GDPR DATA PRIVACY NOTICE FOR THIRD PARTIES
The Data Protection Act 1998 was replaced by new UK data protection laws, the General Data Protection Regulation (GDPR) on 25 May 2018. The Company is committed to compliance with the GDPR in its role as a data controller or a data processor when dealing with personal or sensitive personal data during the collection, processing, storage or sharing of such data.
The Company will ensure that personal data will be processed in a lawful, fair and transparent way and that it and its employees will comply with the principles and rules of the GDPR, as it takes the security and protection of data very seriously.
The underlying premise is that the data third party for individuals (the ‘individual’) that is collected, processed and held by the Company is for ‘legitimate interests’ as defined by the GDPR in that it would;
• not be reasonably possible to achieve the same purpose for which the data is being collected, processed and held by any other practical means,
• the interests of the Company and the individual, when balanced against those of the individual alone is such that the individual would reasonably expect the processing to take place and the processing would not cause unjustified harm in such a way that, the interests of the individual would override the legitimate interests of the Company.
What personal data will we collect, use and store about you?
We will collect your name, salutation, billing and delivery addresses, contact numbers, email addresses as provided to us by you during your enquiry for the purpose of communicating with you in connection with that enquiry.
How will we use your personal data?
We will use your personal data for one of the following lawful bases:
a) Where we need to perform the contract we have entered into with you.
b) Where we need to comply with a legal obligation.
c) Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. Legitimate interests include the situation where it would not be reasonably possible to achieve the same purpose for which the data is being collected, processed and held by any other practical means.
There are other rare occasions where we may use your personal data, which are:
d) Where we need to protect your interests (or someone else’s interests).
e) Where it is needed in the public interest [or for official purposes].
What happens if we need to use your personal data for a new purpose?
We will only use your personal data for the stated purposes, unless we consider that there is a need to use it for another reason and that reason is compatible with the original purpose. However, if we consider that it is necessary and reasonable to use your personal data for an unrelated purpose, we will notify you and explain the legal basis which allows us to do so.
There may be circumstances where we have to process your personal data without your knowledge or consent, where this is required by law and in compliance with the above rules.
Will we share your personal data with third parties?
We will not share your personal data other than when we have legitimate business reasons for doing so and where it is necessary in order to perform our contractual obligation to you.
How do we ensure your personal data is secure?
We take your privacy and protection of data very seriously. Consequently, we have put in place appropriate measures to prevent unauthorised use of your personal data. Details of the measures can be obtained from the Company. We will notify you and any applicable regulator of any suspected unauthorised use of your personal data.
How long will we keep your personal data?
We will retain your personal data for as long as is necessary to fulfil the purposes for which it was collected.
How to make a complaint
To exercise all relevant rights, queries or complaints please in the first instance contact the managing director. If this does not resolve your complaint to your satisfaction, you have the right to lodge a complaint with the Information Commissioners Office on 03031231113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, England.
Dr A F Howland
1 January 2019