This privacy statement outlines the practices of the STRmix™ team. The STRmix™ team provides expert forensic software for interpreting DNA profiles, as well as support and training services.
We are both a data controller and a data processor. This privacy statement relates to our activities as a data controller only. As a data controller, our core purpose for collecting and processing personal information is to keep a record of current and potential users, keep you up to date on the release and development of our software and contact you with regard to support.
We measure all our privacy practices against these purposes. If we find that we’re collecting or processing more personal information than required to meet these purposes, we’ll stop doing so.
We use personal information to meet our contractual obligations to you, including to keep you informed about the services you receive from us. We also need to process some information to meet our legitimate interests, including making sure we’re providing the best products and services we can. In some cases, we rely on your consent to use your personal information,
including, for example, where you have subscribed to email update services.
STRmix™ uses the following third parties to store the information set out above:
We retain personal information only for as long as we have a lawful purpose to use it. Generally, for users of STRmix™ this is the duration of your agency’s agreement to use STRmix™, plus a further two years to ensure that any disputes or queries about that registration can be managed. For non-STRmix™ users that submit information to our STRmix™ website it is five years from when you submit your contact details, or when you request deletion, whichever comes first.
We use your personal information to:
As part of our delivery of software and services you have requested, or in order to meet our legitimate business interests, we may share your personal information with:
Wherever your personal information is stored, we take reasonable steps to ensure that it is protected against unauthorised access, modification, use, or disclosure. We take our information security obligations very seriously, and have internal policies around data security and GDPR compliance in place to ensure consistent practice.
To exercise any of the rights set out below, or to make a complaint, or ask a question about your information, please contact us by:
You have the right to request a copy of your personal information. We’ll be as open as we can with you, but sometimes we may need to withhold personal information, for example, where the information is legally privileged, commercially sensitive, or includes personal information about other people. If we need to withhold information, we’ll tell you why.
If you think any of the personal information we hold about you is wrong, you can ask us to correct it. Where we’ve retained your personal information for purposes that are not directly related to the performance of a contract or to our legitimate interests, you can ask us to delete it.
If we can’t correct or delete your information (for example, where we don’t agree that it’s wrong, or we need the information for a lawful purpose), we’ll tell you why. You can ask us to attach your correction request to the information as a statement of correction.
Where we’re processing your personal information on the basis of consent, you can revoke your consent at any time. Where we’re processing your personal information on the basis of our legitimate interests (such as improving our software and services), you can object to this. If you believe we’re using your personal information in ways that are unlawful, or if we’re continuing to use information that you think is inaccurate, you can ask us to restrict this processing.
If you have any concerns about the way we’ve collected or processed your personal information, let us know. You might simply want to understand why we’ve used or shared your information in a certain way. We want you to tell us about your concerns so we can resolve them for you and also learn from them. All concerns will be directed to our Privacy Officer.
If we can’t resolve your concerns, you can also make a complaint to your local data protection authority. You can contact the Office of the NZ Privacy Commissioner by:
If you wish to complain about actions we have taken in another country in which we operate, then you will need to contact your local data protection authority. You can ask us for help to determine which authority is the right one to contact.
Link to a pdf version of the STRmix™ Privacy Statement [PDF, 1.3 MB]