STRmix™ Privacy Statement, updated 19 March 2025
This privacy statement outlines the practices of the STRmix team. The STRmix team provides expert forensic software for interpreting DNA profiles, as well as support and training services.
We are both a data controller and a data processor. This privacy statement relates to our activities as a data controller only. As a data controller, our core purpose for collecting and processing personal information is to keep a record of current and potential users, keep you up to date on the release and development of our software and contact you regarding support.
We measure all our privacy practices against these purposes. If we find that we’re collecting or processing more personal information than required to meet these purposes, we’ll stop doing so.
Our lawful grounds for collecting and processing your information
We use personal information to meet our contractual obligations to you, including to keep you informed about the services you receive from us. We also need to process some information to meet our legitimate interests, including making sure we’re providing the best products and services we can. In some cases, we rely on your consent to use your personal information, including, for example, where you have subscribed to email update services.
The personal information we may collect from you:
In addition, we may also collect the following related information from you (which may or may not contain personal information):
Your information may be transferred to a third country
STRmix uses the following third parties to store the information set out above:
How long your personal information will be retained for
We retain personal information only for as long as we have a lawful purpose to use it. Generally, for users of STRmix™ (and any related products in our product suite, including but not limited to FaSTR and/or DBLR) this is the duration of your agency’s agreement to use STRmix™, plus a further two years to ensure that any disputes or queries about that registration can be managed. For non-STRmix™ users that submit information to our STRmix website or provide it to us in other ways (e.g. registration at conferences) it is five years from when you submit your contact details, or when you request deletion, whichever comes first.
How we use your personal information
We use your personal information to:
Who we share your personal information with
As part of our delivery of software and services you have requested, or to meet our legitimate business interests, we may share your personal information with:
Security
Wherever your personal information is stored, we take reasonable steps to ensure that it is protected against unauthorised access, modification, use, or disclosure. We take our information security obligations seriously, and have internal policies around data security and GDPR compliance in place to ensure consistent practice.
Exercising your privacy rights
To exercise any of the rights set out below, or to make a complaint, or ask a question about your information, please contact us by:
We may need to verify your identity or authority before responding to your request. Once we’ve verified who you are, we’ll try and respond to your request or query as soon possible, and no later than 20 working days (one calendar month) after we receive it.
Getting a copy of your info
You have the right to request a copy of your personal information. We’ll be as open as we can with you, but sometimes we may need to withhold personal information, for example, where the information is legally privileged, commercially sensitive, or includes personal information about other people. If we need to withhold information, we’ll tell you why.
Correcting or deleting your info
If you think any of the personal information we hold about you is wrong, you can ask us to correct it. Where we’ve retained your personal information for purposes that are not directly related to the performance of a contract or to our legitimate interests, you can ask us to delete it.
If we can’t correct or delete your information (for example, where we don’t agree that it’s wrong, or we need the information for a lawful purpose), we’ll tell you why. You can ask us to attach your correction request to the information as a statement of correction.
Managing how we use your info
Where we’re processing your personal information on the basis of consent, you can revoke your consent at any time. Where we’re processing your personal information on the basis of our legitimate interests (such as improving our software and services), you can object to this. If you believe we’re using your personal information in ways that are unlawful, or if we’re continuing to use information that you think is inaccurate, you can ask us to restrict this processing.
Making a complaint
If you have any concerns about the way we’ve collected or processed your personal information, let us know. You might simply want to understand why we’ve used or shared your information in a certain way. We want you to tell us about your concerns so we can resolve them for you and also learn from them. All concerns will be directed to our Privacy Officer.
If we can’t resolve your concerns, you can also make a complaint to your local data protection authority. You can contact the Office of the NZ Privacy Commissioner by:
If you wish to complain about actions we have taken in another country in which we operate, then you will need to contact your local data protection authority. You can ask us for help to determine which authority is the right one to contact.