Change Bio

Privacy Policy

**CHANGE BIO PRIVACY POLICY**

Last updated: 27th February 2025

We are Change Bio Ltd ("Change Bio", "we", "us", "our"), a company that supplies custom protein products. Our company registration number is 15099930 and our registered address is Cawley House, 149-155 Canal Street, Nottingham, England, NG1 7HR.

We are registered with the Information Commissioner's Office ("ICO"): ZB868679.

This privacy policy applies to individuals who: (i) visit our website at https://changebio.uk/ (the "Site"); (ii) engage with us via email, our Site, and/or social media accounts; and (iii) we otherwise deal with in their business capacity, including representatives of our customers, prospective customers, suppliers, investors, contractors, and agents ("you", "your"). It is important that you read this privacy policy together with any other privacy policy or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data.

Change Bio – Privacy Statement

At Change Bio, your privacy is important to us. We believe in a responsible and pro-active approach when dealing with your personal information.

This policy sets out how and why we collect, store, use and share personal information generally, our dedication to protect it, as well as your rights in relation to your personal information and details of how to contact us and supervisory authorities if you have a complaint.

If you have any questions about how we use your personal data, please contact: hello@changebio.uk.

1. The types of personal data we collect

We collect and use the following information about you:

  • **Identity Data** including your first name and surname.
  • **Contact Data** including your work address, billing address, delivery address, email address and telephone numbers.
  • **Financial Data** including bank account details.
  • **Business Data** including the name of the organisation you represent, and your position, department and business ID numbers.
  • **Transactional Data** including information about our business dealings, transactions and interactions with you.
  • **Technical Data** including your IP address when you visit or engage with our Site.
  • **Survey Data** including data from surveys that we may, from time to time, send to you for research purposes, if you choose to respond to, or participate in, them.
  • **Usage Data** including information about how you use our Site, products or services.
  • **Investor Data** including information about your investments with us and any background checks we carry out on you.
  • **Marketing and Communications Data** including your preferences in receiving marketing from us and your communication preferences.

We will indicate where any personal information we have requested from you is mandatory, and also explain the consequences should you decide not to provide information which we have indicated is mandatory. In some circumstances this may mean we are unable to fulfil your order.

2. If you fail to provide personal data

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have, or are trying to enter into, with you (for example, to provide you with our products or services). In this case, we may have to cancel an order you have placed with us, but we will notify you if this is the case at the time.

3. How we use your personal data

We will only process your personal data where we have a lawful basis to do so. The lawful basis will depend on the purposes for which we have collected and use your personal information. In almost every case, the lawful basis will be one of the following:

  • **Consent:** This applies where you have consented to us processing your personal data for a certain purpose.
  • **Our legitimate business interests:** where it is necessary for us to supply our services or products or to perform our day-to-day business operations, provided in each case that this is done in a legitimate way which does not unduly affect your privacy and other rights. Also, where it is necessary for system administration purposes and for internal operations, including data analysis, testing, research, and statistical and survey purposes. For example, to respond to your queries, to fulfil your orders or for direct marketing.
  • **Performance of a contract with you (or in order to take steps prior to entering into a contract with you):** for example, (i) where you have provided your information to receive details in relation to our services or products, (ii) to provide customer support and ensure we provide a good level of customer service, (iii) where we work to fulfil your order, and (iv) to administer and manage our relationship with our investors or prospective investors.
  • **Compliance with the law:** where we are subject to a legal obligation and need to use your personal information in order to comply with that obligation.

4. How we share your personal data with third parties

We may share your personal information with our suppliers, business partners and other providers, where they are helping us to market, advertise or supply our products or services, for them to use for the purposes set out in this privacy policy. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality. For example, we may share your personal data with (i) third-party protein manufacturers and/or delivery carriers to enable us to make and deliver the finished protein products that you order from us and/or (ii) the supplier who hosts our Site.

We may disclose your personal information to other third parties in the following circumstances:

  • in the event that we sell any business or assets, in which case we may disclose your personal information to the prospective buyer of such business or assets;
  • if we are under a duty to disclose or share your personal information in order to comply with any legal or regulatory obligation or request;
  • in the case of an emergency, in which case we shall share personal data as is necessary and proportionate; or
  • to protect the rights, property or safety of us, our service providers or others, and in order to enforce or apply our terms of supply (this includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction).

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

5. Marketing

We may occasionally send you marketing materials which we believe may be of interest to you.

You may receive marketing communications from us if you have requested information from us, ordered products from us, otherwise engaged with us, or if LinkedIn recommends your LinkedIn profile to us, provided in each case that you have not opted out of receiving such marketing communications from us.

**Third-party marketing.** We will not sell or rent your personal data to any third parties.

**Opting out.** You can ask us to stop sending you marketing messages at any time by contacting us at any time. Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of an order or purchase for our products or services, a product or service experience or other transactions.

