This Privacy Notice informs you who we are, how we collect, use, secure and share personal information collected by us when you visit our website, send to, or receive from us, communications (including marketing messages), register or attend our events or webinars, visit our offices or media pages, and through any other interactions we have with you. This Privacy Notice also informs you how you can exercise your rights.
This notice does not explain our processing of personal data as a processor on behalf of our business customers who use our services. Typically, for example, we will be the processor of any personal data which the business customers end users will submit to our services through the use of our services. This processing is instead described in and governed by contracts between us and our business customers. You can also find a link for more information about the processing activities we engage in, as a processor for hospitals here.
Brainomix Limited and Brainomix Europe Limited (‘Brainomix’, ‘we’, ‘us’, and ‘our’) are committed to respecting and protecting the privacy of individuals and to fully complying with all the requirements of the UK and EU GDPRs and all other applicable data protection laws and regulations.
If you have any questions or concerns about our use of your personal information, please contact us using the contact details provided elsewhere in this Privacy Notice.
Data Protection Officer
We have appointed a Data Protection Officer (DPO). If you wish to contact our DPO you can do so via: dpo@brainomix.com
This Privacy Notice applies to all our data subjects (an individual about whom we hold personal information) except Job Applicants/Candidate and our employees.
If you are providing personal information to us as an employee, please see our Employee Privacy Notice.
If you are providing personal information to us as part of our recruitment process for employment, please see our Job Applicant Privacy Notice.
What is personal information?
Personal information is anything that enables you to be identified or identifiable. Personal information is also called “personal data”. We collectively refer to handling, collecting, protecting, storing or otherwise using your personal information as ‘processing’.
If you fail to provide personal information
Where we need to collect personal information by law, or under the terms of a contract we have with you and you fail to provide that information when requested, we may not be able to perform the contract we have or are trying to enter into with you or provide you with services you have requested.
Collecting (obtaining) your Personal Information
Most of the personal information we process is provided to us directly by you, for example for one or more of the following reasons:
We usually collection your personal data directly from you, but sometimes we obtain your personal data from one of our distributors or customers. Sometimes your organisation or employer may provide your personal data to us.
The personal information we collect about you
We may collect and otherwise process different kinds of personal data about you which we have grouped together as follows:
Lawful Bases (legal grounds) for Processing Personal Information
Our legal basis for collecting and using your personal information will depend on the personal information concerned and the specific context in which we collect it.
We will normally collect personal data from you on one or more of the following lawful bases:
Purpose(s) for Processing Personal Information
We have set out below a description of all the ways we plan to use your personal information, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Please note that we may process your personal information for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground(s) we are relying on to process your personal data where more than one ground has been set out in the table below.
| Purpose/Activity | Type of data | Lawful basis for processing |
| To register a new client/customer | Contact data Identity data | Contract |
| To process and deliver an order or request | Contact data Identity data Financial data Transaction data Marketing and Communications data | Contract Legitimate interest (to recover debts due to us and to protect our business and your account from fraud and other illegal activities) |
| To manage our customer and business relationships | Contact data Identity data Marketing and Communications data | Contract Legal obligation Legitimate interest (to keep our records updated and to study how customers and business contacts and partners use our products/goods/services) |
| To provide marketing materials | Contact data Identity data Usage data Marketing and Communications data | Consent Legitimate interest (to provide customers and contacts with information about our products/goods/services) |
| To promote prize draws and competitions. | Contact data Identity data Usage data Marketing and Communications data | Contract Legitimate interests (to study how customers use our products/goods/services, to develop them and grow our business) |
| To administer and manage our website | Contact data Identity data Technical data | Legitimate interest (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise) |
| To ensure you are able to attend an event. | Contact data Identity data Marketing and Communications data | Consent Contract Legitimate interest (to promote and develop our products/goods/services and grow our business) |
| To develop our businesses and services | Contact data Identity data Financial data Marketing and Communications data Transaction data Technical data Usage data | Legitimate interests (to develop our products/goods/services and grow our business) |
| For the safety and security of our staff, visitors and others. | Contact data Identity data | Legitimate interests (to protect and keep safe develop our staff, visitors and other individuals that we have a responsibility for) |
| To comply with our legal obligations | Contact data Identity data Financial data Marketing and Communications data Transaction data Technical data Usage data | Legal obligation |
Using your Personal Information for Marketing Purposes
We will not use any personal data for marketing purposes without your explicit consent.
If you choose to unsubscribe we may retain some of your personal information to identify you, so that we can continue to honour your request and ensure that we do not continue to provide you with marketing materials.
We will not share your information with any third parties for the purposes of direct marketing.
Sharing your Personal Information
We may share your personal information with other companies or organisations in our group.
We may share your personal information with third parties (other organisations or individuals) for:
We share personal information with third parties that act as data processors to provide elements of our service by processing personal information on our instructions (see ‘Data Processors’ below).
We may share your personal information with third parties in connection with our corporate transactions, (e.g., mergers and/or acquisitions), as a result of which your personal information may be assigned to a third party.
We may share your personal information with law enforcement, regulatory and other government agencies and professional bodies, as required by and/or in accordance with applicable law or regulation.
In some circumstances we are legally obliged to share information. For example, under a court order.
It is our policy to only share your personal information with third parties that are legally or contractually bound to protect your personal information to the same standards as we are, and that will flow those same standards to their subcontractors.
