Customer Privacy Notice

What’s Included In This Privacy Notice?

DTR Medical Ltd is a multi-award-winning company, specialising in the highest quality Sterile Single-use instruments that deliver both patient and clinical value through maintaining exceptional service across a range of different specialities. You can find out more information about us here: www.dtrmedical.com.

This document (our “privacy notice”) sets out information relating to how we use personal information relating to individuals we have dealings with, including customers, subscribers and website users. It also sets out information about what rights individuals have in relation to their personal information and various other matters required under data protection law.

In particular, this privacy notice provides information to individuals about how they can object to our use of their personal information (see here), how they can withdraw any permissions they have given to us to enable us to process their personal information (see here) and how they can make a complaint (see here).

This privacy notice contains the following sections:

Section Heading

Page Number

Who Does This Privacy Notice Apply To? 3
What’s Our Approach To Privacy? 4-5
How Will We Use Your Personal Information? 6-14
When Will We Use Your Personal Information For Direct Marketing? 15
When Will We Share Your Personal Information With Others? 16-19
Circumstances In Which We Will Send Your Personal Information Outside The EEA 20
How Do We Keep Your Personal Information Secure? 20
What Rights Do You Have Under Data Protection Law? 21-23
When and How Can You Withdraw Your Consent? 24
How Can You Get In Touch With Us and Who Is Our Data Privacy Manager? 25
How Can You Complain About Our Use Of Your Personal Information? 25
How Will We Notify You Of Any Changes To Our Privacy Notice? 25

 

 

Who Does This Privacy Notice Apply To?

This privacy notice applies to:

  • our customers;
  • individuals who use our website;
  • individuals who access our premises or the surrounding areas and who may be recorded on our CCTV system;
  • individuals who subscribe to our updates;

In the sections below, when referring to the individuals listed above, we use the terms “you” or “your”.

 

What’s Our Approach To Privacy?

We take your privacy extremely seriously and want you to feel confident that your personal information is safe in our hands.

We will only use your personal information in accordance with data protection law applicable to England and Wales from time to time.

Under data protection law, when we use your personal information, we will be acting as a data controller. Essentially, this means that we will be making decisions about how we want to use your personal information and why.

Below, we summarise the main rules that apply to us under data protection law when we use your personal information:

1. We must be upfront about how we intend to use your personal information and must use your personal information fairly. Providing privacy information to individuals (such as in this privacy notice) is one aspect of using personal information fairly.
2. We must only use your personal information if we have a legal basis to do so under data protection law. These legal bases include:

  • That you have consented to our use of your personal information;
  • That we need to use your personal information to perform a contract between us (or to take steps at your request prior to entering into a contract);
  • That we (or someone else) have a legitimate reason for needing to use your personal information and those legitimate interests are not outweighed by your rights or interests. We must balance our respective rights and interests before we can rely upon this legal basis; and
  • We need to use your personal information to comply with laws we are subject to.
3. We are only permitted to share your personal information with others in certain circumstances and if we take steps to ensure that your personal information will be secure.
4. We must only use your personal information for the specific purposes we have told you about. If we want to use your personal information for other purposes, we need to contact you again to tell you about this.
5. We must not hold more personal information than we need for the purposes we have told you about and must not retain your personal information for longer than is necessary for those purposes (this is known as the “retention period”). We must also dispose of any information that we no longer need securely.
6. We must ensure that we have appropriate security measures in place to protect your personal information.
7. We must act in accordance with your rights under data protection law.
8. We must not transfer your personal information outside the European Economic Area (“EEA”) unless certain safeguards are in place.

 

How Will We Use Your Personal Information?

How we will use your personal information, the legal bases we will rely upon, how long we will keep your personal information and other details will depend upon who you are and why we need your personal information in the first place.

In this section, we provide specific privacy information relating to the different categories of individuals that this privacy notice applies to.

