Privacy Policy
Last updated: 1 November 2025
This Privacy Policy ("Policy") explains how Bindbridge Ltd, a company registered in the United Kingdom ("we", "our", "us") collects, uses, and protects information that identifies, or can reasonably identify, an individual ("personal data"). It also describes the rights available to individuals under applicable data protection laws.
This Policy applies to any individual ("you") who visits or uses https://www.bindbridge.com, any related subdomains, or any other online services we operate (collectively, the "Website"). It also applies to any interaction in which you provide personal data to us in connection with our activities, events, communications, or business operations (collectively, the "Services").
By using the Website or the Services, you acknowledge that you have read this Policy.
Personal data we collect
The personal data we collect depends on how you interact with the Website or the Services and may include the following categories:
Identity and contact details
Information used to identify or communicate with you, such as your full name, email address, phone number, or similar contact details.
Communications and interactions
Information you provide when communicating or engaging with us, including the content of emails, calls, messages, enquiries, subscription requests, and any files or documents you choose to upload. We may also generate internal notes summarising our interactions with you where necessary for our business purposes.
Recruitment information
Information you provide when applying for a role with us, including your contact details, right-to-work information, curriculum vitae (CV), cover letter, professional profile links, and any other supporting documents. This may also include information we are required to process for compliance or legal reporting purposes.
Technical and usage data
Basic technical information automatically collected when you visit or interact with the Website, such as your Internet Protocol (IP) address, browser type and version, device information, operating system, access times, and security or access logs.
Information from third parties
Personal data we receive from referees, recruitment platforms, service providers, or other third parties where you have chosen to share your information through those services.
We do not intentionally collect special category (sensitive) personal data. If such information is provided incidentally — for example through a job application or in correspondence — we will handle it securely, restrict its use to what is strictly necessary, and delete it if not required for the relevant purpose.
The Website and the Services are not intended for individuals under the age of 18, and we do not knowingly collect personal data relating to children. If you believe a child has provided us with personal data, please contact us so that we can remove it promptly.
How and why we use personal data
We process personal data only where we have a lawful basis for doing so. The purposes for which we use personal data, and the corresponding legal bases, include:
Responding to enquiries and business communications
We use personal data to communicate with you in connection with the Website or the Services, including responding to enquiries, coordinating activities, and managing business or research-related interactions.
Legal basis: Our legitimate interests in operating, managing, and developing our business.
Providing newsletters, updates, or event invitations
We use personal data to send newsletters, updates, or invitations where you have requested to receive them.
Legal basis: Your consent, which you may withdraw at any time.
Recruitment and job application management
We use personal data to manage recruitment processes, including assessing applications, communicating with candidates, verifying right-to-work status, and fulfilling associated legal and compliance obligations.
Legal bases: Steps necessary prior to entering into a contract; our legitimate interests in managing recruitment and evaluating candidates; and compliance with legal obligations, including right-to-work requirements.
Operating, maintaining, and securing the Website and Services
We use personal data to ensure that the Website and the Services function properly, securely, and efficiently, and to maintain records and safeguards appropriate to our operations.
Legal basis: Our legitimate interests in operating, maintaining, and securing the Website and Services.
Compliance and legal obligations
We may process personal data to comply with applicable laws, regulatory requirements, or requests from authorities, and to establish, exercise, or defend legal claims.
Legal bases: Compliance with legal obligations; and our legitimate interests in protecting our rights and fulfilling our regulatory responsibilities.
Sharing personal data
We do not sell or rent personal data. We share it only where necessary for the purposes described in this Policy. The categories of recipients may include:
Internal staff
Authorised employees and contractors who require access to personal data in order to perform their roles and carry out the processing activities described in this Policy.
Third-party service providers
We may share personal data with carefully selected third-party service providers who support our operations, including providers of website hosting and infrastructure, email and communication tools, cloud-based productivity and storage services, and recruitment or form-processing tools. These providers act on our behalf, follow our instructions, and are contractually required to implement appropriate security and data protection measures.
Professional advisers
Legal, accounting, compliance, or other professional advisers where disclosure is necessary to obtain professional advice or manage our business.
Legal, regulatory, and public authorities
Where disclosure is required by applicable law, regulation, court order, or to establish, exercise, or defend legal claims.
Corporate transactions
If we are involved in a merger, acquisition, restructuring, or asset transfer, personal data may be disclosed as part of due diligence or transferred to the acquiring or successor entity, subject to appropriate confidentiality protections.
