Privacy policy

At Oxford Cryosystems we are committed to protecting the privacy and security of your personal information. We ask that you read this privacy policy carefully as it contains important information on who we are, how and why we collect, store and use personal information about you, and your rights in relation to your personal information.

This privacy policy applies to customers of Oxford Cryosystems and people who have expressed an interest in our products and/or services.

Cookies are small pieces of data placed on visitors’ computers by websites they visit. The vast majority are harmless and contain no personal information about the visitor whatsoever. In fact, many are actually used to provide a visitor requested service, such as maintaining the session of a logged-in user.

The cookies currently used with oxcryo.com are detailed below.

Google Analytics cookies (__utma, __utmb, __utmc, __utmz)

These first-party cookies are used for anonymously tracking visits to our website. No personally identifable information is ever stored and the data is not shared with other domains.

Preference cookie (accept_cookies)

This first party cookie contains only the word “yes” and flags your acceptance of cookies on our website in general (as indicated by your continued use of oxcryo.com). This cookie is set when you first visit our site and its presence simply stops our cookie advisory message from being triggered every time you visit thereafter. It has no other purpose.

Photosynth cookies (muid, pscasid)

Ocassionally, we might use Photosynth to provide our visitors with 360° interactive image content. Where we do, Photosynth may set the above cookies on your computer when you access the content. They may also set other cookies in the future. We have no control over this but you may choose not to access the content and no cookies will be set by Photosynth.

More information

For more information about cookies, please see www.allaboutcookies.org.

Oxford Cryosystems is a scientific instrument manufacturing business designing and building capital equipment for research scientists around the world.

For the purposes of the General Data Protection Regulation (GDPR) (EU) 2016/679, the data controller is Oxford Cryosystems Ltd, registered in England, registration number 0788353. Registered office: 52c Borough High Street, London, SE1 1XN, United Kingdom

Our contact points are as follows

  • Email: data@oxcryo.com
  • Phone: +44 (0)1993 883488
  • Data Protection Officer:  Ellen Emberson.

We obtain information about you directly when you:

  • Place an order
  • Register to use our ‘Oxford Connect’ service online
  • Contact us via phone or email with a technical support enquiry relating to one of our products or a service
  • Contact us by email, telephone, or face to face to request information and/or communications on products of interest to you
  • Enter into a warranty contract with us when purchasing a product.

We may collect personally identifiable information about you such as your full name, job title, organisation name and address, email address, and telephone number/s.

We may also receive information about you indirectly as part of the supply of a product to you through an local distributor in your country, an agent or an OEM system integrator such as an X-ray equipment manufacturer, or their local representative.

We may use your information to process orders, carry out contractual obligations, send communications you have requested, or that may be of interest, seek your views on the products and support services we provide, and notify you of changes to our technology which might be relevant to the products you have purchased.

We will hold your data for the duration of any contract you have entered into with us for a specific product, or in accordance with your preferences, whichever is the longer, and it will only be collected, retained, processed and/or disseminated for the minimum period necessary for each specific purpose.

The purposes of our processes are listed below, along with the lawful basis for each activity:

Purpose and Lawful basis

  • To process an order for a product: Legitimate Interest
  • To provide technical support to you during the term of the warrant contract period of the product:Contractual
  • To provide customers with direct marketing about products/services and any new product we see as directly relevant to you: Legitimate Interest
  • To provide mailing list subscribers with direct marketing about our products: Consent
  • To provide access to Oxford Connect, Oxford Cryosystems’s online product interface and control system:Legitimate Interest

No personal data are collected, retained, processed and/or disseminated beyond the minimum necessary for each specific purpose of the processing.

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.  If we need to use your personal information for an unrelated purpose, we will notify you and explain the legal basis which allows us to do so.  Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where we are obliged to do so by relevant authorities.

We retain your information only as long as is necessary and only for the purpose for which we obtained them.  We restrict access to your information to only those persons who need to use it for the relevant purpose.

Our retention periods are based on business needs and your information that is no longer needed is either irreversibly anonymised or destroyed securely.

Use for Support

We retain your personal information for as long as is necessary, but only for the relevant purpose that we collected it for. For example, if you were to purchase a system from us, we would retain your data for what we believe to be the life of the system or when you inform us that you are no longer the owner of the system or have moved from that location.

Oxford Connect

As a user, you are invited to register your details and that of your system in order to record that relationship and/ or to access your system remotely and log its performance. This data is kept on your behalf until the time you wish to remove the system from your account or delete your account entirely.

Privacy

We respect your privacy rights and provide you with reasonable access to the personal data that you may have provided through communication with us. You have the right to request from us confirmation of whether we are processing your personal data, and if so access to that information.

We are very keen to ensure the data we hold is accurate and up to date.  If any of our personal data is inaccurate, you can ask us to rectify it, delete or restrict it.  In considering our response we undertake to ensure your interests, fundamental rights and freedoms are properly balanced against our legitimate interests. We will also look at whether it is still necessary to process your data for the purpose it was collected.

Before we are able to provide you with any information or correct any inaccuracies we may ask you to verify your identity and to provide other details to help us identify you and respond to your request.

If you wish to access or amend any other personal data we hold about you, or to request that we delete any information about you that we have obtained, you may contact us by email or phone as set out under the heading at the start of this policy document.

