Privacy Policy - Pennine Healthcare

Ivor Shaw limited trading as Pennine Healthcare, registered address City Gate, London Road, Derby, Derbyshire, DE24 8WY is committed to protecting and respecting your privacy.

As the controller of your data, Pennine Healthcare comply the EU General Data Protection Regulations (GDPR) and is registered with the Information Commissioners Office (ICO). Purpose

This policy establishes how we handle information we learn about external customers, suppliers and third parties when you liaise with Pennine Healthcare either directly or via our website. Protecting the privacy and personal data of our customers and visitors is of utmost importance to us. Protecting your privacy and your personal data is an important aspect of the way we create, organise and implement our activities on-line and off-line.

1. The Personal Data we collect about you

Personal data collected, used, stored and transferred by us may include:

Identity Data including forenames, last name or similar identifier
Contact Data including business address, email address and telephone numbers
Transaction Data including payments and banking details for products and services you have purchased from us or we from you
Technical Data including internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices used to access the Pennine Healthcare website
Profile and Usage Data including purchases made by you, feedback and survey responses, and how you use our website, products and services
Marketing and Communications Data including your preferences in receiving marketing from us and your communication preferences

2. How Do We Collect Your Personal Data

Personal data is collected by us using the following methods:

Direct interactions with Pennine in person, by post, phone, email or otherwise
Interactions with our website, by using the web enquiry form
Application for job vacancies via email, post or in person

3. How Do We Use Your Personal Data

We use your personal data in the following circumstances for contractual and legitimate business reasons:

To initially discuss your requirements or job application
To process and deliver any product or service
To manage our relationship with you including:
- Notifying you about changes to terms and conditions or privacy policy
- Customer reviews / surveys
- Notifying you of new products and services which we think will be of interest to you
- To respond to enquiries or complaints

If we need to use your personal data for an unrelated purpose, we will notify you and explain the legal basis that allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

4. Who we Disclose Personal Data to

Your personal data may be shared with third parties for the following purposes:

External Suppliers – Specialist IT system providers to facilitate the sourcing of products, to provide continuing advice, to inform you about relevant products and services and to request feedback on customer service standards. It may also be necessary to share your personal information with non-affiliated companies who perform support services on our behalf including those that provide professional, legal or accounting advice to Pennine Healthcare.
Regulators – Sharing of information may be necessary to fulfil our legal obligations as a regulated medical devices company or cooperate with law enforcement, legal proceedings or regulatory authorities.
Others – Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.

5. Marketing Communications

You will also have the choice to opt-in to receiving other related marketing information and related products and services.

You can opt-out of receiving these types of communications at any time by contacting our Compliance team at GDPR@penninehealthcare.co.uk or by clicking on the relevant link in email communications you receive from us.

However, please note that your personal information will not be passed to any third-party organisation for marketing purposes.

6. Cookies and Other Technologies

We sometimes collect anonymous information from visits to our site to help us provide better customer service. For example, we keep track of the domains from which people visit and we also measure visitor activity on the Pennine Healthcare website, but we do so in ways that keep information anonymous. We use the information that we collect to measure the number of visitors to the different areas of our site, and to help us make the site more useful to visitors. This includes analysing these logs periodically to measure the traffic through our servers, the number of pages visited and the level of demand for pages and topics of interest. The logs may be preserved indefinitely and used at any time and in any way to prevent security breaches and to ensure the integrity of the data on our servers.

We collect the anonymous information we mentioned above through the use of various technologies, one of which is called “cookies”. A cookie is an element of data that a website can send to your browser, which may then be stored on your hard drive. For example, on a website with a login system (if users register for it), cookies are used to save the visitor’s password so that it does not have to be entered at each new visit.

This anonymous information is used and analysed only at an aggregate level to help us understand trends and patterns. None of this information is reviewed at an individual level. If you do not want any transaction details used in this manner, you can disable your cookies.

7. Individual Participation/Access

You can ask us whether we are keeping personal data about you, and you can request to receive a copy of that personal data. Before sending you any personal data, we will ask you to provide proof of your identity. If you are not able to provide proof of identity, we reserve the right to refuse to send you the personal data.

We will make a sincere effort to respond in a one-month period to your request and/or to correct inaccuracies in your personal information. At any time, you may request that we delete or correct your personal information in our logs. For such requests, please contact GDPR@penninehealthcare.co.uk.

8. Security

We intend to protect the quality and integrity of our personal information. Pennine Healthcare has implemented technologies and security policies to protect the stored personal data of our users from unauthorised access, improper use, alteration, unlawful or accidental destruction and accidental loss. Pennine Healthcare employees and processors who have access to personal data are obliged to respect the privacy of our visitors and the confidentiality of their personal data.

Pennine Healthcare will not sell or rent your personal information to anyone.

We will only send personally identifiable information about you to other companies or people when:

We respond to court orders, or any legitimate request by authorities with which we must comply for legal process; or
We find that your actions on our website violate these instructions.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

9. Links

Throughout the Pennine Healthcare website, you may find links to third party websites. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

10. Retention Period and Your Rights

We will retain your personal information for the period necessary to fulfil the purposes outlined in this Privacy Statement unless a longer retention period is required or permitted by applicable law.

Your legal rights regarding your personal data are as follows:

You have the right to:

Request access to your personal data. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data. This enables you to have any incomplete or inaccurate data corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data. This enables you to ask us to delete personal data where there is no good reason for us continuing to process it. You can also to ask us to delete your personal data where you have successfully objected to the processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to delete the data for specific legal reasons, which will be notified to you, if applicable, at the time of your request.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

11. Changes to our Privacy Statement

Any changes we make to our Privacy Statement in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our Privacy Statement.

12. Privacy Support

If you have any questions or complaints relating to how we use your personal data, or if you wish to exercise any of your rights regarding your personal data, please contact the compliance team by emailing GDPR@penninehealthcare.co.uk or writing to Pennine Healthcare at the below address. We will respond to you as soon as is possible. The length of time will depend on the type and complexity of the request, but you will receive a response no later than one month from the initial request.

The Compliance Team

Pennine Healthcare

City Gate

London Road

Derby

Derbyshire

DE24 8WY

If you are not satisfied with how Pennine Healthcare has responded to your enquiry, you have the right to complain to the Information Commissioner’s Office (ICO), who is the regulator for data protection in the United Kingdom.