Third party privacy notice

1. INTRODUCTION AND SCOPE

At Malvern Panalytical, (referred to in this Privacy Notice as “Malvern Panalytical”, “we” or “us”) we take your privacy seriously. We see it as our duty of care to keep personal data safe and to ensure that all personal data is used and stored in accordance with applicable data protection laws. Our culture of respect means we do not misuse personal data in our possession.

We appreciate the interest you have shown in us, our products and services by visiting us at https://www.malvernpanalytical.com, https://www.malvernpanalytical.com.cn, https://www.materials-talks.com, https://www.materials-talks.kr, https://www.materials-talks.jp, https://www.malvernpanalyticalonlineevent.com, https://www.malvernstore.com, https://events.malvernpanalytical.com or https://support.malvernpanalytical.com (collectively the “Website”) or by reading any of our online communications through channels such as our social media pages (collectively the “Online Channels”). This Privacy Notice explains what kind of personal data is collected and how it is used by Malvern Panalytical when you interact with us, such as through visiting our Website, your use or purchase of our products or services, your contact with customer support, your subscription to our newsletters, your participation in our webinars or any other interaction with Malvern Panalytical, including without limitation all online and offline collection of personal data, and your rights in respect of your personal data. This Privacy Notice does not apply to personal information for job candidates obtained through our Careers website www. careers.malvernpanalytical.com, which is subject to the Malvern Panalytical’s Recruitment Privacy Notice (available: here). 

This Privacy Notice may be changed over time and was last changed on 4th July 2022. The most up-to-date- Privacy Notice is published on our Website and we encourage you to periodically review the Website for any changes to this Privacy Notice.

2. WHO WE ARE

Malvern Panalytical was formed by the merger of Malvern Instruments Limited and PANalytical B.V., and has headquarters in both Almelo (the Netherlands), and in Malvern (UK). We draw on the power of our analytical instruments and services to make the invisible visible and the impossible possible. Through the chemical, physical and structural analysis of materials, our high-precision analytical systems and top-notch services support our customers in creating a better world, helping them to improve everything from the energies that power us and the materials we build with, to the medicines that cure us and the foods we enjoy. We partner with many of the world’s biggest companies, universities and research organizations. They value us not only for the power of our solutions, but also for the depth of our expertise, collaboration and integrity. With over 2200 employees, we serve the world, and we are part of Spectris plc, the world-leading precision measurement group., 

3. WHO IS RESPONSIBLE FOR YOUR PERSONAL DATA?

Malvern Panalytical, based at 1 Lelyweg, 7602 EA, Almelo, The Netherlands, is the controller for the processing of personal that falls within the scope of this Privacy Notice.

If you have any questions about this Privacy Notice, your use of the Website, our products, services, solutions, events or your dealings with us, in relation to our use of your personal data or your rights in relation to your personal data, you can contact us via dataprotection@malvernpanalytical.com.

4. FOR WHICH PURPOSES DO WE PROCESS YOUR PERSONAL DATA?

4.1 For answering your questions and following up on your requests 

  1. What does this purpose entail?
    If you get in touch with us via the following contact forms; contact sales, contact support, request a quote, request a demonstration, registration, sample analysis request, website feedback etc on our Website, we will respond to your enquiry using your personal data.
  2. On what lawful basis do we process personal data?
    We process your personal data on the basis of our legitimate interest in managing our relationship with existing and potential customers, suppliers, vendors and business partners.
  3. Which personal data do we process for this purpose?
    For this purpose, we process your name, contact details, your correspondence with Malvern Panalytical and any other personal data necessary for answering your question.


4.2 For processing your order and payments and for delivering customer service

  1. What does this purpose entail?
    We use your personal data to process and deliver your order, report on order status and to contact you about the transaction (for instance, where the transaction fails), as well as for providing customer services.
  2. On what lawful basis do we process personal data?
    We process your personal data on the basis that it is necessary for performing a contract between you and us. If you fail to provide the requested information, Malvern Panalytical will be unable to process your order and/or provide customer services to you.
  3. Which personal data do we process for this purpose?
    For this purpose, we process your name and contact details, credit card and other payment information, your acceptance of our applicable terms and conditions and your correspondence with Malvern Panalytical.