OUR CUSTOMERS

What personal information we will use
  • Your name;
  • Your address;
  • Your email address;
  • Your telephone number;
  • Details of any complaints;
  • Details of any returns;
  • Details of any claims made.
How we will obtain the personal information
  • Provided by you when ordering products from us, or making a complaint, return or claim. Setting up a new account.
What purposes we will use the personal information for
  • We will use your name, address and other contact details to supply products to you and to communicate with you about such supply. We will also use this information to deal with any complaints, returns or claims that you make;
  • We will keep a record of the information listed above for our internal administrative purposes.
The legal bases for processing we rely upon
  • Our use of your personal information in connection with the supply of products to you, taking payment and dealing with any complaints, claims or returns is necessary for the performance of the contract between us;
  • Our use of your personal information for our internal administrative purposes is based on our legitimate interests in ensuring that our business is run properly and efficiently.
How long we retain the personal information and why
  • We usually keep records relating to any purchase you make for ten years in case the need to trace products sold, in the event of any contractual disputes or field safety notice recalling products (e.g. batch numbers, product information, expiry dates).
Consequences of not providing/permitting us to obtain personal information
  • Without your name, contact details and payment information we will be unable to supply products to you.

 

INDIVIDUALS WHO CONTACT US WITH ENQUIRIES

What personal information we will use
  • Your name;
  • Your contact details (such as your telephone number or email address);
  • Details of your enquiry.
How we will obtain the personal information
  • Provided by you when you contact us (e.g. by making a phone call or emailing us) or make an enquiry at our premises.
What purposes we will use the personal information for
  • We will use the personal information to deal with your enquiry;
  • We will also make a record of your enquiry for internal administrative purposes.
The legal bases we rely upon
  • Our use of your personal information to dealing with your enquiry is based on your implied consent and our legitimate interests in ensuring our business is run efficiently and effectively;
  • Our use of your personal information for record keeping purposes is based on our legitimate interests in ensuring our business is run efficiently and effectively.
How long we retain the personal information and why
  • Records of emails are retained for the period required to deal with your enquiry.

 

INDIVIDUALS WHO USE OUR WEBSITE

What personal information we will use
  • Technical information, including the internet protocol address used to connect your computer to the internet, your Distributor Portal login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
  • Information about your visit, including the full Uniform Resource Locators (“URL”), click-stream to, through and from our website (including date and time), products you viewed or searched for, page response times, download errors, length of visit to certain pages, page interaction information (such as clicks), methods used to browse away from the page and any phone number used to call our customer service number.
How we will obtain the personal information
  • Some of the information is obtained by us automatically whenever you use our website. Google Analytics automatically tracks your basic information as soon as you enter our website by using the following sources; the HTTP request of the user, browser/system information and first-party cookies;
  • Some of the information is collected by us each time you use our website through our use of cookies.
  • Cookies are small files that a site or its service provider transfers to your computer’s hard drive through your Web browser (if you allow) that enables the site’s or service provider’s systems to recognise your browser and capture and remember certain information. For instance, we use cookies to help us remember and process the items in your shopping cart.
  • We also use cookies to help us compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future.

We use cookies to:

  • Help remember and process the items in the shopping cart.
  • Compile aggregate data about site traffic and site interactions in order to offer better site experiences and tools in the future. We may also use trusted third-party services that track this information on our behalf.
  • You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser (like Internet Explorer) settings. Each browser is a little different, so look at your browser’s Help menu to learn the correct way to modify your cookies.

If users disable cookies in their browser:

  • Some features will be disabled. It will turn off some of the features that make your site experience more efficient and some of our services will not function properly.
  • However, you can still place requests for quotes and samples over the telephone by contacting customer service.
What purposes we will use the personal information for
  • The above information is used by us to:
  • Make a tailored website available to you;
  • Track usage of our website;
  • Help us to continually improve our website by better responding to customer service requests.
  • Information collected through our use of cookies is used in the ways described in our Cookies Policy and see section ‘How We Will Obtain Your Personal Data’ above here.
The legal grounds we rely upon
  • Our collection and use of the above information is based on our legitimate interests in ensuring that our website is user-friendly and appeals to our customers.
How long we retain the personal information and why
  • Personal information is retained for ten years see section ‘How Long We Retain The Personal Information and Why’ here, this enables us to maintain longstanding customer relationships. We retain personal information from the website only if it is given to us through a website enquiry, distributor enquiry or request to receive updates from our monthly email campaigns. This information is then held this unless we are told to remove it from our database. We retain this information we have been provided with to allow our Customer Service and Sales teams to contact the interested party and those who sign up for newsletters information is retained so we are able to send them out monthly email campaigns.
Consequences of not providing/permitting us to obtain personal information
  • If you disable our Cookies, you will be unable to use certain parts of/functions on our website. Further information about this can be found in our Cookies Policy and see section ‘How We Will Obtain Your Personal Data’ above here.

