Privacy and Cookies Policy
Clinisupplies and data privacy
Clinisupplies Limited (which also trades under the name Clinidirect) and its affiliates ("we" or "us" or "our") is committed to protecting and respecting your privacy at all times in accordance with the Data Protection Act 2018.
We are registered with the Information Commissioners Office (the ICO) under registration number Z7614794
- a visitor to our websites:
- a visitor to our premises (Qualitas House, 100 Elmgrove Road, Harrow, Middlesex HA1 2RW);
- one of our customers or other persons receiving any of the healthcare-related services we provide;
- one of our business partners; or
- a contact at one of our suppliers.
- Information that you give us:
This is information that you give to us by:
- filling in forms on our websites (or other forms that we ask you to complete);
- using our mobile apps;
- giving us a business card (or similar);
- while corresponding with us by telephone, post, email or fax.
It may include, for example, your name, address, date of birth, NHS number; email address and telephone number; information about your health and medical history; payment details (including credit or debit card details); information about your business relationship with us; information about your professional role, background and interests; responses to surveys; and information relating to your interests and marketing materials you want to receive.
- Information that someone acting on your behalf gives to us (for example, where you are the recipient of any of our healthcare-related services, information received from the relevant nurse, clinician, surgery, carer or care home).
It may include, for example, your name, address, date of birth, email address and telephone number; information about your health and medical history; information about your prescription status; information about your GP; and payment details (including credit or debit card details).
- Information that our websites and other systems collect about you:
- If you visit our websites they will automatically connect some information about you and your visit, including the Internet protocol (IP) address used to connect your device to the Internet and some other information such as your browser type and version and the pages on the sites that you visit.
- If you exchange emails, telephone conversations or other electronic communications with our employees and other staff members, our information technology systems will record details of those conversations, sometimes including their content.
- Some of our premises have Closed Circuit TV systems which may record you if you visit our premises, for security and safety purposes.
- Other information
We may also collect some information from other sources. For example:
- If we have a business relationship with the organisation that you represent, your colleagues or other business contacts may give us information about you such as your contact details or details of your role in the relationship.
- We sometimes collect information from third party data providers or publicly available sources for anti-money-laundering, background checking and similar purposes, and to protect our business and comply with our legal and regulatory obligations.
- If you are a health professional working for the NHS, we sometimes collect basic contact details from third party data providers or publicly available sources in order to contact you to tell you about our products and services.
We may collect personal data of children for home delivery prescription services only. Where we do collect children’s personal data we will treat this very carefully to ensure the safety of their information at all times. If you have any questions or concerns please contact us at our details below.
Clinisupplies takes security very seriously. We have certifications with Cyber Essentials and Payment Card Security (PCI-DSS) which we review annually. Copies of our certifications are available if requested.
- to provide and deliver our products and our services;
- to operate, manage, develop and promote our business; and, in particular, our relationship with you and/or the organisation you represent (if any) and any related transactions;
- with your consent, to send you emails and other communication containing marketing information which we believe you will find relevant and interesting;
- to operate, administer and improve our websites and premises;
- to protect the security of our premises;
- to protect our business from fraud, money-laundering, breaches of confidence, theft of proprietary materials and other financial or business crimes; and
- to comply with our legal and regulatory obligations, and bring and defend legal claims.
We may from time to time review information about you held in our systems – including the contents of, and other information related to, your email and other communications with us – for compliance and business-protection purposes as described above. This may include reviews for the purposes of review and disclosure of information relevant to:
- internal or external regulatory investigations; and/or
- criminal investigations.
To the extent permitted by applicable law, these reviews will be conducted in a reasonable and proportionate way and approved at an appropriate level of management. They may ultimately involve disclosure of your information to governmental agencies and litigation counterparties as described below. Your emails and other communications may also occasionally be accessed by persons other than the member of staff with whom they are exchanged for ordinary business management purposes (for example, where necessary when a staff member is out of the office or has left the organisation’s employment).
What legal basis do we rely on for processing?
We will only collect and process your personal information as is necessary for us to carry out the business and compliance purposes described above, and only where we have concluded that our processing does not prejudice you or your privacy in a way that would override our legitimate interest. Where we require your consent in order to collect and process your personal information (or we are relying on another basis for processing which is not a legitimate interest), we will let you know and only process your personal information to the extent for which you have given us permission. If you do not give us consent there are no implications to you, however we may not be able to carry out the task(s) for why your personal information is needed.
If you are uncertain as to our need for any information that we request from you, or you have concerns relating to the basis for processing we are relying on, please contact the representative asking for the information, or contact us (see below), with your query.
Disclosure and international transfer of your information
We may disclose personal information about you, where reasonably necessary for the various purposes set out above:
- to the relevant business partner or healthcare professional who has referred us to you;
- where applicable, to pharmacies, doctors’ surgeries, or other similar third parties to the extent such disclosure is necessary for us to provide our services or deliver our products to you;
- to service providers who host our websites or other information technology systems, or otherwise hold or process your information on our behalf under strict conditions of confidentiality and security;
- to the other members of the Clinisupplies group of companies;
- where you are a business contact, to your colleagues within the organisation that you represent;
- to a person who takes over our business and assets, or relevant parts of them; or
- to our professional advisers;
- in exceptional circumstances:
- to competent regulatory, prosecuting and other governmental agencies, or litigation counterparties, in any country or territory; or
- where we are required by law to disclose.
These disclosures may involve transferring your personal information overseas. If you are dealing with us within the European Economic Area (or the UK, after it has left the European Economic Area), you should be aware that this may include transfers to countries outside the European Economic Area / UK (including India), which do not have strict or moderate data privacy laws. In those cases, where we transfer personal data to other members of our group or our service providers, we will ensure that our arrangements with them are governed by EU Commssion approved data transfer agreements, designed to ensure that your personal information is protected. Please contact us (see below) if you would like to know whether any such agreements are in place or, if so, to see a copy.
Retention and deletion of your information
We will delete the information that we hold about you when we no longer need it. Specific information about our record retention policies is available on request. Please contact us (see below).
Note that, where applicable, we may retain some limited information about you even when we know that you have left the organisation that you represent, so that we can maintain a continuous relationship with you if choose to represent a different organisation.
You may have a right of access to the personal information that we hold about you, and to some related information, under data protection law. You can also require any inaccurate personal information to be corrected or deleted. You can object to our use of your personal information for direct marketing purposes at any time and you may have the right to object to our processing of some or all of your personal information (and require them to be deleted) in some other circumstances.
If you wish to exercise any of these rights, please contact us as set out below. You can also lodge a complaint about our processing of your personal information with the UK data protection supervisory authority, the Information Commissioners Office (the ICO) (www.ico.org.uk).
Changes to this policy
and also available if you contact us. Please check back frequently to see any changes.
Revision date: 11/11/19