Summary — Biovector Innovations ("we", "us") is a science-led organisation advancing research, innovation, and knowledge transfer in vector and biosecurity systems. This Policy explains what personal data we collect, how we use it, who we share it with, and your rights.
1. Scope & acceptance
This policy covers personal data collected through our website, email, forms, and services (including pilot programs). By using our services or website you accept the practices described here.
2. What personal data we collect
We may collect:
- Data you provide: contact details (name, organisation, role, email, phone), project details, messages, and contractual/financial data when partnering with us.
- Automatically collected data: IP address, device and browser details, pages visited, referral URLs, and analytics data.
- Third-party data: basic info from third-party services or processors (e.g., when signing in) and data processed by service providers (Zoho Mail, Cloudflare, Carrd, analytics).
3. How we use your data — purposes & legal basis
We process personal data to:
- Respond to enquiries and manage pilot requests (consent/contractual pre-negotiation).
- Provide services and execute contracts (performance of a contract).
- Manage communications and newsletters where you opt in (consent / legitimate interest).
- Improve our website and services using analytics (legitimate interest).
- Meet legal obligations (e.g., accounting, taxes).
- Prevent fraud and protect security (legitimate interest).
We will only use data for the purpose it was collected unless we reasonably consider that we need to use it for another reason compatible with the original purpose.
4. Cookies & tracking
We use cookies and similar technologies. Typical categories:
- Essential cookies — required for site features (forms, sessions).
- Performance/Analytics cookies — for traffic analysis (e.g., Google Analytics). You may opt out via your browser or a consent banner.
- Functional cookies — remember preferences.
If you need a cookie banner, include a short consent prompt that links to this policy and allow opt-outs for analytics.
5. Sharing & disclosure
We may share personal data with:
- Service providers / processors (Zoho, Cloudflare, Carrd, analytics providers) — they act under contract and process data per our instructions.
- Regulators, law enforcement or government bodies where required by law.
- Partners or contractors where necessary to deliver services (under confidentiality).
We do not sell your personal data.
6. International transfers
Some providers process data outside your country. We use appropriate safeguards (e.g., standard contractual clauses) or rely on providers with adequate protections (Cloudflare, Zoho). Contact us for specifics.
7. Retention
We retain personal data only as long as necessary:
- Contact/enquiry data — up to 3 years unless you request deletion.
- Contractual records — kept for legal compliance (typically 6–7 years).
- Analytics logs — aggregated or deleted after ~26 months where appropriate.
8. Your rights
Where local law provides, you may request:
- Access to your personal data
- Correction or deletion
- Restriction or objection to processing
- Data portability
- Withdrawal of consent where applicable
- To lodge a complaint with a data protection authority
To exercise rights, contact: [email protected]. We will verify identity before processing requests.
9. Security
We implement reasonable technical and organisational measures (HTTPS, Cloudflare protections, access control, backups). No system is perfect — report suspected breaches immediately to [email protected].
10. Children
Our services are not intended for children under 16. We do not knowingly collect data from minors. If you believe we have data about a minor, contact us to remove it.
11. Changes to this policy
We may update this policy. Substantive changes will be posted with a new effective date. Please check this page periodically.
12. Contact & complaints
Privacy questions or rights requests: [email protected].
If you are not satisfied, you may file a complaint with your local data protection authority.
End of policy — last updated: 2026-02-01