Xampla Privacy Policy

Last updated: December 2022

This Privacy Policy describes how Xampla collects, uses, processes, shares and keeps secure personally identifiable data from you, a website visitor, through www.xampla.com and other websites that we operate and on which we post a direct link to this Privacy Policy, including any data you may provide when you subscribe to Xampla’s newsletter, submit a job application, purchase a product or service, or take part in a competition or promotional activities (collectively the “Site”).

Xampla processes Personal Data fairly, lawfully, and in accordance with applicable laws, including, the EU General Data Protection Regulation (“GDPR”). “Personal Data” means individually identifiable information about you collected or otherwise received by Xampla. If the GDPR is applicable to our processing of your Personal Data, Personal Data means any information relating to an identified or identifiable natural person. Regarding this legislation, Xampla is the “data controller”, meaning that Xampla is responsible for deciding how personal information is held. Xampla’s data protection officer is Pete Hutton, Executive Chair. Any questions regarding Xampla’s data policy can be sent to info@xampla.com.

Xampla is the Data Controller. This means that Xampla decides how your Personal Data is processed and for what purposes.

Xampla may update this Privacy Policy from time to time, so please review it frequently. If we make any material changes to our Privacy Policy, those changes will apply to data collected after the effective date set forth above, and we will notify you by placing a notice on our Site prior to the change becoming effective. Your use of this Site indicates that you have reviewed and accept this Privacy Policy and our Web Terms.

Types of Data and Collection Methods:

Through the Site, we receive data that you actively submit as well as data that we track (“Types of Data Collected”):

Identity Data includes first name, last name, username or similar identifier.

Contact Data includes billing address, delivery address, email address and telephone numbers.

Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this Site.

Profile Data includes your username and password, preferences, feedback and survey responses.

Usage Data includes information about how you use our Site, products and services.

Marketing and Communications Data includes your preferences in receiving marketing from us

Professional Qualifications includes academic qualification, employment history, trainings, employment references and other information required for your job application with us.

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your Personal Data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. However, if we (can) combine or connect Aggregated Data with your Personal Data so that it can directly or indirectly identify you, we treat the combined data as Personal Data which will be used in accordance with this privacy notice.

We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

In processing your Personal Data, we pledge to fully comply with applicable data protection laws.

Collection Purposes, Use and Legal Basis for the Collection of Personal Data:

Most of the Site’s services do not require the collection of Personal Data, allowing you to visit our Site without telling us who you are. However, some services, such as requests for information, require the disclosure of Personal Data. We process Personal Data for specific and limited purposes, which we try to inform you about when we ask you for information. For example, we may collect and use Personal Data such as your name, organization, email, and other contact details in order to provide you with products or services or to communicate with you for other purposes. We may use your contact details to audit downloads of information from the Site and to make follow-up contact with you by email in relation to the material you have accessed.

Our Site may include community discussion forums and areas for comments. By submitting your comments in those forums or areas, you give us permission to use those comments for any of Xampla’s business purposes.

We endeavour to assure that any sensitive personally-identifiable data is processed by entities with special expertise and safeguards devoted to the processing of such data.

Below please find a list of the Personal Data collected, how the Personal Data is used, and why we use this Personal Data.

  • Information about the way you use our services
  • Information when you communicate with us whether in person, through our Site or via email, over the phone, through social media or via any other medium
  • Information that we collect through your use of our Site
  • Information that we collect from third party partners and corporate customers
  • Information that we collect incidentally from other sources or public sources
  • Information that we collect from individuals representing organizations
  • Information that you submit as part of your application for a job

Change of Purpose and Further Processing:

We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.

If we need to use your Personal Data for an unrelated purpose, to the extent legally required, we will notify you and we will explain the legal basis that allows us to do so.

Please note that we may process your Personal Data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Data Retention

We will retain your Personal Data as necessary to fulfil the purposes outlined in this Privacy Policy, or for our legitimate business or legal purposes unless otherwise required by law. To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Personal data provided by subscribing to Xampla’s mailing list will be retained until Xampla are instructed by the subscriber to cease contact via the ‘unsubscribe’ function. Personal information provided through customer enquiries will be retained as long as necessary to fulfil the purposes for which they were collected. For customer enquiries which develop into orders or projects, Xampla will retain the data for up to 5 years post order/project completion.

Disclosure and Transfer of Personal Data

Xampla will not sell Personal Data collected via Xampla.com or Xampla.com to third parties outside Xampla.

Xampla may disclose the Personal Data collected (i) where disclosure is necessary to comply with legal process (such as a court order, subpoena, search warrant, etc.) or other legal requirements of any governmental authority; (ii) where disclosure would potentially mitigate Xampla liability in an actual or potential lawsuit; (iii) where disclosure is otherwise necessary to protect Xampla’s rights or property; (iv) where disclosure is necessary to protect the legal rights or property of others, including to protect the confidentiality or security of your Personal Data; (v) as part of a bankruptcy, merger, reorganization, or a sale of the assets of Xampla, a subsidiary, or division; (vi) where disclosure is necessary in connection with other business purposes including, without limitation, customer care, service quality, business management and operation, risk assessment, security, fraud and crime prevention/detection, monitoring, research and analysis, marketing, customer purchasing preferences and trends and dispute resolution; (vii) where disclosure is necessary for us to provide it to our attorneys, accountants, regulators, auditors or other advisors; or (vii) where disclosure is otherwise necessary for us to disclose it as required or permitted by law.

