Effective Date: 25 May 2018
Biomatters Limited and its subsidiaries (“we” or “Biomatters”) value the privacy of customers who use our products, cloud services and web sites, and we make all commercially reasonable efforts to protect that privacy.
Cloud services include Biomatters services and applications available through the internet and hosted on remote servers managed by Biomatters, including the Geneious cloud services, the Geneious Biologics cloud services, the Geneious 16S Biodiversity cloud service, and Biomatters’ Genome Profiler and Melanoma Profiler applications.
Websites and customer support portals include biomatters.com, geneious.com, support.geneious.com, geneiousbiologics.com, and any related websites, sub-domains and pages.
2. Information You Provide
When you use our Services, we may collect the following information:
(a) Account and Profile Information
We collect information that you create, input, submit, post, upload, transmit, store or display (including Personal Information and/or sensitive information) in the process of using our Services, for example when you request customer support.
Please note that the user forums on our support.geneious.com website are open to any online viewer. Any information that you post in these locations can be read, collected and used by anyone, and could enable others to send you unsolicited messages. Biomatters is not responsible for any publication or use of any information, including but not limited to personal information, that you choose to post in these locations.
(c) Credit Card Information
We use a third party payment processor, Avangate Inc., for all transactions where you use a credit card to purchase our Services. The payment processor securely handles all credit card details and informs us whether transactions succeed or fail. We do not receive (and cannot store) any credit card information whatsoever at any time.
3. Other Information We Collect From Your Use Of Our Services
When you use our Services, we may also collect the following information:
(a) Web Logs
Like most websites and services delivered over the internet, we gather certain information and store it in log files when you interact with our websites, products and cloud services. This information may include internet protocol (IP) addresses as well as browser type, internet service provider, URLs of referring/exit pages, operating system, date/time stamp, information you search for, locale and language preferences, information about your computer or mobile device, and system configuration information. In the case of our products or cloud services, the URLs you accessed (and therefore included in our log files) may include usernames as well as other information (such as project names or sample information) necessary for the Service to perform the requested operations.
(b) Analytics Information
We and our analytics providers collect and store analytics information when you use our Services, to help us improve our products and services. This analytics information may consist of features and functions being used, the associated license key and domain name, the username and IP address of the individual using the feature or function, file sizes and filenames, and additional information about the operation of the function and which parts of the Service are being affected.
We also collect and compile usage data to understand broad patterns and trends in the use of our Services and the composition of our user base.
By default, our Geneious desktop software automatically contacts our servers to check for updates. This process is anonymous, but does include the type of license and version number of the software associated with the instance, and the operating system used.
With your permission, we may also collect non-personally identifying statistics about the functions you use in our Geneious desktop software, and how often you use them. The information we collect may include data types that you have imported into or exported from the Geneious software, buttons you have clicked, types of calculations you have run and computational time associated with those calculations. These usage statistics do not include Personal Information or the contents of your data that you process using the software. This usage tracking is an optional setting, and can be turned on and off at any time by following these steps:
- Go to Tools > Preferences.
- On the General tab, select ‘Send anonymous usage information’ to turn usage tracking on, or deselect it to turn it off.
- Click OK.
The only time we may collect Personal Information during a user’s use of the Geneious software is in the specific case where a user voluntarily submits the information as part of a support/feedback/crash report.
(c) Cookies and Other Tracking Technologies
(d) Software Updates and License Information
Our products and cloud services communicate with secure servers hosted by Amazon Web Services and/or our CRM providers Salesforce and Zendesk for licensing purposes and to check for software updates. Examples of information we collect for these purposes include the software version, license key, and IP address of the customer instance.
4. How We Use Information We Collect
We use the information we collect for a variety of purposes, including:
- To provide, operate, maintain, improve and promote our Services.
- To enable you to access and use our Services, including uploading, downloading, sharing and collaborating on data.
- To process and complete transactions, and send you related information, including purchase confirmations and invoices.
