Privacy Policy & GDPR

Effective as of the 24th of May, 2018, LabMinds Ltd. and LabMinds Inc. (“LabMinds”, “us”, “we”, or “our”) have updated our Privacy Policy (“this policy”).


This policy covers the domains controlled by LabMinds, including but not limited to and, as well as the operations of LabMinds, including any services provided to our clients.

When we refer to “your” or “you”, we are referring to the data subjects whose personal data we are processing. “Data subjects” includes registered users of services provided by LabMinds, as well as visitors, contractors and contacts.

This policy informs you about:

  1. the legal basis on which we process personal data under the European Union’s General Data Protection Regulation (GDPR);
  2. our obligations to data subjects under the GDPR;
  3. the processing of your personal data that we undertake as a data controller, including our data-retention policies;
  4. our cookie policy;
  5. international transfers of your personal data;
  6. third-party data controllers and data processors;
  7. our contact details.

1. The Legal Basis for Data Processing Under the GDPR

The data processing covered by this privacy policy is performed on the legal basis of it being in our legitimate interest. This means that the nature and extent of personal-data processing (as detailed below) is in line with what should be expected by the data subjects whose personal data are being processed, given the nature of their interactions with us. We may also perform data processing on the legal basis of it being a legal obligation: for instance, when compelled to comply with a request by a law enforcement agency or when a specific regulation is applicable.

2. Our Obligations to Data Subjects Under the GDPR

  • You are informed about the legal basis on which we process your personal data and the specific data processing that occurs.
  • You can request access to any of your personal data under our control.
  • You can request rectification of your personal data.
  • You can request that your personal data are erased once processing of the data is no longer required, when they are not subject to processing required as part of a legal obligation.
  • You can object to the processing of your personal data, when they are not subject to processing required as part of a legal obligation.
  • You can request that data processing be restricted when contesting the legal basis for its processing or when it is in the process of being rectified.
  • You can request that wholly automated decisions, which are made when processing your personal data, are reviewed by a human.

To contact us in relation to these obligations, when applicable to you, please use the contact details given in the Contact Details section of this policy.

3. Data Processing

3.1 All Visitors

  • Your IP address is collected from you when you access our sites. We process IP addresses as part of the security monitoring of our domains and of the servers on which our services are hosted. We may block access to our services based on IP addresses, if the behaviour originating from those IP addresses is deemed to be malicious.
  • Your email address and name will be used to respond to any requests you make for information or support, using the name and email address you provided as part of that request.
  • A cookie (named “csrftoken”) is used to protect your browser against being hijacked when it sends data to us. For more information on this protection, see this explanation of cross-site request forgery. The cookie expires after a year. If you never interact with a form on our sites, this cookie will not be set. The security token stored in the cookie is refreshed each time you log in to one of our sites as a registered user.
  • A cookie (named “messages”) is used to enable confirmation messages to be displayed to you after you complete an action on our sites. The cookie expires immediately.

For more information on cookies, see the Cookie Policy section of this policy.

3.2 Registered Users

  • Your name and email address are either provided by you or collected from the company through which you are granted access to our systems (this is usually your employer, and it is this company that is our client. Your name is used to account for your system usage as part of billing, and to greet you on our sites or in any notifications you have activated. Your email address is used as part of authentication, to direct any notifications that you have activated and to communicate with you as part of the support of the services we provide.
  • Your organizational affiliations (laboratories, projects, groups etc.) are collected from the company through which you are granted access to our systems. We use your organizational affiliations for billing, and to control permissions conferred on you by your affiliation with those organizations.
  • We collect your system-usage history (“order history”) as you use our services. Your order history is used for billing and logistics purposes.
  • Any system preferences that you provide will be used to configure our services.
  • A cookie (named “sessionid”) is used to identify your authenticated session so that actions you perform do not require you to re-enter your authentication credentials repeatedly. The cookie expires after 14 days. Each time you log in to one of our sites as a registered user, a new session is created and the cookie is updated.

For more information on cookies, see the Cookie Policy section of this policy.

3.3 Retention Policies

  • IP addresses are kept in logs for between 30 days and one year.
  • If you are a registered user, your name, organizational affiliations and order history are retained as a requirement for our compliance with regulations and guidance related to both financial reporting and electronic record keeping, and your email address and system preferences are retained while your user account is present.
  • If you are a data subject other than a registered user, your email address and name are retained for the duration of the interaction that you have initiated.

4. Cookie Policy

We use a small set of specific cookies to support the provision of some of the services available on our sites. If you do not wish to allow us to store cookies in your browser, you can disable cookies using your browser’s preferences. However, if you choose to disable the use of cookies, some parts of our sites may no longer work as intended. The following cookies are used by us, with their purpose explained in more detail by the Data Processing section of this policy.

  • The “csrftoken” cookie is used to support site security.
  • The “messages” cookie is used to present the results of actions to users of our sites.
  • The “sessionid” cookie is used to identify an authenticated session of a registered user.

5. International Transfer of Data

LabMinds is based in both the UK and the US. We store data in the US and the EU, with personal data of registered users being primarily located in the same region as the client company through which they are granted access to our systems. In order to support our operations, we may transfer personal data between and access personal data within these regions, employing safeguards to protect the data both in transit and at rest.

6. Third-Party Data Controllers and Data Processors

6.1 Third-Party Data Controllers

For registered users, the company through which you are granted access to our services will receive all personal data that are necessary for us to invoice that company. This invoicing is based on your system utilization and will include your name, organizational affiliations and order history.

6.2 Third-Party Data Processors

LabMinds makes use of the following third-party data processors to support its operations.

7. Contact Details

If you have any questions or complaints about this policy or about our privacy practices, please contact us by email at, or by post at either:

LabMinds Ltd.
57 Woodstock Road


LabMinds Inc.
285 Washington Street
Somerville MA 02143

If contacting us does not resolve your complaint, you have further options. For example, you may lodge a complaint with a data-protection supervisory authority such as The Information Commissioner’s Office (