GDPR privacy policy
Privacy Notice - General users and clients
Medipex Ltd (ICO Registration number: Z8591542) takes your privacy very seriously. This Privacy Notice is intended to set out your rights and answer any queries you may have about your personal data. If you need more information, please contact:
enquiries@medipex.co.uk
If you have entered into a contract with one of our subsidiaries or group companies, the controller of your data will be Medipex Ltd.
Our personal information handling policy and procedures have been developed in line with the requirements of the 1995 European Union Data Protection Directive (Directive 95/46/EC) and the General Data Protection Regulation (in force from 25 May 2018) and applicable national law.
1. What information do we collect?
We collect and process personal data about you when you interact with us or when you purchase services from us. The personal data we process includes:
-
your name;
-
your work address, email address and/or phone number;
-
your job title;
-
your payment and delivery details, including billing and delivery addresses;
-
information related to the browser or device you use to access our website;
-
internet browser and operating system;
-
and/or any other information you provide
2. How do we use this information and what is the legal basis for this use?
We process the personal data listed in paragraph 1 above for the following purposes:
as required to establish and fulfil a contract with you, for example, if you make a purchase from us or enter into an agreement to provide or receive services. This may include verifying your identity, taking payments, communicating with you, providing customer services and arranging the delivery or other provision of services. We require this information in order to enter into a contract with you and are unable to do so without it;
to comply with applicable law and regulation;
in accordance with our legitimate interests in protecting Medipex’s legitimate business interests and legal rights, including but not limited to, use in connection with legal claims, compliance, regulatory and investigative purposes (including disclosure of such information in connection with legal process or litigation);
with your express consent to respond to any comments or complaints we may receive from you, and/or in accordance with our legitimate interests including to investigate any complaints received from you or from others, about our website or our products or services;
we may use information you provide to personalise (i) our communications to you; (ii) our website; and (iii) products or services for you, in accordance with our legitimate interests;
to monitor use of our websites and online services. We may use your information to help us check, improve and protect our products, content, services and websites, both online and offline, in accordance with our legitimate interests;
if you provide a credit or debit card, we may also use third parties (such as online payment providers) to check the validity of the sort code, account number and card number you submit in order to prevent fraud, in accordance with our legitimate interests and those of third parties;
we may monitor any customer account to prevent, investigate and/or report fraud, terrorism, misrepresentation, security incidents or crime, in accordance with applicable law and our legitimate interests;
We may use your information to invite you to take part in market research or surveys;
We may also send you direct marketing in relation to relevant products and services. Electronic direct marketing will only be sent where you have given your consent to receive it, or (where this is allowed) you have been given an opportunity to opt-out. You will continue to be able to opt-out of electronic direct marketing at any time by following the instructions in the relevant communication.
3. With whom and where will we share your personal data?
We may share your personal data with our subsidiaries to process it for the purposes of intra-group administration and to deliver services where elements of these are provided by group companies other than those with which you have directly contracted.
We may also share your personal data with the below third parties:
our professional advisors such as our auditors and external legal and financial advisors;
marketing and communications agencies where they have agreed to process your personal data in line with this Privacy Notice;
market research companies;
our suppliers, business partners and sub-contractors; and/or
search engine and web analytics.
Personal data may be shared with government authorities and/or law enforcement officials if required for the purposes above, if mandated by law or if needed for the legal protection of our legitimate interests in compliance with applicable laws. Personal data may also be shared with third party service providers who will process it on behalf of Medipex for the purposes above.
In the event that our business or any part of it is sold or integrated with another business, your details will be disclosed to our advisers and those of any prospective purchaser and will be passed to the new owners of the business.
4. How long will you keep my personal data?
We will not keep your personal information for any purpose for longer than is necessary and will only retain the personal information that is necessary in relation to the purpose. We are also required to retain certain information as required by law or for as long as is reasonably necessary to meet regulatory requirements, resolve disputes, prevent fraud and abuse, or enforce our terms and conditions.
Where you are a customer, we will keep your information for the length of any contractual relationship you have with us and after that for a period of 12 months
Where you are a prospective customer and you have expressly consented to us contacting you, we will only retain your data (a) until you unsubscribe from our communications; or, if you have not unsubscribed, (b) while you interact with us and our content; or (c) for 12 months from when you last interacted with us or our content.
In the case of any contact you may have with our customer services team, we will retain those details for as long as is necessary to resolve your query and for two weeks after the query is closed.
We will retain your data for a short time beyond the specified retention period, to allow for information to be reviewed and any deletion to take place. In some instances, laws may require Medipex to hold certain information for specific periods other than those listed above.
