Lightpoint Medical
Privacy Policy

1. Introduction
Lightpoint Medical Ltd (“Lightpoint”) is a company incorporated under English law (company number 08108247) and was founded in 2012. Lightpoint designs, develops and researches in the field of oncology with the primary focus on detecting cancer in real-time during surgery.
As we are committed to protecting your personal data and we are considered data controllers under the General Data Protection Regulation (EU) 2016/679 (the “GDPR”), the purpose of this privacy policy is to help you understand how we collect, manage and utilise your personal information. This policy also sets out to inform you of your legal rights relating to your personal data. This policy is written in accordance with the General Data Protection Regulation (EU) 2016/679 (the “GDPR”).
The Data Controller in respect of your personal information is Lightpoint Medical Ltd.
References to we, us or our in this policy means Lightpoint and references to you means the person whose personal data we collect, use and process. This includes any investor, business partner or job applicant who contacts us in connection with the activities of our business.

2. What Information do we collect about you?
The personal data we may collect from you include:
– Full Name;
– Date of Birth;
– Full Postal Address;
– Nationality;
– Email Address;
– Business Information, such as employer details and job title; and
– Banking Details.

This data may be collected when you show interest in our business such as filling in our online contact form, applying for one of our job roles, investing in our business or collaborating with us as a business partner. You may provide this information in a number of ways which include corresponding with us by email, telephone, our online forms, or through our social network pages such as Facebook.

3. Non-personal identification information collected from you
We may collect information under this heading, such as your Internet Protocol (IP) address, location and length of visits to certain pages of our website, when you use your computer or another applicable device to browse through our website, through Google Analytical Solutions. Any data collected from you is protected under the data protection and processing agreements we have in place with the Google entities. However, if you wish to exert any of your rights as detailed in Section 10 below, please contact us using the details in Section 12.

4. How do we use your personal data?
We will hold and use your data for legitimate business purposes which can include:
– Keeping you up to date about relevant information concerning the business;
– To carry out our obligations arising from any contracts entered into between you and us;
– To answer your queries;
– Where we have a legal right or duty to use or disclose in accordance with statutory reporting requirements, required by UK law;
– Where it is necessary for us to provide your information to external companies with which we contract to assist us in providing services to you;
– Suitability for specific job roles; and
– Reporting in our cap table.

5. The legitimate basis for processing your data
The main grounds that we rely upon in order to process your data it that is necessary for our legitimate interests which include:
– Necessary to comply with certain legal obligations, including disclosure of your data by law or by order of a governmental authority or supervisory body;
– Handling customer contacts, queries, complaints or disputes;
– Optimising our website experience
– Understanding our customers’ behaviour, activities, preferences, and needs;
– Fulfilling our duties to our customers, colleagues, shareholders and other stakeholders; and
– For consent when consent is required in order to process your information in a particular manner.

6. Marketing Communication
Where you have shown an interest in purchasing or using our products, we may use the personal data you supplied to us for direct marketing purposes. We can only use this to send you marketing messages if we have either your consent or a legitimate reason for doing so. The legitimate reason is applicable when we have a business or commercial reason to use your information. You have the right to opt out of receiving marketing communications at any time, by clicking on the ‘Unsubscribe’ link at the bottom of commercially generated emails, or emailing or writing to us at the address in Section 12 below.
Please see our sales safeguarding policy for more information on how data collected from sales prospects or leads is handled.

7. How we share your personal data
In order for our business to function and to make certain services available to you, we may need to share your information to other parties who support our business. Details of these other parties include:
– Our US subsidiary, when required;
– IT infrastructure companies, email logistics, delivery and marketing service providers (third parties) of whom we may use to store your information in order to contact you;
– Governmental authority or supervisory body where required; and
– Contractors with whom we are in contract with, in order that they fulfil their obligations.
We will not share your data with any third party where it is not necessary to do so to provide a service to you. We will never sell your personal data to any third party.

8. International Transfers
As part of the operation of our business, your personal data may be transferred, stored and processed outside the European Economic Area (EEA), including countries which do not provide equivalent protection for personal information in accordance with the General Data Protection Regulation (GDPR). This will occur when the service providers we use are located outside of the EEA. As part of our commitment to you, we will endeavour to ensure that the transfer will be compliant with relevant data protection laws and all personal data will be secure.

9. How long do we hold your data?
We will not retain your data for longer than necessary for the legitimate purposes set out in this Policy. The criteria that we use to determine retention periods will be determined by the nature of the data and the purposes for which it is kept. For example, if we receive your information when you apply for a job with us, we will retain your data for as long as it is necessary to process your application and in the event your application is unsuccessful, we will only retain your data for three (3) months. Nevertheless, the longest we will normally hold any personal data is 10 years. In certain circumstances we may need to hold parts of the data for longer than 10 years for legal or regulatory reasons.

10. Your rights relating to your Information
Under GDPR you can exert the following applicable certain rights as detailed below:
1. The right to be informed- You have the right to be informed about the collection and use of your personal data by us;
2. The right of access- You have the right to ask us, about what personal data we hold about you. Where required, we will provide privacy information to you at the time of when we collect your personal data;
3. The right to rectification- You have the right to ask us to rectify any inaccurate personal dta we hold on you, or complete data if it is incomplete. You can request this by contacting us via the contact details below.
4. The right to erasure- In certain circumstances, you have the right to request for the personal data we hold on you to be erased. However, if there are circumstances where we are not obliged to fulfil this request, such as requiring to keep hold of the data to comply with certain legal obligations, or for public health purposes, we will endeavour to inform you about the legitimate reasons why we are not able to comply with your request;
5. The right to restrict processing- In certain circumstances, you have the right to request the restriction or suppression of your personal data. However, if there are circumstances where
we are not obliged to fulfil this request, we will endeavour to inform you about the legitimate reasons why we are not able to comply with your request;
6. The right to data portability- In certain instances, you have a right to receive any Information that we hold about you in a structured, commonly used and machine-readable format. You can ask us to transmit that Information to you or directly to a third party organisation. This right only applies to the personal data you provided to us as the data controller. We will assess each request if it is technically feasible that we can comply. If there are instances where we are not able to comply, we will endeavour to inform you of the reasons why we cannot comply;
7. The right to object- You have the right to object how we use and process your data, especially if it is for direct marketing purposes. The reasons behind your request must be provided. If there are circumstances, where we are not able to comply due to legitimate grounds, we will endeavour to inform you.
To exert any of the above rights, please contact as using the contact information provided in Section 12 below. We will endeavour to proceed with reasonable requests free of charge within 30 days of receipt of the request.

11. Changes to our Privacy Policy
We have the right to make changes to this policy at any time. Any changes we make will be issued and if appropriate, we will notify you of these changes by email, where we are holding your email address.

12. Contact Information
If you want to know what information we collect and hold about you, or to exercise any of your rights as set out above, please write to us at the email address or postal address below:
Lightpoint Medical Ltd
Misbourne Works