🚀 Where single molecule meets high throughput - power the next generation of molecular dynamics and drug discovery with the EI-FLEX Pro

Contact us
Contact us

Privacy Policy

Privacy Notice

Exciting Instruments Limited

Last updated: 13 May 2026    Version: 2.1

This privacy notice for Exciting Instruments Limited (“Company”, “we”, “us”, or “our”) describes how and why we collect, store, use and share (“process”) personal information when you:

  • visit our website at excitinginstruments.com or any website of ours that links to this notice;
  • enquire about, purchase or use our scientific instruments;
  • use our cloud platform that is bundled with our service and maintenance contracts (the “Platform”);
  • supply goods or services to us;
  • engage with us in any other way, including sales, marketing or events.


A separate privacy notice covers job applicants, employees, workers and contractors.

Questions? Email privacy@excitinginstruments.com.

Summary of key points

What personal information do we process? Name, business contact details, account credentials, order and shipping information, content you upload to the Platform, marketing preferences, and technical data such as your IP address.

Do we process sensitive personal information? Not as a controller. Our Platform is not designed to process special-category data; if a customer uploads such data we process it on the customer’s instructions under our Data Processing Agreement.

Do we receive information from third parties? Yes — from distributors and resellers, public sources, business-information providers, and analytics providers via our website.

How do we use it? To run our website and Services, sell and ship our products, run the Platform, communicate with you, market lawfully, secure our systems, and meet our legal obligations.

With whom do we share it? Cloud hosting and software providers, banking partners (we accept payment by bank transfer only — we do not collect or store card data), shipping partners, distributors and resellers, professional advisers, authorities where required by law, and acquirers in a corporate transaction. Our SaaS sub-processor list is at excitinginstruments.com/legal/sub-processors.

Cookies? Yes, with consent for non-essential cookies. See our Cookie Notice.

International transfers? Yes — including to the United States. We use UK IDTA / EU SCCs, the UK-US data bridge / EU-US Data Privacy Framework, and additional safeguards.

Your rights. Access, correct, delete, restrict, object, port, withdraw consent, complain to a supervisory authority. Where required by applicable law, we recognise Global Privacy Control (GPC) signals.

How to exercise your rights. Email privacy@excitinginstruments.com.

1. Who we are

Exciting Instruments Limited is the controller of personal information described in this notice unless stated otherwise. Where customers use our Platform to process data about their own end users or research subjects, Exciting Instruments acts as a processor on the customer’s instructions under our Data Processing Agreement.

  • Registered office: Exciting Instruments Limited, Block 5, Level 9, Pennine Five Campus, Sheffield, South Yorkshire S1 4WP, United Kingdom
  • Company number: 13654759 (registered in England and Wales)
  • ICO registration number: ZB306965
  • Privacy Lead: Robert Bell — privacy@excitinginstruments.com
  • EU Representative (Article 27 GDPR): details in Section 15.

2. What information we collect

Information you provide

  • name, job title, employer/institution;
  • business email and phone number;
  • postal address (delivery and invoicing);
  • account username and password (for the Platform);
  • contact and marketing preferences;
  • order and contract details, and remittance details for bank transfers;
  • enquiries and correspondence;
  • form submissions (quote requests, demo bookings, event registrations);
  • data, metadata (including sample names) and other content you upload, configure or generate within the Platform.

We accept payment by bank transfer only. We do not collect or store credit or debit card information.

Information collected automatically

  • Log and usage data: IP address, device and browser characteristics, OS, language, referring URLs, pages and features used, timestamps, error reports.
  • Device data: device and application identifiers, hardware model, ISP/mobile carrier.
  • Approximate location data: derived from your IP address. We do not collect precise GPS location.
  • Cookies and similar technologies: see Section 6.

Sensitive / special-category data

Our Platform is not designed to process special-category data. If a customer chooses to upload such data, it is processed on the customer’s instructions under our DPA. The customer is responsible for the lawful basis (including any required ethics/IRB approval).

Information from third parties

  • distributors, resellers and channel partners;
  • recruitment agencies (job applicants only — see HR notice);
  • public sources (e.g. company websites, professional registers, LinkedIn);
  • business-information and enrichment providers;
  • analytics and marketing-attribution providers integrated with our website.

