This Site may contain links to other third party websites. If you follow a link to any of those third party websites, please note that they have their own privacy policies and that we do not accept any responsibility or liability for their policies or processing of your personal information. Please check these policies before you submit any personal information to such third party websites.
We may collect and process the following personal information about you:
(a) Information you provide to us personal information that you provide to us, such as during the registration process to access and use the Site including your name, date of birth, address (and/or proof of address), other contact details;
(b) Health information personal information that you provide us about your health or medical affairs, such as during the registration process to access and use the Site or during correspondence through our Site or other channels;
(c) Our correspondence if you contact us, we may keep a record of that correspondence;
(d) Your transactions details of transactions you carry out through our Site or through other channels and of the fulfilment of the services we provide; and
(e) Site and communication usage details of your visits to the Site and information collected through cookies and other tracking technologies including, but not limited to, your IP address and domain name, your browser version and operating system, traffic data, location data, login information, time zone setting, web logs, browser plug-in types and versions and other communication data, and the resources that you access.
We may use your personal information in the following ways. Use of personal information under EU data protection laws must be justified under one of a number of legal “grounds” and we are required to set out the grounds in respect of each use in this policy.
An explanation of the scope of the grounds available can be found here
(a) To register you as a user You will create an account by providing the relevant information as specified in paragraph 1.1(a) above.
Use justification: contract performance, legitimate interests (to allow us to register you as a user);
(b) To provide our services effectively to you to administer our services, including to carry out our obligations arising from any contracts entered into between you and us, to make payments to you and receive payments from you (where applicable). This includes providing you information, products and services that you have requested or agreed to receive from us and to enable correspondence between users through our Site or other channels. This may include passing your data to third parties such as agents or contractors or to our advisors (e.g. legal, financial, business or other advisors).
Use justification: contract performance, legitimate interests (to enable us to perform our obligations and provide services to you);
(c) To provide marketing materials to you to provide you with updates and offers, where you have chosen to receive these. We may use your information for marketing our own services and our selected business partners’ to you by email, post and telephone and, where required by law, we will ask for your consent at the time we collect your data to conduct any of these types of marketing. We will provide an option to unsubscribe or opt-out of further communication on any electronic marketing communication sent to you or you may opt out by contacting us as set out in paragraph 4.5 below or through the privacy dashboard in your Site profile.
Use justification: consent (which can be withdrawn at any time - please see paragraph 4.1 below);
(d) To ensure our Site functions correctly and content is relevant to ensure that content from our Site is presented in the most effective manner for you and your device , which may include passing your data to business partners, suppliers and/or service providers
Use justification: contract performance, legitimate interests (to allow us to provide you with the content and services on the Site);
(e) For research and development purposes to analyse it to develop our products, services and systems and to understand our users’ requirements (patient data will be anonymized to the extent feasible for this purpose):
Use justification: legitimate interests (to allow us to improve our services);
(f) To inform you of changes to notify you about changes to our service
Use justification: contract performance, legitimate interests (to allow us to continuously develop our services).
(g) In connection with legal or regulatory obligations Law enforcement, regulators and the court service We may process your personal information to comply with our regulatory requirements or dialogue with its regulators as applicable which may include disclosing your personal information to third parties, the court service and/or regulators or law enforcement agencies in connection with enquiries, proceedings or investigations by such parties anywhere in the world or where compelled to do so. Where permitted, we will direct any such request to you or notify you before responding unless to do so would prejudice the prevention or detection of a crime.
Use justification: legal obligations, legal claims, legitimate interests (to cooperate with law enforcement and regulatory authorities);
(h) To reorganise or make changes to our business - In the event that we are (i) subject to negotiations for the sale of our business or part thereof to a third party, (ii) is sold to a third party or (iii) undergo a re-organisation, we may need to transfer some or all of your personal information to the relevant third party (or its advisors) as part of any due diligence process or transferred to that re-organised entity or third party and used for the same purposes as set out in this policy or for the purpose of analysing any proposed sale or re-organisation.
Use justification: legitimate interests (in order to allow us to change our business);
Security over the internet
3.1 No data transmission over the Internet or a website can be guaranteed to be secure from intrusion. However, we maintain commercially reasonable physical, electronic and procedural safeguards to protect your personal information in accordance with data protection legislative requirements.