External websites or services linked from our Website are outside our control. We are not responsible for their privacy practices and encourage you to review the privacy notices of any third-party sites you visit.
International transfers
Most personal data we process is stored electronically and hosted by trusted third-party service providers. These providers typically store data in the United Kingdom (UK), the European Economic Area (EEA), or in other jurisdictions that offer an adequate level of protection under applicable data protection laws.
If personal data is transferred outside the UK or EEA, we ensure that appropriate safeguards are in place. These may include reliance on an adequacy decision or adequacy regulations issued by the relevant authority, the use of standard contractual clauses or equivalent approved terms, or other legally recognised transfer mechanisms designed to ensure an equivalent level of protection.
We take steps to ensure that any international transfers are lawful and that your personal data remains appropriately protected.
Retention of personal data
We retain personal data only for as long as is necessary to fulfil the purposes for which it was collected, and to comply with any legal, regulatory, or reporting obligations. Retention periods are determined by considering the nature of the personal data, the purposes for which it is processed, any applicable legal requirements, and our legitimate interests.
In practice, personal data is generally kept for the duration of our interactions with you and for a reasonable period afterwards, unless a longer retention period is required by law or is necessary to establish, exercise, or defend legal claims.
When personal data is no longer required, we securely delete it or anonymise it so that it can no longer be associated with an identifiable individual.
Your rights
Under applicable data protection laws, you may have certain rights in relation to the personal data we hold about you. These rights may include:
Right to be informed
The right to receive clear and transparent information about how your personal data is collected, used, and protected. This Policy is intended to provide that information.
Right of access
The right to request access to the personal data we hold about you (if we are processing it) and to obtain information about how and why it is being processed.
Right to rectification
The right to request that inaccurate or incomplete personal data be corrected or completed.
Right to erasure
Also known as the “right to be forgotten”. This enables you to request the deletion of your personal data where there is no compelling reason for us to continue processing it. This right is subject to certain legal exceptions.
Right to restrict processing
The right to request that we limit the processing of your personal data. Where processing is restricted, we may continue to store the data but will not use it further. We maintain suppression lists to ensure that such requests are respected.
Right to data portability
In certain circumstances, the right to receive your personal data in a structured, commonly used, and machine-readable format, and to request that we transfer it to another organisation where technically feasible.
Right to withdraw consent
Where we rely on your consent to process personal data, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before consent was withdrawn.
Right to object
The right to object to certain types of processing, including processing based on our legitimate interests. You may also object to the use of your personal data for direct marketing at any time.
To exercise any of these rights, please contact us using the details provided in the “Contacting Us” section below.
Limitation of liability
We implement appropriate technical and organisational measures to protect personal data. However, no method of transmission or storage is entirely secure, and we cannot eliminate all risks associated with the processing of personal data. You acknowledge that any submission, transmission, or storage of personal data via the Website or the Services is carried out at your own discretion and risk.
Except where required by law or expressly agreed in writing, we are not liable for any indirect, incidental, consequential, special, exemplary, or punitive damages arising from or connected with:
- your use of the Website or the Services;
- your submission, transmission, or storage of personal data; or
- any unauthorised access to, or loss, alteration, or disclosure of, personal data.
Nothing in this Policy excludes or limits any liability that cannot be excluded or limited under applicable law, including liability for fraud or fraudulent misrepresentation.
Updates to this Policy
We may update this Policy from time to time to reflect changes in our practices, technologies, legal or regulatory requirements, or other factors. When we make changes, we will post the updated Policy on the Website and revise the “Last updated” date at the top of this page.
If we make changes that materially affect your rights or how we process personal data, we will provide additional notice in a clear and appropriate manner.
We encourage you to review this Policy periodically to stay informed about how we collect, use, and protect personal data.
Contacting Us
If you have any questions about this Policy or wish to exercise your data protection rights, you may contact us using the contact form on our Website or by email at privacy@bindbridge.com.
You may also contact us by post at: FAO: Privacy, Bindbridge Ltd, Barn4, Park Farm, Villa Road, Impington, Cambridgeshire, CB24 9NZ, United Kingdom.
If you are dissatisfied with our response, you may raise a complaint with the Information Commissioner's Office (ICO), the supervisory authority in the United Kingdom. Further information is available at https://ico.org.uk/.