Privacy Policy

Introduction

BioBridgeX Ltd ("BioBridgeX", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform and services.

1. Information We Collect

1.1 Information You Provide

We collect information that you voluntarily provide when using our platform:

• Account Information: Name, email address, password, job title, company name, and role (Buyer or CRO)
• Company Details (CROs): Company description, service capabilities, certifications, locations, and compliance standards
• Project Information (Buyers): Project requirements, specifications, timelines, and budget ranges
• Communications: Messages, quotes, and correspondence exchanged through the platform
• Payment Information: Billing address, invoice details, and payment records

1.2 Information Collected Automatically

When you access our platform, we automatically collect:

• Device Information: IP address, browser type, operating system, and device identifiers
• Usage Data: Pages visited, features used, time spent on pages, and navigation patterns
• Cookies and Tracking Technologies: See our Cookie Policy for details

2. How We Use Your Information

We use your information for the following purposes:

• Service Delivery: To provide, operate, and maintain our marketplace platform
• Matching: To connect Buyers with appropriate CRO service providers
• Communication: To send notifications about quotes, projects, milestones, and platform updates
• Payments: To process invoices and facilitate payment flows between parties
• Support: To respond to inquiries and provide customer support
• Improvement: To analyse usage patterns and improve our services
• Legal Compliance: To comply with legal obligations and enforce our terms
• Security: To detect, prevent, and address fraud and security issues

Legal Basis for Processing (UK GDPR / GDPR)

• Contract: Processing necessary for the performance of our contract with you
• Legitimate Interests: For platform security, fraud prevention, and service improvement
• Legal Obligation: Where required by law or regulation
• Consent: For marketing communications and non-essential cookies (where applicable)

3. How We Share Your Information

We do not sell your personal data. We may share your information only in the following circumstances:

• Platform Transactions: Project details and communications are shared between Buyers and CROs as part of the matching and project coordination process
• Service Providers: With trusted third-party service providers who assist in operating our platform (hosting, analytics, email services) under strict data protection agreements
• Legal Requirements: When required by law, regulation, court order, or governmental authority
• Business Transfers: In connection with a merger, acquisition, or sale of assets (with prior notice)
• With Your Consent: When you explicitly authorise us to share specific information

4. Data Storage and International Transfers

Your data may be stored and processed in the following locations:

• United Kingdom: Primary data storage
• European Union: Backup and processing
• United States: Certain third-party service providers

For transfers outside the UK/EEA, we implement appropriate safeguards including:

• Standard Contractual Clauses (SCCs) approved by the UK ICO and European Commission
• Adequacy decisions (where applicable)
• Binding Corporate Rules (where applicable)

5. Data Retention

We retain your personal data for as long as necessary to fulfil the purposes outlined in this policy:

• Account Data: For the duration of your account plus 6 years (for legal and tax purposes)
• Project Data: For the duration of the project plus 7 years (regulatory retention requirements)
• Communications: For the duration of your account plus 3 years
• Payment Records: 7 years (UK financial regulations)
• Usage Analytics: 26 months (anonymised thereafter)

6. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

• Encryption of data in transit (TLS/SSL) and at rest
• Secure authentication and access controls
• Regular security assessments and penetration testing
• Employee training on data protection
• Incident response procedures

While we strive to protect your data, no method of transmission over the internet is 100% secure. You are responsible for maintaining the confidentiality of your account credentials.

7. Your Rights

Under UK GDPR and GDPR, you have the following rights:

• Right of Access: Request a copy of your personal data
• Right to Rectification: Request correction of inaccurate data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Restriction: Request limitation of processing
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests or for direct marketing
• Rights Related to Automated Decision-Making: Rights concerning profiling and automated decisions

To exercise these rights, contact us at privacy@biobridgex.com. We will respond within 30 days.

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

8. Cookies and Tracking

We use cookies and similar technologies to enhance your experience, analyse usage, and for certain functionality. For detailed information about your choices, please see our Cookie Policy.

9. Children's Privacy

BioBridgeX is a B2B platform intended for business use only. Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have collected data from a minor, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

11. Contact Us

For questions about this Privacy Policy, to exercise your rights, or for any privacy-related concerns, please contact us: