Call us on 01707 385 226

Company Privacy Notice

Henleys Medical Supplies Ltd


Henleys Medical Supplies Ltd (“we” or “us”) is committed to data protection and data privacy. With the General Data Protection Regulation (GDPR) becoming enforceable from 25 May 2018, we have undertaken a GDPR readiness programme to review our entire business, the way we handle data, and the way in which we use it to provide our services and manage business operations.

What sort of personal data do we collect

When you contact us or we contact you regarding our products, we may collect, for example, your name, invoice address, delivery address, contact details, and a description of the products you are interested in. Payment details may also be required, but these are not retained after payment has been processed.

What lawful basis we rely on for processing your personal data  

The GDPR regulations require us to select an appropriate lawful basis for processing personal data. These include:

Consent: For example, we may collect and process your personal data with your consent to enable us to send relevant marketing material to you.

Contract: Where you have asked for a quote or placed an order for our products and services, we will collect your personal data to process your request and to send the order to you.

Legal obligation: In certain circumstances, we have a statutory obligation to process your personal data. For example, where we need to retain details of our trade to comply with VAT regulations.

Legitimate interest: We may process your personal data to pursue our legitimate interests in the running of our business but only in ways that you would reasonably expect, and after considering and protecting your interests, rights, and freedoms.

When do we collect personal data

We may collect personal data:

  1. When you contact us to order our products or request a quote e.g. via email, sending an order in the post, or by telephone
  2. When we contact you for marketing purposes
  3. When you engage with us on social media
  4. When you contact us with a query or complaint
  5. When we contact you, as a supplier, to provide goods and services

How do we store and protect your data

We are committed to ensuring that your information is secure, accurate and relevant.

We hold personal data in paper files and electronic records.

To prevent unauthorised access or disclosure, we have implemented suitable physical, electronic, and managerial procedures to safeguard and secure personal data we hold.

Measures will include:

  • Security cabinets for paper files
  • Password access to computers and to electronic data files
  • Password access to building and IT servers
  • Encrypted secure offsite backup technology
  • Contracts with third parties that process our data to ensure that security and confidentiality of personal data is maintained and they only process that data which has been specifically agreed between us
  • Security alarms and security services.

How long will we keep your data for

Personal data will be stored and kept for as long as needed to carry out the purposes described in this notice or as otherwise required by law.

Personal data in relation to an order for our products may be retained for up to 7 years to ensure we meet our legal obligations to keep sufficient documentary evidence of our trade. Personal data will then be securely deleted or destroyed at regular intervals beyond this time.

Personal data for marketing purposes will be kept for as long as you have consented to the use of that data for that purpose.

Who do we share your personal data with

We take care to allow access to personal data only to those who require such access to perform their tasks and duties, and to third parties who have a legitimate purpose for accessing it. Your personal data will be shared with the following third parties:

  1. Delivery couriers and carriers
  2. Our support services including accountants and IT services
  3. Law enforcement agencies such as the police or other regulatory body.

What are your rights

You have a right to:

  1. Access
  2. Correction if personal data is inaccurate or incomplete
  3. Erasure if there is no justifiable reason for continued processing
  4. Data portability – obtaining and reusing personal data for your own purposes by moving, copying, or transferring data from our IT environment to another in a safe and secure way
  5. Object – individuals have a right to object to the processing of their personal data in certain circumstances, for example, where we use your data for direct marketing purposes. If you object to us processing your personal data, we will stop unless there are legitimate reasons for processing which override your interests, rights, and freedoms
  6. Complain – you may contact the Information Commissioner’s Office if you wish to complain about the way in which we handle your personal data. Their contact details are available at

If you need further information, please contact us at or write to:

Data Protection Representative
Henleys Medical Supplies Ltd
Welwyn Garden City

We use cookies to ensure that we give you the best experience on our website.