1. Who we are
Varsity BioLogistics Ltd (“Varsity BioLogistics”, “we”, “us”, “our”) provides temperature-controlled logistics for biological samples. We are the data controller for the personal data described in this policy.
Varsity BioLogistics Ltd
4 Fish Hill, Royston, Hertfordshire, SG8 9LD, United Kingdom
Registered in England & Wales, company number 08064896
contact@varsitybiologistics.com · +44 (0)1763 245938
Data protection queries should be sent to contact@varsitybiologistics.com.
2. What personal data we collect
Information you give us
When you complete a booking form, request a quote, or contact us, we collect:
- Contact details: your full name, work email address, company or institution, and telephone number.
- Shipment details: what is being shipped, temperature range, route, urgency, number of samples, collection and destination locations, destination company, preferred collection date and window, and any notes you add.
- Consent records: whether you agreed to us processing your details, and whether you opted in to marketing, together with the wording you agreed to and the time you agreed.
Please do not include special-category data (such as health information about identifiable individuals) in free-text fields. Samples we transport are handled under our service agreements, not through this website.
Information we collect automatically
- Usage data: pages visited, referring page, approximate location derived from IP address, browser and device type.
- Cookies and similar technologies: see section 9.
3. How and why we use your data
Under the UK GDPR we must have a lawful basis for each use of your personal data. Ours are:
| What we do | Why | Lawful basis |
|---|---|---|
| Respond to your booking or enquiry, prepare a quote, and arrange collection | To provide the service you asked for | Performance of a contract, or steps taken at your request before entering a contract |
| Deliver, monitor and support your shipments | To fulfil our service obligations | Performance of a contract |
| Keep records, manage accounts, and prevent fraud | To run our business responsibly | Legitimate interests; legal obligation |
| Send marketing about our services | To keep you informed about what we offer | Consent (you may withdraw it at any time) |
| Improve our website and understand how it is used | To make the site useful and reliable | Consent (for non-essential cookies); legitimate interests |
| Comply with customs, dangerous-goods and transport regulations | Because the law requires it | Legal obligation |
Where we rely on legitimate interests, we have considered whether those interests are overridden by your rights, and concluded they are not. You may object at any time (see section 8).
4. Marketing communications
We only send marketing emails if you have opted in. Every marketing email contains an unsubscribe link, and you can opt out at any time by clicking it or emailing us. Withdrawing consent does not affect the lawfulness of anything we did before you withdrew it, and it will not stop service messages about a booking you have placed.
5. Who we share your data with
We do not sell your personal data. We share it only where necessary, with:
- Carriers, couriers and handling partners: to collect and deliver your shipment.
- HubSpot, Inc.: our customer relationship management (CRM) and marketing platform, which stores booking and contact records submitted through this website.
- IT and hosting providers: who operate our website, email and systems on our behalf.
- Professional advisers: accountants, auditors, insurers and lawyers, where needed.
- Authorities and regulators: customs, transport or law-enforcement bodies, where legally required.
- Buyers or successors: if we sell or reorganise part of our business.
Our suppliers act as data processors. They may only use your data on our documented instructions, under a written contract that requires appropriate security.
6. International transfers
Some of our providers, including HubSpot, process data outside the United Kingdom. Where we transfer personal data abroad, we rely on one of the following safeguards:
- the country has UK adequacy regulations (for example, the EU/EEA, or the US under the UK Extension to the EU–US Data Privacy Framework); or
- the International Data Transfer Agreement (IDTA), or the EU Standard Contractual Clauses with the UK Addendum, together with a transfer risk assessment.
You can request a copy of the safeguards we use by contacting us.
7. How long we keep your data
- Enquiries that do not become bookings: 24 months from your last contact with us.
- Customer and shipment records: 7 years after the end of our relationship, to meet accounting, tax and regulatory obligations.
- Marketing preferences and consent records: for as long as we rely on them, plus a reasonable period afterwards to evidence compliance.
- Website and cookie data: see section 9.
When data is no longer needed we securely delete or anonymise it.
8. Your rights
Under UK data protection law you have the right to:
- Be informed about how we use your data, which this policy explains.
- Access a copy of the personal data we hold about you.
- Rectify data that is inaccurate or incomplete.
- Erase your data (the “right to be forgotten”), in certain circumstances.
- Restrict our processing of your data, in certain circumstances.
- Data portability: receive your data in a structured, commonly used, machine-readable format.
- Object to processing based on legitimate interests, and to direct marketing at any time.
- Withdraw consent at any time, where we rely on consent.
- Not be subject to solely automated decision-making with legal or similarly significant effects. We do not carry out such decision-making.
9. Cookies and analytics
Cookies are small files stored on your device. This website does not currently set any cookies, including analytics, advertising or marketing cookies. Submitting the booking or enquiry form sends your data directly to our CRM provider (HubSpot) without setting a cookie in your browser.
We self-host our web fonts. Viewing this site does not send your data to any third-party font provider.
If we introduce analytics or marketing cookies in future (for example, HubSpot's visitor-tracking cookie), we will update this section and, where required by law, ask for your consent first via a cookie banner before any non-essential cookie is set.
10. Security
We use appropriate technical and organisational measures to protect your personal data, including encryption in transit (HTTPS), access controls, and contractual security obligations on our suppliers. No transmission over the internet is completely secure, so we cannot guarantee absolute security. If a personal data breach is likely to result in a high risk to your rights, we will inform you and the Information Commissioner's Office (ICO) as required by law.
11. Children
Our website and services are aimed at businesses and research institutions. We do not knowingly collect personal data from anyone under 18. If you believe a child has provided us with personal data, please contact us and we will delete it.
12. Changes to this policy
We may update this policy from time to time. The “last updated” date at the top shows when it was last revised. Where changes are significant, we will take reasonable steps to notify you.
13. Contact and complaints
If you have any questions about this policy, or wish to exercise your rights, contact us at:
Varsity BioLogistics Ltd, Data Protection
4 Fish Hill, Royston, Hertfordshire, SG8 9LD, United Kingdom
contact@varsitybiologistics.com · +44 (0)1763 245938
If you are unhappy with how we have handled your personal data, you may complain to the Information Commissioner's Office (ICO), the UK supervisory authority, at ico.org.uk/make-a-complaint, or by calling 0303 123 1113. We would appreciate the chance to address your concerns first.
