Last updated March 2022
- 1 INTRODUCTION
- 2 HOW WE COLLECT YOUR PERSONAL DATA
- 3 WHAT PERSONAL DATA WE COLLECT ABOUT YOU
- 4 THE LEGAL BASIS WE RELY ON TO PROCESS YOUR PERSONAL DATA
- 5 WHY WE PROCESS YOUR PERSONAL DATA
- 6 THIRD PARTY INFORMATION
- 7 DISCLOSURE OF YOUR PERSONAL DATA
- 8 TRANSFERS OF YOUR PERSONAL DATA
- 9 SECURITY OF YOUR PERSONAL DATA
- 10 RETENTION OF YOUR PERSONAL DATA
- 11 YOUR DATA PROTECTION RIGHTS
- 12 UPDATING YOUR PERSONAL DATA
- 13 QUERIES AND COMPLAINTS
- 1.1 This Privacy Notice provides information about how Cambrooke UK Limited collects and processes the personal data of individuals (“you”,“ your”) who visit and/or interact with our website www.cambrooke.UK (the “Website”) and to all subsequent correspondence or communications with those people, whether by email, telephone or by post.
- 1.2 Cambrooke is a “controller” of your personal data. This means that we are responsible for deciding the purposes and means by which we use the personal data we hold about you. “Personal data” is any information by which you or any living person can be individually identified either directly or directly but does not include anonymised data. There are “special categories” of more sensitive personal data which require a higher level of protection. Where Cambrooke work with DialaChemist.com™ to deliver products under prescription, Cambrooke are a “processor” of your personal data. This means that we work under the direction of DialaChemist when processing this personal data. DialaChemist™ are the “controller” that is responsible for deciding the purposes and means by which we use the personal data we hold about you.
- 1.3 As a controller, we must provide you with this privacy statement in accordance with UK data protection laws, including but not limited to, the General Data Protection Regulation (EU) 2016/679 and the Data Protection Act 2018, as such laws may be updated from time to time (“Data Protection Laws”). In brief this Privacy Notice explains:
- what personal data of yours we hold and why we process it;
- the legal grounds that allow us to process your personal data;
- where we obtain your personal data, who gets to see it and how long we keep it;
- your data protection rights; and where to address queries or complaints.
- 1.4 This Privacy Notice does not form part of any contract, or offer to enter into a contract, with us. It may be amended by us at any time. We reserve the right to amend this Privacy Notice at any time, for any reason, without notice to you, other than the posting of the amended Privacy Notice on the Website. We recommend that you check the Website often, referring to the date of the last modification listed at the top.
- 1.5 It is important that you read this Privacy Notice so that you are aware of how and why we are using your personal data. Please see Section 11(YOUR DATA PROTECTION RIGHTS) and Section 13 (QUERIES AND COMPLAINTS) for further information about your rights and how to exercise those rights.
2 HOW WE COLLECT YOUR PERSONAL DATA
We may receive your personal data through various means including:
• Direct interactions: We obtain your Identity Data and Contact Data when you contact us, request a sample through the website and when you give us feedback.
• Automated technologies: As you browse and interact with the Website, we collect browser data. We collect this personal data by using cookies and other similar technologies. Please see our Cookies Policy for further details.
• Offline registration forms: For example postal mail, contests, promotions or events.
• Email/test/other electronic messages: Interactions between you and Cambrooke UK Limited.
• Data we create: During the course of our interactions with you, we may collect personal data about you (E.g. forms submitted through website):
This data includes but is not limited to: Name(s), product prescription order(s), delivery address(es) and details, contact details, date of birth, vulnerabilities, hospital name and contact details, GP name and contact details, communication impairments or preferences.
Cambrooke will never knowingly collect or solicit personal data from individuals below the age of 13. If we discover that we have unintentionally collected personal data from a child below 13, we will remove that child’s personal data from our records promptly.
