjects to exercise their data subject access rights and/or right to rectification, to be forgotten, to restrict processing, to data portability and to object to processing (including for direct marketing) or automated decision-making, as set out in the Data Protection Legislation;
(d) “International Transfer” means any Personal Data to an international organisation or any country outside the United Kingdom and European Union;
(e) “Personal Data” has the meaning given in the Data Protection Legislation;
(f) “Privacy Regulator” means any regulatory or supervisory authority charged with enforcing data protection laws and regulations or otherwise regulating or supervising Client in respect of data protection matters;
(g) “controller”, “processor”, “personal data”, “personal data breach”, “data subject”, “special category personal data” and “processing” have the meanings given to these terms in the Data Protection Legislation;
(a) Both Parties agree to comply with all applicable requirements under the Data Protection Legislation.
(b) The Client will comply with its obligations under the Data Protection Legislation which arise in relation to this Agreement and the receipt of the Services and, without prejudice to the foregoing, the Client:
(i) will ensure that it has all necessary legal grounds and has provided all necessary legal notices to enable lawful transfer of the Personal Data to Biomni for the duration and purposes of this Agreement;
(ii) shall not transfer any special category personal data to Biomni;
(iii) shall have sole responsibility for the accuracy and quality of the Personal Data; and
(iv) the Client warrants that any instructions given to Biomni pursuant to this DPA shall be in accordance with the Data Protection Legislation.
Each of the Parties acknowledges and agrees that if the Client provides Biomni with Personal Data and Biomni is required to process personal data on behalf of the Client when providing the Services under this Agreement, then for the purposes of the Data Protection Legislation:
(a) the Client is the controller; and
(b) Biomni is:
(i) subject to clause 1.3(b)(ii), the processor; and
(ii) a controller of any personal data it uses for the purposes of managing the parties’ commercial relationship (mainly comprising the use of Client employee corporate contact details to allow the administration, rather than the use as an end user, of the Services).
1.4 Description of personal data, data subjects and processing the types of Personal Data, categories of data subject to whom it relates, and the subject matter, duration, nature and purposes of the processing to be carried out under this Agreement are set out in Appendix 1.
1.6 Biomni shall, in relation to any personal data processed in connection with the performance by Biomni of its obligations as a processor under this Agreement:
The Client’s written instructions
(a) process (and will procure that its personnel will process) the Personal Data only in accordance with the Client’s written instructions from time to time or as otherwise required by law.
(b) notify the Client in writing if Biomni believes any of the Client’s instructions relating to processing Personal Data breaches any Data Protection Legislation;
(c) only disclose the Personal Data to, and ensure that access to the Personal Data is limited to, those of its personnel who are bound by confidentiality obligations in relation to the Personal Data;
(d) subject to paragraph 1.9 below, ensure that it does not make an International Transfer unless Biomni:
(i) is transferring Personal Data to a country (or a territory or sector within a country) which at the time of transfer is formally recognised by the European Commission and/or the UK Information Commissioner’s Office (as applicable) as providing an adequate level of data protection; or
(ii) has put in place appropriate safeguards to protect such Personal Data and ensure that the relevant data subjects have enforceable subject access rights and effective legal remedies as required by the Data Protection Legislation; such safeguards may include implementing a data transfer mechanism recognised by the European Commission and/or the UK Information Commissioner’s Office (as applicable).
(e) taking into account the state of the art, the costs of implementation and the nature, scope, context and purpose of processing, implement appropriate technical and organisational measures to ensure a level of security appropriate to the data security risks presented by processing the Personal Data, including the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored or otherwise processed;
Return or deletion of Personal Data
(f) unless otherwise required by applicable law, following termination of the Agreement, Biomni shall, at your option, delete or return all Client Personal Data and copies thereof to the Client.
1.7 Information, co-operation and assistance
(a) Biomni will without unreasonable delay notify the Client in writing of any complaint, request, notice or other communication Biomni receives from any third party which relates directly to the processing of any Personal Data pursuant to this Agreement including:
(i) subject access requests;
(ii) any request by any data subject to exercise any Data Subject Right; and
(iii) any other request, notice, complaint or other communication from any Privacy Regulator, law enforcement authority or data subject.
(b) Biomni will, taking into account the nature of the processing, assist the Client by appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the Client’s obligations to respond to any request by any data subject to exercise any Data Subject Right and/or its communications with a Privacy Regulator.
(c) Biomni may, at its own discretion, charge the Client or the additional assistance provided under this Paragraph 1.6.
