Published 24th July 2019
The policy sets out details of how Polyco Healthline Limited ("we") (as data controller) will collect, process, store, protect and use your personal data, why we use it, with whom we share it and the rights to which you may be entitled. We respect your privacy and value the trust you place in us when you share your personal data with us. We take a proactive approach to user privacy and ensure the necessary steps are taken to protect the privacy of your personal data.
This policy covers our use of your personal data arising from your use of this website as well as when you register on our site to receive information from us or buy and use our products and services.
The data controller of this website is Polyco Healthline, South Fen Road, Bourne, Lincolnshire, PE10 0DN. Our company number is 09943100.
You can also contact us by emailing firstname.lastname@example.org.
This policy also covers the trading subsidiaries of Polyco Healthline being:
BM Polyco Ltd.
HPC Healthline UK Ltd.
Brosch Direct Ltd.
We are committed to protecting your privacy. Authorised employees within the company use any information collected from you on a need to know basis only. We constantly review our systems and data to ensure the best possible service to our customers. We will, at all times, endeavour to collect and process your personal information in accordance with the Data Protection Act 2018 (the UK implementation of the European General Data Protection Regulation (GDPR)) and the Privacy and Electronic Communications (EC Directive) Regulations 2003 and other applicable data protection.
Personal data and its uses
What we collect and how we use it:
When referring to “personal data”, we mean information we collect from you, from which you may be personally identified. The circumstances where we collect this information from you will include:
- Fulfilling a contract/order
We may use personal data you submit to us when ordering goods or services from us for the purpose of fulfilling that order, and it may be necessary for us to share such data with third parties such as the card payment services provider or carrier of goods. Under certain circumstances, we may use an external credit reference agency to provide information on your credit scoring or credit rating. This will provide an automated decision on your eligibility for credit when it is necessary in order to process your order.
- Answering your queries
Where you send us personal data in the context of asking us a question or query (for example, about the company, or its products or services or their quality or availability), we shall use the data you provide in order to respond to your question. In some cases, it may be necessary to share your details with other members of the Polyco Healthline group, or with other third-party data processors.
- Entering a promotion
We may use personal data submitted in an entry form for a promotion for the purpose of administering the promotion in accordance with its stated rules. Such rules may require the publication of abbreviated winners’ identity details and may require winners to participate in future publicity. The promotion may be administered by third party agencies on our behalf, who may have access to the data you submit.
- Direct marketing
Where you give consent to receive such material, we will from time to time send you information and/or offers about our goods and/or services which we believe may be of interest to you. At any time, however, you may unsubscribe from (“opt out” of) such future contact.
If you have given your consent for us to contact you, we may send you a newsletter to keep you informed of new products, services or charges within the company we consider will be relevant to you.
The data collected may include in the fulfilment of an order or other interactions:
- Your name, address, telephone number (including mobile number);
- Your payment information (including the amount, your bank account details and method of payment);
- Your email address;
- Your job title;
- Your company name;
- Goods purchased;
- Date of transaction;
- Your IP address (see below)
In addition to the use of the personal data in the circumstances in which it is collected we may also use some, or all, of the information above for the following purposes:
- Management and administration of services;
- Onboarding as a client;
- Developing new goods/services;
- Personalising offers
- Preventing fraud
- Statistical analysis and research
- Monitoring website use
In addition, we use IP addresses to analyse trends, administer the site, track user’s movement, and gather broad demographic information for aggregate use. Additionally, for systems administration, detecting usage patterns and troubleshooting purposes, our web servers automatically log standard access information including browser type, access times/open mail, URL requested, and referral URL. This information is not shared with third parties and is used only within this Company on a need-to-know basis.
Any individually identifiable information related to this data will never be used in any way different to that stated above without your explicit permission.
Confidentiality and Sharing of information
Your data is regarded as confidential and therefore will only be shared between Polyco Healthline and it’s group companies on a need to know basis. It will not be divulged to any third party other than:
- As specifically set out above;
- with our third-party contractors and/or service providers in connection with the provision of the website/goods/services;
- if we are required to do so under any regulatory code or practice we follow or if we are asked by any public or regulatory authorities;
- in connection with a legal claim, as required in connection with that claim;
- if we're discussing selling or transferring part or all of our business – the information may be transferred to prospective purchasers under suitable terms of confidentiality.
We will not sell or rent your personal information to any third party. Any emails we send will only be in connection with the provision of agreed services and products or to share relevant information you have subscribed to.
We will not collect any personal data from your visits to our site unless you provide this information voluntarily. In any event, you have the right to withdraw your permission for us to hold or use the data listed above and have the right to rectify any information we hold on you.
In all cases the servers where your personal data is stored and processed are located in the European Economic Area.
Under some circumstances we may be required to disclose or share your information without your consent, for example if we are required to by the police, the courts or for other legal reasons.
Your data will only be held by us for as long as it is legally required, in accordance with the Data Protection Act 2018 and our Data Retention Policy.
Legal Basis for processing
The legal bases under which we process your data are:
- Legitimate interest
Where our processing in accordance with such legitimate interests is necessary and such interests are not overridden by the interests or fundamental rights of the data subject. In this case, we will use your information to understand how you use our services/site, understanding or responding to your feedback, researching or analyzing our goods and services to improve them or products received from other entities in the group, personalizing offers and maintaining public presence through traditional or social media.
in connection with the processing of your personal data for direct marketing purposes or to provide you with information on the goods or services you have purchased from us, where you have given us permission to do so. This is also subject to the Privacy and Electronic Communications Regulations (PECR), to which we also adhere. Where consent is used as the basis of processing you have the right to withdraw your consent at any time.
Where the processing of your personal data is necessary for the performance of a contract in order to supply you with the goods or services you have ordered.
To the extent that the provision of your personal information is a statutory or contractual requirement or a requirement necessary to enter into a contract if the information is not provided we cannot agree to provide the product or service to you.
We have listed below the rights you have over your information and how you can use them below. These rights are subject to restrictions in the European General Data Protection Regulations and, subject to the exemptions, may only apply to certain types of information or processing.
- Withdrawal of consent: you can remove your consent, where you have provided it, at any time.
- Access: you may have the right to request confirmation that we are processing your information and, if we are, to request a copy.
- Correction: you may have the right to request that we rectify inaccurate personal information about you.
- Restriction: you may have the right to request that we do not use the personal information you have provided (e.g. if you believe it to be inaccurate).
- Portability: you may have the right to ask us to help you move your information to other companies.
- Automated Decision Making: you may have the right object to decisions being taken by automated means.
- Erasure: you may have the right to request that we erase personal data about you.
You also have the right to complain to the relevant supervisory authority. If you wish to raise a complaint in the UK about the way we handle your data, you should contact the Information Commissioners Office. Details on how to contact them are available at https://ico.org.uk.
To make a request to exercise your individual rights contact: email@example.com.
Changes to the Policy
We may change this policy from time to time. In this event, we will provide information on our website that it has changed (via banner or pop-up) and may also email you.