3 WHAT PERSONAL DATA WE COLLECT ABOUT YOU
3.1 We may collect, use, store and transfer different categories of personal data about you which we have grouped together as follows:
- Identity Data including your first name and surname.
- Contact Data including your email address, phone number and postal address.
- Health Data including your medical history and medications.
- Marketing Data including your preferences in receiving marketing communications from us.
- Communications Data including your interactions with us and any complaints or feedback.
- Technical Data including internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this.
- Usage Data including information about how you use the Website and our services.
4 THE LEGAL BASIS WE RELY ON TO PROCESS YOUR PERSONAL DATA
4.1 Data Protection Laws permit six legal basis to process personal data:
- Performance of a contract
- A legitimate interest
- A vital interest
- A legal requirement
- A public interest
The legal basis that we rely on are set out in in this section of the Privacy Notice. In some contexts more than one legal basis may apply.
4.2 Legal basis: Consent
Website sample request OR home delivery registration: Processing of medical data where consent has been clearly provided by the prescribing physician via the website sample request form or home delivery order form.
Newsletter sign up: Processing of personal information where consent has been clearly provided by the patient or carer/family of patient, when signing up for our patient newsletter.
Marketing: Processing of personal information where consent has been clearly provided by the patient or carer/family of patient, when entering a contest, marketing or other promotion either online or offline.
4.3 Legal basis: Legitimate interest
Telephone, email or other communication: Processing of personal information provided to Cambrooke UK Limited by way of email, telephone or other communication or request, in order for Cambrooke UK representatives to reply and address the needs of the patient, carer or physician.
Managing company administration: We (and third parties) have legitimate interests in carrying on, managing and administering our respective businesses. Part of managing businesses will involve the processing of your personal data. Your data will not be processed if, in processing your data, your interests, rights and freedoms related to the data override the businesses’ interests inprocessing the data for businesses purposes.
Order/sample request fulfilment: Ensuring the timely fulfilment and accuracy of orders placed direct with us and through our third party fulfilment partners.
4.4 Legal basis: Performance of a contract
Contractual duties from prescribing physician: Processing of personal information or medical data in order for Cambrooke UK Limited to carry out our contractual duties with a prescribing physician or patient/carer.
4.5 Legal basis: A legal requirement
Company Merger/Acquisition: In the event that Cambrooke UK Limited or its assets are acquired by or merged with another company, we will share your personal data with any of our legal successors. We will also disclose your Personal Data to third parties when required by applicable law, in response to legal proceedings, or to protect our rights, privacy, safety or property, or the public.
5. THIRD PARTY INFORMATION
5.1 Other individuals’ personal data
• Where you provide us with personal data relating to other people, you represent and warrant that you will only do so in accordance with applicable law, including Data Protection Laws. You will ensure that before doing so, the individuals in question are made aware of the fact that we will hold information relating to them and that we may use it for any of the purposes set out in this Privacy Notice and where necessary you will obtain their consent to our use of their information. You will provide anyone that you provide us with personal data about with a copy of this Privacy Notice. We may notify those individuals that you have provided their details to us.
5.2 Information collected through third-party links and content
6 DISCLOSURE OF YOUR PERSONAL DATA
- 6.1 We reserve the right to disclose your personal data to third parties:
- if we are under any legal or regulatory duty to do so; and
- to protect our rights or the safety of us, our personnel, users or others.
- 6.2 We also use third party service providers as our processors to only hold and use personal data on our behalf in order to provide us with a service. We may also disclose personal data to our professional advisors and experts in order to obtain their assistance in carrying out our services and our activities. We require these parties to keep your personal data confidential and secure and to protect it in accordance with the law. They are only permitted to process your personal data for the lawful purpose for which it has been shared and in accordance with our instructions.
7 TRANSFERS OF YOUR PERSONAL DATA
7.1 In connection with our business and for administrative, management and legal purposes, we will not transfer to your data to another jurisdiction.
