Henleys Medical Supplies Ltd (“we” or “us”) is committed to data protection and data privacy. With the General Data Protection Regulation (GDPR) becoming enforceable from 25 May 2018, we have undertaken a GDPR readiness programme to review our entire business, the way we handle data, and the way in which we use it to provide our services and manage business operations.
What sort of personal data do we collect
When you contact us or we contact you regarding our products, we may collect, for example, your name, invoice address, delivery address, contact details, and a description of the products you are interested in. Payment details may also be required, but these are not retained after payment has been processed.
What lawful basis we rely on for processing your personal data
The GDPR regulations require us to select an appropriate lawful basis for processing personal data. These include:
Consent: For example, we may collect and process your personal data with your consent to enable us to send relevant marketing material to you.
Contract: Where you have asked for a quote or placed an order for our products and services, we will collect your personal data to process your request and to send the order to you.
Legal obligation: In certain circumstances, we have a statutory obligation to process your personal data. For example, where we need to retain details of our trade to comply with VAT regulations.
Legitimate interest: We may process your personal data to pursue our legitimate interests in the running of our business but only in ways that you would reasonably expect, and after considering and protecting your interests, rights, and freedoms.
When do we collect personal data
We may collect personal data:
How do we store and protect your data
We are committed to ensuring that your information is secure, accurate and relevant.
We hold personal data in paper files and electronic records.
To prevent unauthorised access or disclosure, we have implemented suitable physical, electronic, and managerial procedures to safeguard and secure personal data we hold.
Measures will include:
How long will we keep your data for
Personal data will be stored and kept for as long as needed to carry out the purposes described in this notice or as otherwise required by law.
Personal data in relation to an order for our products may be retained for up to 7 years to ensure we meet our legal obligations to keep sufficient documentary evidence of our trade. Personal data will then be securely deleted or destroyed at regular intervals beyond this time.
Personal data for marketing purposes will be kept for as long as you have consented to the use of that data for that purpose.
Who do we share your personal data with
We take care to allow access to personal data only to those who require such access to perform their tasks and duties, and to third parties who have a legitimate purpose for accessing it. Your personal data will be shared with the following third parties:
What are your rights
You have a right to:
If you need further information, please contact us at firstname.lastname@example.org or write to:
Data Protection Representative
Henleys Medical Supplies Ltd
Welwyn Garden City