- To communicate with you, including contacting you electronically (e.g. by text or email) for the purposes of responding to your comments, questions and requests, providing customer service and support, providing you with information about our Services, features, surveys, offers, promotions, events and other news, and sending you technical notices, updates, security alerts, and support and administrative messages. You can opt out of receiving promotional communications.
- To monitor and analyze trends, usage, and activities in our Services.
- To investigate and prevent fraudulent transactions, unauthorized access to our Services, and other illegal activities.
- To protect and/or enforce our legal rights and interests, including defending any claim.
- For other purposes authorized by you or applicable privacy laws.
As described in Section 3(b), we also collect and compile usage data to understand broad patterns and trends in the use of our Services and the composition of our user base, for the purposes of improving our Services and to develop new products and services.
5. Information Sharing and Disclosure
We will not share or disclose any of your personal information or data with third parties except as described in this policy. We do not sell your personal information or data.
When you use some of our Services, you may grant permission to other users to access your information and data for the purposes of collaboration. Where this information and data is sensitive, you should use the security and privacy features of the Services to limit those who can access it.
You should also be aware that any administrator of your instance of our products or services may be able to access information in and about your account, disclose, restrict, or access information that you have provided or that has been provided to you when using your account, and control how your account may be accessed or deleted.
Where we work with third party service providers to provide hosting, back-up, storage, virtual infrastructure, payment processing, analysis or any other services, these third parties may have access to or process your information in the course of providing these services, but our agreements with these third parties do not provide them with any rights to use (other than for the purposes of providing their services to us), access or distribute any of your information or data.
We may disclose your information to a third party if we believe that disclosure is reasonably necessary
- to comply with any applicable law, regulation, legal process or government request,
- to enforce our agreements, policies and terms of service,
- to protect the security or integrity of our Services, or
- to protect Biomatters, our customers or the public from harm or illegal activities.
To the extent reasonably necessary, we may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to a third party, however, we will take reasonable steps to ensure that the third party is under industry standard obligations of confidentiality.
We may also share aggregated or anonymized information that does not directly identify you with the third parties described above.
6. Data Storage, Transfer and Security
We will take reasonable precautions to protect your personal information and data from loss, misuse, unauthorized access, disclosure, unauthorized alteration, destruction or other malfeasance.
We host data with hosting service providers in numerous countries including (where permitted under applicable privacy laws) the United States. The servers on which your information and data are stored are kept in controlled environments. While we make reasonable efforts to guard your information and data, no security system is impenetrable and due to the inherent nature of the internet as an open global communications system, we cannot guarantee that information, during transmission through the internet or while stored on our systems or otherwise in our care, will be absolutely safe from intrusion by others, such as hackers. In addition, we cannot guarantee that any information or data you store in our Services are maintained at levels of protection to meet specific needs or obligations you may have relating to that information or data.
We are committed to protecting the security of your information and data, and we make commercially reasonable efforts to ensure their security on our systems, including but not limited to the following:
- Your account passwords are protected by encryption, and only you (or anyone administering your account on your behalf) have access to them.
- Your personal information and data stored in our systems are protected by various physical, electronic and procedural safeguards. They are housed in a secure facility, and Biomatters and our infrastructure service providers restrict physical and network access to this facility to select trained staff and regularly evaluate our technologies, facilities, procedures and potential risks to maintain the security and privacy of your data.
- Where possible, we employ industry standard SSL data encryption when we transfer your information and data over the internet in the course of your use of our Services.
7. How Long We Retain Your Personal Information
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it. If this is not possible, for example because your personal information has been stored in backup archives, then we will securely store your personal information and isolate it from any further processing until deletion is possible.
