WhyWhatFrom whom?Lawful basisWith whom?
To register you as a new member, subscriber or customerIdentity

Contact

Marketing and Communications
YouContract

Legitimate Interests (Direct marketing)
Commercial Team and Managing Director
To respond to an enquiry, process your order, finalise a transactionIdentity

Contact

Financial

Transaction

Technical

Information about matters for which you require our assistance
You

Commercial Team and Toxicologists (who correspond with you and manage the customer relationship)
Contractual Necessity (deliver a newsletter, connect to guest WIFI)

Legitimate Interests (recover payments; protect our business; meet client needs)
Commercial Team

Xero (accounts package)

Stripe (if payment is made via credit card)

IT service provider (Solar Systems IT) on a need-to-know basis ('Help desk')
To manage our relationship with you and deliver what we promisedIdentity

Contact

Profile

Usage

Marketing and Communications

Client Data
YouContractual Necessity (fulfil our contract with you)

Legal obligation (notify you of privacy updates)

Legitimate Interests (feedback; QA; reputation management)
Commercial team

Toxicologists
To manage our finances, generate and manage invoices, produce accounting, audit and sales reports, and manage creditFinancial Data

Transaction Data
You

Us (internal reports, spreadsheets, software, email)
Contractual Necessity (to ensure we get paid)

Legitimate Interests (to optimise our finances, set the right price, forecast)
Commercial Team

External professionals (accountants, auditors, lawyers)

Insurers
To generate leads and get/keep in touchIdentity

Contact

Marketing and Communications
You (business card, email)

Your contacts (referrals, intros)

Conference attendee lists
Legitimate Interests (to grow our business)Commercial Team

Managing Director
To comply with marketing and cookie rulesIdentity

Contact

Marketing and Communications
You (your preferences)

Cookie Dashboard provider (CookieBot)
Legal Obligation (PECR rules on direct marketing and cookies)Commercial Team

Managing Director

Cookie Dashboard provider (CookieBot)
To improve our services and productsIdentity

Profile

Usage
You (feedback, surveys)

Commercial Team, your Toxicologist (notes, emails)
Legitimate Interests (define customer segments for our products and services, keep our website and communications updated and relevant, develop our business and inform our market strategy)Customer Service Personnel

Marketing and sales consultants

Product Development Personnel
To administer and protect our business and the security of our Network and Information Systems (NIS), including this websiteIdentity

Contact

Technical

Usage
You

Technical data from your use of our NIS (to monitor activity not people and only consider individual activity if further action / investigation required)

Alerts from third-party tools to out of policy or suspicious activity
Legitimate Interests (establish baseline or ‘normal’ activity patterns; identify abnormal activity (downloads, spikes in prints or transfers, visits to prohibited websites, etc.)Commercial Director

IT service provider (Solar Systems IT)

Vendors who support, optimise and help secure our Website (Cloudflare, WP Engine) or other parts of our NIS (Sophos)
Rarely: To investigate criminal wrongdoing or assist law enforcementAny of the categories of information we already have about you

Publicly available information

Court-ordered or regulator-ordered disclosure
You

Publicly available information

Third parties permitted by law to share the information, e.g. in response to a subpoena
Legal Obligation

Legitimate Interests
Strictly need-to-know personnel and the third parties involved in disclosure (law enforcement, external legal counsel, forensics experts, auditors, external investigators)