Privacy (GDPR) and cookies

When you share your personal information with any company, you have a right to expect that information to be treated with total confidentiality. The privacy and security of your personal information is extremely important to us. We have written this privacy policy to explain how and why we use your personal data, to make sure you stay informed and can be confident when giving us your information.

We will update this page whenever needed to show you everything we do with your personal data. This policy applies whenever you use any of our services, visit our website, use our CustomClear mobile app, email, call or write to us. In certain circumstances an extra privacy notice may apply, which will always refer to this page.

We promise we will never sell your personal data and will never share it with third party organisations other than those who help us in our day to day operations. The privacy and security of your data is assured.

Who We are

Ortix London LTD, company registration number: 11331337

If you have any questions in relation to this privacy policy or how we use your personal data they should be sent to [email protected]

The personal data we collect

Any information which identifies you, or which can be identified as relating to you personally for example, name, address, phone number, email address is called your personal data. Some of this data will be collected and used by us, but we only collect the personal data that we need.

We collect personal data to help with specific activities such as when you place an order, or if we send you information about our products, or even if you come to work for us.

Personal data is collected by us when you fill in forms on our website, register to use our website, participate in any social media functions on our website, or reply to a promotion or questionnaire, or simply by corresponding with us (by phone, email or by becoming a supplier/customer).

The personal data you supply may include your name, title, address, gender, demographic information, email address, telephone numbers, usernames and passwords.

Personal data provided by you

This includes information you give when interacting with us, for example placing an order or communicating with us. For example:

  • Personal details (name, email, address, telephone, and so on) when you become a customer or supplier
  • Financial information (payment information such as credit or debit cards)
  • Your opinions and attitudes about the company, and your experiences of dealing with us.

The following information may automatically be collected:

  • Technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information relating to our site, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform and if you access our website via your mobile device we will collect your unique phone identifier
  • Information about your visit, including, but not limited to the full Uniform Resource Locators (URL) and query string, clickstream to, through and from our website (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as but not limited to, scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call our customer service number
  • Information about your purchases including but not limited to revenue figures, the types of products purchased, and purchase order number.
  • The terms that you use to search our website

How we use your personal data

Ortho-Care will only use your personal data on relevant lawful grounds as permitted by the EU General Data Protection Regulation/UK Data Protection Act and Privacy of Electronic Communication Regulation.

Personal data provided to us will only be used for the purpose or purposes outlined in any fair processing notice in a transparent manner at the time of collection or registration where appropriate, in accordance with any preferences you express. If asked by the police, or any other regulatory or government authority investigating suspected illegal activities, we may need to provide your personal data.

Your personal data may be collected and used to help us complete your order or request. Below are the main uses of your data which depend on the nature of our relationship with you and how you interact with our various services, websites and activities.

Retail sales

We use customer data in order to fulfil retail activities. Your data will be used to communicate with you throughout the process, including to confirm we’ve received your order and payment, to clarify where we might need more detail to fulfil an order, or to resolve issues that might arise with your order.

Questionnaires

As part of our commitment to Quality and to fulfill our accreditation requirements we carry out questionnaires with a sample set of customers to get feedback on their experience with us. We use this feedback to improve our business, customer care and our relationship with customers and suppliers.

If you choose to take part in our questionnaires, you can choose what data you submit to us, and the data is only ever used by us. All the research we conduct is optional and you can choose not to take part.

Marketing communications

As your privacy is important to us, we will always keep your details secure.

We would like to use your details to keep you informed about things we are doing that may be of interest to you. If you choose to hear from us we may send you information on our latest offers and new products. We may also show you relevant content online.

We will never share your information with companies outside Ortho-Care for inclusion in their marketing, and we will only send our own marketing to you if you agree to receive them. If you agree to receive marketing information from us you can change your mind at a later date.

However, if you tell us you don’t want to receive marketing communications, you may not hear about events or other work we do that may be of interest to you.

We may sometimes use third parties to capture some of our data on our behalf, but only where we are confident that the third party will treat your data securely and never share it with anyone else, in accordance with our terms and in line with the requirements set out in the GDPR. For example we may share cookie data with third parties to help with our own advertising targeting.

Can I change my contact preferences?

When we first have contact with you, if it is relevant to you we may ask if you wish to join our mailing list, sent either by email or by post, and occasionally we may contact you be telephone with details of special offers. You can choose to opt in and we will keep you updated on our latest offers and promotions. We will always respect your choice of how you want to receive communications (for example, by email, post or phone).

However, there are some communications that we need to send. These are essential to fulfil our promises to you as a customer or supplier. Examples are:

  • Invoices/Statements/remittances etc
  • Transaction messaging, purchase confirmations and account queries
  • Product recalls or safety notices

Recruitment and employment

We process personal data, including ‘sensitive’ personal data, from job applicants and employees in order to comply with our contractual, statutory, and management obligations and responsibilities,

Such data can include, but isn’t limited to, information relating to health, racial or ethnic origin, and criminal convictions. In certain circumstances, we may process personal data or sensitive personal data, without explicit consent. Further information on what data is collected and why it’s processed is given below.

Contractual responsibilities: Our contractual responsibilities include those arising from the contract of employment. The data processed to meet contractual responsibilities includes, but is not limited to, data relating to: payroll, bank account, postal address, sick pay; leave, maternity pay, pension and emergency contacts.

Statutory responsibilities: Our statutory responsibilities are those imposed through law on the organisation as an employer. The data processed to meet statutory responsibilities includes, but is not limited to, data relating to: tax, national insurance, statutory sick pay, statutory maternity pay, family leave, work permits, health care scheme, equal opportunities monitoring.