5. Where is my data stored?
The personal data that we collect from you may be transferred to, and stored outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers, in which case the third country's data protection laws will have been approved as adequate by the European Commission or other applicable safeguards are in place.
6. What are my rights in relation to my personal data?
You have the right to ask us not to process your personal data for marketing purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data, clicking the unsubscribe button on any communication we have sent to you or by contacting us.
Where you have consented to us using your personal data, you can withdraw that consent at any time.
If the information we hold about you is inaccurate or incomplete, you can notify us and ask us to correct or supplement it.
You also have the right, with some exceptions and qualifications, to ask us to provide a copy of any personal data we hold about you.
Where you have provided your data to us and it is processed by automated means, you may be able to request that we provide it to you in a structured, machine readable format.
If you have a complaint about how we have handled your personal data, you may be able to ask us to restrict how we use your personal data while your complaint is resolved. In some circumstances you can ask us to erase your personal data (a) by withdrawing your consent for us to use it; (b) if it is no longer necessary for us to use your personal data; (c) if you object to the use of your personal data and we do not have a good reason to continue to use it; or (d) if we have not handled your personal data in accordance with our obligations.
7. Where can I find more information about Medipex’s handling of my data?
Should you have any queries regarding this Privacy Notice, about Medipex’s processing of your personal data or wish to exercise your rights you can contact Medipex using this email address: enquiries@medipex.co.uk. If you are not happy with our response, you can contact the Information Commissioner's Office: https://ico.org.uk/
Privacy notice for job applicants
Medipex Ltd (ICO Registration number: Z8591542) takes your privacy very seriously. This Privacy Notice is intended to set out your rights and answer any queries you may have about how Medipex collects and uses your personal data. If you need more information, please contact: enquiries@medipex.co.uk
Unless we inform you otherwise during the recruitment process, Medipex Ltd will be your data controller and will be the company to which you provide your consent for the processing of your personal data.
Our personal information handling policy and procedures have been developed in line with the requirements of the 1995 European Union Data Protection Directive (Directive 95/46/EC) and the General Data Protection Regulation (in force from 25 May 2018) and applicable national law.
1. What information do we collect and process?
We collect and process personal data about you when you apply for a job with us.
The personal data we process includes:
your name, home address, email address and/or phone numbers;
your date of birth, marital status, nationality and National Insurance number (where you provide this to us);
your educational and employment history;
other information contained within your CV or other documents or information you submit to us;
information from the selection process, if any;
references and assessments relating to your work for previous employers;
medical and financial information (where you provide this to us);
information to confirm your identity and right to work, such as a copy of your passport;
details of any unspent criminal convictions; and
information relating to your feedback on our organisation.
With your specific consent, information relating to your ethnicity, gender, nationality, disability, religion, sexual orientation and other diversity-related information.
2. What is the source of this information?
We obtain this information directly from you, our personnel, through our systems and equipment, as well as from third parties such as recruitment agencies, background-checking companies or former employers. We may also obtain it from your public profiles available online.
3. How do we use this information and what is the legal basis for this use?
We process the personal data listed in paragraph 1 above for the following purposes only in accordance with our legitimate interests:
- to enable us to comply with our legal and regulatory obligations;
- to make recruitment decisions;
- to prevent and detect fraud and other wrongdoing;
- to establish, exercise or defend our legal rights; and
- to manage risk
4. With whom and where will we share your personal data?
We may share your personal data for the purposes of intra-group administration. We may also share your personal data with our professional advisors such as our auditors and external legal and financial advisors.
Personal data may be shared with government authorities and/or law enforcement officials if mandated by law or if needed for the legal protection of our legitimate interests in compliance with applicable laws. Personal data may also be shared with third party service providers who will process it on behalf of Medipex for the purposes above. In the event that any part of our business is sold or integrated with another business, your details may be disclosed to our advisors and those of any prospective purchaser and would be passed to the new owners of the business.
5. How long will you keep my personal data?
We will not keep your personal information for longer than is necessary and will only retain the personal information that is necessary to fulfil the purpose. We are also required to retain certain information by law or if it is reasonably necessary to meet regulatory requirements, resolve disputes, prevent fraud and abuse, or enforce our terms and conditions.
We will keep the personal data connected to your job application (including any interview records) for 6 months from the date of their creation by Medipex or receipt from you. If your application is successful and you become a member of staff we will provide you with a copy of the Staff Privacy Notice. The retention periods referred to therein will apply to your personal data during your employment.
6. Where is my data stored?
The personal data that we collect from you may be transferred to, and stored outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers, in which case the other country's data protection laws will have been approved as adequate by the European Commission or other applicable safeguards are in place. Further information may be obtained from our Privacy Team.
