Introduction

Imagex Medical Ltd processes and holds personal data from, and about, prospective, current and former business partners (customers and suppliers) to comply with tax, labour, health and safety, and other laws, to operate our businesses, and to serve our customers.

This statement sets out the basis on which such information is held.

We may make changes to this statement from time to time to reflect developments in the law.

Scope

This policy statement details the basis in which such information is held, what we might do with the information, and who it will be shared with.

It sets out our position and commitment relating to data protection.  We hold and process individuals personal and special categories of personal data in regards to our business and services.  We hold individual data in secure paper based, and electronic files and systems.

The data we process may relate to former, present and potential future business partners.  We collect and maintain such data in order to meet our legitimate interests as a business, to comply with statutory requirements and fulfil individual contracts.

Responsibility

The specific responsibilities of the Data Protection Manager/HR Manager is to ensure the data is collected, handled and stored appropriately as set out in our Data Protection Policy.

Where personal data is to be processed, all members of staff are responsible for ensuring data is processed in line with the current legislation and the General Data Protection Regulations.

Reasons And Purposes For Processing Information

We process personal information to enable us to promote our goods and services, to maintain our accounts and records, and to support and manage our partners.

 

Types Of Personal Information Held

We process information relevant to the above reasons/purposes.  This may include:

• Personal details
• Financial details
• Goods or services provided

Use Of The Data

When we ask you for personal information we will keep to the law, including the General Data Protection Regulations, and we will:

• make sure you know why we need it
• only ask for what we need, and not to collect too much or irrelevant information
• protect it and make sure nobody has access to it who should not have access
• let you know if we share it with other organisations – and if you can say no
• make sure we don’t keep it longer than necessary

When deciding the retention period for personal data we will take into account our legal and business interests.

Security Procedures In Place To Protect The Data

We have established systems in place to protect personal data.  Our company policies protect data while allowing us to utilise process’s designed to make our business more efficient and effective in managing and supporting our business partners.

In protecting personal data we will not allow the misuse of individual’s data and we shall protect our legitimate interests as a business, and the vital interests and freedoms of our partners.

All personal data shall be:

• obtained by lawful and fair means and, where appropriate, with knowledge or consent;
• processed within the strict terms of the law, including but not limited to the General Data Protection Regulations, and any associated rules, regulation, statutory provisions, extensions or re-enactments therof and where possible, in line with any current guidance and other publications of the Information Commissioner;
• relevant for the purposes for which it is to be used;
• accurate, complete and up to date;
• kept for no longer than is necessary for its declared purpose;
• held in the full knowledge of the individual (except in cases specifically excluded under the law);
• protected by reasonable security safeguards against such risks as loss or unauthorised access, destruction, use modification or disclosure of data;
• protected from unauthorised cross border transmission to any other state which does not meet those standards laid down by the Council of Europe Convention (1981),the EC Data Protection Directive (95/46/EC) and the GDPR 2015.

Disclosure Of Information To Third Parties

We sometimes need to share the personal information we process with the individual it concerns and also with other organisations.  Where this is necessary we will comply with all aspects of the law including the General Data Protection Regulations.  We do not disclose your information to any third parties or bodies unless we have permission to do so or are required to do so by law.

Obtaining The Information We Hold About You

You have the right to ask for a copy of your information and to correct any inaccuracies. 

If you wish to gain access to information you should write to the Data Protection Manager/HR Manager requesting this.  The provision of personal data shall be satisfied within a month from receipt of a written request.

We can refuse of charge for requests that are manifestly unfounded or excessive.   If we refuse a request, we will tell you why without undue delay and at the latest, within one month.

In all cases the relevant information will only be disclosed following a written request instructing the Data Protection Manager/HR Manager, and giving consent to the Data Protection Manager/HR Manager to make such a disclosure.  We will need to be satisfied of the identity of the individual making the Subject Access Request.

You have the right to make any reasonable request for the rectification or amendment of personal data records provided that:

• you can readily demonstrate the existence of an identifiable error, necessary update, relevant omission, superfluous fact, or
• it is unlawful to maintain such a record.

The rectification of personal data shall be satisfied within a month of receipt of a request.

Retention And Disposal Of Personal Data

When we ask for personal information we will keep to the law, including the GDPR.  Under the Regulations personal data processed for any purpose must not be kept for longer than is necessary for that purpose.  When deciding the retention period for personal data we will take into account our legal and business interests.  It is a matter for reasonable judgement and common sense as to how long personal data should be retained.

Length Of Time For Retention Of Personal Data

We will retain your personal information only for as long as is necessary for the purposes for which the information was collected, or as long as is required pursuant to law.

Data may be retained longer in cases where it is used in relation to a legal claim or is used in relation to a valid legal process.

Right To Be Forgotten – Erasure Of Personal Data

You have the right to ask for your personal data to be erased.

Individuals have the right to have their personal data erased if:

• the personal data is no longer necessary for the purpose for which it was originally collected;
• we are relying on consent as the lawful basis for holding the data, and you withdraw your consent;
• we are relying on legitimate interests and there is no overriding legitimate interest to continue this processing;
• we have processed the personal data unlawfully;
• we have to do it to comply with a legal obligation.

The right to erasure does not apply if retaining the personal data is necessary for one of the following reasons:

• to exercise the right of freedom of expression and information;
• to comply with a legal obligation;
• for the performance of a task carried out in the public interest or in the exercise of official authority;
• for archiving purposes in the public interest, scientific research, historical research or statistical purposes where erasure is likely to render impossible or seriously impair the achievement of that processing; or
• for the establishment, exercise or defence of legal claims.

If you wish to have personal data erased you should request this verbally or in writing to the Data Protection Manager/HR Manager.  The erasure of the personal data relating shall be satisfied within a month from receipt of a request.

We can refuse or charge for requests that are manifestly unfounded or excessive.  If we refuse a request, we will tell you why without undue delay and at the latest, within one month.

Cookies

Cookies are small text files that are stored on your browser or the hard drive of your computer or other device when you visit the Site.  This allows the Site to recognize you as a user either for the duration of your visit (using a “session cookie”) or for repeat visits (a ‘persistent cookie’). 

Cookies are not harmful and do not contain any information such as your home address, date of birth or credit card details.  The information stored in cookies is safe and anonymous to any external third party, and your account security is never compromised.

All Cookies used by this Website are used in accordance with current UK and EU Cookie Law.

Before the Website places Cookies on your computer, you will be presented with a message bar requesting your consent to set those Cookies.  By giving your consent to the placing of Cookies, you are enabling Imagex Medical Ltd to provide a better experience and service to you.  You may, if you wish, deny consent to the placing of Cookies; however certain features of the Website may not function fully or as intended.

The Cookies we use fall into the following categories:

• Strictly necessary Cookies.  These are cookies that are required for the operation of our website, for example cookies that help you move around our site and use its features, such as accessing secure areas of our website.

• Analytical/performance Cookies.  These allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to identify when errors occur, and improve the way our website works, for example, by ensuring that users are finding what they are looking for more easily.

• Functionality Cookies.  These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences.
• Targeting Cookies.  These Cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests.

You can choose to enable or disable Cookies in your internet browser. By default, most internet browsers accept Cookies but this can be changed. For further details, please consult the help menu in your internet browser.
You can choose to delete Cookies at any time; however you may lose any information that enables you to access the Website more quickly and efficiently including, but not limited to, personalisation settings.
It is recommended that you ensure that your internet browser is up-to-date and that you consult the help and guidance provided by the developer of your internet browser if you are unsure about adjusting your privacy settings.