(13th May 2020)
AYATA MEDICAL is committed to protecting the privacy and security of your personal information.
This privacy notice describes how we collect and use personal information about you in accordance with the General Data Protection Regulation (GDPR). It contains important information on how and why we collect, store, use and share personal information, your rights in relation to your personal information and on how to contact us and supervisory authorities in the event you have a complaint. AYATA MEDICAL collects, uses and is responsible for certain personal information about you. When we do so we are regulated under the GDPR which applies across the European Union (including in the United Kingdom) and we are responsible as ‘controller’ of that personal information for the purposes of those laws.
TABLE OF CONTENTS
1. What Information Do We Collect
2. Information Collected From Other Sources
3. How Can I Opt-Out Of This Data Collection
4. Who We Share Your Personal Information With
5. Whether We Need Your Consent
6. How Long Your Personal Information Will Be Kept
7. Transfer Of Your Information Out Of The EEA
8. Your Rights
9. Keeping Your Personal Information Secure
10. Data Protection Officer
11. Changes To This Privacy Notice
12. How To Contact Us
WHAT INFORMATION DO WE COLLECT
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
On our websites we collect and use personal information (including name, address, telephone number and email) in order to:
- Respond to queries or requests submitted by you.
- Administer or otherwise carry out our obligations in relation to any agreement you have with us.
- Anticipate and resolve problems with any services supplied to you.
INFORMATION COLLECTED FROM OTHER SOURCES
We also collect cookies on our site for performance related tasks. You can read about the cookies we collect here: https://www.ayatamedical.com/cookies-policy/
. We collect information to analyse the performance of our websites and how different parts of our website are used. We use Google Analytics to do this.Google Analytics stores information about how users get to our sites and from which device types, how content is being used whilst on the site and how long users spend on our site.Google Analytics also provides information on interests and demographics of our visitors.The information is collected using a tag placed on our websites and does not relate to any personally identifiable information being collected.You can read Googles Data Processing Amendment online here
.You can read Googles Data Retention Policy here.
AYATA MEDICAL has set our analytics not to expire i.e. the information will be retained in order to allow us to analyse trends in our website usage over time.
HOW CAN I OPT-OUT OF THIS DATA COLLECTION
WHO WE SHARE YOUR PERSONAL INFORMATION WITH
We will share personal information with other AYATA MEDICAL businesses as appropriate in order to respond to your queries or requests.We will share personal information with law enforcement or other authorities if required by applicable law.We will not share your personal information with any other third party and we will only provide your personal information which we consider is necessary for the performance of that reason.
WHETHER WE NEED YOUR CONSENT
We do not need your consent if we use special categories of your personal information in accordance with our written policy to carry out our legal obligations. In limited circumstances, we may approach you for your written consent to allow us to process certain particularly sensitive data. If we do so, we will provide you with full details of information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent.
HOW LONG YOUR PERSONAL INFORMATION WILL BE KEPT
We will only retain your personal information for as long as necessary to fulfill the purposes we collected it for, including the purposes of satisfying any legal, accounting, or reporting requirements.
We will hold personal data for the period we are required to retain this information by applicable UK tax law (currently 6 years). In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.
AYATA MEDICAL has agreed to retain the information collected in Google Analytics indefinitely in order to allow us to analyse trends in our website usage over time. This is not personally identifiable information.
TRANSFER OF YOUR INFORMATION OUT OF THE EEA
We may transfer your personal information to other AYATA MEDICAL businesses which are located outside the European Economic Area (EEA) in order to respond to any queries submitted to us via our website or social channels.Some countries do not have the same data protection laws as the United Kingdom and EEA. Whilst the European Commission has not given a formal decision that such countries provide an adequate level of data protection similar to those which apply in the United Kingdom and EEA, any transfer of your personal information will be subject to suitable relevant safeguards eg European Commission approved contract (of the GDPR that are designed to help safeguard your privacy rights and give you remedies in the unlikely event of a misuse of your personal information.
Under the GDPR you have a number of important rights free of charge. Under certain circumstances, you have the right to:
- Request access to your personal information and to certain other supplementary information that this Privacy Notice is already designed to address.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Object to processing of your personal information where we are processing your personal information for direct marketing purposes.
- Object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you.
- Object in certain other situations to our continued processing of your personal information.
- Request the transfer of your personal information to another party.
For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation which is accessible via https://ico.org.uk.
In some circumstances you can claim compensation for damages caused by our breach of any data protection laws.
If you would like to exercise any of those rights, please:
- email, call or write to us at firstname.lastname@example.org,
- let us have enough information to identify you,
- let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill), and
- let us know the information to which your request relates.In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time.
To withdraw your consent, please contact email@example.com. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
KEEPING YOUR PERSONAL INFORMATION SECURE
We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
DATA PROTECTION OFFICER
We have appointed a data protection officer (DPO) to oversee compliance with this privacy notice. If you have any questions about this privacy notice or how we handle your personal information, please contact the DPO by emailing firstname.lastname@example.org
. You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.
CHANGES TO THIS PRIVACY NOTICE
This privacy notice was published on 13’th May 2020.We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice on this page.
HOW TO CONTACT US
Please contact our Data Protection Officer on email@example.com if you have any questions about this privacy notice or the information we hold about you.If you would like to report any issues with our website please contact firstname.lastname@example.org.