In any scenario, we’ll satisfy ourselves that we have a lawful basis on which to share your personal information.
We will not sell your personal information to any third party.
Data processors
Where we use data processors, we have contracts in place with them to ensure that they cannot do anything with personal information we have shared with them unless we have instructed them to do it. They will hold it securely and retain it for the period we instruct them to.
These data processors may use sub-contractors (known as sub-processors) that have access to your personal data. If they do, they are required to have contracts in place with those sub-processors to ensure that they cannot do anything with personal information shared with them beyond what we have instructed our data processors to do with it.
For more information about the data processors we may share your personal information with you can contact us using our details included below.
Transfers of your personal information to outside the UK and EEA
Your personal information may be transferred (sent to or accessed from) outside the UK and/or EEA. Any such transfer will be only:
The countries/areas to which we routinely transfer personal data to* are:
EU/EEA: To a recipient located in a country which provides an adequate level of protection for your personal information.
*This does not mean that your personal data will definitely be transferred to any of these countries.
Retention (Storage) of Personal Information
We will retain your personal information only for as long as we need it for the purpose(s) for which it was collected, or as required to do so by law.
To determine the appropriate retention period for your personal information, we consider the amount, nature, and sensitivity of it, the potential risk of harm from unauthorised use or disclosure of it, the purposes for which we process it and whether we can achieve those purposes through other means, as well as applicable legal requirements.
Examples of the periods for which personal information will be stored*
| Personal data | Retention period |
| Client/customer records | As required by any applicable statutory retention period, or where no statutory retention period applies, seven years after contractual relationship ends, or seven years from our last date of contact, whichever is the latest. |
| Business contacts records | As required by any applicable statutory retention period, or where no statutory retention period applies, seven years after business relationship ends. |
| Website visitor records | Personal data relating to visitors to our website is retained for 7 years. |
*The above list, which gives examples and does not identify each and every, period for which individuals’ personal data will be stored. Further information about our retention of Personal Information is set out in our Retention Policy.
Your data protection rights
Under data protection law, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information.
You are not required to pay any charge for exercising your rights. We have one month to respond to you.
If you wish to exercise any of your rights, please contact us.
Security
The security of your personal data is important to us.
We use appropriate technical and organisational measures to protect the personal data that we collect and process about you. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal data. Please be aware that, we cannot guarantee the security of all personal information transmitted to or by us.
Access to your personal data is given only to those who have a need to know and are subject to a duty of confidence, via authenticated access only, controller by our technical administrative staff.
All personal data is encrypted at rest and in flight.
Social Media
We use the following social media platform(s):
We may use these social media platform(s) to process your personal data for some of the purposes set out elsewhere in this Privacy Notice.
Artificial Intelligence (AI)
We use Artificial Intelligence (AI), which means that AI may be used to process your personal data.
When we use AI, we do so in compliance with applicable data protection legislation; and regulatory guidance. We may use AI tools for:
Children’s personal information
We do not provide services directly to children or proactively collect their personal information.
Visiting our premises
When you visit our premises you may provide your name and other personal information for security and safety reasons.
Security Cameras
We have a camera system in place at our premises for security and safety reasons. The lawful basis we rely on to process your personal data is article 6(1)(f) of the UK GDPR, which allows us to process personal data when its necessary for the purposes of our legitimate interests.
Wi Fi
We provide Wi-Fi on site for the use of visitors. We’ll provide you with the address and password. We record the device address and will automatically allocate you an IP address whilst on site. We also log traffic information in the form of sites visited duration and date sent/received. The purpose for processing this information is to provide you with access to the internet whilst visiting our site. The lawful basis we rely on to process your personal data is article 6(1)(f) of the UK GDPR, which allows us to process personal data when its necessary for the purposes of our legitimate interests.
Attending an event of ours
If you wish to attend one of our events, you will be asked to provide your contact information including your organisation’s name and, if offered a place, information about any dietary requirements or access provisions you may need. We may also ask for payment if there is a charge to attend.
We use this information to facilitate the event and provide you with an acceptable service. We also need this information so we can respond to you.
Our purpose for collecting this information is so we can facilitate the event and provide you with an acceptable service. The lawful basis we rely on for processing your personal data is your consent under article 6(1)(a) of the UK GDPR. When we collect any information about dietary or access requirements we also need your consent (under article 9(2)(a)) as this type of information is classed as special category data.
Links to other websites
Where we provide links to websites of other organisations, this privacy notice does not cover how that organisation processes personal information. We encourage you to read the privacy notices on the other websites you visit.
Our contact details
We can be contacted as follows:
Cookies
We use a cookies tool on our website to gain consent for the optional cookies we use. Cookies that are necessary for functionality, security and accessibility are set and are not deleted by the tool.
Your right to complain
We work to high standards when it comes to processing your personal information. If you have queries or concerns, please contact us and we’ll respond.
If you remain dissatisfied, you can make a complaint about the way we process your personal information to the Information Commissioner’s office (ICO), the UK supervisory authority (data protection regulator). Please follow this link to see how to do that.
If you are in Europe, you can make a complaint to the Data Protection Commission about how we handle your personal data, the DPC can be contacted via their website.
Updating
We may update this Privacy notice at any time by publishing an updated version here. So that you know when we make changes, we will amend the revision date at the bottom of this page. The new modified or amended privacy policy will apply from that revision date.
This Privacy Notice was last updated on 11.09.2025
