Privacy Policy
The NanoBioTechnology Hub Ltd
Last updated: 23 March 2026
1. Who We Are (Data Controller)
The NanoBioTechnology Hub Ltd (“NBTH”, “we”, “our”, or “us”) is the data controller responsible for your personal data.
Company registration number: 16493098
Registered address: First Floor, Swan Buildings, 20 Swan Street, Manchester, Greater Manchester, United Kingdom, M4 5JW
Website: https://nanobiotechnologyhub.co.uk
Data protection contact email:
We are committed to protecting your privacy and handling your personal data transparently, in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Data (Use and Access) Act 2025 (DUAA).
2. What Personal Data We Collect
2.1 Contact Form Submissions
When you submit an enquiry through our contact form (managed via Fluent Forms), we collect:
- Your name
- Your email address
- Your telephone number (if provided)
- The content of your message
- Your IP address (collected automatically for security and spam prevention)
This data is stored securely within our website’s form management system on our web server.
2.2 Newsletter Subscriptions
When you subscribe to our newsletter (managed via Fluent Forms), we collect:
- Your name
- Your email address
Your newsletter subscription data is stored securely on our web server. You may unsubscribe at any time by using the unsubscribe link included in every email we send, or by contacting us directly at info@nanobiotechnologyhub.co.uk. Upon unsubscribing, we will promptly remove your details from our mailing list.
2.3 Automatically Collected Technical Data
When you visit our website, our web server and hosting infrastructure may automatically collect:
- Your IP address
- Browser type and version
- Operating system
- Pages visited and time spent on the site
- Referring website address
- Date and time of access
This information is collected through server logs and is used to maintain the security, performance, and availability of our website.
3. How and Why We Use Your Data (Purposes and Lawful Bases)
Under the UK GDPR, we must have a lawful basis for each type of processing we carry out. The table below sets out the purposes for which we process your personal data and the corresponding lawful basis under Article 6(1) of the UK GDPR.
| Processing Activity | Purpose | Lawful Basis (Art. 6(1)) |
| Contact form submissions | To respond to your enquiry and communicate with you regarding our products, services, or potential collaborations | Legitimate interest (Art. 6(1)(f)) – It is in our legitimate interest to respond to business enquiries received through our website |
| Newsletter subscriptions | To send you our newsletter, updates, and information about our products and services | Consent (Art. 6(1)(a)) – You have given clear consent by actively subscribing to our newsletter |
| Website technical data (server logs) | To ensure the security, availability, and performance of our website; to detect and prevent misuse | Legitimate interest (Art. 6(1)(f)) – It is in our legitimate interest to maintain a secure and functioning website |
| Essential cookies | To enable core website functionality such as session management and security | Legitimate interest (Art. 6(1)(f)) – Strictly necessary for the operation of the website |
| Analytics cookies (if implemented) | To understand how visitors interact with our website and improve user experience | Consent (Art. 6(1)(a)) – We will seek your consent before placing any non-essential cookies |
| Legal and regulatory compliance | To comply with applicable legal obligations, including tax, accounting, and regulatory requirements | Legal obligation (Art. 6(1)(c)) |
Where we rely on legitimate interest as our lawful basis, we have carried out a balancing assessment to ensure that our interests do not override your rights and freedoms. You may request details of this assessment by contacting us.
4. Your Right to Withdraw Consent
Where we process your personal data on the basis of your consent (for example, newsletter subscriptions or non-essential cookies), you have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.
You may withdraw your consent by:
- Using the unsubscribe link in any newsletter email
- Managing your cookie preferences through our cookie consent mechanism on the website
- Contacting us at:
5. Cookies
Our website uses cookies. Cookies are small text files stored on your device when you visit a website. Under the Privacy and Electronic Communications Regulations (PECR), we are required to obtain your consent before placing non-essential cookies on your device.
