We think carefully about our use of personal data, and below you can find the details of what we do to protect your privacy. This policy covers, among other topics:
- Information about your rights and our obligations
- Clarity about our dealings with you and transparency about how we collect and use your personal data
- Commitments on how we protect your personal data
- Commitments on how we will facilitate your rights and respond to your questions
Personal data is any information about you by which you can be identified. This can include information such as: your name, date of birth, email address, postal address, phone number, mobile number; debit card details; information about your device (such as the IP address, which is a numerical code to identify your device that can provide information about the country, region or city where you are based); and information relating to your personal circumstances and how you use our site and services.
Who we are and how to contact us
As the data controller, we are responsible for deciding how and why we hold and use your personal data. If you want to contact us, you can find our contact details in the ‘How to contact us for information on our use of your personal data’ section below.
When we refer to our website we mean: www.bresmed.com
What personal data we collect and how
We may collect, use, store and transfer different kinds of personal information about you that we have grouped together as follows:
- Identity data – name, username, marital status, title, photographs, date of birth and gender
- Contact data – email address or telephone numbers, billing address, delivery address, social media addresses
- Professional data – your qualifications and employment history
- Technical data – internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website
- Profile data – feedback and survey responses
- Usage data – information about how you use our website
- Marketing and communications data – your preferences in receiving marketing from us and your communication preferences
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
How we collect personal data
We may collect, store and transfer personal information about you from the following sources: data you give us, data we collect when you use our services and data from third parties we work with.
Data you give to us:
- When you use our services
- When we deal with you on behalf of a client
- When you provide us with the information
- When you or your business provide services to us or our clients
- When you visit our website
- When you fill in forms on our website
- When you enquire about working with us or apply to work with us
- In certain circumstances, when you have previously worked with us
- When you provide us with information for the purpose of us providing you with details of our services or for inviting you to events
- When you talk to us on the phone
- When you email or send letters to us for any reason
- When you engage with us on social media
- If you take part in our competitions or promotions
- When you give us feedback, comments and service reviews
- When you book any kind of appointment with us
- When you send us photographs and images of yourself
Data we collect when you use our services:
You may give us your identity data and contact data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
- Apply for our products or services
- Create an account on our website
- Subscribe to our services or publications
- Request marketing to be sent to you
- Give us feedback or contact us
Visitors to our website
When someone visits www.bresmed.com we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out information such as the number of visitors to the various parts of the site. This information is only processed in a way that does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website. If we want to collect personally identifiable information through our website, we will be upfront about this. We will make it clear when we collect personal information and will explain what we intend to do with it.
Cookies and similar technology
Visitors to our offices
When you visit us at any of our offices, we have CCTV systems in operation for the security of clients and employees and these systems may record your image.
Posting comments on our social media accounts
When you post information on a BresMed social media feed or comment publicly on a post on one of our feeds, the information you post and your username are publicly accessible. This information can be viewed online and collected by other people. We are not responsible for the way other people use this information. When contributing to a discussion, we strongly recommend you avoid sharing any personal details, and, especially, information that can be used to identify you directly such as your name, age, address and the name of your employer. We are not responsible for the privacy of any identifiable information that you post on our social media accounts.
Data from third parties we work with:
- Companies that introduce you to us
- Social networks
- Agents/agencies working on our behalf
- Government and law enforcement agencies
- Identity and contact data from publicly availably sources
How and why we use your personal data
We will only use your personal data where we have legal ground to do so. We determine the legal grounds based on the purposes for which we have collected and used your personal data. In every case, the legal ground will be one of the following:
- Where we need to perform the contract we are about to enter into or have entered into with you (for example, where we have agreed to send you certain products or services, we will collect your address details to deliver materials and we may pass them to our courier)
- Where it is necessary for our legitimate interests (or those of a third party), and your interests and fundamental rights do not override those interests. For example, we may use your personal details to provide you with information about the services we provide, to provide industry updates and to market our services
- Where we need to comply with a legal or regulatory obligation (for example, we pass on details of people involved in fraud or other criminal activity affecting us to law enforcement agencies)
- Where we can collect and process your data with your consent (for example, when you tick a box to receive email newsletters)
Security of your personal data
We have appropriate security measures in place to prevent your personal information from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and are subject to a duty of confidentiality.
We have procedures in place to deal with any suspected personal information breach, and will notify you and any applicable regulator (including the Information Commissioner’s Office [ICO]) of a breach where we are legally required to do so.
Who we share your personal data with
We do not share your personal data with other people or organizations that are not directly linked to us except under the following circumstances:
- We may share your data with other organizations that provide services on our behalf such as dealing with online payments and other forms of payment processing, i.e. credit card transactions and preventing fraud
- We may reveal your personal data to any law enforcement agency, court, regulator, government authority or other organization if we are required to do so to meet a legal or regulatory obligation, or otherwise to protect our rights or the rights of anyone else
Any organizations that access your data in the course of providing services on our behalf will be governed by strict contractual restrictions to make sure that they protect your data and keep to all data privacy laws that apply. We may also independently audit these service providers to make sure that they meet our standards.
Some of our webpages may use social plug-ins from other organizations (such as the ‘Facebook Recommend’ function, Twitter’s retweet function, Google+ function). These other organizations may receive and use personal data about your visit to our site. If you browse our site, information they collect may be connected to your account on their site. For more information on how these organizations use personal data, please read their privacy policies
International data transfers
Whenever we transfer your personal data out of the European Economic Area (EEA), we ensure similar protection and put in place at least one of these safeguards:
- We will only transfer your personal data to countries that have been found to provide an adequate level of protection for personal data
- We may also use specific contracts with our service providers that are based in countries outside the EEA. These contracts give your personal data the same protection it has in the EEA
- Where we use service providers in the United States, we may transfer personal data to them if they are part of the Privacy Shield scheme, which requires them to provide a similar level of protection of your personal data to what is required in the EEA
How long we keep your personal data
Your rights with regard to the personal data that we hold about you
You can contact us with regard to the following rights in relation to your personal data:
- If you would like to have a copy of or access to your personal data we hold or if you think that we hold incorrect personal data about you, or would like your data transferring to another entity, please write to the Data Protection Officer at BresMed Health Solutions Ltd, Steel City House, West Street, Sheffield, S1 2GQ, United Kingdom (or email: email@example.com). We will deal with requests for copies of your personal data or for correction of your personal data within 1 month. If your request is complicated or if you have made a large number of requests, it may take us longer. We will let you know if we need longer than 1 month to respond. You will not have to pay a fee to obtain a copy of your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive.
- Where you have provided us with consent to use your personal data, you can withdraw this at any time
- You also have the right to ask us to delete your personal data or object to or restrict how it is used. There may be exceptions to the right to erasure for specific legal reasons, which, if applicable, we will set out for you in response to your request. Where applicable, you have the right to object to processing of your personal data for certain purposes.
If you want to make any of these requests, please contact firstname.lastname@example.org. We may need to request specific information from you to help us confirm your identity.
How to contact us for information on our use of your personal data
If you have any questions about how we use your personal data or if you have a concern about how your personal data is used, please contact the Data Protection Officer at BresMed Health Solutions Ltd, Steel City House, West Street, Sheffield, S1 2GQ, United Kingdom (email: email@example.com).
Complaints will be dealt with by the Data Protection Officer and will be responded to within 30 days.
If you are dissatisfied with the way your concern has been handled, you can refer your complaint to the ICO.
If you have a question about anything else, please see our Contact us page.
- May 2018: updated to reflect changes resulting from the General Data Protection Regulation
- March 2019: updated to reflect our change of registered office address
- January 2020: annual review to ensure content is up to date