 

INDIVIDUALS CAPTURED ON OUR CCTV SYSTEM

What personal information will we use?
  • Your image;
  • The dates and times you accessed our premises.
How we will obtain it?
  • Automated CCTV recordings.
What purposes we will use it for and what legal bases will we rely upon to do so?
  • We will use the personal information referred to above for security purposes;
  • Our legal basis for doing so is our legitimate interest in ensuring that our premises are secure.

 

Individuals Who Subscribe To Our Newsletters or Updates

What personal information we will use
  • Your name and address;
  • Your email address;
  • The organisation you work for and your position in it; and
  • Your delivery preferences.
How we will obtain the personal information
  • Provided by you when you subscribe to our updates.
  • Obtained from third party providers e.g. Wilmington Healthcare Ltd and SpecialistInfo.
What purposes we will use the personal information for
  • To provide you with the newsletters or updates you have requested;
  • To provide you with related information that we think may be of interest to you.
The legal grounds we rely upon
  • We will rely on your consent to provide you with the newsletters or updates you have requested and retain your details on our subscriptions database;
  • We will rely on our legitimate interest in promoting our products and services to provide you with other information that may be of interest to you.
How long we retain the personal information and why
  • We will retain your personal information unless and until you inform us that you no longer wish to receive updates from us. For further details on how you can unsubscribe see the section ‘When Will We Use Your Personal Information For Direct Marketing?’ below here.
Consequences of not providing/permitting us to obtain personal information
  • Without your contact details, we will not be able to provide you with updates;
  • You can opt-out of receiving related information at the time you subscribe to our newsletters and updates and each subsequent time we contact you.

 

When Will We Use Your Personal Information For Direct Marketing?

In addition to data protection law, if we use your personal information for direct marketing purposes, we may also be subject to additional rules that regulate direct marketing. The term “direct marketing” essentially means directing marketing material or advertising at a particular individual.

To ensure compliance with both data protection laws and the specific rules relating to direct marketing, we will only use your personal information to tell you about our latest offers or to inform you of products and services which we think may be of interest to you in the circumstances outlined below:

Direct marketing by email, text or other forms of electronic communication
  • We will only contact you in this way if:
    • you have given your express consent to do so (either directly to us or to one of our third-party providers); or
    • you are an existing customer and we want to tell you about similar products or services that may be of interest to you and you have not opted out of receiving such communications.

Our legal bases for such processing under data protection law will either be your consent or reliance upon our legitimate interests in developing our business.

We will retain your personal information unless and until you inform us that you no longer wish to receive direct marketing information from us. You can ask us to stop sending direct marketing to you at any time by contacting us on info@dtrmedical.com or by clicking “unsubscribe” on any of our communications with you.

 

When Will We Share Your Personal Information With Others?

Sometimes, we will need to share your personal information with others. This section sets out details of who we will share your personal information with and why. It also tells you about our legal basis for doing so under data protection law and steps we will take to protect your personal information.

 

OUR SERVICE PARTNERS

Who are our service partners?
  • Our service partners include:
  • couriers and other suppliers of delivery services.
  • IT support services
  • We haven’t included the names of our service partners in this privacy notice because their identity will change from time to time. However, if you would like further information about any of our current service providers, please contact us using the details set out here: info@dtrmedical.com.
Why we need to share your personal information with them
  • We use the service partners described above to enable us to perform our contracts with you.
The legal bases we rely upon when sharing your personal information
  • The sharing of your personal data with suppliers and sub-contractors is necessary for the performance of our contract with you.
What precautions do we take?
  • We enter into contracts with our service providers which require them to put appropriate security measures in place and which restrict their use of your personal information.