5.1 Essential Cookies
We use essential cookies that are strictly necessary for the operation of our website. These include cookies that enable core functionality such as security, session management, and accessibility. These cookies do not require your consent under PECR as they are necessary for the service you have requested.
5.2 Non-Essential Cookies
If we implement analytics or other non-essential cookies in the future, we will seek your explicit consent before placing them on your device and provide you with a clear mechanism to manage your preferences. Non-essential cookies will not be placed until you have actively consented.
6. Embedded Content from Other Websites
Pages on this site may include embedded content (such as videos, images, or articles from third-party sources). Embedded content from other websites behaves in the same way as if you had visited those websites directly. These third-party websites may collect data about you, use cookies, embed additional tracking, and monitor your interaction with the embedded content. We do not control the data collection practices of these third parties and recommend that you review their respective privacy policies.
7. Who We Share Your Data With
We do not sell, trade, or rent your personal data to third parties. We may share your data with the following categories of recipients, solely where necessary for the purposes described in this policy:
| Category of Recipient | Purpose | Safeguards |
| Web hosting provider | Hosting and storage of website data, including form submissions and server logs | Data processing agreement in place; data stored on servers within the UK/EEA (or with appropriate safeguards if outside – see Section 8) |
| Email service provider | Delivery of email notifications from form submissions and newsletter distribution | Data processing agreement in place |
| Professional advisers | Legal, accounting, or regulatory advice where necessary | Professional duty of confidentiality |
| Law enforcement or regulatory authorities | Where required by law, regulation, court order, or legal proceedings | Disclosure made only to the extent legally required |
8. International Data Transfers
We endeavour to store and process all personal data within the United Kingdom or the European Economic Area (EEA). However, some of our third-party service providers may process data outside the UK/EEA.
Where personal data is transferred outside the UK, we ensure that appropriate safeguards are in place in accordance with Chapter V of the UK GDPR. These may include:
- Transfers to countries that have received an adequacy decision from the UK Secretary of State
- Standard contractual clauses (UK International Data Transfer Agreement or UK Addendum to the EU Standard Contractual Clauses)
- Other appropriate safeguards as permitted under the UK GDPR
You may request further details of the safeguards in place by contacting us at:
9. How Long We Retain Your Data
We retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected, or as required by applicable law. The specific retention periods are as follows:
| Data Category | Retention Period | Criteria / Reason |
| Contact form submissions | 12 months from the date of submission, unless an ongoing business relationship is established | Retained to allow follow-up and to evidence the enquiry; reviewed and securely deleted thereafter |
| Newsletter subscriber data | Until you unsubscribe or withdraw consent | Data is deleted promptly upon unsubscription |
| Server logs (technical data) | Up to 12 months | Retained for security monitoring, troubleshooting, and threat detection |
| Cookies | As specified per cookie (session cookies expire on browser close; persistent cookies up to 12 months) | Duration depends on cookie type and function |
| Data protection complaints | 6 years from resolution of the complaint | Retained to comply with limitation periods under the Limitation Act 1980 and for regulatory accountability |
At the end of the applicable retention period, personal data is securely deleted or anonymised so that it can no longer be associated with you.
10. Your Data Protection Rights
Under the UK GDPR and the Data Protection Act 2018, you have the following rights in relation to your personal data:
- The right of access (Art. 15) – You may request a copy of the personal data we hold about you. We will respond within one month of receiving your request.
- The right to rectification (Art. 16) – You may request that we correct any inaccurate or incomplete personal data.
- The right to erasure (Art. 17) – You may request that we delete your personal data where there is no compelling reason for its continued processing. This right is subject to certain exceptions, including where we are required to retain data for legal or regulatory purposes.
- The right to restrict processing (Art. 18) – You may request that we limit how we use your data in certain circumstances, for example while we verify the accuracy of your data.
- The right to data portability (Art. 20) – Where processing is based on consent or a contract and carried out by automated means, you may request that we transfer your data to you or to another organisation in a structured, commonly used, and machine-readable format.
