ExpressionEdits Ltd Privacy Notice
1. Company Information
ExpressionEdits Ltd is a company registered in England and Wales under the number 13517470 and whose registered office is at 3rd Floor, 1 Ashley Road, Altrincham, Cheshire, WA14 2DT.
Our Data Protection point of contact is our Senior Business Operations Manager, Kirstie Burrell. You can contact Kirstie via email at privacy@expressionedits.com.
2. This Notice
ExpressionEdits Ltd (“ExpressionEdits”, “us”, “we”, or “our”) respects the privacy of our customers, prospective customers, suppliers, collaborators, partners, and other business contacts (our “Contacts” or “you”).
This Privacy Notice (“Notice”) describes how we collect, process, share and safeguard Personal Data that is collected through or in connection with our business and/or the biotechnology services we offer (“Services”). It also tells you about your rights and choices concerning your Personal Data, and how you can contact us if you have any questions or concerns.
3. Personal Data We Collect
We collect Personal Data about you from the sources listed below. In this Notice, “Personal Data” means any information related to an identified or identifiable individual and does not include data whereby personally identifiable information has been removed (such as anonymous data).
Personal Data You Provide to Us
We will collect your full name, email address, phone number(s), and address(es) in connection with the Services we offer or when you contact us via email, social media, or by other means. When you contact us, you also provide us with the content of your communications.
Where you provide us with the Personal Data of third parties, it is your responsibility to inform them about the processing of their Personal Data following this Notice and to confirm that they have given their permission.
Please note: Job Applicants should refer to the ExpressionEdits Applicant Privacy Notice for details on how your Personal Data is handled when you contact us concerning recruitment.
Information We Receive From Third Parties
We receive Personal Data from the third parties listed below, which process your Personal Data per their own privacy policies. Please review these policies carefully before using their services.
Social media information: We maintain pages on social media platforms, such as LinkedIn and Twitter. You or the platform providers may provide us with information through the social media platform, and we will treat such information per this Notice.
Other sources: We may obtain your Personal Data from other third parties, such as marketing partners, publicly-available sources, such as LinkedIn, and lead generators.
4. How We Use Your Personal Data
We will use your Personal Data for one or more of the purposes set out below.
When you communicate with us
When you reach out to us, it is in our legitimate interests to use the Personal Data you have provided to respond to communications, requests or queries sent to us and to keep records. The Personal Data we process when doing so includes your correspondence with us, your name, and your contact details. We will only use the information for the purpose for which you contacted us.
Working with us
If you use our Services or work with us, e.g., through a research collaboration, we use your Personal Data to perform our contract with you, including operating, maintaining, and providing you with the Services or to perform the research project.
Communicating with you about our Services and/or our business
It is in our legitimate interests to communicate with you about our Services and/or our business including by sending you, updates, and other administrative messages. The Personal Data we process when doing so includes your name and contact details.
For direct marketing and to expand our network
Except where consent is required, unless you have opted out of receiving marketing communications, it is in our legitimate interests to use your Personal Data from time to time to send you direct marketing communications and to expand our professional network as permitted by law, including, but not limited to, telling you about ExpressionEdits and its Services, notifying you of business updates and events via email. You can opt out of such communications by following any instructions to unsubscribe, or by otherwise emailing us at privacy@expressionedits.com.
To comply with legal obligations and to defend ExpressionEdits against legal claims or disputes
It is in our legitimate interests to defend ourselves against legal claims or disputes. Where we do so, we will use the Personal Data relevant to such a case. Some processing may also be necessary to comply with a legal obligation placed on ExpressionEdits, for example, to keep records of transactions, or as requested by any judicial process or governmental agency.
We will only process Personal Data based on our legitimate interests where such interests are not overridden by your interests or your fundamental rights and freedoms.
If, where we are processing your Personal Data to perform our contract with you, you do not provide the Personal Data, we may not be able to conclude or fulfil such a contract.
5. How We Share Your Personal Data
We disclose Personal Data about you with the following recipients and in the following circumstances:
Affiliates:
Affiliates and subsidiaries of ExpressionEdits, for purposes consistent with this Notice.
Service Providers:
We rely on vendors and service providers for the operations of our business, the provision of our Services and for the purposes set out above, such as providers of hosting and cloud computing services and other IT services, in addition to other administrative services. These third parties may have access to or process your Personal Data as part of providing these services.
Advisors:
We work with various advisors, including financial consultants, accountants, business, and legal advisors, with whom we may share your Personal Data.
Legal:
Information about contacts, including Personal Data, will be disclosed to law enforcement agencies, regulatory bodies, and public authorities or according to the exercise of legal proceedings if we are legally required to do so, or if we believe, in good faith, that such disclosure is necessary to comply with a legal obligation or request, to enforce our terms and conditions, to prevent or resolve security or technical issues, or to protect the rights, property or safety of ExpressionEdits, other contacts, a third party, or the public.
Business Transaction:
If ExpressionEdits is involved in a merger, acquisition or asset sale, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, your Personal Data may be sold, transferred, or otherwise shared including as part of any due diligence process.
We have Data Processing Agreements in place with all our third-party service providers, who act as Data Processors on our behalf, which are required to take appropriate security measures to protect your Personal Data in line with our policies. We only allow them to process your Personal Data for specified purposes and per our instructions.
In most cases, we will store your Personal Data within the UK and/or European Economic Area (the “EEA”). The EEA consists of all EU member states, plus Norway, Iceland, and Liechtenstein. This means that this storage of Personal Data will be fully protected under the Data Protection Legislation, GDPR, and/or to equivalent standards by law.