4.3 For the development and improvement of products and/or services

  1. What does this purpose entail?
    We process your personal data in order to assess and improve our products and services. We convert your personal data into statistical or aggregated data to analyze customer behavior and adjust our customer offerings. We also, on an aggregate basis (i.e. in a way that does not personally identify you) unless otherwise specified, perform market trend research through statistical analysis to evaluate and adapt our products and marketing to new developments. For this purpose, we analyze how often you read the newsletters and visit our Website, which pages you click on and what goods you purchased through our Website. Based on this information, we may make adjustments to our offerings, our newsletters or the Website as well as adapt our promotions. We may also collect information using web beacons which are electronic images that may be used in our emails and advertisements and help deliver cookies, count visits, understand content usage and campaign effectiveness, and determine whether an email or advertisement has been opened or acted upon.
  2. On what lawful basis do we process your personal data?
    We process your personal data on the basis of our legitimate interest in developing and improving our offerings to our customers in view of customer needs and wider market trends and developments.
  3. Which personal data do we process for this purpose?
    For this purpose, we process your contact details, personal details (such as name and contact details), payment information and transaction history, your demographic data (such as your country and preferred language), and your correspondence with us. We also process data generated from your usage of the Website such as IP address, webpages visited, your click-and-surf behaviour and the length of your session.


4.4 To deliver you our Website’s functionalities and for its technical and functional management

  1. What does this purpose entail?
    We process your technical data to offer you our Website’s functionalities and to allow our Website administrators to manage and improve our Website’s performance. If you enter data in our Websites (such as product preference or your location) to receive relevant information or functionalities, Malvern Panalytical processes this data to provide you with the requested information or functionalities.
  2. On what lawful basis do we process your personal data?
    We process your personal data on the basis of our legitimate interest in maintaining our Website’s functionality and being able to process payments via our Website.
  3. Which personal data do we process for this purpose?
    For this purpose, we process the personal data you have entered into our Website or that is generated from the functionalities you have used on the Website and the technical data from your device such as your IP address, the internet browser you use, pages visited on the Website, your click-and-surf behaviour and the length of your session.


4.5 Where applicable, to open and administer your Website account and to maintain its confidentiality

  1. What does this purpose entail?
    You need to provide us with your personal data if you choose to register and open an account with us. Upon creating your account, we will send you your personal login information. We also use your personal data to administer and secure your account – for instance, we are able to change your password for you.
  2. On what lawful basis do we process your personal data?
    We process this on the basis of our legitimate interest in (i) managing our customer relationships through effective account management and (ii) protecting the confidentiality and integrity of our information networks, including the Website accounts.
  3. Which personal data do we process for this purpose?
    For this purpose, we process your name, email address, title, telephone number, gender and date of birth, address, any other information you have added to your account, your login data and credentials for security (such as your passwords, password hints and similar information) which enables us to authenticate you and provide you with access to your account.


4.6 For customer relationship management

  1. What does this purpose entail?
    Malvern Panalytical will send communications to you for the purpose of performing relationship and account management as well as communicating recalls where necessary.
  2. On what lawful basis do we process your personal data?
    We process this on the basis of our legitimate interest in establishing and maintaining ongoing customer relationships.
  3. Which personal data do we process for this purpose?
    For this purpose, we process your name and contact details, personal details such as your name and date of birth, contact preferences, payment information and transaction data, whether or not you opt to receive our newsletter and your correspondence with us.


4.7 For direct marketing purposes

  1. What does this purpose entail?
    Our range of products, services and solutions is constantly evolving to match the increasingly sophisticated markets in which we operate. For this purpose, we may provide you with information about the same or similar products, services, solutions, promotions and offers, to those which you have received or about which you have enquired and which may be of interest to you.
    We may also invite you to take part in market research or request feedback on our events, products, services and solutions.
  2. On what lawful basis do we process your personal data?
    We usually process your personal data on the basis of your consent, which you may withdraw by opting out of receiving marketing messages at any time and free of charge. We may, however, in limited cases, send you marketing messages without your consent being required. You will always have the option to opt out of receiving these communications by following the instructions included in each communication. Should you wish to opt out, we will no longer send you direct marketing.
  3. Which personal data do we process for this purpose?
    We process your name and contact details, your payment, order and transaction history, data generated from market surveys.


