Ortho-Care (UK) Ltd Privacy Policy (UK GDPR)


Privacy Policy (GDPR)

When you share your personal information with any company, you have a right to expect that information to be treated with total confidentiality. The privacy and security of your personal information is extremely important to us. We have written this privacy policy to explain how and why we use your personal data, to make sure you stay informed and can be confident when giving us your information.

We will update this page whenever needed to show you everything we do with your personal data. This policy applies whenever you use any of our services, visit our website, use our CustomClear mobile app, email, call or write to us. In certain circumstances an extra privacy notice may apply, which will always refer to this page.

We promise we will never sell your personal data and will never share it with third party organisations other than those who help us in our day to day operations. The privacy and security of your data is assured.

Who We are

Wherever the words 'we', 'us', 'our', or Ortho-Care appears in this policy, it refers to Ortho-Care (UK) Ltd a Private Limited Company. (Our ICO registration number is Z5822662).

With over 30 years' experience of supplying the orthodontic profession, Ortho-Care (UK) Ltd (Reg. number 1600280) is one of the leading UK based, independent suppliers of orthodontic products. Our products are requested and used worldwide by leading orthodontists, hospitals, teaching schools, and orthodontic laboratories. We also supply homecare and hygiene products for patients undergoing orthodontic treatment through our website orthoshop.co.uk, and we support many orthodontic practices who cannot stock these products themselves by providing information for them to give direct to patients.

If you have any questions in relation to this privacy policy or how we use your personal data they should be sent to info@orthocare.co.uk or addressed to the Data Controller, Ortho-Care (UK) Ltd, 1 Riverside Estate, Shipley, West Yorkshire, BD17 7DR, UK.

The personal data we collect

Any information which identifies you, or which can be identified as relating to you personally for example, name, address, phone number, email address is called your personal data. Some of this data will be collected and used by us, but we only collect the personal data that we need.

We collect personal data to help with specific activities such as when you place an order, or if we send you information about our products, or even if you come to work for us.

Personal data is collected by us when you fill in forms on our website, register to use our website, participate in any social media functions on our website, or reply to a promotion or questionnaire, or simply by corresponding with us (by phone, email or by becoming a supplier/customer).

The personal data you supply may include your name, title, address, gender, demographic information, email address, telephone numbers, usernames and passwords.

Personal data provided by you

This includes information you give when interacting with us, for example placing an order or communicating with us. For example:

  • Personal details (name, email, address, telephone, and so on) when you become a customer or supplier
  • Financial information (payment information such as credit or debit cards)
  • Your opinions and attitudes about the company, and your experiences of dealing with us.

The following information may automatically be collected:

  • Technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information relating to our site, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform and if you access our website via your mobile device we will collect your unique phone identifier
  • Information about your visit, including, but not limited to the full Uniform Resource Locators (URL) and query string, clickstream to, through and from our website (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as but not limited to, scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call our customer service number
  • Information about your purchases including but not limited to revenue figures, the types of products purchased, and purchase order number.
  • The terms that you use to search our website

How we use your personal data

Ortho-Care will only use your personal data on relevant lawful grounds as permitted by the EU General Data Protection Regulation/UK Data Protection Act and Privacy of Electronic Communication Regulation.

Personal data provided to us will only be used for the purpose or purposes outlined in any fair processing notice in a transparent manner at the time of collection or registration where appropriate, in accordance with any preferences you express. If asked by the police, or any other regulatory or government authority investigating suspected illegal activities, we may need to provide your personal data.

Your personal data may be collected and used to help us complete your order or request. Below are the main uses of your data which depend on the nature of our relationship with you and how you interact with our various services, websites and activities.

Retail sales

We use customer data in order to fulfill retail activities. Your data will be used to communicate with you throughout the process, including to confirm we've received your order and payment, to clarify where we might need more detail to fulfill an order, or to resolve issues that might arise with your order.

Questionnaires

As part of our commitment to Quality and to fulfill our accreditation requirements we carry out questionnaires with a sample set of customers to get feedback on their experience with us. We use this feedback to improve our business, customer care and our relationship with customers and suppliers.

If you choose to take part in our questionnaires, you can choose what data you submit to us, and the data is only ever used by us. All the research we conduct is optional and you can choose not to take part.

Marketing communications

As your privacy is important to us, we will always keep your details secure.

