Privacy Policy

Any personal details held by connecting-medtech.com will be held in accordance with The General Data Protection Act (GDPR) Regulation (EU) 2016/679 and in accordance to the rules of the Information Commissioners Office (UK).

Introduction

This statement outlines our commitment to protecting the personal data we collect, process, and store in compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679. It details our policies and procedures regarding data collection, housing, and storage.

Data Controller and Data Processor Responsibilities

We act as both Data Controller and Data Processor under GDPR. As a Data Controller, we determine the purposes and means of processing personal data. As a Data Processor, we handle personal data on behalf of another entity. Our responsibilities include ensuring the lawful and secure processing of personal data.

Types of Data Collected

We collect various types of personal data, including but not limited to:

  • Identifying information (e.g., name, address, date of birth)
  • Contact information (e.g., email, phone number)
  • Usage data (e.g., IP address, browsing activity)
  • Transaction data (e.g., purchase history, payment details)

Lawful Basis for Processing

We process personal data based on one or more of the following lawful bases:

  • Consent: When users have given explicit consent for specific purposes.
  • Contract: Processing is necessary for the performance of a contract.
  • Legal Obligation: Compliance with a legal obligation.
  • Legitimate Interests: Processing is necessary for our legitimate interests, provided they do not override the rights and freedoms of data subjects.

Data Housing and Storage Practices

  • Data Security: We employ robust security measures, including encryption, access controls, and regular security assessments to protect personal data from unauthorized access, alteration, disclosure, or destruction.
  • Data Location: Personal data is housed in secure data centers within the European Economic Area (EEA). Data transfers outside the EEA are conducted in compliance with GDPR, ensuring an adequate level of protection through mechanisms such as Standard Contractual Clauses (SCCs) or Binding Corporate Rules (BCRs).
  • Data Retention: Personal data is retained only as long as necessary for the purposes for which it was collected, or as required by law. Upon expiration of the retention period, data is securely deleted or anonymized.

Data Subject Rights

Under GDPR, data subjects have the following rights:

  • Right to Access: Individuals can request access to their personal data and obtain information about how it is processed.
  • Right to Rectification: Individuals can request corrections to inaccurate or incomplete personal data.
  • Right to Erasure (Right to be Forgotten): Individuals can request the deletion of their personal data under certain conditions.
  • Right to Restrict Processing: Individuals can request the restriction of processing their personal data in certain circumstances.
  • Right to Data Portability: Individuals can request to receive their personal data in a structured, commonly used format, or have it transferred to another Data Controller.
  • Right to Object: Individuals can object to the processing of their personal data based on legitimate interests or direct marketing purposes.
  • Rights Related to Automated Decision-Making: Individuals have the right not to be subject to decisions based solely on automated processing, including profiling, that significantly affect them.

Contact Information

For any inquiries or requests regarding personal data, please contact our Data Protection Officer (DPO) at:

Martin Northwood
Connecting MedTech
Support@connecting-medtech.com

Updates to this Statement

We may update this statement to reflect changes in our practices or applicable laws. We will notify data subjects of significant changes through our website or other appropriate means.

Conclusion

We are committed to upholding the highest standards of data protection and privacy. By adhering to GDPR principles and implementing stringent data housing and storage practices, we ensure that personal data is handled with care and respect.

Effective Date: 17/5/2024
Last Updated: 17/5/2024