Privacy policy

When you contact BresMed or visit our website, you trust us with your personal information. This Privacy Policy explains what information we collect, why we collect it, what we do with it and your choices and rights with regard to your information.

About this privacy policy

This privacy policy explains how we (BresMed) collect, use, share and transfer your personal data when you use the services provided on bresmed.com (“our site”).

We think carefully about our use of personal data, and below you can find the details of what we do to protect your privacy. This policy covers, among other topics:

  • Information about your rights and our obligations
  • Clarity about our dealings with you and transparency about how we collect and use your personal data
  • Commitments on how we protect your personal data
  • Commitments on how we will facilitate your rights and respond to your questions.

It is important that you read this privacy policy together with any other privacy policy or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy policy supplements other notices and privacy policies and is not intended to override them.

Personal data is any information about you by which you can be identified. This can include information such as: your name, date of birth, email address, postal address, phone number, mobile number; debit card details; information about your device (such as the IP address, which is a numerical code to identify your device that can provide information about the country, region or city where you are based); and information relating to your personal circumstances and how you use our site and services.

Sometimes our site may contain links to third party sites and services. These sites and services have their own privacy policies. If you follow a link to a third party, you should read the privacy policy shown on their site.

Who we are and how to contact us

When you are using our website, BresMed Health Solutions Ltd is the data controller (referred to as “BresMed”, “we”, “us” or “our” in this Privacy Policy). Our registered office is Steel City House, West Street, Sheffield, S1 2GQ, United Kingdom.

This means that we are responsible for deciding how and why we hold and use your personal data. If you want to contact us, you can find our contact details in the ‘How to contact us for information on our use of your personal data’ section below.

When we refer to our website we mean our website at www.bresmed.com.

What personal data we collect and how

We may collect, use, store and transfer different kinds of personal information about you which we have grouped together as follows:

Identity data – name, username, marital status, title, photographs, date of birth and gender.

Contact data – billing address, delivery address, email address or telephone numbers, social media addresses.

Technical data – internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website.

Profile data – feedback and survey responses.

Usage data – information about how you use our website.

Marketing and communications data – your preferences in receiving marketing from us and your communication preferences.
If you are using our website to apply for a job with us, our Candidate Policy will apply.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

How we collect personal data

We may collect, store and transfer personal information about you from the following sources; data you give to us, data we collect when you use our services and data from third parties we work with.

Data you give to us:

  • when you use our services;
  • when you talk to us on the phone;
  • when you use our website;
  • when you email or send letters to us for any reason;
  • when you engage with us on social media, your social media username, if you interact with us through those channels;
  • if you take part in our competitions or promotions;
  • when you give us feedback, comments and service reviews;
  • when you book any kind of appointment with us; and
  • when you send us photographs and images of yourself.

 

Data we collect when you use our services:

Direct Interactions

You may give us your Identity data and Contact data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:

  • apply for our products or services;
  • create an account on our website;
  • subscribe to our services or publications;
  • request marketing to be sent to you; or
  • give us feedback or contact us.

 

Visitors to our website

When someone visits www.bresmed.com we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out information such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website. If we do want to collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it.

Cookies and similar technology

When you visit our site, we may collect personal data from you automatically using cookies or similar technology. A cookie is a small file that can be placed on your device that allows us to recognise and remember you. Please see our separate Cookie policy for more information.

Visitors to our offices

When you come to visit us at any of our office locations we have CCTV systems in operation for the security of clients and employees. These systems may record your image during your visit.

Posting comments on our social media accounts

When you post information on a BresMed social media feed or comment publicly on a post on one of our feeds, the information you post and your username are publicly accessible. This information can be viewed online and collected by other people. We are not responsible for the way other people use this information. When contributing to a discussion, we strongly recommend you avoid sharing any personal details, and especially information that can be used to identify you directly such as your name, age, address and the name of your employer. We are not responsible for the privacy of any identifiable information that you post on our social media accounts.

Data from third parties we work with:

  • Companies that introduce you to us
  • Social networks
  • Agents/agencies working on our behalf
  • Government and law enforcement agencies
  • Identity and contact data from publicly availably sources

 

How and why we use your personal data

We will only use your personal data where we have a legal ground to do so. We determine the legal grounds based on the purposes for which we have collected and used your personal data. In every case, the legal ground will be one of the following:

  • Where we need to perform the contract, we are about to enter into or have entered into with you (for example, where we have agreed to send you certain products or services, we’ll collect your address details to deliver materials to and we may pass them to our courier).
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests (for example, we will use your email address to send you information about our services that you have shown particular interest in).
  • Where we need to comply with a legal or regulatory obligation (for example, we pass on details of people involved in fraud or other criminal activity affecting us to law enforcement agencies).
  • Where we can collect and process your data with your consent (for example, when you tick a box to receive email newsletters).

