Introduction

Bio-Lec Mobility is aware of its obligations under the Data Protection Act (DPA) and the General Data Protection Regulation (GDPR) and is committed to processing your data securely and transparently. This privacy policy sets out the types of data that we hold on you

This policy applies where we are acting either the data controller or the data processor with respect to the personal data of service users.

Data protection principles

In relation to your personal data, we will:

  • process it fairly, lawfully and in a clear, transparent way
  • collect your data only for reasons that we find proper for delivery of the services you require
  • only use it in the way that we have told you about
  • ensure it is correct and up to date
  • keep your data for only as long as we need it
  • process it in a way that ensures it will not be used for anything that you are not aware of or have consented to (as appropriate), lost or destroyed

Types of data we process and why we process them – Collect

Bio-Lec Mobility will only collect and process the necessary information required to perform the services above. Typically that includes the information in the table below:

  • First and last name
    Required to deliver the product or service
  • Health related information
    This is typically where VAT relief is being sought and is used only to substantiate this.
    This information will also be processed where you’ve requested a Clinical assessment
  • Addresses
    Required to deliver, maintain, collect equipment and to identify where an item is in the event of a Medical Device Alert (MDA).
    This also includes billing addresses
  • Email address
    Where recorded required for communication
  • Telephone numbers
    Required to contact regarding the order
  • Order history data
    Required for some marketing and to facilitate MDA alerts
  • Payment data
    This is processed through iframes using Braintree/PayPal information and is not stored by Bio-Lec Mobility
  • Live chat data
    Used in order to answer your query

Sharing your data

Your data will be shared within Bio-Lec Mobility where it is necessary to fulfil the services requested. It will also be necessary to share your information with other services that are involved in the delivery of products and services that you have requested. These include:

  1. Couriers – Whistl and DPD see privacy links below:
  2. Installation, Modification and service and maintenance providers – where you’ve requested an install or referral – Eastern Adaptations and Healthcare Distribution Direct (HDD)
  3. Trust Pilot reviews – to obtain customer reviews

In addition to the above, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.

Protecting your data

We are aware of the requirement to ensure your data is protected against accidental loss or disclosure, destruction and abuse. We have implemented an Information Security Management System in order to provide assurances to our customers and employees alike.

Where we share your data with third parties, we provide clear instructions to them to ensure that your data are held securely and in line with GDPR requirements. Third parties must implement appropriate technical and organisational measures to ensure the security of your data.

Encryption

All information you key on the website is encrypted using Transport Layer Security (versions 1.2 and 1.3) to ensure that data is protected in transit.

How long we keep your data for

In line with data protection principles, we only keep your data for as long as we need it for, which will be the length of time we are required to hold the data by law (usually owing to tax).

Automated decision making

No decision will be made about you solely on the basis of automated decision making (where a decision is taken about you using an electronic system without human involvement) which has a significant impact on you.

Your rights in relation to your data

The law on data protection gives you certain rights in relation to the data we hold on you. These are:

  • the right to be informed. This means that we must tell you how we use your data, and this is the purpose of this privacy notice
  • the right of access. You have the right to access the data that we hold on you. To do so, you should make a subject access request. Please be as specific as you can regarding the information you require.
  • the right for any inaccuracies to be corrected. If any data that we hold about you is incomplete or inaccurate, you are able to require us to correct it
  • the right to have information deleted. If you would like us to stop processing your data, you have the right to ask us to delete it from our systems where you believe there is no reason for us to continue processing it
  • the right to restrict the processing of the data. For example, if you believe the data we hold is incorrect, we will stop processing the data (whilst still holding it) until we have ensured that the data is correct
  • the right to portability. You may transfer the data that we hold on you for your own purposes
  • the right to object to the inclusion of any information. You have the right to object to the way we use your data where we are using it for our legitimate interests
  • the right to regulate any automated decision-making and profiling of personal data. You have a right not to be subject to automated decision making in way that adversely affects your legal rights

Typically, consent is not the lawful basis under which we will be processing your data but where it has been necessary for you to provide consent (usually marketing and some cookies), you have the unrestricted right to withdraw that consent at any time. Withdrawing your consent means that we will stop processing the data that you had previously given us consent to use. There will be no consequences for withdrawing your consent.

We might use your information where there’s a legitimate reason to do so, such as where it would help to facilitate a benefit to you or achieve our business objective.

If we use Legitimate Interests to process any data a legitimate interest balancing test (using the ICO’s template) will be documented.

We rely on legitimate interests to:

Personalise your experience and provide you with support

We sometimes make assumptions about your preferences based on the way you interact with our products and services and the information we hold about you. Knowing these allows us to understand the products, content and services our customers like, letting us focus our efforts on developing those areas. We may also use this information to make decisions about what direct marketing to show you. We may also provide you with help and support where we believe it is required. For example, if you have provided your contact information, we may contact you when a checkout journey is not completed.

To send product related and services communications

For certain types of marketing communications, we do not require your consent and we instead rely on our legitimate interest. This is the case for example where we send you communications about products or services that we provide to you. You can opt out of these communications either by visiting your preference centre if you have an account or in the communication itself.

Conduct market research

We may use the information we hold on you about your engagement with our products and services, to understand how our products are used and make improvements or develop other products and services our audiences may like. We may to contact you about your experience of a product or service we provide you

We may send you service-related messages, which are about the service we provide. We do not require your consent for these, and you are not able to opt out.

Cookies

When you visit any website, it may store or retrieve information on your browser, which is mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information doesn’t usually identify you directly, but it can give you a more personalised web experience.

Making a complaint

The supervisory authority in the UK for data protection matters is the Information Commissioner (ICO). If you think your data protection rights have been breached in any way by us, you should contact the Data Protection Officer. Should you be unsatisfied with the response you are able to make a complaint to the ICO.