4.8 For organisational analysis, management reporting, acquisition and divestitures and for the execution of business processes and internal management

  1. What does this purpose entail?
    At Malvern Panalytical we process your personal data in the preparation and performance of management reporting and analysis using aggregated personal data. We also conduct customer, supplier and business partner surveys to learn more about your views and opinions as part of the reporting process. Additionally, your personal data may be processed in the context of mergers, acquisitions and divestitures, and in order to manage such transactions.
    We process your personal data in the general performance and internal administration of our business, including in relation to understanding our marketing efforts and asset and order management. Furthermore, your personal data may be used when we conduct audits and investigations to comply with applicable legal obligations and/or Malvern Panalytical’s internal policies, implement business controls, and for managing our customer, supplier and business partner database.
    We also process your personal data for finance and accounting, archiving and insurance purposes, legal and business accounting and in the context of dispute resolution.
  2. On what lawful basis do we process your personal data?
    We process your personal data in order to satisfy our legitimate interest in operating the day-to-day business of Malvern Panalytical and to develop and implement plans for strategic growth.
  3. Which personal data do we process for this purpose?
    For this purpose, we may process your contact details, personal details (such as your name and date of birth), payment and transaction data (including credit and payment information and order history), your response to our surveys, data stored on Malvern Panalytical’s IT systems, data generated during the performance of your agreement with Malvern Panalytical and your correspondence with Malvern Panalytical].


4.9 To comply with the law

  1. What does this purpose entail?
    Malvern Panalytical processes your personal data to comply with laws and regulations (such as tax and business conduct-related and due diligence obligations including know your customer requirements) and this may involve disclosing your personal data to government or other supervisory authorities.
  2. On what lawful basis do we process your personal data?
    We process your personal data to comply with any legal or regulatory obligations to which we may be subject.
  3. Which personal data do we process for this purpose?
    For this purpose, we process your contact details, such as your address and email address, personal details, such as your name and date of birth, payment information, transaction history (including your order history), and your chamber of commerce and tax details, and any other information requested by the relevant government or supervisory authority.


4.10 To protect health, safety, security and to ensure integrity

  1. What does this purpose entail?
    Where you are invited to Malvern Panalytical’s premises, we process your personal data in order to safeguard our employees, customers, suppliers and business partners as well as their assets. As such, we authenticate your access rights to our premises and may screen your personal data against publicly available government and/or law enforcement agency sanctions lists.
  2. On what lawful basis do we process your personal data?
    We process your personal data in line with our legitimate interest in safeguarding the health and safety of others, as well as in authenticating third party status and access rights whilst on our premises.
  3. Which personal data do we process for this purpose?
    For this purpose, we process your name, date of birth, payment information and transaction history, and your visiting history to our premises.


5. FOR HOW LONG DO WE RETAIN YOUR PERSONAL DATA?

We will retain your personal data for as long as necessary for the purposes set out above and as communicated to you at the time of collecting your personal data.

The criteria we use to determine data retention periods include the following:

  • Retention in case of queries: we may retain your personal data for a reasonable period after you have enquired about events, products, services or solutions, in cases of follow up queries from you.
  • Retention in accordance with legal and regulatory requirements: we will consider whether we need to retain your personal data after the period of retention in case of queries (above) due to legal or regulatory requirements which may be subject to. Some or all of these criteria may be relevant to retention of your personal data collected from you in connection with our events, products, services, solutions and/or your use of our Website.
  • Retention permitted under applicable law: we will continue to retain your personal data where necessary to provide our services to you and the retention of such personal data is necessary for pursuing our legitimate interests or where it is necessary for public interest purposes.

6. COOKIES

We also collect information through the use of cookies. Cookies are small files of information which save and retrieve information about your visit to our Website – for instance, your internet service provider’s domain name, pages you accessed and when. We may process data we collect to give you a more seamless, consistent and personalised experience such as providing you with personalised recommendations based on your use of the Website.

Read more about how we use cookies and how you can disable them in our Cookie Notice, which can be found here.

7. WHO HAS ACCESS TO YOUR PERSONAL DATA? 

7.1 Access to your personal data within Malvern Panalytical and Spectris plc (“Spectris”) 
Your personal data will be available within Malvern Panalytical to only those who need access to the data and only to the extent necessary to meet the purposes specified in section 4 “For which purposes do we process your personal data?” (above). We will take appropriate measures to ensure that your personal data is appropriately safeguarded. 

We may also share your personal data with our affiliates within the Spectris plc group of companies (of which Malvern Panalytical is an operating company). We may exchange your data for administrative purposes and so that we can have a complete overview of your contacts and contracts with the Spectris group. This allows us to offer you a complete package of services and products. Where our affiliates send you information in relation to events, products, services or solutions that may be of interest to you, such disclosures will be pursuant to your consent (where required, in accordance with applicable laws).