 

OUR MARKETING PARTNERS

Who are our marketing partners
  • Our marketing partners are marketing agencies that we use to create and/or deliver advertising and other promotional material on our behalf.
  • We haven’t included the names of our marketing partners in this privacy notice because their identity will change from time to time. However, if you would like further information about any of our current marketing partners, please contact us using the details set out here: info@dtrmedical.com.
Why we need to share your personal information with them
  • We may need to share your personal information with our marketing partners if we ask them to create marketing materials addressed to you or to contact you with direct marketing on our behalf.
The legal bases we rely upon when sharing your personal information
  • We will either be relying on your express consent or our legitimate interests in developing and expanding our business.
What precautions do we take?
  • We enter into contracts with our marketing partners providers which require them to put appropriate security measures in place and which restrict their use of your personal information.

 

PROVIDERS OF INFORMATION TECHNOLOGY SERVICES

Who will we be sharing your personal information with?
  • Suppliers of information technology products and services such as:
    • Web analytics (Google Analytics)
    • Website hosts
  • We haven’t included the names of our IT providers in this privacy notice because their identity will change from time to time. However, if you would like further information about any of our current IT providers, please contact us using the details set out here: info@dtrmedical.com.
Why we need to share your personal information with such providers
  • We use suppliers of information technology products and services in connection with the supply, maintenance and/or improvement of our IT network and the creation, development hosting and maintenance of our website;
  • We use analytics and search engine providers to assist us in improving our website (Google Analytics).
The legal bases we rely upon when sharing your personal information
  • We rely upon our legitimate interests in ensuring that our business can function properly and efficiently and that our IT network is secure;
  • The sharing of your personal data with analytics and search engine providers is based on our legitimate interests in having an efficient and user-friendly website.
What precautions do we take?
  • We enter into contracts with our IT providers which require them to put appropriate security measures in place and which restrict their use of your personal information.

 

OTHER THIRD PARTIES

We may also need to share your personal information with others in the following circumstances:

If we sell, transfer or merge parts of our business or our assets As we continue to develop our business we may choose to sell, transfer or merge parts of our business or our assets.  Alternatively, we may seek to acquire other businesses or merge with them. During any such process, we may need to disclose your personal information to other parties (such as potential purchasers or investors). Where we do so, we will be relying upon our legitimate business interests.

However, we will only share your personal information in this way if the third parties in question agree to keep your personal information safe and private.

Also, if, for example, a merger happens, the purchaser will only be able to use your personal information in the ways set out in this privacy notice.

Legal or regulatory requirements On occasion, we may be required to disclose your personal information to organisations such as the courts or the police to comply with legal obligations we are subject to and/or to prevent fraud or crime.
Protecting our business From time to time we may need to disclose your personal information in connection with steps we need to take to protect our business interests or property.
Professional advice and legal action We may need to disclose your personal information to our professional advisers (for example, our lawyers and accountants) in connection with the provision by them of professional advice and/or the establishment or defence of legal claims.

 

Circumstances In Which We Will Send Your Personal Information Outside The EEA

We will only send your personal data outside the EEA in the following situations:

  • To our US based cloud storage and secure file sharing platform Dropbox

If we do transfer your personal data outside the EEA, we will use one of these safeguards to make sure it is protected:

  • Dropbox has signed up to a special agreement between the UK/EU and the USA known as the Privacy Shield.

 

HOW DO WE KEEP YOUR PERSONAL INFORMATION SECURE?

We take various steps to protect your personal information while it is in our possession, including:

  • Implementation of appropriate security measures to protect our IT infrastructure;
  • Secure password access;
  • Encryption of personal information;
  • Implementation of internal data security policies and training for members of staff in relation to such policies, including cyber security awareness training;
  • Regular reviews of data security measures implemented by service providers who may handle your personal data;
  • Offsite backups are encrypted and stored in ISO accredited data centres;
  • Different levels of user access permissions so that users only have access to certain data.

You can help us to protect your personal information by adhering to the following security measures:

  • When creating a password, do not use words such as your name, date of birth or other personal data;
  • Change your password regularly. Do not reuse passwords, these should be at least 8 characters including upper- and lower-case letters, numbers and symbols.
  • Passwords are kept private and do not write these down.
  • Try and keep a clean work-space and any sensitive data is not left on desks
  • Do not use the same password for different services i.e. Dropbox, Facebook, Twitter etc.

 

What Rights Do You Have Under Data Protection Law?

Under data protection law, you have a number of different rights relating to the use of your personal information. The table below contains a summary of those rights and our obligations. More information about your rights and our obligations can be found on the ICO website https://ico.org.uk/.