6. Cookies

Our Site uses cookies to distinguish you from other users of our Site. This helps us to provide you with a good experience when you browse our Site, and to improve our Site. A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer. Cookies contain information that is transferred to your computer's hard drive. We currently use, or may use in the future, the following cookies:

  • **Strictly necessary cookies.** These are cookies that are required for the operation of our Site. They include, for example, cookies that enable you to access secure areas of our Site or ensure the content of the pages of our Site loads quickly and effectively.
  • **Analytical or performance cookies.** These allow us to recognise and count the number of visitors on our Site and to see how visitors interact with our Site when they are using it. This helps us to improve the way our Site works, for example, by ensuring that users are finding what they are looking for easily.
  • **Functionality cookies.** These are used to recognise you when you return to our Site. This enables us to personalise our content for you and remember your preferences (e.g. your geo-location).

You can find more information about the individual cookies we use and the purposes for which we use them below:

  • _tccl_visitor : This cookie is put in place by the host of our Site, GoDaddy. It remains on a user's device for one year, and monitors website usage performance.
  • _tccl_visit : This cookie is put in place by the host of our Site, GoDaddy. It remains on a user's device for 30 minutes, and monitors website usage performance.
  • dps_site_id : This is a session cookie put in place by GoDaddy that expires at the end of a browser session. It is used for optimising the speed and performance of the Site.
  • _scc_session : This cookie remains on a user's device for 20 minutes and is used by GoDaddy to maintain an anonymised user session.

As several of our cookies are put in place by GoDaddy, please refer to GoDaddy's privacy policy if you would like more information regarding how it may process your personal data: https://www.godaddy.com/en-uk/legal/agreements/privacy-policy. You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of the Site may become inaccessible or not function properly.

7. Where we store your personal data

Generally, your information is stored in the UK or European Economic Area ("EEA"), but we may transfer it to countries outside the UK and EEA.

Whenever we transfer your information internationally, we will take steps which are reasonably necessary to ensure that adequate safeguards are in place to protect your personal information and to make sure it is treated securely and in accordance with this privacy policy. In these cases, we rely on approved data transfer mechanisms (such as the EU "Standard Contractual Clauses" and the "UK Addendum") to ensure your information is subject to adequate safeguards in the recipient country. If you are located in the UK or EEA, you may contact us for a copy of the safeguards which we have put in place to protect your personal information and privacy rights in these circumstances.

8. Your rights

Change Bio takes your privacy very seriously and wants you to be aware of your rights. In particular, you have the following rights subject to any exemptions that apply in law:

  • the right to request (i) confirmation of whether we process your personal data and (ii) access to a copy of the personal data retained;
  • the right to have inaccurate personal data rectified, or completed if it is incomplete;
  • in certain situations, the right to have your personal data erased, or transmitted directly to another company, where technically feasible;
  • where the processing of your personal data is based on your consent, the right to withdraw your consent at any time without impact to any data processing activities that have taken place before such withdrawal;
  • the right to not be subject to any decisions based solely on automated processing, including profiling, which has legal or other similarly significantly effects on you, unless we have taken your consent, it is authorised by law or it is necessary for the performance of a contract;
  • in certain situations, the right to restrict or object to our processing of personal data regarding you; and
  • the right to lodge complaints with a relevant supervisory authority (being, for UK individuals, the ICO).

Before we can respond to a request to exercise one or more of the rights listed above, you may be required to verify your identity or your account details. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Please send us an email at hello@changebio.uk if you would like to exercise any of your rights.

9. Data security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

We take steps to ensure that your information is treated securely and in accordance with this policy. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, for example, by encryption or by pseudonymisation, we cannot guarantee the security of your information transmitted via the internet; any transmission is at your own risk.

We have appropriate technical and organisational measures to ensure a level of security appropriate to the risk of varying likelihood and severity for the rights and freedoms of you and other individuals. We maintain these technical and organisational measures and will amend them from time to time to improve the overall security of our systems.

In addition, we limit access to your personal data to those employees, agents, contractors, suppliers and other third parties who have a business need to know.

We will, from time to time, include links to and from the websites of our partner networks, suppliers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any information to these websites.

10. How long we keep your personal data

We retain your information for as long as it is reasonably necessary taking account of the purpose(s) for which it was collected. Where we do not need your information taking account of the purpose(s) for which it was collected, we retain it only for so long as we have a legitimate business purpose in keeping such data.

However, there are occasions where we are likely to keep this data for longer in accordance with our legal obligations, or where it is necessary for the establishment, exercise or defence of legal claims.

We may store your information in an aggregated and anonymised format.

11. Information relating to children

The services and products provided by Change Bio are not directed at children under the age of 18. If you believe that we have personal data about or collected from a child under the relevant age, please contact us at hello@changebio.uk.

12. Complaints

In the event that you wish to make a complaint about how we process your personal data, please contact us in the first instance at hello@changebio.uk and we will endeavour to deal with your request as soon as possible.

This is without prejudice to your right to complain to a supervisory authority. For UK individuals, the ICO can be contacted at: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, or online at https://ico.org.uk/make-a-complaint/.

13. Changes to this Privacy Policy

Any changes we make to our privacy policy in the future will be posted on the Site and, where appropriate, notified to you by email. Please check back regularly to see any updates or changes to our privacy policy.

← Back to Home