 

Security of your personal data

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal information breach and will notify you and any applicable regulator (including the ICO) of a breach where we are legally required to do so.

Who we share your personal data with

We do not share your personal data with other people or organisations that are not directly linked to us except under the following circumstances:
We may share your data with other organisations that provide services on our behalf such as dealing with online payments and other forms of payment processing, ie credit card transactions and preventing fraud.

We may reveal your personal data to any law enforcement agency, court, regulator, government authority or other organisation if we are required to do so to meet a legal or regulatory obligation, or otherwise to protect our rights or the rights of anyone else.
We may reveal your personal data to any other organisation that buys, or to which we transfer all, or substantially all, of our assets and business. If this sale or transfer takes place, we will use reasonable efforts to try to make sure that the organisation we transfer your personal data to uses it in line with our privacy policy.

Any organisations which access your data in the course of providing services on our behalf will be governed by strict contractual restrictions to make sure that they protect your data and keep to all data privacy laws that apply. We may also independently audit these service providers to make sure that they meet our standards.

Some of our webpages may use social plug-ins from other organisations (such as the “Facebook Recommend” function, Twitter’s retweet function, Google+ function). These other organisations may receive and use personal data about your visit to our site. If you browse our site, information they collect may be connected to your account on their site. For more information on how these organisations use personal data, please read their privacy policies

International data transfers

Data we collect may be transferred to, stored and processed in any country or territory where one or more of our BresMed group companies or service providers are based or have facilities. While other countries or territories may not have the same standards of data protection as those in your home country, we will continue to protect personal data that we transfer in line with this privacy policy.

Whenever we transfer your personal data out of the European Economic Area (EEA), we ensure similar protection and put in place at least one of these safeguards:

We will only transfer your personal data to countries that have been found to provide an adequate level of protection for personal data.

How long we keep your personal data

We keep your personal data for only as long as we need to (which will be dependent on the type of project we carry out for you and set out in the relevant paperwork). How long we need your personal data depends on what we are using it for, as set out in this privacy policy. For example, we may need to use it to answer your queries about a service we have provided and as a result may keep personal data while you are still using our services. We may also need to keep your personal data for accounting purposes. If we no longer need your data, we will delete it or make it anonymous by removing all details that identify you. If we have asked for your permission to process your personal data and we have no other lawful grounds to continue with that processing, and you withdraw your permission, we will delete your personal data. However, if you unsubscribe from marketing communications, we will keep your email address to ensure that we do not send you any marketing in future.

Your rights with regard to the personal data that we hold about you

You can contact us with regard to the following rights in relation to your personal data:

If you would like to have a copy of or access to the personal data we hold on you or if you think that we hold incorrect personal data about you or would like your data transferring to another entity, please write to the Data Protection Officer at BresMed Health Solutions Ltd, Steel City House, West Street, Sheffield, S1 2GQ, United Kingdom. Or, email dataprotection@bresmed.com. We will deal with requests for copies of your personal data or for correction of your personal data within one month. If your request is complicated or if you have made a large number of requests, it may take us longer. We will let you know if we need longer than one month to respond. You will not have to pay a fee to obtain a copy of your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive.

Where you have provided us with consent to use your personal data, you can withdraw this at any time.

You also have the right to ask us to delete your personal data or object to or restrict how it is used. There may be exceptions to the right to erasure for specific legal reasons which, if applicable, we will set out for you in response to your request. Where applicable, you have the right to object to processing of your personal data for certain purposes.

If you want to make any of these requests, please contact dataprotection@bresmed.com.

We may need to request specific information from you to help us confirm your identity.

How to contact us for information on our use of your personal data

If you have any questions about how we use your personal data or if you have a concern about how your personal data is used, please contact the Data Protection Officer at BresMed Health Solutions Ltd, Steel City House, West Street, Sheffield, S1 2GQ, United Kingdom. Or, email dataprotection@bresmed.com.

Complaints will be dealt with by the Data Protection Officer and will be responded to within 30 days.

If you are not satisfied with the way your concern has been handled, you can refer your complaint to the Information Commissioner’s Office.

If you have a question about anything else, please see our Contact us page.

Changes to the Privacy Policy

If we decide to change our privacy policy, we will post the changes here. If required by law, we will get your permission or give you the opportunity to opt out of any new uses of your data.

Changes to this Privacy Policy to date

May 2018: updated to reflect changes resulting from the General Data Protection Regulation.

March 2019: updated to reflect our change of registered office address.