3.2 All information you provide to us is stored on our or our subcontractors’ secure servers and accessed and used subject to our security policies and standards. Any data will be encrypted when transmitted over the internet. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Site, you are responsible for keeping this password confidential and for complying with any other security procedures that we notify you of. We ask you not to share a password with anyone.
Export outside the EEA
3.3 Your personal information may be accessed by staff or suppliers in, transferred to, and/or stored at, a destination outside the European Economic Area (EEA) in which data protection laws may be of a lower standard than in the EEA. Regardless of location or whether the person is an employee or contractor we will impose the same data protection safeguards that we deploy inside the EEA.
3.4 Certain countries outside the EEA have been approved by the European Commission as providing essentially equivalent protections to EEA data protection laws and therefore no additional safeguards are required to export personal information to these jurisdictions. In countries which have not had these approvals, (see the full list here http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm). We will either ask for your consent to the transfer or transfer it subject to European Commission approved contractual terms that impose equivalent data protection obligations directly on the recipient unless we are permitted under applicable data protection law to make such transfers without such formalities.
3.5 Please contact us as set out in paragraph 4.5 below if you would like to see a copy of the specific safeguards applied to the export of your personal information.
3.6 We will retain your personal information for as long as is necessary for the processing purpose(s) for which it was collected and any other permitted linked purpose (for example certain transaction details and correspondence may be retained until the time limit for claims in respect of the transaction has expired or in order to comply with regulatory requirements regarding the retention of such data). So if information is used for two purposes we will retain it until the purpose with the latest period expires; but we will stop using it for the purpose with a shorter period one that period expires.
3.7 We restrict access to your personal information to those persons who need to use it for the relevant purpose(s). Our retention periods are based on business needs and your information that is no longer needed is either irreversibly anonymised (and the anonymised information may be retained) or securely destroyed. By way of example:
- use for marketing: in relation to your personal information used for marketing purposes, we may retain your personal information for that purpose for 2 months after the date we have obtained a consent to market to you, or the date you last responded to a marketing communication from us (other than to opt out of receiving further communications);
- use to perform a contract: in relation to your personal information used to perform any contractual obligation with you, we may retain that personal information whilst the contract remains in force plus a further 6 years to deal with any queries or claims thereafter; and
- where claims are contemplated: in relation to any information where we reasonably believe it will be necessary to defend or prosecute or make a claim against you, us or a third party, we may retain that information for as long as that claim could be pursued.
4.1 You have the right to ask us not to process your personal information for marketing purposes. We will inform you if we intend to use your information for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your personal information. You can also exercise the right at any time by contacting us as set out in paragraph 4.5 below.
4.2 The Data Protection Act 1998 gives you the right (subject to various exceptions) to access certain personal information held about you, correct any inaccuracies (see paragraph 4.3 below) and prevent the processing of your personal information that is likely to cause unwarranted substantial damage or distress to you or anyone else and to object to any decision that significantly affects you being taken solely by a computer or other automated process. Your right of access can be exercised in accordance with the Data Protection Act 1998. Any access request (subject to various exceptions) will be subject to a fee of £10 to meet our costs in providing you with details of the personal information we hold about you.
4.3 We will use reasonable endeavours to ensure that your personal information is accurate. In order to assist us with this, you should notify us of any changes to the personal information that you have provided to us by updating your details by contacting us as set out in paragraph 4.5 below or through the privacy dashboard in your Site profile.
By email: firstname.lastname@example.org
By post: BSN medical Limited, PO Box 258, Willerby, Hull, HU10 6WT
Use of personal information under EU data protection laws must be justified under one of a number of legal “grounds” and we are required to set out the grounds in respect of each use in this policy. An explanation of the scope of the grounds available can be found [here][link]. We note the grounds we use to justify each use of your information next to the use in the Uses made of your personal information and justification of uses section of this policy.
These are the principal legal grounds that justify our use of your information:
Consent: where you have consented to our use of your information (you will have been presented with a consent form in relation to any such use and may withdraw your consent through the privacy preferences dashboard in your profile).
Contract performance: where your information is necessary to enter into or perform our contract with you.
Legal obligation: where we need to use your information to comply with our legal obligations.
Legitimate interests: where we use your information to achieve a legitimate interest and our reasons for using it outweigh any prejudice to your data protection rights.
Legal claims: where your information is necessary for us to defend, prosecute or make a claim against you, us or a third party.