Skip to content
Contact

Privacy Notice

Antler Bio Ltd – Privacy Notice

Last updated: 02/06/2026

This Privacy Notice explains how Antler Bio Ltd (“Antler Bio”, “we”, “us”, “our”) collects, uses, shares and protects personal data in connection with our products, services, customer relationships, marketing activities, and website.

 

1. Data Controller

Antler Bio Ltd
Landscape House, Baldonnell Business Park,

Baldonnell, Dublin, Ireland, D22 P3K7

Company number: 682838

dpo@antlerbio.com

UK Controller:
Antler Bio (UK) Limited

C/O Bcs, Windsor House Station Court, Station Road, Great Shelford, Cambridge, Cambridgeshire, United Kingdom, CB22 5NE

Company number: 10559120

dpo@antlerbio.com

Finnish Controller:

Antler Bio Oy

Meijerintie 1 B, 37800 Akaa, Finland

Business ID (Y-tunnus): 3588125-8

dpo@antlerbio.com

Antler Bio Oy acts as a controller under the EU GDPR and the Finnish Data Protection Act (1050/2018) for personal data processed in connection with its Finnish operations.

Antler Bio Ltd, Antler Bio Oy and Antler Bio (UK) Limited act as joint controllers within the meaning of Article 26 GDPR in respect of the personal data described in this notice. A summary of the essence of the joint controller arrangement, including the allocation of responsibilities for data subject rights and information obligations, is available on request from the contact in Section 2.

 

2. Contact Person for Privacy Matters

M. Terán
dpo@antlerbio.com

You may contact our privacy contact for questions, requests or to exercise your data-protection rights.

 

3. Name of the Register

Antler Bio Customer Register

This register contains information relating to customers, business partners, trainees, and other individuals with whom we have a legitimate business relationship.

 

4. Legal Basis and Purpose of Processing

We process personal data in accordance with the EU GDPR, the UK GDPR , the Finnish Data Protection Act (1050/2018) and other applicable national laws.

Legal bases for processing include:

  • Contract performance (Article 6(1)(b)) – to deliver products and services, fulfil orders, and manage agreements.

  • Legitimate interests (Article 6(1)(f)) – to manage our customer relationships, develop services, prevent misuse, and conduct certain marketing activities.

  • Consent (Article 6(1)(a)) – for optional data (e.g., voluntary cow information) and for electronic direct marketing when required.

  • Legal obligations (Article 6(1)(c)) – accounting, regulatory compliance, responding to lawful authority requests.

Purposes of processing include:

  • Delivering, maintaining, and developing our services and digital platforms

  • Managing customer relationships and customer support

  • Fulfilling contractual obligations and service orders

  • Conducting direct and electronic marketing in compliance with ePrivacy rules

  • Improving our operations and business processes

  • Collecting and maintaining cow-related data with the owner's consent

We may use trusted subcontractors (processors) to carry out IT, hosting, sales, or support services. Each processor operates under a GDPR-compliant data-processing agreement ensuring security and confidentiality.

 

5. Categories of Personal Data Processed

We may process the following types of personal data:

Basic and Identification Information

  • Name*

  • Customer number

  • Company and role/title

Contact Information

  • Email address*

  • Phone number

  • Postal address*

Customer and Contract Information

  • Contract details, orders, billing data

  • Customer service interactions

  • Business relationship history

Cow-Related Information (optional, based on consent)

  • Information about cows owned or managed by the customer

  • Cow performance data or other voluntarily provided details

(* = typically required for contract performance)

We only process the data necessary for each specific purpose.

 

6. Sources of Personal Data

We collect personal data from:

  • The data subject directly

  • Our partners and service providers

  • Publicly available cows’ databases, in accordance with their terms

  • Public registries, official authorities, and commercially available sources permitted by law

  • Automatically from our systems (e.g., log data)

Personal data may also be updated from reliable third-party sources to ensure accuracy.

 

7. Disclosure of Personal Data & International Transfers

Data disclosures

We may share personal data with:

  • Our outsourced sales organisation for direct-marketing purposes (where legally permitted)

  • IT, hosting, analytics, and service providers acting as processors

  • Authorities, when required by law

  • Other third parties only with a lawful basis (e.g., explicit consent or legal requirement)

International transfers

Personal data is not routinely transferred outside the EU/EEA.

If a transfer becomes necessary (e.g., a service provider operates from the UK, US or another third country), we will ensure adequate protection through:

  • UK GDPR adequacy decisions

  • EU adequacy decisions

  • Standard Contractual Clauses (SCCs)

  • UK International Data Transfer Addendum or Agreement

  • Additional safeguards when required

 

8. Data Protection, Security and Retention

Protection of personal data

We apply appropriate technical and organisational measures including:

  • Restricted access to systems (unique user credentials, role-based access)

  • Encryption, firewalls, secure servers, secure facilities

  • Regular audits and access-control reviews

  • Confidentiality obligations for all personnel and processors

Retention period

Personal data is retained only as long as necessary for the purposes described:

  • Customer data is typically retained 48 months after the last meaningful interaction or contractual relationship, unless legal requirements mandate a longer period (e.g., accounting laws).

  • Data collected based on consent is deleted when consent is withdrawn.

We regularly review retention needs to ensure that outdated, inaccurate, or unnecessary data is deleted or anonymised without delay.

 

9. Your Rights as a Data Subject

Under the EU and UK GDPR, you have the following rights:

Right of access

You may request a copy of your personal data.

Right to rectification

You may request correction of inaccurate or incomplete data.

Right to erasure (“right to be forgotten”)

You may request deletion of your personal data when a legal basis allows it.

Right to restrict processing

You may request that processing be limited in certain circumstances.

Right to object

You may object to:

  • Processing based on legitimate interests

  • Profiling

  • Direct marketing (including profiling for marketing purposes) — at any time and free of charge

Right to data portability

For data processed based on consent or contract, you may request transfer in a structured, commonly used, machine-readable format.

Right to withdraw consent

If processing is based on consent, you may withdraw it at any time.

Right to lodge a complaint

You have the right to file a complaint with your supervisory authority:

Ireland:
Data Protection Commission (DPC)
https://www.dataprotection.ie/en

Finland:

Office of the Data Protection Ombudsman
https://tietosuoja.fi/etusivu

UK:
Information Commissioner’s Office (ICO)
https://ico.org.uk

To exercise your rights, submit a request to the contact person in Section 2. We may need to verify your identity before fulfilling the request.