1.8 Records, audit and inspection
(a) Where requested by the Client, Biomni shall make available all information necessary to demonstrate its compliance with this DPA and shall contribute to any audit required by the Client, on reasonable prior written notice and at a mutually agreeable time.
(b) The Client shall bear all costs (including Biomni’s costs) incurred in respect of any audit carried out under the above Paragraph 1.7(a).
(c) Nothing in this Paragraph 1.7 shall require Biomni to breach any duties of confidentiality it owes to any third party.
1.9 Data breach
(a) If Biomni becomes aware that it has suffered a Personal Data breach Biomni will notify the Client without undue delay.
(a) The Client acknowledges that Biomni may use third-party service providers in connection with the Services, including without limitation the use of cloud computing service providers which may transmit, maintain and store Client Content using third-party computers and equipment in locations around the globe. The Client consents to such processing. For the avoidance of doubt, the Client consents to Biomni sharing Client Content and other personal data with services providers as is necessary for the provision of the Integration Services.
(b) Biomni may:
(i) sub-contract the processing of any personal data on behalf (directly or indirectly) of the Client; or
(ii) replace any such sub-processor or add any additional sub-processor, provided that Biomni notifies the Client of the identity of any additional or replacement sub-processors, which may include publishing such sub-processors on Biomni’s website.
(c) If Biomni sub-contracts the processing of any personal data to any third party on behalf (directly or indirectly) of the Client (each a “DP Sub-processor”), Biomni will enter into a written agreement with such DP Sub-processor and include in that agreement at least obligations which are no less onerous than the those data protection obligations as set out in this Agreement; and
(d) Biomni shall remain fully liable to the Client for the performance of each of its DP Sub-processors in relation to processing Personal Data.
DESCRIPTION OF PROCESSING
1.1 Subject matter of the processing:
User authorization and authentication to use the Services
1.2 The processing will continue:
(a) for the duration of the Agreement; and
(b) after the termination for any reason and/or expiry of the Agreement insofar as expressly permitted by the controller or law from time to time.
The personal data will be processed in order to provide:
• Provision of the Services
• providing support for the Services
The personal data will be used for the purposes providing the Services.
A description of the types of personal data
The personal data will be:
• names, e-mail addresses
The data subjects will be:
• Authorised Users who interact with the Services
• individuals who are the subject matter of messages sent using the services
As set out in this Agreement.
Data Subject’s rights
Under the GDPR, you have the right to:
- Withdraw your consent to the processing of your personal data at any time. Please note, however, that we may still be entitled to process your personal data if we have another legitimate reason for doing so (such as to comply with a legal obligation).
- Be informed of what data we hold and the purpose for processing the data, as a whole or in parts.
- Be forgotten and, in some circumstances, have your data erased by ourselves and our affiliates (although this is not an absolute right and there may be circumstances where you ask us to erase your personal data but we are legally entitled to retain it).
- Correct or supplement any information we hold about you that is incorrect or incomplete.
- Restrict processing of the information we hold about you (for example, so that inaccuracies may be corrected—but again, there may be circumstances where you ask us to restrict processing of your personal data but we are legally entitled to refuse that request)
- Object to the processing of your data.
- Obtain your data in a portable manner and reuse the information we hold about you.
- Challenge any data we use for the purposes of automated decision-making and profiling (in certain circumstances—as above, there may be circumstances where you ask us to restrict our processing of your personal data but we are legally entitled to refuse that request).
- Complain to a supervisory authority (e.g. the Information Commissioner’s Office (ICO) in the UK) if you think any of your rights have been infringed by us. (We would, however, appreciate the chance to address your concerns, so please contact us prior to taking this step).
You will not have to pay a fee to access your personal data (or to exercise any of the other rights) unless your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
Data we gather
Information you have provided us with
This might be your e-mail address, name, phone number etc – mainly information that is necessary for delivering you a product/service or to enhance your customer experience with us. We save the information you provide us with in order for you to comment or perform other activities on the website. This information includes, for example, your name and e-mail address.
Information automatically collected about you
This includes information that is automatically stored by cookies and other session tools. For example, your shopping cart information, your IP address, your shopping history (if there is any) etc. This information is used to improve your customer experience. When you use our services or look at the contents of our website, your activities may be logged.
Information from our partners
We gather information from our trusted partners with confirmation that they have legal grounds to share that information with us. This is either information you have provided them directly with or that they have gathered about you on other legal grounds. See the list of our partners here.
Publicly available information
We might gather information about you that is publicly available.
How we use your Personal Data
We use your Personal Data in order to:
- provide our service to you. This includes for example registering your account; providing you with other products and services that you have requested; providing you with promotional items at your request and communicating with you in relation to those products and services; communicating and interacting with you; and notifying you of changes to any services.
