1.0 PRIVACY NOTICE

The University of Derby understands that your privacy is important and that you want to know how your personal data is used. We respect the privacy of everyone who visits our website, https://aptamerinnovation.com, and we will only collect and use personal data in ways that are explained in this notice and that comply with data protection law.

Please take a moment to read this Privacy Notice so you understand how we handle your information. By using our site, you agree to the terms set out in this notice. If you do not agree with the way we handle personal data, you should stop using the site.

2. Who we are  

2.1. University of Derby is the Data Controller. This means we decide how and why your personal data is used.

Our Site is owned by University of Derby whose address is gdpr@derby.ac.uk

3. What does this privacy notice cover?

This Privacy Notice applies only to your use of our website. The University of Derby site may include links to other websites, but we are not responsible for how those websites collect, use, or store your personal data. If you visit any other website, we recommend that you check its own privacy notice before providing any information.

4.  Lawful basis for using your personal data

We only use your personal data when we have a legal reason to do so. We rely on Legitimate Interests as our lawful basis for using this information. Our interest is to contact individuals or organisations who may be willing to take part in research conversations linked to the ICURE programme.

5. What data do we collect?

·       Contact details (for example, name, email address, phone number).

·       Professional details (for example, organisation, job role/title).

·       Technical information collected automatically when someone uses the website (for example, IP address and general browser or device information, and which pages they visit).

6. How do we use your data?

This website is used to collect contact details from individuals who may be interested in taking part in research conversations linked to the ICURE programme for the purposes of further defining the scope of the APTAMER INNOVATION HUB and establish scale of the market opportunity and refine our market assumptions. This project is time limited to 3rd April 2026, with an option to extend by a further 6 months for the purpose of deeper exploration of the following:

  • To refine our market assumptions:  Which markets will be the fastest adopters

  • Which markets will be the fastest adopters

  • The barriers to entry for each market

  • The extent to which each value proposition will be compelling in each market segment

  • The scale of opportunity for each market segment

  • Understanding the competitive landscape for each market segment

  • To respond to enquiries you send us

  • To manage our relationship with you

  • To operate and improve our website, including using analytics (only if you have given consent for these cookies)

  • To keep our systems secure and running properly.

We only use your personal data when we have a lawful reason to do so, and we do not use it for anything that is unrelated to these purposes.

We will only use the contact details you provide to arrange conversations for the ICURE research programme. These conversations are for research purposes only, and we will not use your information for marketing, promotion or sales.

[HD1] 7. Do we share your data?

7.1. We share your personal data only when we need to. This mainly happens when we use other companies to help us run our website or provide our services. These may include:

  • companies that host our website or provide IT support

  • companies that help us send emails or manage contact forms

  • companies that provide analytics tools (for example, Google Analytics)

7.1. These companies act as data processors, which means they work under our instructions.

7.1.2 We put agreements in place with them to make sure your data is kept secure.

8.  Transfers outside the UK/EEA

Some providers may store or process data outside the UK or the European Economic Area. When this happens, we use approved safeguards such as Standard Contractual Clauses (SCCs) to make sure your data remains protected.

9.  Legal requirements

We may also share personal data if we are required to do so by law. For example, this could be because of a court order or a request from a regulatory body.

10. How we keep your data secure

We take appropriate technical and organisational measures to protect your personal data.

10.1 This includes ensuring that it is stored securely and only accessed by people who need to use it for legitimate business purposes.

10.2 We also take steps to prevent loss, misuse, unauthorised access, alteration, or disclosure.

11. How long we keep your data (data retention).
11.1 We only keep personal data for as long as it is needed for the purposes for which it was collected. We keep the following information for the duration of this project, and for a further 6 months in the event of project extension. Our general retention periods are:

  • Enquiry information (e.g., emails, contact form submissions)

  • Website analytics data, in line with common analytics retention settings.

  • Technical logs and security data, unless needed for investigation or legal reasons.

  • Cookie preferences: kept until you change your settings.

When data is no longer needed, we securely delete it or anonymise it so it can no longer identify you.

12. Your rights

As an individual, you have several rights under data protection law. These include:

  • Right to be informed: You have the right to know how and why we use your personal data.

  • Right of access: You can ask for a copy of the personal data we hold about you.

  • Right to rectification: You can ask us to correct any information that is inaccurate or incomplete.

  • Right to erasure: You can ask us to delete your personal data in certain circumstances.

  • Right to restrict processing: You can ask us to limit how we use your data.

  • Right to data portability: You can ask for a copy of your data in a reusable format so you can share it with another organisation.

  • Right to object: You can object to us using your data for certain purposes.

If you have any concerns about how we handle your personal data, please contact us using the details in section 14. If we cannot resolve your concern, you have the right to make a complaint to the UK Information Commissioner’s Office.

13. Cookies and similar technologies

We use cookies to make our website work and to help us understand how it is used.

13.1 Essential cookies - These cookies are necessary for the website to function. They are always on.

13.2 Analytics and optional cookies  - We use analytics cookies (for example, Google Analytics) to help us improve our site and understand how visitors use it.  These cookies are only set if you give your consent through our cookie banner.

13.3 Third‑party cookies - Some pages may use content or tools from third parties, which may set their own cookies. You can control these through our cookie settings.

13.4 Changing your cookie preferences - You can update or withdraw your consent at any time using the cookie controls on our site. You can also block or delete cookies through your browser settings, but this may affect how the website works.

14. Contacting Us

If you have any questions about our Site or this Privacy Policy, please contact us by email at gdpr@derby.ac.uk or by post at University of Derby, Legal governance, Assurance Services, Kedleston Road, Derby, DE22 1GB . Please ensure that your query is clear, particularly if it is a request for information about the data we hold about you.

15. Changes to our privacy notice

We will notify you of significant changes by email or website notice.

 [HD1]This is the rights section