We would like to use your details to keep you informed about things we are doing that may be of interest to you. If you choose to hear from us we may send you information on our latest offers and new products. We may also show you relevant content online.

We will never share your information with companies outside Ortho-Care for inclusion in their marketing, and we will only send our own marketing to you if you agree to receive them. If you agree to receive marketing information from us you can change your mind at a later date.

However, if you tell us you don't want to receive marketing communications, you may not hear about events or other work we do that may be of interest to you.

We may sometimes use third parties to capture some of our data on our behalf, but only where we are confident that the third party will treat your data securely and never share it with anyone else, in accordance with our terms and in line with the requirements set out in the GDPR. For example we may share cookie data with third parties to help with our own advertising targeting.

Can I change my contact preferences?

When we first have contact with you, if it is relevant to you we may ask if you wish to join our mailing list, sent either by email or by post, and occasionally we may contact you be telephone with details of special offers. You can choose to opt in and we will keep you updated on our latest offers and promotions. We will always respect your choice of how you want to receive communications (for example, by email, post or phone).

However, there are some communications that we need to send. These are essential to fulfill our promises to you as a customer or supplier. Examples are:

  • Invoices/Statements/remittances etc
  • Transaction messaging, purchase confirmations and account queries
  • Product recalls or safety notices

Recruitment and employment

We process personal data, including 'sensitive' personal data, from job applicants and employees in order to comply with our contractual, statutory, and management obligations and responsibilities,

Such data can include, but isn't limited to, information relating to health, racial or ethnic origin, and criminal convictions. In certain circumstances, we may process personal data or sensitive personal data, without explicit consent. Further information on what data is collected and why it's processed is given below.

Contractual responsibilities: Our contractual responsibilities include those arising from the contract of employment. The data processed to meet contractual responsibilities includes, but is not limited to, data relating to: payroll, bank account, postal address, sick pay; leave, maternity pay, pension and emergency contacts.

Statutory responsibilities: Our statutory responsibilities are those imposed through law on the organisation as an employer. The data processed to meet statutory responsibilities includes, but is not limited to, data relating to: tax, national insurance, statutory sick pay, statutory maternity pay, family leave, work permits, health care scheme, equal opportunities monitoring.

Management responsibilities: Our management responsibilities are those necessary for the functioning of the organisation. The data processed to meet management responsibilities includes, but is not limited to, data relating to: recruitment and employment, training and development, absence, disciplinary matters, e-mail address and telephone number.

Sensitive personal data

The Act defines 'sensitive personal data' as information about racial or ethnic origin, political opinions, religious beliefs or other similar beliefs, trade union membership, physical or mental health, sexual life, and criminal allegations, proceedings or convictions.

In certain limited circumstances, we may legally collect and process sensitive personal data without requiring the explicit consent of an employee.

(a) We will process data about an employee's health where it is necessary, for example, to record absence from work due to sickness, to pay statutory sick pay, to make appropriate referrals to the Occupational Health Service, and to make any necessary arrangements or adjustments to the workplace in the case of disability. This processing will not normally happen without the employee's knowledge and, where necessary, consent.

(b) We will process data about, but not limited to, an employee's racial and ethnic origin, their sexual orientation or their religious beliefs only where they have volunteered such data and only for the purpose of monitoring and upholding our equal opportunities policies and related provisions.

(c) Data about an employee's criminal convictions will be held as necessary.

Disclosure of personal data to other bodies

In order to carry out our contractual and management responsibilities, we may, from time to time, need to share an employee's personal data with one or more third party supplier. For example, with regard to the employment contract, we are required to transfer an employee's personal data to third parties such as pension providers and HM Revenue & Customs.

In order to fulfill our statutory responsibilities, we are required to give some of an employee's personal data to government departments or agencies e.g. provision of salary and tax data to HM Revenue & Customs.

Updating your data and marketing preferences

We want you to remain in control of your personal data. If, at any time, you want to update or amend your personal data or marketing preferences please contact us in one of the following ways:

Call us: 01274 533233. Open 8.30am - 5.15pm weekdays excluding Bank Holidays and over the Christmas and New Year period - details of which appear on our website when relevant. Write to:
Ortho-Care UK Ltd, 1 Riverside Estate, Shipley, West Yorkshire, BD17 7DR

Email: info@orthocare.co.uk

Should you require verification, updating or amendment of your personal data, we will do so within 30 days of your request.

