Website Privacy Notice
At Lombard Medical we are committed to protecting your privacy. We will use your personal information in accordance with GDPR and the Data Protection Act 2018 (DPA) and other applicable laws and regulations that relate to data protection and privacy.
In the course of our dealings with you, we will collect and process personal information about you in order to provide you with the goods and services you request and to administer our relationship with you. This may involve the sharing of your personal information with other third parties.
Who are we?
As described below, we may share your personal information with other organisations that may receive and process your personal information as a data controller in their own right.
The data we process and store:
This section provides you with information about:
- what personal data we hold and process;
- in respect of personal data that we did not collect from you directly, where we obtained that data from, and what types of data we have collected;
- the purposes for which we may process your personal data; and
- the legal grounds on which we process your data
When you place an order(s) for goods or services via our website or over the phone we collect personal information which may include; your contact details (including email address and mobile phone number), delivery address and any transaction details. We also collect data about your purchase history, and information generated from our own analysis of this information.
When placing an order through our systems for a patient, please remove any personal details. We understand that some of our customers may wish to use a name for a reference. We will always protect this data as per this policy.
How we use this data:
We process your personal data based on performing a contract. This personal data may be processed for the purposes of administering payment, to allow us to deliver the services/goods you have ordered through our website and in keeping proper and accurate records of these transactions.
We hold your data in our own database, which is UK hosted.
We will share some of your personal data with selected third parties in order to provide you with the goods and services you request and to administer our relationship with you. This will include couriers to deliver parcels on our behalf, our email platform provider, credit reference agencies and third parties who operate data storage/management systems on our behalf. Full details of such third parties can be provided on request (using the contact details in the "How you can contact us" section below).
From time to time we may process data to allow you to attend international events.
How we use this data:
We may use your contact details, passport information and any other appropriate documentation to allow us to process your travel information.
We hold your data in our own database, which is UK hosted. Data will only be held for as long as is required for the purpose it is collected.
We process your personal data on the basis of our legitimate interests of keeping in contact with our current and previous customers to keep them informed of our news, offers and events.
We will share some of your personal data with selected third parties. This will include our travel agency partner. Full details of such third parties can be provided on request (using the contact details in the "How you can contact us" section below).
You may come across us on social media through your own networks, We do this to inform, educate and engage new and existing customers.
If you contact us via these channels, please be aware that we have no control over the data provided while on the platform. Your enquiry data may be transferred to our database as detailed in enquiry data section.
If you lodge a complaint with us, we will record details of the complaint. This normally contains the identity of the complainant and any other individuals involved in the complaint. This information will be stored in our database.
We will only use the complaint data to process the complaint and to check on the level of service we provide or how contracts are performed. We may compile and publish statistics showing information like the number of complaints we receive, but not in a form which identifies anyone.
If you make a warranty claim with us, we will record your personal details and details of the fault. This information may be shared with the manufacturer to process the warranty claim.
We process your personal data in this way on the basis of our legitimate interests in dealing appropriately with the complaint.
If you get in touch with us via the contact form on the website, via phone, email or face to face at an event we may save the details you provide us in our database. This way, if you get in touch with us in future, we can refer to our previous conversations. The enquiry data may be processed for the purposes of offering, marketing and selling relevant products and/or services to you
The legal basis for this processing is our legitimate interests in responding to your enquiry appropriately. We will not contact you or share your details without asking for your consent.
While making an application for a vacancy that we are advertising we will ask you to either send your CV to us or complete an application form. These will include a variety of your data including your contact details, employment history and other information. You may also provide us with special category data, namely health conditions and criminal convictions.
How we use this data:We use the information to process your application for employment with Lombard Medical.
We process your personal data on the basis of entering in to a contract, we will only use your data for processing your application and if unsuccessful your data will be retained for a period of 12 months or if requested by you, your data will be held on record for future vacancies.
Your data will not be shared without your consent.
We may process information contained in or relating to any communication that you send to us.
The correspondence data may include the communication content and metadata associated with the communication. Our website will generate the metadata associated with communications made using the website and any contact forms. The correspondence data may be processed for the purposes of communicating with you and record-keeping.
The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business and communications with users.
We have a wide variety of business contacts. You or your employer may provide us with your data, or we may obtain your data from public domain to allow us to contact you in relation to the services we offer.
How we use this data:
We will use your business contact details to contact you and keep you informed of news, industry updates, invitations to events, performance of our services and support.
We process your personal data on the legal basis of legitimate interest, namely the proper administration of our services and communications with users. We will only use your data for the purpose it has been given it to us and you can opt-out at any time.
We hold your data in our own database, which is UK hosted.
We will share some of your personal data with selected third parties. This will include our email platform provider, third parties who operate data storage/management systems on our behalf. Full details of such third parties can be provided on request (using the contact details in the how you can contact us section below).
Other Processing and Data Sharing
We may process any of your personal data identified in this policy where necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.
We may process any of your personal data identified in this policy where necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, or obtaining professional advice.
The legal basis for this processing is our legitimate interests, namely the proper protection of our business against risks.
We may disclose your personal data to our professional advisers insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice, or the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
We may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
Details of 3rd Parties:
Full details of the third parties we work with can be provided on request using the contact details in the "How you can contact us" section below.