Your rights What this involves What our obligations are
A right of access This is a right to obtain access to your personal data and various supplementary information. We must provide you with a copy or your personal information and the other supplementary information without undue delay and in any event within 1 month of receipt of your request;

We cannot charge you for doing so save in specific circumstances (such as where you request further copies of your personal information).

A right to have personal data rectified This is a right to have your personal information rectified if it is inaccurate or incomplete. We must rectify any inaccurate or incomplete information without undue delay and in any event within 1 month of receipt of your request;

If we have disclosed your personal information to others, we must (subject to certain exceptions) contact the recipients to inform them, that your personal information requires rectification.

A right to erasure This is a right to have your personal information deleted or removed.

This right only applies in certain circumstances (such as where we no longer need the personal information for the purposes for which it was collected).

We have the right to refuse to delete or remove your personal data in certain circumstances.

If this right applies, we must delete or remove your personal information without undue delay and in any event within 1 month of receipt of your request;

If we have disclosed your personal information to others, we must (subject to certain exceptions) contact then recipients to inform them that your personal information must be erased.

A right to data portability This is a right to obtain and re-use your personal information for your own purposes;

It includes a right to ask that your personal information is transferred to another organisation (where technically feasible).

This right only applies in certain limited circumstances.

If this right applies we must provide your personal information to you in a structured, commonly used and machine reasonable form

Again, we must act without undue delay and in any event within 1 month of receipt of your request;

We cannot charge you for this service.

A right to object This is a right to object to the use of your personal information.

The right applies in certain specific circumstances only.

You can use this right to challenge our use of your personal information based on our legitimate interests;

You can also use this right to object to use of your personal information for direct marketing

If you object to us using your personal information for direct marketing, we must stop using your personal information in this way as soon as we receive your request.

If you object to other uses of your personal information, whether we have to stop using your personal information will depend on the particular circumstances.

A right to object to automated decision making This is a right not to be subject to a decision which is made solely on the basis of automated processing of your personal information where the decision in question will have a legal impact on you or a similarly significant effect. Where such a decision is made, you must be informed of that fact as soon as reasonably practicable;

You then have 21 days from receipt of the notification to request that the decision is reconsidered or that a decision is made that is not based solely on automated processing;

Your request must be complied with within 21 days.

A right to restrict processing This is a right to ‘block’ or suppress processing of your personal information.

This right applies in various circumstances, including where you contest the accuracy of your information).

If we are required to restrict our processing of your personal information, we will be able to store it but not otherwise use it.

We may only retain enough information about you to ensure that the restriction is respected in future.

If we have disclosed your personal information to others, we must (subject to certain exceptions) contact them to tell them about the restriction on use.

 

If you wish to exercise any of your rights, you can make a request by contacting us using the details set out here: info@dtrmedical.com.

If you request the exercise of any of your rights, we are entitled to ask you to provide us with any information that may be necessary to confirm your identity.

 

Your Right To Withdraw Consent

If you have given us your consent to use any of your personal information, you can withdraw your consent at any time. To do so, please contact us using the details set out here: info@dtrmedical.com.

 

How Can You Get In Touch With Us and Who Is Our Data Privacy Manager?

You can get in touch with us in the following ways:

Postal address DTR Medical Limited,

17 Clarion Court,

Enterprise Park,

Swansea,

United Kingdom,

SA6 8RF

www.dtrmedical.com

Email address info@dtrmedical.com
Phone number

Fax Number

+44 1792 797910

+44 1792 797955

 

We have appointed a Data Privacy Manager to oversee our compliance with data protection law and this privacy notice. His details are as follows esheppard@dtrmedical.com. If you have any questions about this privacy notice, how we handle your personal information or if you wish to make a complaint, please contact our Data Privacy Manager.

 

Right To Complain To The Information Commissioner’s Officer

If we are unable to deal with a complaint to your satisfaction or if you are unhappy with the way we are using your personal data, you also have the right to make a complaint at any time to the UK’s supervisory authority for data protection issues, the Information Commissioner’s Office.

 

Changes To Our Privacy Notice

We may update this privacy notice from time to time. If we make any substantial updates, we will provide you with a new privacy notice. We may also notify you in other ways from time to time about the processing of your personal information.

0
Basket