7. What are my rights in relation to my personal data?
Where you have consented to us using your personal data, you can withdraw that consent at any time.
If the information we hold about you is inaccurate or incomplete, you can notify us and ask us to correct or supplement it.
You also have the right, with some exceptions, to ask us to provide a copy of any personal data we hold about you.
Where you have provided your data to us and it is processed by automated means, you may be able to request that we provide it to you in a structured, machine readable format.
If you have a complaint about how we have handled your personal data, you may be able to ask us to restrict how we use your personal data while your complaint is resolved. In some circumstances you can ask us to erase your personal data (a) by withdrawing your consent for us to use it; (b) if it is no longer necessary for us to use your personal data; (c) you object to the use of your personal data and we do not have a good reason to continue to use it; or (d) we have not handled your personal data in accordance with our obligations.
8. Where can I find more information about Medipex’s handling of my data?
Should you have any queries regarding this Privacy Notice, about Medipex’s processing of your personal data or wish to exercise your rights you can contact Medipex using this email address: enquiries@medipex.co.uk. If you are not happy with our response, you can contact the Information Commissioner's Office: https://ico.org.uk/
Privacy notice for board members
Medipex Ltd (ICO Registration number: Z8591542) takes your privacy very seriously. This Privacy Notice is intended to set out your rights and answer any queries you may have about how Medipex collects and uses your personal data. If you need more information, please contact: Ann Starkey, Company Secretary: apstarkey9@gmail.com.
1. What information do we collect and process?
We collect and process personal data about you when you are appointed as a Non-Executive Director of Medipex. The personal data we process includes:
- your name, home address, email address and/or phone numbers;
- your date of birth,
- information regarding other roles you have in other organisations
2. What is the source of this information?
We obtain this information directly from you. We may also obtain it from your public profiles available online.
3. How do we use this information and what is the legal basis for this use?
We process the personal data listed in paragraph 1 above for the following purposes only in accordance with our legitimate interests:
- to enable us to comply with our legal and regulatory obligations;
- to prevent and detect fraud and other wrongdoing;
- to establish, exercise or defend our legal rights; and
- to manage risk
4. With whom and where will we share your personal data?
We may share your personal data for the purposes of intra-group administration. We may also share your personal data with our professional advisors such as our auditors and external legal and financial advisors. Personal data may be shared with government authorities and/or law enforcement officials if mandated by law or if needed for the legal protection of our legitimate interests in compliance with applicable laws. Personal data may also be shared with third party service providers who will process it on behalf of Medipex for the purposes above. In the event that any part of our business is sold or integrated with another business, your details may be disclosed to our advisors and those of any prospective purchaser and would be passed to the new owners of the business.
5. How long will you keep my personal data?
We will not keep your personal information for longer than is necessary and will only retain the personal information that is necessary to fulfil the purpose. We are also required to retain certain information by law or if it is reasonably necessary to meet regulatory requirements, resolve disputes, prevent fraud and abuse, or enforce our terms and conditions. We will keep the personal data connected to your role as a Non-Executive Director of Medipex until such time as you resign from the Medipex Board and your resignation is recorded at Companies House.
6. Where is my data stored?
The personal data that we collect from you may is stored in electronic form and some in paper form, both in locked files at Medipex, the only time it is on a computer is when it is updated annually or when it is and some is also stored at Companies House. It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers, in which case the other country's data protection laws will have been approved as adequate by the European Commission or other applicable safeguards are in place. Further information may be obtained from our Privacy Team.
7. What are my rights in relation to my personal data?
Where you have consented to us using your personal data, you can withdraw that consent at any time. If the information we hold about you is inaccurate or incomplete, you can notify us and ask us to correct or supplement it. You also have the right, with some exceptions, to ask us to provide a copy of any personal data we hold about you. Where you have provided your data to us and it is processed by automated means, you may be able to request that we provide it to you in a structured, machine readable format.
If you have a complaint about how we have handled your personal data, you may be able to ask us to restrict how we use your personal data while your complaint is resolved. In some circumstances you can ask us to erase your personal data (a) by withdrawing your consent for us to use it; (b) if it is no longer necessary for us to use your personal data; (c) you object to the use of your personal data and we do not have a good reason to continue to use it; or (d) we have not handled your personal data in accordance with our obligations.
8. Where can I find more information about Medipex’s handling of my data?
Should you have any queries regarding this Privacy Notice, about Medipex’s processing of your personal data or wish to exercise your rights you can contact Ann Starkey, Company Secretary,using this email address: apstarkey9@gmail.com. If you are not happy with our response, you can contact the Information Commissioner's Office: https://ico.org.uk/.
Issue Date: August 2023