In addition, as part of a Spectris group-wide data protection compliance programme, Malvern Panalytical is party to the Spectris Binding Corporate Rules (the “BCR”), meaning that your personal data is treated with the same degree of care – regardless of where processing takes place – as long as your data is transferred within the Spectris group.

7.2 Access to your personal data by third parties 
The following third parties have access to your personal data, where relevant: 

  • Affiliates, distributors or agents, for instance, if we deem this necessary for offering you a complete solution for the business needs presented by you, or with our agents for servicing the products you purchased
  • Banks
  • Insurance companies
  • Professional services and IT suppliers such as website administrators and advertising partners, who help us run our business
  • Accountants and forensic specialists
  • Governmental and regulatory bodies and other third parties to whom we must disclose information under applicable law, such as to comply with a court order or a request from a regulator or similar legal process, or otherwise where necessary to comply with a legal obligation or for the administration of justice
  • Third parties concerned or their professional advisers, in the event of a merger, acquisition or any form of sale of some or all of our assets.

Where third parties are given access to your personal data, Malvern Panalytical will take the required contractual, technical and organisational measures to ensure that your personal data are only processed to the extent that such processing is necessary. If your personal data is transferred to a recipient in a country that does not provide an adequate level of protection for personal data, Malvern Panalytical will conclude agreements with the relevant third parties involved, limiting the purposes for which your personal data can be used and disclosed, and requiring your personal data to be appropriately safeguarded.

7.3 Personal data obtained from third parties 
We work closely with third parties (including business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics and search information providers) and may receive personal data about you from them. Such data obtained from third parties will be kept in accordance with the same duty of care as described in this Privacy Notice, and with any additional restrictions imposed by the third party that shared your personal data. 

8. HOW IS YOUR PERSONAL DATA SECURED? 

Malvern Panalytical has taken adequate safeguards to ensure the confidentiality and security of your personal data. Malvern Panalytical has implemented appropriate technical, physical and organisational measures to protect personal data against accidental or unlawful destruction or accidental loss, damage, alteration, unauthorised disclosure or access as well as all other forms of unlawful processing (including, but not limited to, unnecessary collection) or further processing.

We use the industry-standard security protocol Secure Sockets Layer (SSL) to encode more sensitive information, such as credit card numbers for online purchase transactions via the Website. We employ the latest 128-bit encryption technology in all areas of the Website, which require you to provide personal or account information. This means that the credit card information you send is encrypted by your computer, and then decrypted again on our side, which limits the risk of others from accessing your private information when in transfer. You can verify this by looking for a closed lock icon at the bottom of your web browser or looking for “https” at the beginning of the address of the web page.

While we use encryption to protect credit card numbers and similar transaction information, please be aware that no method of transmission over the Internet is 100% secure. Although we take reasonable security measures to protect your personal data when we receive it, you also need to ensure you take appropriate steps to protect your personal data.

9. LINKS TO OTHER WEBSITES

Our Online Channels may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over the other website. Therefore, we cannot be responsible for the protection and privacy of any information that you provide while visiting such sites and such sites are not governed by this Privacy Notice. You should exercise caution and look at the privacy notice applicable to the website in question.

10. YOUR RIGHTS

You have a number of rights under applicable data protection law in respect of our processing of your personal data. These include:

  • the right to request access to your personal data;
  • the right to request rectification of any personal data that we hold;
  • subject to certain conditions:
    • the right to request erasure of your personal data;
    • the right to request restriction of processing of your personal data;
    • the right to have your personal data transferred to another controller;
  • where we rely on your consent for processing, the right to withdraw such consent; and
  • the right to lodge a complaint with a data protection authority (in the Netherlands, this is the Dutch Data Protection Authority (Autoriteit Persoonsgegevens)). A list of other authorities can be found here.

Further details on the scope of these rights can be found in the Data Subject Request Form. Should you wish to exercise your rights, please complete the Request Form and send (including any supporting documents) to Malvern Panalytical Data Protection at dataprotection@malvernpanalytical.com. Note that, in order for us to respond to your request, we may require you to verify your identity.

Please be aware that some (or all) of these rights may not be available to you in your jurisdiction. Furthermore, we may reject requests that are unreasonably repetitive, require disproportionate technical effort (for example, developing a new system or fundamentally changing an existing practice), risk the privacy of others, or would be extremely impractical (for instance, requests concerning information residing on backup systems).

We encourage you to update your own personal data through your account on www.malvernpanalytical.com. If you have registered to our Website, you can log into your account to update your personal data and marketing preferences.


Last updated: 4th July 2022