3. How we use it

  • providing, operating and securing our website and Services;
  • creating and managing accounts and authenticating users;
  • handling enquiries, quotes, orders, shipping, invoicing and bank-transfer reconciliation;
  • delivering customer support;
  • delivering the Platform per the customer’s instructions and our DPA;
  • sending administrative messages (changes to terms, security notices);
  • marketing and event communications where lawful (consent or PECR B2B soft opt-in);
  • understanding usage trends and improving our products;
  • measuring marketing effectiveness;
  • preventing fraud and abuse, and protecting our legal rights;
  • complying with legal, tax, accounting and regulatory obligations;
  • in rare cases, protecting someone’s vital interests.

We do not make solely-automated decisions producing legal or similarly significant effects.

4. Lawful bases

Purpose

Lawful basis

Operating the website and Services

Legitimate interests; performance of a contract

Selling and supplying products; reconciling bank transfers

Contract; legal obligation (tax, accounting); legitimate interests

Providing the Platform

Contract (with the customer); legitimate interests

Marketing and events

Consent where required; legitimate interests for B2B contacts under the PECR soft opt-in

Supplier management and supplier payments

Contract; legal obligation; legitimate interests

Compliance, security, fraud prevention

Legal obligation; legitimate interests

Analytics and product improvement

Legitimate interests with safeguards

Legal claims and corporate transactions

Legitimate interests; legal obligation

Vital interests (rare)

Vital interests

You can withdraw consent at any time without affecting prior processing. For our legitimate-interests balancing test, email privacy@excitinginstruments.com.

5. Who we share it with

We share personal information with the following categories of recipients on a need-to-know basis. The named sub-processor list for our Platform is at excitinginstruments.com/legal/sub-processors.

  • group companies and affiliates;
  • cloud hosting and infrastructure providers in the UK and/or United States;
  • software providers supporting our internal operations: CRM and marketing automation, customer support and chat, identity and access management, security and monitoring, product analytics;
  • banking and financial services providers for bank transfers;
  • shipping, logistics and customs partners;
  • distributors, resellers and partners;
  • professional advisers (legal, accounting, audit, insurance);
  • authorities and regulators where required by law (HMRC, customs, courts, law enforcement);
  • acquirers and successors in a corporate transaction, subject to confidentiality.

We do not sell personal information and do not “share” it for cross-context behavioural advertising as defined by CCPA/CPRA, except as described in Section 6 (analytics and limited measurement cookies) where you have controls.

6. Cookies

The Website uses cookies and similar technologies in four categories: strictly necessary, preferences, analytics, and marketing/measurement. Non-essential cookies are only set after you give consent via our cookie banner (managed by Usercentrics). You can change your preferences at any time via the Privacy Settings link in the page footer. The full list of cookies, providers and durations is in our Cookie Notice.

7. International transfers

Personal information may be transferred to, processed in, and stored in countries outside the UK and EEA, including the United States. Safeguards include:

  • the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU SCCs;
  • the EU Standard Contractual Clauses under Commission Implementing Decision (EU) 2021/914;
  • adequacy decisions and recognised frameworks, including the EU-US Data Privacy Framework and the UK Extension to the DPF where the recipient is certified;
  • additional technical and organisational measures (encryption in transit and at rest, access controls, pseudonymisation where appropriate);
  • transfer impact assessments where required.

You can request a copy of the safeguards by emailing privacy@excitinginstruments.com.

8. Retention

  • Website enquiries / unconverted leads: up to 24 months from last contact.
  • Customer account and transaction records: duration of relationship plus 6 years.
  • Platform customer content: per the DPA — generally until the customer deletes it or the contract ends. Deleted data is removed from live systems promptly and from encrypted backups within 30 days.
  • Marketing data: until you unsubscribe, plus a suppression record.
  • Supplier records (including bank details for payment): duration of relationship plus 6 years.

A more detailed retention schedule is available on request.

9. Security

We maintain a documented information security programme aligned to industry good practice and continually review our controls. These include access controls, multi-factor authentication, encryption in transit and at rest, network segregation, vulnerability management, vendor due diligence, mandatory privacy and security training, and an incident response process. No system is 100% secure; please use strong passwords and protect your account credentials.

10. Minors

Our Services are intended for business use only and are not directed at children under 16. If you become aware that a child has provided us with personal information, contact privacy@excitinginstruments.com.