- The right to object (Art. 21) – You may object to the processing of your personal data where we rely on legitimate interest as our lawful basis. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.
- The right to withdraw consent (Art. 7(3)) – Where processing is based on your consent, you may withdraw that consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.
To exercise any of these rights, please contact us at: info@nanobiotechnologyhub.co.uk. We will respond to your request within one month. In exceptional circumstances, where requests are complex or numerous, we may extend this period by a further two months, but we will inform you of any extension within the initial one-month period.
We will not charge a fee for processing your request unless the request is manifestly unfounded or excessive. In such cases, we may charge a reasonable fee or refuse the request, providing reasons for our decision.
11. Data Protection Complaints Process
Under Section 164A of the Data Protection Act 2018, as inserted by Section 103 of the Data (Use and Access) Act 2025, you have the statutory right to make a data protection complaint directly to us if you believe that we have processed your personal data in breach of data protection law. We are required by law to have a formal process for handling such complaints. This section sets out that process.
11.1 How to Submit a Complaint
You may submit a data protection complaint to us by any of the following means:
- By email to: Contact us form (with the subject line “Data Protection Complaint”)
- By post to: First Floor, Swan Buildings, 20 Swan Street, Manchester, Greater Manchester, United Kingdom, M4 5JW
- Via our website contact form at: https://nanobiotechnologyhub.co.uk
Your complaint should include your name, contact details, a description of the processing activity you are concerned about, and the outcome you are seeking. If you are submitting a complaint on behalf of another individual, please provide evidence of your authority to act on their behalf.
11.2 How We Handle Your Complaint
Upon receipt of your complaint, we will:
- Acknowledge your complaint within 30 calendar days of receipt.
- Investigate your complaint without undue delay, making appropriate enquiries and assessing whether a breach of data protection law has occurred.
- Keep you informed of the progress of our investigation at reasonable intervals.
- Communicate the outcome of our investigation to you in writing, without undue delay, with sufficient detail for you to understand how we reached our conclusion and any remedial actions we have taken or propose to take.
11.3 Escalation to the ICO
If you are not satisfied with the outcome of our internal complaints process, or if we fail to respond within a reasonable timeframe, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO). We encourage you to raise your concern with us first so that we have the opportunity to address it directly. The ICO can be contacted at:
Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Telephone: 0303 123 1113
Website: https://ico.org.uk
Online complaints: https://ico.org.uk/make-a-complaint/
12. Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, loss, or destruction. These measures include:
- Use of SSL/TLS encryption for data transmitted between your browser and our website
- Secure storage of personal data on access-controlled servers
- Regular review and updating of our security practices
- Limiting access to personal data to authorised personnel only
However, no method of transmission over the internet or electronic storage is completely secure, and we cannot guarantee absolute security. In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and the ICO without undue delay in accordance with Articles 33 and 34 of the UK GDPR.
13. Media and Uploaded Content
If you upload images to our website, please be aware that images may contain embedded location data (EXIF GPS metadata). Visitors to the website may be able to download and extract location data from uploaded images. We strongly recommend removing EXIF metadata before uploading images to our website.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Any material changes will be posted on this page with an updated revision date. Where changes are significant, we will take reasonable steps to notify you directly (for example, by email if you are a newsletter subscriber). We encourage you to review this page periodically.
Previous versions of this Privacy Policy are available upon request by contacting us at info@nanobiotechnologyhub.co.uk.
15. Contact Us
If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or wish to make a data protection complaint, please contact us:
The NanoBioTechnology Hub Ltd
First Floor, Swan Buildings, 20 Swan Street, Manchester, Greater Manchester, United Kingdom, M4 5JW
Website: https://nanobiotechnologyhub.co.uk
Legal Framework: This Privacy Policy has been prepared in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, the Data (Use and Access) Act 2025, and the Privacy and Electronic Communications Regulations 2003 (PECR).
Website: https://nanobiotechnologyhub.co.uk