8. Review and Correction Of Your Personal Information
At any time, you may review and correct your Personal Information in your user profile. Subject to certain grounds for refusal set out in any applicable privacy laws, you may also request access to, or correction or removal of your registration data and readily retrievable Personal Information from our systems, however we reserve the right to provide technical support and software upgrades to registered users only. Before you exercise these rights of access, correction and removal, we will need evidence to confirm that you are the individual to whom the personal information relates.
In respect of a request for correction, if we think the correction is reasonable and we are reasonably able to change the Personal Information, we will make the correction. If we do not make the correction, we will take reasonable steps to note on the Personal Information that you requested the correction.
Where we are entitled at law to do so, we may charge you our reasonable costs of providing to you copies of your Personal Information or correcting that information.
9. Compliance With Privacy Laws and Regulations
You agree not to use our Services in a manner that would violate laws protecting an individual’s privacy rights.
10. International Users
Biomatters may store your data and information (including Personal Information) in secure servers of its trusted service providers in the United States, European Union and New Zealand when you agree to any terms and conditions governing your use of the Services.
Where we use service providers based in the United States to support our provision of the Services, we use service providers who have adopted the principles of the EU-US Privacy Shield, a framework which helps to protect Personal Information transferred from the European Union to the United States. More information on the EU-US Privacy Shield can be found at https://www.privacyshield.gov/Program-Overview and the following sites of our service providers. See:
- Amazon Web Services: https://aws.amazon.com/compliance/eu-us-privacy-shield-faq/
- Google: https://www.google.com/intl/en/policies/privacy/
- Salesforce: https://www.salesforce.com/company/privacy/
- Avangate: http://www.avangate.com/privacy-shield-policy.php
- Zendesk: https://www.zendesk.com/company/customers-partners/privacy-policy/
- Jira: https://www.atlassian.com/legal/privacy-policy
If you are using our Services from the European Union or other regions with laws governing data collection and use, please note that you are agreeing to the transfer of your information to the United States and/or New Zealand, unless an exception is agreed in writing.
Where we transfer any Personal Information to another territory, we will take all reasonable steps to ensure that the Personal Information is subject to an equivalent standard of protection to that given to it in your location.
11. Legal Basis for Processing (EEA only)
If you are an individual from the European Economic Area (EEA), our legal basis for collecting and using the personal information will depend on the personal information concerned and the specific context in which we collect it. However, we will normally collect personal information from you only where:
- we have your consent to do so,
- where we need the personal information to perform a contract with you, or
- where the processing is in our legitimate interests (and not overridden by your data protection interests or fundamental rights and freedoms). In some cases, we may also have a legal obligation to collect personal information from you.
Where we rely on your consent to process the personal information, you have the right to withdraw or decline your consent at any time.
12. Additional Rights for Certain Territories
If you are from certain territories (such as the EEA), you may also have additional rights available to you under applicable laws, these may include:
- Right of erasure: In certain circumstances, you may have a broader right to erasure of personal information that we hold about you, for example if it is no longer necessary in relation to the purposes for which it was originally collected.
- Right to object to processing: You may have the right to request that Biomatters stop processing your personal information and/or to stop sending you marketing communications.
- Right to restrict processing: You may have the right to request that we restrict processing of your personal information in certain circumstances, for example where you believe that the personal information we hold about you is inaccurate.
- Right to data portability: In certain circumstances, you may have the right to be provided with your personal information in a structured, machine readable and commonly used format and to request that we transfer the personal information to another data controller without hindrance.
If you would like to exercise such rights, please contact us as described in Section 15 of this Policy. We will consider your request in accordance with applicable laws. To protect your privacy and security, we may take steps to verify your identity before complying with the request.
You may also have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority.
13. Sensitive Information
We do not knowingly collect any sensitive personal information, for example racial, ethnic, political, or religious information on our customers. Please do not submit any sensitive information through our websites or Services.
If you have reason to believe that sensitive personal information has been provided to us through the websites or Services, please contact us, as described in Section 15, and we will use commercially reasonable efforts to delete that information.
14. Changes and Updates
15. Contact Us