This notice is Version 3, and was last updated on 19 Oct 2021.
We may change this notice from time to time, so please check this page occasionally to make sure you are happy with any changes.
We are committed to respecting your privacy and information that could identify you as an individual (‘personal data’). This notice describes the personal data we may collect about you, how we use and secure it, who we may share it with, and your rights in respect of such personal data.
Who are we?
We are Diffblue Limited, experts in artificial intelligence that understands code. We are a company registered in England and Wales number 09958102, with our registered office at 10 St. Ebbes Street, Oxford, OX1 1PT, England. Unless stated otherwise, we are the controller of the personal data described in this notice.
How do we collect personal data?
We collect and combine personal data from the following sources:
Information you provide to us
You may provide us with personal data by filling in forms on our website, submitting information to one of our product or service portals, meeting with us, or contacting us via post, telephone, email, chat or other form of communication.
Information we collect ourselves
When you visit our websites or portals, we may automatically collect information about the device you are using and the way that you use such site or portal.
Information we receive from others
We may receive personal data from publicly available sources and other organisations such as advertisers, suppliers, service providers, trade agents and resellers. For example, as part of our recruitment processes, we may receive information from recruitment service providers, employment background screening agencies and your named referees. We may also search job sites and professional networking sites such as LinkedIn to find potential candidates for job vacancies.
What personal data do we collect?
Personal data collected might include items such as your name, email address, date of birth, gender, job title, contact details, IP address, device ID, and any correspondence that you have with us. If you make a purchase from us, we will collect your payment details.
If we consider you for a job vacancy, we will keep a record of your progress through our hiring process. We may also ask you to provide work and educational history, information about your skills and experience, and proof of your right to work in the relevant country. You are not required to provide all requested information, but failure to do so may result in us being unable to proceed with your candidacy for a role.
How do we use your personal data?
Our usage will be based on performance of our contract with you, compliance with our legal obligations, protection of your health (or the health of another person) in an emergency, pursuance of our legitimate interests (provided that these are not overridden by your rights, freedoms and interests), your consent, or another purpose permitted by law. Some examples are given below.
Cookies and tracking
We may send you information about our products and services. Where required by law, we will obtain your consent before contacting you. You can ask us to stop sending you marketing communications at any time by contacting [email protected] or clicking on any unsubscribe options in the communications that you receive. We do not sell or rent personal data to third parties. We may track whether communications were delivered or undelivered, opened, marked as spam, and whether you unsubscribed or clicked on any link within them in order to monitor the effectiveness of our campaigns, keep our mailing lists up-to-date, manage your preferences and deliver content that is most relevant to you.
We may use your personal data to provide the products and services you requested, manage your account, and send you notices and correspondence about your account. We may also use your personal data for the purposes of billing, payment, fraud detection, forecasting, product roadmap and lifecycle planning, trend analysis and financial reporting.
If you contact us to report problems or ask questions about our products and services, we will record details of our interaction with you in our support ticket management system. We may use this information to respond to your request, improve our existing products and services, research and develop new products and services, troubleshoot and remedy issues with our products and services, monitor trends, monitor support response times and effectiveness, seek feedback about our products and services, monitor customer satisfaction, and provide staff training.
On-site or remote access to your data
If we come to your site or otherwise access your systems and data to perform installation, training, consultancy support, and other services, we may have incidental access to your personal data. In this case, you will be the controller and we will act as your processor. We will comply with your reasonable instructions to maintain the authenticity, confidentiality, security and integrity of your personal data.
Open source submissions
If you contribute code to our open source projects, we may record your name, email address and details of your submission in our code repositories, company records and in publicly available notices that are included with the code in order to manage code changes and intellectual property.
We may log personal data while monitoring our company systems, data and equipment for the purposes of threat detection and prevention, investigating and remedying security incidents, and ensuring lawful use of such systems, data and equipment.
We may use your personal data to enforce our terms and conditions and to carry out checks aimed at preventing illegal activities such as export and trade sanction violations, bribery, fraud, corruption and modern slavery. We may also maintain compliance records and report on the steps we have taken to auditors and authorities.
We may use the personal data that we collect during the recruitment process for evaluating your suitability for current and future employment opportunities, record keeping in relation to recruiting, and improving our recruitment processes.
Who else may access your personal data?
We may share your personal data with service providers and suppliers who process personal data on our behalf in the course of providing their goods and services. For example, if we consider you for a job vacancy, we use a cloud-based, third party recruiting platform and may also be assisted by third party service providers for processes such as employment background screening. We will also share your personal data with those persons involved in the interview and selection process. We include data protection provisions in our contracts and verify the security measures of these service providers and suppliers in order to safeguard your personal data during processing.
We may also share your personal data with courts and other organisations where necessary to comply with legal obligations (for example in response to a court order) or to exercise or defend our legal rights, tax and social security authorities, group companies, insurers, lawyers, accountants, auditors, professional advisors, and buyers investors or transferees of our business or parts of our business. If you apply for a job via a third party (such as a job site or recruitment services provider), we may inform them of the progress of your application and (where applicable) any other information necessary for them to calculate their referral fee.
Where is your personal data located?
Your personal data may be processed outside of the European Economic Area (EEA), including in countries with less protective data protection laws. In such circumstances, we take appropriate steps to safeguard your data to EEA data protection standards, for example by entering the European Union’s standard contractual clauses or selecting organisations with the Privacy Shield certification. For more information or to request copies of the standard contractual clauses, please contact [email protected].
How long do we keep your personal data?
We retain personal data for as long as necessary for the purpose for which the personal data was collected, or for such longer period required by law or otherwise necessary to defend or exercise our legal rights. At the end of this period (or expiry of our backup archive retention period if later), we will either delete or anonymise the personal data.
If you accept an offer of employment with us, any relevant personal data collected during the recruitment process will become part of your personnel records. In other cases, we will retain your recruitment information on file for a period of up to 12 months. At the end of this period, we may contact you to ask if you would like us to retain the information for a further period.
What rights do you have?
You have the following rights in respect of your personal data:
- Access - Request information about personal data we hold on you
- Rectification - Correct or update your personal data
- Objection - Object to processing of personal data based on our legitimate interests
- Restriction - Ask us to retain but otherwise stop actively processing personal data
- Erasure - Request deletion of your personal data
- Portability - Request your personal data in machine-readable format
- Withdrawal - Withdraw consent for future processing, if we process based on your consent
- Decisions - To not be subject to significant decisions based solely on automated processing
- Complaints - Contact the Information Commissioner’s Office with complaints about our processing (https://ico.org.uk/concerns)
Depending on the circumstances, we may need to verify your identity before complying with your request and we may not always be able to comply with your request in full (for example when producing your information may reveal another person’s personal data or when there is an overriding interest or conflicting legal obligation).
We may provide links to sites that are owned by other individuals or organisations. This notice only applies to us and we cannot be responsible for the privacy practices of others.
Our site, products and services are not intended for use by children. If you are aged 16 or under, please get your parent or guardian’s permission before you provide us with any personal data. If you are a parent or guardian who would like to have a child’s personal data deleted, please contact us at [email protected].
We have implemented generally accepted technical and organisational measures to protect your personal data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure and unauthorized access, taking into account the nature of the personal data and the associated risks. Despite these precautions, we cannot guarantee the security of your personal data. Where you have been given or you have chosen passwords or other access control mechanisms, you are responsible for keeping these items confidential.
If you have any questions or complaints about this notice or our handling of your personal data, or if you would like to exercise any of your rights, please contact us via email to [email protected] or via post to Head of Legal, Diffblue Limited, 10 St. Ebbes Street, Oxford, OX1 1PT, England.