11. Your rights

Subject to conditions in applicable law, you have the right to access, rectify, erase, restrict, object to processing, data portability, and to withdraw consent. To exercise any right, email privacy@excitinginstruments.com. We respond within one month (extendable by two further months for complex requests) and may need to verify your identity using information you have already provided to us.

You may use an authorised agent (proof of authorisation required).

To opt out of marketing, use the unsubscribe link in any email or contact us. Service messages will continue.

12. Do Not Track and Global Privacy Control

There is no uniform standard for “Do-Not-Track” browser signals, so we do not respond to DNT specifically. We do honour Global Privacy Control (GPC) signals as a valid opt-out of “sale” or “sharing” where required by US state privacy laws.

13. US state privacy rights (including California)

This section addresses rights under the California Consumer Privacy Act as amended by the CPRA and equivalent comprehensive privacy laws in Colorado, Connecticut, Virginia, Utah, Texas, Oregon, Montana, Iowa, Delaware, Indiana, Tennessee, Minnesota, Maryland, New Jersey and other US states whose laws are in force in 2026.

Categories collected (last 12 months)

Category

Examples

Collected?

A. Identifiers

Name, postal address, email, phone, IP, account name

Yes

B. California Customer Records

Name, contact information, employer

Yes

C. Protected classifications

— (limited voluntary diversity data only in HR context)

No (website / customer)

D. Commercial information

Orders, transactions, remittance information (no card data)

Yes

E. Biometric information

No

F. Internet or other network activity

Browsing on our site, interactions with the Platform

Yes

G. Geolocation data

Approximate (IP-derived)

Yes

H. Audio/visual

Webinar recordings where notified

Sometimes

I. Professional/employment information

Job title, employer

Yes

J. Education information

No

K. Inferences

Lead scoring

Limited

L. Sensitive personal information

Account credentials only

Limited

Sources, purposes, sharing, retention

  • Sources: Section 2.
  • Purposes: Section 3.
  • Recipients: Section 5. We do not sell personal information and do not share it for cross-context behavioural advertising other than via website analytics/measurement cookies you can control.
  • Retention: Section 8.

Your US state privacy rights

To know / access / port / correct / delete / opt out of sale or sharing / opt out of targeted advertising / limit use of sensitive personal information / opt out of profiling producing legal or similarly significant effects (we do not currently do this) / non-discrimination / appeal a denial.

To exercise: email privacy@excitinginstruments.com. We will verify the request as required. We do not knowingly sell or share the personal information of consumers under 16. Authorised agents may submit requests with proof of authorisation.

California “Shine the Light”

We do not disclose personal information to third parties for their direct marketing purposes. Questions: privacy@excitinginstruments.com.

14. Updates

We may update this notice from time to time. The “Last updated” date reflects the latest version. Material changes will be notified by prominent notice on our website or, where appropriate, by email.

15. Contact and complaints

  • Email: privacy@excitinginstruments.com
  • Post: Privacy, Exciting Instruments Limited, Block 5, Level 9, Pennine Five Campus, Sheffield, South Yorkshire S1 4WP, United Kingdom

Please raise concerns with us first. You also have the right to complain to a supervisory authority:

  • UK: Information Commissioner’s Office (ICO) — ico.org.uk — 0303 123 1113.
  • EU/EEA: the data protection authority of your country of residence, place of work, or place of the alleged infringement.
  • Switzerland: Federal Data Protection and Information Commissioner — edoeb.admin.ch.
  • California: California Privacy Protection Agency (cppa.ca.gov) and California Attorney General (oag.ca.gov/privacy).
  • Other US states: the relevant state Attorney General.

EU/EEA GDPR Representative (Article 27)

If you are located in the EU and have questions or concerns regarding your personal data, you may contact our appointed GDPR representative:

EU Representative:

Euverify Ltd (Ireland)

Unit 3D North Point House

North Point Business Park

New Mallow Road

Cork

T23 AT2P

Ireland

Email: gdpr@euverify.com

To submit a Data Subject Access Request (DSAR), data deletion request, or any other GDPR-related inquiry, please use our secure portal at:

https://gdpr.euverify.com/verify/d1bad88c-567a-498d-a832-98267a5783f5

This link allows you to verify our appointed representative and submit GDPR requests directly. Requests submitted through this portal are logged and tracked to ensure timely response and compliance.

           GDPR Compliant - Euverify