This notice was last updated on 6 November 2018. We may change this notice from time to time, so please check this page occasionally to make sure you are happy with any changes.
We are committed to respecting your privacy and information that could identify you as an individual ('personal data'). This notice describes the personal data we may collect about you, how we use and secure it, who we may share it with, and your rights in respect of such personal data.
Who are we?
We are Diffblue Limited, experts in artificial intelligence that understands code. We are a company registered in England and Wales number 09958102, with our registered office at Ramsey House, 10 St. Ebbes Street, Oxford, OX1 1PT, England. Unless stated otherwise, we are the controller of the personal data described in this notice.
How do we collect personal data?
We collect and combine personal data from the following sources:
Information you provide to us
You may provide us with personal data by filling in forms on our website, submitting information to one of our product or service portals, meeting with us, or contacting us via post, telephone, email, chat or other form of communication.
Information we collect ourselves
When you visit our websites or portals, we may automatically collect information about the device you are using and the way that you use such site or portal.
Information we receive from others
We may receive personal data from publicly available sources and other organisations such as advertisers, suppliers, service providers, trade agents and resellers. If you apply for a job with us, we may receive information from recruitment agencies, employment background screening agencies and your named referees.
What personal data do we collect?
Personal data collected might include items such as your name, date of birth, gender, job title, contact details, IP address or other unique device ID. If you make a purchase from us, we will collect your payment details.
If you apply for a job with us, we may also ask you to provide work and educational history, information about your skills and experience, and proof of your right to work in the relevant country. You are not required to provide all requested information, but failure to do so may result in us being unable to proceed with your candidacy for a role.
How do we use your personal data?
Our usage will be based on performance of our contract with you, compliance with our legal obligations, protection of your health (or the health of another person) in an emergency, pursuance of our legitimate interests (provided that these are not overridden by your rights, freedoms and interests), your consent, or another purpose permitted by law. Some examples are given below.
We may send you information about our products and services. Where required by law, we will obtain your consent before contacting you. You can ask us to stop sending you marketing communications at any time by contacting firstname.lastname@example.org or clicking on any unsubscribe options in the communications that you receive. We do not sell or rent personal data to third parties. We may track whether communications were delivered or undelivered, opened, marked as spam, and whether you unsubscribed or clicked on any link within them in order to monitor the effectiveness of our campaigns, keep our mailing lists up-to-date, manage your preferences and deliver content that is most relevant to you.
We may use your personal data to provide the products and services you requested, manage your account, and send you notices and correspondence about your account. We may also use your personal data for the purposes of billing, forecasting, product roadmap and lifecycle planning, trend analysis and financial reporting.
If you contact us to report problems or ask questions about our products and services, we will record details of our interaction with you in our support ticket management system. We may use this information to respond to your request, improve our existing products and services, research and develop new products and services, troubleshoot and remedy issues with our products and services, monitor trends, monitor support response times and effectiveness, seek feedback about our products and services, monitor customer satisfaction, and provide staff training.
On-site or remote access to your data
If we come to your site or otherwise access your systems and data to perform installation, training, consultancy support and other services, we may have incidental access to your personal data. In this case, you will be the controller and we will act as your processor. We will comply with your reasonable instructions to maintain the authenticity, confidentiality, security and integrity of your personal data.
Open source submissions
If you contribute code to our open source projects, we may record your name, email address and details of your submission in our code repositories, company records and in publicly available notices that are included with the code in order to manage code changes and intellectual property.
You may (at your option) add comments, questions and requests to our public GitHub branches and other similar repositories, and to private sites and branches to which you have been invited. Please be responsible when uploading content, and in particular, note that information on public sites and branches may be viewed, collected and used by others for purposes outside of our control.
We may log personal data while monitoring our company systems, data and equipment for the purposes of threat detection and prevention, investigating and remedying security incidents, and ensuring lawful use of such systems, data and equipment.
We may use your personal data to enforce our terms and conditions and to carry out checks aimed at preventing illegal activities such as export and trade sanction violations, bribery, fraud, corruption and modern slavery. We may also maintain compliance records and report on the steps we have taken to auditors and authorities.
We may use the personal data that you provide during the recruitment process for evaluating your suitability for current and future employment opportunities, record keeping in relation to recruiting, and improving our recruitment processes. If you accept an offer of employment with us, any relevant personal data collected during the recruitment process will become part of your personnel records. In other cases, we will retain your information on file for a period of up to 12 months. At the end of this period, we may contact you to ask if you would like us to retain the information for a further period.
Who else may access your personal data?
We may share your personal data with service providers and suppliers who process personal data on our behalf in the course of providing their goods and services. For example, if you apply for a job with us, we use a cloud-based, third party recruiting platform and may also be assisted by third party service providers for processes such as employment background screening. We will also share your personal data with those persons involved in the interview and selection process. We include data protection provisions in our contracts and verify the security measures of these service providers and suppliers in order to safeguard your personal data during processing.
We may also share your personal data with courts and other organisations where necessary to comply with legal obligations (for example in response to a court order) or to exercise or defend our legal rights, tax and social security authorities, group companies, insurers, lawyers, accountants, auditors, professional advisors, and buyers investors or transferees of our business or parts of our business.
Where is your personal data located?
Your personal data may be processed outside of the European Economic Area (EEA), including in countries with less protective data protection laws. In such circumstances, we take appropriate steps to safeguard your data to EEA data protection standards, for example by entering the European Union's standard contractual clauses or selecting organisations with the Privacy Shield certification. For more information or to request copies of the standard contractual clauses, please contact email@example.com.
How long do we keep your personal data?
We retain personal data for as long as necessary for the purpose for which the personal data was collected, or for such longer period required by law or otherwise necessary to defend or exercise our legal rights. At the end of this period (or expiry of our backup archive retention period if later), we will either delete or anonymise the personal data.
What rights do you have?
You have the following rights in respect of your personal data:
Access - Request information about personal data we hold on you
Rectification - Correct or update your personal data
Objection - Object to processing of personal data based on our legitimate interests
Restriction - Ask us to retain but otherwise stop actively processing personal data
Erasure - Request deletion of your personal data
Portability - Request your personal data in machine-readable format
Withdrawal - Withdraw consent for future processing, if we process based on your consent
Decisions - To not be subject to significant decisions based solely on automated processing
Complaints - Contact the Information Commissioner's Office with complaints about our processing
Depending on the circumstances, we may need to verify your identity before complying with your request and we may not always be able to comply with your request in full (for example when producing your information may reveal another person's personal data or when there is an overriding interest or conflicting legal obligation).
We may provide links to sites that are owned by other individuals or organisations. This notice only applies to us and we cannot be responsible for the privacy practices of others. We encourage you to read the privacy policies and notices on other sites that you visit.
While our site, products and services are not intended for use by children, we appreciate the importance of taking additional measures to protect their privacy. If you are aged 16 or under, please get your parent or guardian's permission before you provide us with any personal data. If you are a parent or guardian who would like to have a child's personal data deleted, please contact us at firstname.lastname@example.org.
We have implemented generally accepted technical and organisational measures to protect your personal data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure and unauthorized access, taking into account the nature of the personal data and the associated risks. Despite these precautions, we cannot guarantee the security of your personal data. Where you have been given or you have chosen passwords or other access control mechanisms, you are responsible for keeping these items confidential.
If you have any questions or complaints about this notice or our handling of your personal data, or if you would like to exercise any of your rights, please contact us via email to email@example.com or via post to Head of Legal, Diffblue Limited, Ramsey House, 10 St. Ebbes Street, Oxford, OX1 1PT, England.