- enhance your customer experience;
- fulfil an obligation under law or contract;
- We use your Personal Data on legitimate grounds and/or with your Consent.
On the grounds of entering into a contract or fulfilling contractual obligations, we Process your Personal Data for the following purposes:
- to identify you;
- to provide you a service or to send/offer you a product;
- to communicate either for sales or invoicing;
On the ground of legitimate interest, we Process your Personal Data for the following purposes:
- to send you personalized offers* (from us and/or our carefully selected partners);
- to administer and analyse our client base (purchasing behaviour and history) in order to improve the quality, variety, and availability of products/ services offered/provided;
- As long as you have not informed us otherwise, we consider offering you products/services that are similar or same to your purchasing history/browsing behaviour to be our legitimate interest.
With your consent we Process your Personal Data for the following purposes:
- to send you newsletters and campaign offers (from us and/or our carefully selected partners);
- for other purposes we have asked your consent for;
We Process your Personal Data in order to fulfil obligation rising from law and/or use your Personal Data for options provided by law. We reserve the right to anonymise Personal Data gathered and to use any such data. We will use data outside the scope of this Policy only when it is anonymised. We save your billing information and other information gathered about you for as long as needed for accounting purposes or other obligations deriving from law, but not longer than seven years.
We might process your Personal Data for additional purposes that are not mentioned here, but are compatible with the original purpose for which the data was gathered. To do this, we will ensure that:
- the link between purposes, context and nature of Personal Data is suitable for further Processing;
- the further Processing would not harm your interests and
- there would be appropriate safeguard for Processing.
We will inform you of any further Processing and purposes.
Who else can access your Personal Data
We do not share your Personal Data with strangers. Personal Data about you is in some cases provided to our trusted partners in order to either make providing the service to you possible or to enhance your customer experience. We share your data with:
Our business partners:
- Questra Advisors LLC
Connected third parties:
We only work with Processing partners who are able to ensure adequate level of protection to your Personal Data. We disclose your Personal Data to third parties or public officials when we are legally obliged to do so. We might disclose your Personal Data to third parties if you have consented to it or if there are other legal grounds for it.
How we secure your data
We do our best to keep your Personal Data safe. We use safe protocols for communication and transferring data (such as HTTPS). We use anonymising and pseudonymising where suitable. We monitor our systems for possible vulnerabilities and attacks.
Even though we try our best we can not guarantee the security of information. However, we promise to notify suitable authorities of data breaches. We will also notify you if there is a threat to your rights or interests. We will do everything we reasonably can to prevent security breaches and to assist authorities should any breaches occur.
If you have an account with us, note that you have to keep your username and password secret.
How Long We Store Your Data
We only keep your personal information for as long as it’s necessary for our original legitimate purpose for collecting the information and for as long as we have your permission to keep it.
The data that we collect from you is transferred to, and stored at, a destination outside the European Economic Area (EEA). By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated as securely as it would be within the EEA and under the GDPR. Such steps may include our entering into contracts with any third parties we engage and the use of Commission-approved Model Contractual Clauses. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
You can obtain more details of the protection given to your personal data when it is transferred outside Europe (including a copy of the standard data protection clauses which we have entered into with recipients of your personal data) by contacting us as described in the Contact paragraph below.
We do not intend to collect or knowingly collect information from children. We do not target children with our services.
Cookies and other technologies we use
A cookie is a tiny text file stored on your computer. Cookies store information that is used to help make sites work. Only we can access the cookies created by our website. You can control your cookies at the browser level. Choosing to disable cookies may hinder your use of certain functions.
- Necessary cookies – these cookies are required for you to be able to use some important features on our website, such as logging in. These cookies don’t collect any personal information.
- Functionality cookies – these cookies provide functionality that makes using our service more convenient and makes providing more personalised features possible. For example, they might remember your name and e-mail in comment forms so you don’t have to re-enter this information next time when commenting.
- Analytics cookies – these cookies are used to track the use and performance of our website and services
- Advertising cookies – these cookies are used to deliver advertisements that are relevant to you and to your interests. In addition, they are used to limit the number of times you see an advertisement. They are usually placed to the website by advertising networks with the website operator’s permission. These cookies remember that you have visited a website and this information is shared with other organisations such as advertisers. Often targeting or advertising cookies will be linked to site functionality provided by the other organisation.
You can remove cookies stored in your computer via your browser settings. Alternatively, you can control some 3rd party cookies by using a privacy enhancement platform such as optout.aboutads.info or youronlinechoices.com. For more information about cookies, visit allaboutcookies.org.