STRmix™ Privacy Statement

This privacy statement outlines the practices of the STRmix™ team. The STRmix™ team provides expert forensic software for interpreting DNA profiles, as well as support and training services.

We are both a data controller and a data processor. This privacy statement relates to our activities as a data controller only. As a data controller, our core purpose for collecting and processing personal information is to keep a record of current and potential users, keep you up to date on the release and development of our software and contact you with regard to support.

We measure all our privacy practices against these purposes. If we find that we’re collecting or processing more personal information than required to meet these purposes, we’ll stop doing so.

Our lawful grounds for collecting and processing your information

We use personal information to meet our contractual obligations to you, including to keep you informed about the services you receive from us. We also need to process some information to meet our legitimate interests, including making sure we’re providing the best products and services we can. In some cases, we rely on your consent to use your personal information,
including, for example, where you have subscribed to email update services.

The personal information we may collect from you

  • Name
  • Organisational information
  • Position
  • Email address
  • Telephone number
  • Address
  • Country
  • Number of people in your organisation who might use STRmix™
  • The DNA interpretation methods you currently use
  • The STR multiplex that you currently use
  • Whether or not you have worked with ESR before
  • Emails or other correspondence relating to the services you receive from us
  • Internal notes or information about the services you receive from us
  • Sales related communications or information
  • Survey results
  • Cookies/web use data (via Google Analytics)
  • IP address (via Google Analytics)

Your information may be transferred to a third country

STRmix™ uses the following third parties to store the information set out above:

  • Asana – Cloud based, commercial project and work management tool.
  • FreshDesk - Cloud based, commercial customer support helpdesk.
  • Microsoft Dynamics CRM on Office 365 platform– Customer relationship management software package.
  • YouTrack by JetBrains – Cloud based commercial browser-based bug tracker, issue tracking system and project management software
  • Wufoo – Cloud based application for contact forms, online surveys, and event registrations
  • Q-Pulse – hosted on an internal ESR server

How long your personal information will be retained for

We retain personal information only for as long as we have a lawful purpose to use it. Generally, for users of STRmix™ this is the duration of your agency’s agreement to use STRmix™, plus a further two years to ensure that any disputes or queries about that registration can be managed. For non-STRmix™ users that submit information to our STRmix™ website or provide it to us in other ways (e.g. registration at conferences) it is five years from when you submit your contact details, or when you request deletion, whichever comes first.

How we use your personal information

We use your personal information to:

  • identify you
  • manage and deliver any software or services you request from us
  • personalise your experience, for example, by ensuring that you are invoiced in the right currency
  • contact you if required for the purposes of managing your account
  • keep your account secure
  • investigate and resolve any queries or concerns you raise with us
  • continuously improve our software and services
  • comply with our legal and regulatory obligations and any lawful requests from government agencies or regulators.

Who we share your personal information with

As part of our delivery of software and services you have requested, or in order to meet our legitimate business interests, we may share your personal information with:

  • our trusted information service providers, including cloud storage providers
  • government agencies, regulators, or law enforcement agencies, where required or permitted by law
  • our distributors, where relevant.


Wherever your personal information is stored, we take reasonable steps to ensure that it is protected against unauthorised access, modification, use, or disclosure. We take our information security obligations very seriously, and have internal policies around data security and GDPR compliance in place to ensure consistent practice.

Exercising your privacy rights

To exercise any of the rights set out below, or to make a complaint, or ask a question about your information, please contact us by:

  • emailing us at
  • writing to STRmix Manager, c/o ESR, PO Box 50348, Porirua 5240, New Zealand.
  • We may need to verify your identity or authority before responding to your request. Once we’ve verified who you are, we’ll try and respond to your request or query as soon possible, and no later than 20 working days (one calendar month) after we receive it.

Getting a copy of your info

You have the right to request a copy of your personal information. We’ll be as open as we can with you, but sometimes we may need to withhold personal information, for example, where the information is legally privileged, commercially sensitive, or includes personal information about other people. If we need to withhold information, we’ll tell you why.

Correcting or deleting your info

If you think any of the personal information we hold about you is wrong, you can ask us to correct it. Where we’ve retained your personal information for purposes that are not directly related to the performance of a contract or to our legitimate interests, you can ask us to delete it.

If we can’t correct or delete your information (for example, where we don’t agree that it’s wrong, or we need the information for a lawful purpose), we’ll tell you why. You can ask us to attach your correction request to the information as a statement of correction.

Managing how we use your info

Where we’re processing your personal information on the basis of consent, you can revoke your consent at any time. Where we’re processing your personal information on the basis of our legitimate interests (such as improving our software and services), you can object to this. If you believe we’re using your personal information in ways that are unlawful, or if we’re continuing to use information that you think is inaccurate, you can ask us to restrict this processing.

Making a complaint

If you have any concerns about the way we’ve collected or processed your personal information, let us know. You might simply want to understand why we’ve used or shared your information in a certain way. We want you to tell us about your concerns so we can resolve them for you and also learn from them. All concerns will be directed to our Privacy Officer.

If we can’t resolve your concerns, you can also make a complaint to your local data protection authority. You can contact the Office of the NZ Privacy Commissioner by:

  • completing an online complaint form at link)
  • or writing to the Office of the Privacy Commissioner, PO Box 10-094, The Terrace,
    Wellington 6143, NZ

If you wish to complain about actions we have taken in another country in which we operate, then you will need to contact your local data protection authority. You can ask us for help to determine which authority is the right one to contact.


Link to a pdf version of the STRmix™ Privacy Statement [PDF, 862 KB]