Your data protection rights (DPO)

You also have the right to ask us to stop using your personal data for direct marketing purposes.

Contact us using the details above.

Subject access rights

If you would like further information on your rights or wish to exercise them, please write to us at The Data Controller, Ortho-Care UK Ltd, 1 Riverside Estate, Shipley, West Yorkshire, BD17 7DR or email info@orthocare.co.uk.

You will be asked to provide the following details:

  • The personal information you want to access;
  • Where it is likely to be held;
  • The date range of the information you wish to access

So that we keep your details safe, we will also ask you to provide information confirming your identity. If we hold personal information about you, we will give you a copy of the information in an understandable format together with an explanation of why we hold and use it.

Once we have all the information necessary to respond to your request we will provide your information to you within one month. This timeframe may be extended by up to two months if your request is particularly complex.

What to do if you're not happy

In the first instance, please talk to us directly so we can resolve any problem or query. You also have the right to contact the Information Commissions Office (ICO) if you have any questions about Data Protection. You can contact them using their help line 0303 123 113 or at www.ico.org.uk or write to them at Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Keeping your information

We will only use and store your information for as long as it is required for the purposes it was collected for. How long it will be stored for depends on the information in question, what it is being used for and, sometimes, statutory legal requirements.

How we secure your data

Information system and data security is imperative to us to ensure that we are keeping our customers, employees and suppliers safe.

We operate a robust and thorough process for assessing, managing and protecting new and existing systems which ensures that they are up to date and secure against the ever changing threat landscape. In addition to this, we follow an in depth security model, which means that your data is protected by multiple layers of security.

Our staff complete mandatory information security and data protection training when they start employment with us to reinforce responsibilities and requirements set out in our information security policies.

When you trust us with your data we will always keep your information secure to maintain your confidentiality. By utilizing strong encryption when your information is stored or in transit we minimize the risk of unauthorized access or disclosure; when entering information on our website. You can check this by right clicking on the padlock icon in the address bar.

Disclosing and sharing information

When we allow third parties acting on behalf of Ortho-Care to access to your information, we will always have complete control of what they see, how long they see it for and what they are allowed to do with it. We do not sell or share your personal information with any other organisations.

However, personal data collected and processed by us may be shared with the following groups where necessary:

  • Ortho-Care employees
  • Third party cloud hosting and IT infrastructure providers who provide IT support

Also, under strictly controlled conditions:

  • Contractors
  • Service Providers providing services to us
  • Advisors
  • Agents

We may also disclose your personal information to third parties if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use or cookie policy and other agreements; or to protect the rights, property, or safety of Ortho-Care, our staff, suppliers and customers. This includes exchanging information with other companies and organisations for the purposes of fraud protection.

Storage of information

Ortho-Care are based in the UK and we store all of our data within the European Union (EU).

Payment card Security

Ortho-Care has an active PCI-DSS compliance program in place. This is the international standard for safe card payment processes. As part of our compliance to this very stringent standard, we ensure that our IT systems do not directly collect or store payment card information; for example the full 16 digit number on the front of the card or the security code on the back.

When you input card data into the secure payment page or dictate your details over the phone, we use the data you have given us on our card machine, and when the payment is complete and the transaction finalised, we delete the details and redact them from any printed copies ensuring we do not hold the data any longer than necessary.

CCTV

Our offices and warehousing have Closed Circuit Television (CCTV) and anyone visiting may be recorded.

CCTV is used to provide security and protect both our staff and visitors. CCTV will be only be viewed when necessary (e.g. to detect or prevent crime) and footage is stored for set period of time after which it is recorded over. Ortho-Care complies with the Information Commissioner's Office CCTV Code of Practice and we put up notices so you know when CCTV is used.

Changes to this privacy policy

We'll amend this privacy policy from time to time to ensure it remains up to date and reflects how and why we use your personal data and new legal requirements. Please visit our website to keep up to date with any changes. The current version will always be posted on our website. Alternatively you can Call us: 01274 533233. Open 8.30am - 5.15pm weekdays excluding Bank Holidays and over the Christmas and New Year period - details of which appear on our website when relevant. Or Write to: Ortho-Care UK Ltd, 1 Riverside Estate, Shipley, West Yorkshire, BD17 7DR

Email: info@orthocare.co.uk

This privacy policy was last updated on 22nd Feb 2022.