Through our use of certain systems or suppliers, we may also store or transfer some or all of your Personal Data to countries that are not part of the EEA or the UK. These are known as “third countries” and may not have data protection laws that are as strong as those in the UK and/or the EEA. In all such instances, we ensure safeguards are in place to protect your data including ensuring to enter into Data Processing Agreements with any company or individual processing data on our behalf, either as a service or in the provision of a system or ensure such provisions are either written into Terms of Service or a Data Processing Addendum, including Standard Contractual Sections where applicable.
For more information about how we transfer Personal Data internationally, please contact us as set out in the “Contact Us” section below.
6. Your Rights and Choices
Depending on where you are based, and as provided under applicable law and subject to any limitations in such law, you have the right to:
access the Personal Data we hold about you;
request we correct any inaccurate Personal Data we hold about you;
request we delete any Personal Data we hold about you;
restrict the processing of Personal Data we hold about you;
object to the processing of Personal Data we hold about you;
receive any Personal Data we hold about you in a structured and commonly used machine-readable format or have such Personal Data transmitted to another company, and
withdraw any consent you previously provided to us regarding the processing of your Personal Data at any time. We will apply your preferences going forward. This will not affect the lawfulness of the processing before you withdrew your consent.
Please note that, before any response to the exercise of such rights, we will require you to verify your identity. In addition, we may have valid legal reasons to refuse your request and will inform you if that is the case. For more information on your rights, please contact us using the details in the “Contact Us” section below.
Subject Access Requests will be handled in accordance with data protection law. We will carry out reasonable and proportionate searches for Personal Data and respond without undue delay, and in any event within one calendar month. Where we need further information from you to identify and locate the Personal Data requested, we may pause the response period until we receive that information. The response period will resume once we have what we need. In some cases, we may also extend the response period by up to a further two months where a request is complex or we have received a number of requests; we will inform you of any such extension within one month of receiving your request.
In some circumstances, we may refuse to act on a request or charge a reasonable fee where a request is manifestly unfounded or excessive. Where this applies, we will explain our decision and inform you of your right to complain to the Information Commissioner’s Office (ICO).
7. International Data Transfers
If we transfer your Personal Data internationally, we will ensure that the level of protection afforded to your Personal Data is not materially lower than that provided under UK data protection law. Where required, we will rely on a UK government adequacy decision, an International Data Transfer Agreement (IDTA), an Addendum to EU Standard Contractual Clauses, or another safeguard or derogation permitted under applicable law. For more information about how we transfer Personal Data internationally, please contact us as set out in the “Contact Us” section below.
8. Children’s Privacy
Our Services are not directed to children, and we do not knowingly collect Personal Data from anyone under the age of 18. If you are a parent or guardian and you are aware that your child has provided us with Personal Data, please contact us as set out in the “Contact Us” section below.
9. Retention of Personal Data
We retain your Personal Data only for as long as is necessary to fulfil the purposes for which it was collected and processed, following our retention procedures, and under applicable laws or until you withdraw your consent (where applicable).
To determine the appropriate retention period for your Personal Data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we use your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.
We capture the retention periods for all Personal Data we process within our Data Processing Inventory. If you have any questions relating to how long we retain your Personal Data, please contact us using the contact details in Section 15.
10. Security of Personal Data
We use reasonable organizational, technical, and administrative measures designed to protect against unauthorized access, misuse, loss, disclosure, alteration, and destruction of Personal Data we process. Unfortunately, data transmission over the Internet cannot be guaranteed as completely secure. Therefore, while we strive to protect your Personal Data, we cannot guarantee its security.
11. Cookies
Cookies are small text files placed on your device to collect information about your use of our website and to help us improve it. Some cookies are strictly necessary for the website to function. Certain low-risk cookies, including first-party analytics cookies used to improve website performance, functional cookies that enhance your experience, and cookies used for security or fraud prevention purposes, may be set without your prior consent, provided we give you clear information about them and a prominent option to opt out. Cookies that are used for marketing or tracking purposes continue to require your consent. You may also set your browser not to accept cookies; however, in some cases, certain website features may not function as a result. Our website uses cookies. Further information about the cookies we use, their purpose, and how you can manage your preferences is set out in our Cookie Policy, which is available on our website.
12. Links to Other Sites
Our website and other communications may contain links to other sites that are not operated by us. If you click a third-party link, you will be directed to that third-party’s site. We strongly advise you to review the Privacy Notice of every site you visit.
We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.
13. Complaints
If you have a concern about how we handle your Personal Data, we encourage you to contact us first so that we can try to resolve the matter for you. You can raise a complaint by emailing privacy@expressionedits.com. We will acknowledge receipt of your complaint within 30 days and will investigate and respond to you without undue delay. We will keep you informed of progress and let you know the outcome in plain language, including informing you of your right to escalate the matter to a supervisory authority if you remain dissatisfied. If you are based in the UK, you may also lodge a complaint with the Information Commissioner’s Office at https://ico.org.uk/make-a-complaint/.
ExpressionEdits Ltd is registered with the Information Commissioner’s Office under reference number ZB441010.
14. Changes and Updates to This Notice
We will update this Notice from time to time. Please review this Notice periodically for any changes. Changes to this Privacy Notice are effective when they are posted on this page.
If we make material changes, we will take reasonable steps to bring them to your attention.
15. Contact Us
ExpressionEdits Ltd is the entity responsible for the processing of your Personal Data and is the data controller in respect of such processing. If you have any questions or comments about this Notice, our privacy practices, or if you would like to exercise your rights concerning your Personal Data, please contact us by email at privacy@expressionedits.com.
POL-005 Privacy Notice (External General)
Version 1
Effective 5th June 2026
Approved by Rebecca Godfrey, COO on 5th June 2026
3rd Floor 1 Ashley Road, Altrincham, Cheshire, United Kingdom, WA14 2DT