Opt-Out of Communications
We do not send any marketing emails. You may opt-out of receiving any communications at any time by contacting us using the details below. Please note where we are required by law or regulation to contact you we will do
We do not transfer any of your data outside of the European Economic Area.
Where your personal data is transferred outside of the EEA, we will ensure that either (a) The European Commission has made an "adequacy decision" with respect to the data protection laws of the country to which it is transferred, or (b) we have entered into a suitable data processing agreement with the third party situated in that country to ensure the adequate protection of your data. In all cases, transfers outside of the EEA will be protected by appropriate safeguards.
A cookie is a small file which asks permission to be placed on your computer's hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
- Allow you to remain logged in to your account when browsing our store.
- Remember your preferences when using the store
- We use traffic log cookies to identify which pages are being used. This helps us analyse data about webpage traffic and improve our website in order to tailor it to customer needs, such as remembering the last product you viewed. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
The legal basis for this processing is our legitimate interests, namely the improvement of our Site.
Retaining and deleting personal data:
Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes. We may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
You have the following rights in respect of the personal data we hold about you:
(i) a right of access to such data;
(ii) a right to object to processing that is likely to cause or is causing you damage or distress;
(iii) a right to prevent processing for direct marketing;
(iv) a right to decisions made by automated means;
(v) a right to have inaccurate personal data rectified, blocked, erased or destroyed; and
(vi) a right to claim compensation for damages caused by a breach of relevant data protection legislation.
If you wish to exercise any of these rights, please contact us using the details set out below.
Your right to access your data. You have the right to ask us to confirm whether or not we process your personal data and, to have access to the personal data, and any additional information. That additional information includes the purposes for which we process your data, the categories of personal data we hold and the recipients of that personal data. You may request a copy of your personal data. The first copy will be provided free of charge, but we may charge a reasonable fee for additional copies.
Your right to rectification. If we hold any inaccurate personal data about you, you have the right to have these inaccuracies rectified. Where necessary for the purposes of the processing, you also have the right to have any incomplete personal data about you completed.
Your right to erasure. In certain circumstances you have the right to have personal data that we hold about you erased. This will be done without undue delay. These circumstances include the following: it is no longer necessary for us to hold those personal data in relation to the purposes for which they were originally collected or otherwise processed; you withdraw your consent to any processing which requires consent; the processing is for direct marketing purposes; and the personal data have been unlawfully processed. We will analyse each request for erasure and we will agree if there is no legitimate reason to retain the data to the normal retention period, at which point we will instruct anonymization of the data.
Your right to restrict processing. In certain circumstances you have the right for the processing of your personal data to be restricted. This is the case where: you do not think that the personal data we hold about you is accurate; your data is being processed unlawfully, but you do not want your data to be erased; it is no longer necessary for us to hold your personal data for the purposes of our processing, but you still require that personal data in relation to a legal claim; and you have objected to processing, and are waiting for that objection to be verified. Where processing has been restricted for one of these reasons, we may continue to store your personal data. However, we will only process it for other reasons: with your consent; in relation to a legal claim; for the protection of the rights of another natural or legal person; or for reasons of important public interest.
Your right to object to processing. You can object to us processing your personal data on grounds relating to your particular situation, but only as far as our legal basis for the processing is that it is necessary for: the performance of a task carried out in the public interest, or in the exercise of any official authority vested in us; or the purposes of our legitimate interests or those of a third party. If you make an objection, we will stop processing your personal information unless we are able to: demonstrate compelling legitimate grounds for the processing, and that these legitimate grounds override your interests, rights and freedoms; or the processing is in relation to a legal claim.
Your right to object to direct marketing. You can object to us processing your personal data for direct marketing purposes. If you make an objection, we will stop processing your personal data for this purpose.
Your right to data portability. Where you have given us consent to process your personal data for the performance of a contract, you have a legal right to receive a copy of the personal data we hold about you. We will not be accepting Data Portability files from other third-party companies/individuals. When a data request is made of us we will make available all applicable personal data to you in a .CSV file or alternative machine-readable format agreed by us to be passed to the appropriate third party on your instruction. We will not however process your data in this way if we believe that it may pose a threat to the security of the data.
Your right to object for statistical purposes. You can object to us processing your personal data for statistical purposes on grounds relating to your particular situation, unless the processing is necessary for performing a task carried out for reasons of public interest.
Complaining to a supervisory authority. If you think that our processing of your personal data infringes data protection laws, you can lodge a complaint with a supervisory authority responsible for data protection. You may do this in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.
Right to withdraw consent. To the extent that the legal basis we are relying on for processing your personal data is consent, you are entitled to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
Exercising your rights. You may exercise any of your rights in relation to your personal data by written notice to us in addition to the other methods specified above.
You have a right to lodge a complaint with the Information Commissioner’s Office via https://ico.org.uk/concerns/
How you can contact us:
If you wish to exercise any of these rights, or you have any questions regarding this policy our data protection team can be contacted via:
Phone: 01235 750800
Post : Lombard Medical Ltd, Lombard Medical House, Trident Park, Didcot OX11 7HJ
We may update this policy from time to time by publishing a new version on our website.
You should check this page occasionally to ensure you are happy with any changes to this policy.