Accuracy of your information

You have a choice about whether or not you receive information from us and the accuracy of your information is important to us.

You may update, correct, or delete your mailing list preferences at any time by accessing your profile via any MailChimp email from us or by emailing us.  

Please note that while any changes you make will be reflected in active user databases instantly or within a reasonable period of time, we may retain all information you submit for back-ups, archiving, prevention of fraud and abuse, analytics, satisfaction of legal obligations, or where we otherwise reasonably believe that we have a legitimate reason to do so.

You may decline to share certain personal data with us, in which case we may not be able to provide you with some of the features or the functionality of our service.

At any time you may object to the processing of your personal data, on legitimate grounds, except if otherwise permitted by applicable law.  If you believe our approach to processing personal data infringes the GDPR and ePrivacy Directive, you have the right to lodge a complaint with a supervisory authority.  The authority for the UK is the Information Commissioner’s Office (ICO). You can contact them by telephone on +44 (0) 303 123 1113.

Cookies are small pieces of text sent to your web browser by a website you visit. A cookie file is stored in your web browser and allows the site or a third-party to recognize you and make your next visit easier and the site more useful to you.

There are different types of cookies:

  • Session cookies

  • Permanent cookies

  • First-party cookies

  • Third-party cookies

Visit https://www.aboutcookies.org/ to find out more.

We ask you to consent to the use of cookies, so we can:

  • Monitor which areas of our sites you use during your visit so that we can assess which areas of the site are of most interest and plan future development accordingly.

  • Provide online services which require information to be passed from page to page during the course of their execution.

  • Enable certain functions of the site, to provide analytics, to store your preferences. In addition to our own cookies, we may also use various third-parties cookies to report usage statistics of the site.

You have the opportunity to set your computer to accept all cookies, to notify you when a cookie is issued, or not to receive cookies at any time. The last of these, of course, means that certain personalised services cannot then be provided to that you.

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality. Details of these measures may be obtained from the Data Protection Officer.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Customer Relationship Management System – SalesLogix

SalesLogix is a server-based platform on which we hold personal information about our customers, including name, job title, organisation name and address, email address, telephone number/s, the products and services you have purchased and the products and services you are interested in.

SalesLogix has updated its policies and procedures in accordance with GDPR requirements and information relating to its infrastructure, processing of customer data and data security can be found here.

We enter your details into SalesLogix according to the lawful basis under which they have been provided (e.g. legitimate interest or contractual).  Any changes which have been communicated to us are reviewed and SalesLogix is updated weekly or more frequently.

Oxford Connect Website

Oxford Connect Website (https://connect.oxcryo.com/) is a free online platform that can be used to control and monitor Oxford Cryosystems devices from any web-enabled device such as a tablet, smartphone or remote PC.

Oxford Connect Website and their MySQL databases are hosted by GoDaddy.com, LLC (https://www.godaddy.com) located in the United States. All Oxford Connect data is collected via encrypted web form submissions. Oxford Connect databases are securely backed up to one of the Oxford Cryosystems file servers via a replication process.

On 25 May 2018 GoDaddy.com, LLC added additional features to the account center for EU residents in support of the General Data Protection Regulation (GDPR). These features include the ability to:

  • Request a copy of your personal data.

  • Request account closure and deletion of your personal data.

Email Marketing Platform – MailChimp

MailChimp is a marketing automation platform, which we use to send you information about our products and services.  The contact lists used to send messages via MailChimp are derived from SalesLogix or MailChimp, and comprise your demographic details, including email addresses.

Each MailChimp message provides you with options: a) to unsubscribe, b) to update your contact details and preferences.  Visit MailChimp to find out more about how it works and treats your data

We receive an automated report from MailChimp comprising:

1) List of email addresses where the message has been delivered successfully; 2) list of email addresses which have unsubscribed; 3) list of email addresses which bounced back: hard bounces (the email cannot be delivered to its destination, due to invalidity of address or an unexpected error) are automatically ‘cleaned’ from the MailChimp list, so that no more emails are sent to that address; soft bounces are recognised by the email server, but are returned to the sender because the mailbox is either full or temporarily unavailable. We also run a separate report which contains updated preferences data.  

We review updates weekly and records are amended on MailChimp and Salesforce accordingly.    

On our File Server

Our file server is a basic network storage device which provides access via authenticated user credentials.  Network access requires physical access to the network or wireless access which requires a WPA2 pre shared key for secure access.

External access to the network is only available via encrypted Virtual Private Network access and is provided to users that require this functionality.  The data is backed up off site in an encrypted format and is stored on the Amazon Web Services. The encryption ensures that the data is unreadable even to Acronis themselves.

G Suite

G Suite is a cloud-based application from Google, on which we hold emails to and from Oxford Cryosystems. Personal information held here may include name, job title, organisation name and address, email address, telephone number/s, data protection preferences, order history, and the products and services you are interested in. Google has updated its policies and procedures in accordance with GDPR requirements and information relating to its infrastructure, processing of data and data security can be found here.

Updating the Privacy Policy

We strive for continuous improvement in our services, processes and protecting data subject rights, and we may need to update this privacy policy, if we change how we process your personal data.  We advise you to check this policy on a regular basis - in the event of a substantial change, we will provide you with a new privacy policy