Non-Personally-Identifiable Data and “Cookies

The Site uses a technology called “cookies” to estimate and report Site traffic and to help improve the contents of the Site. A cookie is a small data file transferred by a website to your computer’s hard drive. Cookies do not damage your computer and cannot be used to run programs or deliver viruses. We use cookies for a variety of purposes including to (i) remember that you have visited us before so we can identify the number of unique visitors we receive; (ii) customize elements of the promotional layout and/or content of the pages of xampla.com; (iii) collect statistical information about how you use the Site so that we can improve the Site and learn which parts of the Site are most popular to visitors. The cookies used on Xampla.com do not allow access to users’ personal information, but the cookies may be used to identify individual computers.
You have the ability to accept or decline cookies by modifying the settings of your web browser. If you choose to decline cookies, you may not be able to fully experience the interactive features of Xampla.com or other websites that you visit. You can also learn more about cookies by visiting www.allaboutcookies.org or www.cnil.fr (France), which include additional useful information on cookies and how to block cookies using different types of browser.

Xampla May Also Employ Technologies Such as the following:

“Web beacons” or “clear pixels” are small graphic images on a Web page or in an e-mail that can be used for such things as recording the pages and advertisements clicked on by users, or tracking the performance of e-mail marketing campaigns.

A “web server log” is a record of activity created by the computer that delivers the webpages you request to your browser. For example, a web server log may record the search term you entered or the link you clicked to bring you the webpage. The Web server log also may record information about your browser, such as your IP address and the cookies set on your browser by the server.

“Google Analytics” is a web analysis service provided by Google. Google utilizes cookie and usage data collected to track and examine the use of www.xampla.com, to prepare reports on its activities and share them with other Google services. Google may use the data collected to contextualize and personalize the ads of its own advertising network. Find Google’s privacy policy here.

A “widget” is a program or application that can be embedded in a web page or mobile application. Widgets can provide real-time information, such as stock quotes or weather reports, or take information, such as online orders. Widgets are often provided and hosted by a third party, and may allow that third party to collect data about users viewing that page or interacting with that widget, possibly subject to privacy policies other than Xampla’s.

Your Rights

You may have certain rights pertaining to your Personal Data, which may include access, rectification, erasure, restriction, objection, and data portability. Below we set out certain rights in more detail. These rights are not absolute and your entitlement to such rights are determined based on your geographic location and limited by local applicable law.

If you wish to exercise any of these rights, please send an email to info@xampla.com. We will respond to your request within 30 days but have the right to extend this period with notice to you and charge you a reasonable administrative fee if the request is particularly complex or if you submit a large number of requests. If we extend the response period, we will let you know within one month from your request. Please note that we may ask you to verify your identity before taking further action on your request.

Access : you are entitled to ask us if we are processing your Personal Data and, if we are, you can request access to your personal information (commonly known as a “data subject access request”) and information about the ways your personal information has been used or disclosed in the year preceding the request. This enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it. Please note that to help protect your privacy and maintain security, we will take steps to verify your identity before granting you access to the information.

Correction : you are entitled to request that any incomplete or inaccurate Personal Data we hold about you is corrected.

Erasure : you are entitled to ask us to delete or remove Personal Data in certain circumstances. It may not always be possible for you to use this right if, for example, if it is still necessary for us to perform under an agreement we have with you or we need to keep the information by law or because of a legal dispute.

Restriction : you are entitled to ask us to suspend the processing of certain of your Personal Data, for example if you want us to establish its accuracy or the reason for processing it.

Portability : you may request the transfer of certain of your Personal Data to another party. To help with that you have a right to ask that we provide your information in an easily readable format to another company.

Objection : where we are processing your Personal Data based on a legitimate interest (or those of a third party) you may object to processing on this ground. However, we may be entitled to continue processing your information based on our legitimate interests.

Withdraw consent : where we are processing your Personal Data on the legal basis of consent, you may withdraw your consent at any time by sending an e-mail to info@xampla.com. If you no longer want to receive direct marketing communications you can also click the unsubscribe link included in each e-mail we send you.

What We May Need from You When Exercising Your Rights

We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.


If you have a complaint about the way we process your Personal Data, we request that you contact us at info@xampla.com to allow us to solve the complaint. However, you also have the right to file a complaint with the supervisory authority in the Country where you live or work, or in the Country in which the alleged infringement regarding the processing of your Personal Data took place. A list of supervisory authorities in the European Union can be found at https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.

Links to Other Sites

This Privacy Policy applies only to xampla.com and does not include third-party websites. xampla.com may include links to other websites that we believe may be of interest to our visitors. We aim to ensure that such websites meet the highest standard. However, due to the nature of the World Wide Web, Xampla cannot guarantee the standards of every website link it provides or be held responsible for the contents of non-Xampla websites. We encourage you to be aware when you are leaving Xampla.com and read the privacy statement of the website that you visit prior to providing any personal information.


We follow generally accepted industry standards, including physical, technical and administrative measures, to protect the information submitted to us, both during transmission and once we receive it. However, no method of transmission over the Internet is 100% secure. Therefore, while we strive to use generally acceptable means to protect your information, we cannot guarantee its absolute security.


Our Site is intended for a general audience, and we do not knowingly collect information about children or sell products or services to children. Consistent with the Children’s Online Privacy Protection Act, we do not knowingly collect personal information from anyone under the age of 13. If you are under the age of 13, you must ask your parent or guardian to assist you in using Xampla.com.

Questions and Feedback

If you have any questions or complaints about this Privacy Policy or Xampla’s information handling practices, you may email us at info@xampla.com or contact us at:

Xampla Ltd
BioInnovation Centre
25 Cambridge Science Park Rd
Cambridge, CB4 0FW
+44 (0)1223 827140