8 SECURITY OF YOUR PERSONAL DATA
- 8.1 Cambrooke is committed to maintaining the security of your personal data it processes. Cambrooke maintains appropriate physical, procedural, organizational and technical security measures intended to prevent loss, misuse, unauthorised access, disclosure, or modification of your personal data under Cambrooke’s control. We also limit access to your personal data within our organisation and to third parties that need access to your information in provision of service to us. They will only process your personal data on our instructions and are required to protect personal data. If you have reason to believe that your personal data is no longer secure, please notify us immediately using the contact information supplied in Section 13 (Queries and Complaints).
- 8.2 Please be aware that when you transmit information to us or to our service providers over the internet or another telecommunications network this can never be guaranteed to be 100% secure. For any payments which we take from you or pay to you online we will use a recognised third party online secure payment system, and we are not responsible for the security of this system. You should contact these third parties for information about the security of these internet, telecommunications systems or payment systems if you need further information.
- 8.3 We cannot guarantee against any loss, misuse, unauthorised disclosure, alteration or destruction of data but we take reasonable steps to prevent this from happening. We have put in place measures to protect the security of your personal data and will notify you and any applicable regulator of a breach where we are legally required to do so.
9 RETENTION OF YOUR PERSONAL DATA
9.1 We endeavour to ensure that personal data is kept as current as possible and that irrelevant or excessive data is deleted or made anonymous as soon as reasonably practicable. We generally retain personal data for as long as is required to satisfy the purpose for which it was collected. We are required to keep certain types of information for a specific period of time in order to comply with legal requirements. Some of your personal data may need to be retained because of circumstances such as a legal dispute or regulatory investigation, which would not normally be subject to retention.
10 YOUR DATA PROTECTION RIGHTS
10.1 You have various rights under data protection laws, subject to certain exemptions, in connection with our processing of your personal data. These rights are free of charge and include the right to:
Gain access to and copies of your personal data. You are entitled to receive, on request and free of charge, a copy of all your personal data that we hold. There are some limitations to this right. For example, if the personal data also relates to another person and we do not have that person’s consent. Where there is data that we cannot disclose, we will explain this to you.
Ensure that your personal data is accurate. You may request that inaccurate or incomplete information is corrected and updated by us.
- Request erasure of your personal data. This right enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing. However, where we hold and process your personal data in order to comply with legal obligations, such as compliance with financial auditing or for the establishment exercise or defence of legal claims, your right to ask us to delete or remove your personal data is limited.
- Object to our processing of your personal data. You may object to our processing of your personal data where we are relying on a legitimate interest (or those of a third party) in order to justify the basis for our processing your personal data and there is something about your particular situation which makes you wish to object to processing on this ground.
- Request that we restrict processing of your personal data. This right enables you to ask us to suspend the processing of your personal data (e.g. if you want us to establish its accuracy or the reason for processing it).
- Data Portability. Where we process your personal data by automated means (i.e., not on paper) and this processing is based on your consent or required for the performance of a contract between us, you are entitled, where technically feasible to request that we transmit your personal data in this format to another controller.
- Not be subject to solely automated decision. You have the right to be informed if your personal data will be subject to automated decision making, including profiling, where that decision impacts on your legal rights. Profiling is an automated form of processing of personal data often used to analyse or predict personal aspects about an individual person. We do not engage in profiling.
10.2 We may need to request specific information from you to help us confirm your identity and ensure your right to access the personal data, or to exercise any of your other rights. We may ask you to provide us with your current name and address, proof of identity (a copy of your driving licence, passport or two different utility bills that display your name and address), and once verified we will delete this data. This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
11 UPDATING YOUR PERSONAL DATA
11.1 You are responsible for notifying us of any changes to your personal data that you provide to us.
12 QUERIES AND COMPLAINTS
12.1 If you have any questions or wish to exercise any of your rights please contact us by emailing firstname.lastname@example.org. You have the right to lodge a complaint regarding our processing of your personal data with the ICO. The Commission’s contact details are available at https://ico.org.uk