Management responsibilities: Our management responsibilities are those necessary for the functioning of the organisation. The data processed to meet management responsibilities includes, but is not limited to, data relating to: recruitment and employment, training and development, absence, disciplinary matters, e-mail address and telephone number.

Sensitive personal data

The Act defines ‘sensitive personal data’ as information about racial or ethnic origin, political opinions, religious beliefs or other similar beliefs, trade union membership, physical or mental health, sexual life, and criminal allegations, proceedings or convictions.

In certain limited circumstances, we may legally collect and process sensitive personal data without requiring the explicit consent of an employee.

(a) We will process data about an employee’s health where it is necessary, for example, to record absence from work due to sickness, to pay statutory sick pay, to make appropriate referrals to the Occupational Health Service, and to make any necessary arrangements or adjustments to the workplace in the case of disability. This processing will not normally happen without the employee’s knowledge and, where necessary, consent.

(b) We will process data about, but not limited to, an employee’s racial and ethnic origin, their sexual orientation, or their religious beliefs only where they have volunteered such data and only for the purpose of monitoring and upholding our equal opportunities policies and related provisions.

(c) Data about an employee’s criminal convictions will be held as necessary.

Disclosure of personal data to other bodies

To carry out our contractual and management responsibilities, we may, from time to time, need to share an employee’s personal data with one or more third party supplier. For example, regarding the employment contract, we are required to transfer an employee’s personal data to third parties such as pension providers and HM Revenue & Customs.

To fulfil our statutory responsibilities, we are required to give some of an employee’s personal data to government departments or agencies e.g., provision of salary and tax data to HM Revenue & Customs.

Updating your data and marketing preferences

We want you to remain in control of your personal data. If, at any time, you want to update or amend your personal data or marketing preferences please contact us in one of the following ways:

Call us on 07379330089

or

Write to:
Ortix London LTD, 6 Sutton Plaza, Sutton, SM1 4FS

Email: [email protected]

Your data protection rights (DPO)

You also have the right to ask us to stop using your personal data for direct marketing purposes.

Contact us using the details above.

What to do if you’re not happy

In the first instance, please talk to us directly so we can resolve any problem or query. You also have the right to contact the Information Commissions Office (ICO) if you have any questions about Data Protection. You can contact them using their help line 0303 123 113 or at www.ico.org.uk or write to them at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

 

 

Keeping your information

We will only use and store your information for as long as it is required for the purposes it was collected for. How long it will be stored for depends on the information in question, what it is being used for and, sometimes, statutory legal requirements.

How we secure your data

Information system and data security is imperative to us to ensure that we are keeping our customers, employees, and suppliers safe.

We operate a robust and thorough process for assessing, managing, and protecting new and existing systems which ensures that they are up to date and secure against the ever-changing threat landscape. In addition to this, we follow an in-depth security model, which means that your data is protected by multiple layers of security.

Our staff complete mandatory information security and data protection training when they start employment with us to reinforce responsibilities and requirements set out in our information security policies.

When you trust us with your data, we will always keep your information secure to maintain your confidentiality. By utilizing strong encryption when your information is stored or in transit, we minimize the risk of unauthorized access or disclosure, when entering information on our website. You can check this by right clicking on the padlock icon in the address bar.

Disclosing and sharing information

When we allow third parties acting on behalf of Ortho-Care to access to your information, we will always have complete control of what they see, how long they see it for and what they are allowed to do with it. We do not sell or share your personal information with any other organisations.

However, personal data collected and processed by us may be shared with the following groups where necessary:

  • Ortho-Care employees
  • Third party cloud hosting and IT infrastructure providers who provide IT support

Also, under strictly controlled conditions:

  • Contractors
  • Service Providers providing services to us
  • Advisors
  • Agents

We may also disclose your personal information to third parties if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use or cookie policy and other agreements; or to protect the rights, property, or safety of Ortho-Care, our staff, suppliers and customers. This includes exchanging information with other companies and organisations for the purposes of fraud protection.

Storage of information

Ortho-Care are based in the UK, and we store all of our data within the European Union (EU).

Payment card Security

Ortho-Care has an active PCI-DSS compliance program in place. This is the international standard for safe card payment processes. As part of our compliance to this very stringent standard, we ensure that our IT systems do not directly collect or store payment card information; for example, the full 16-digit number on the front of the card or the security code on the back.

When you input card data into the secure payment page or dictate your details over the phone, we use the data you have given us on our card machine, and when the payment is complete and the transaction finalised, we delete the details and redact them from any printed copies ensuring we do not hold the data any longer than necessary.

CCTV

Our offices and warehousing have Closed Circuit Television (CCTV) and anyone visiting may be recorded.

 

Cookies

Ortix provides online services that are easy to use, useful and reliable. These can involve placing small amounts of information on your computer or mobile phone or other device. These include small files known as cookies. There’s a link to general advice about managing cookies at the end of this page. Cookies cannot be used to identify you personally.

 

The cookies that are uses on our website is outlined below:

Name: style
Typical content: stores the user’s preference to whether they wish to view products in a list or a grid
Expires: 1 year

Name: key
Typical content: randomly generated number to remember the user for their next visit
Expires: 4 weeks

Name: allowAllCookies
Typical content: stores the user’s preference to whether they wish to allow all Cookies on this Website or not
Expires: 1 year

Google Analytics Cookies

Name: _utma
Typical content: randomly generated number
Expires: 2 years

Name: _utmb
Typical content: randomly generated number
Expires: 30 minutes

Name: _utmc
Typical content: randomly generated number
Expires: when user exits browser

Name: _utmv
Typical content: randomly generated number
Expires: 2 years

Name: _utmz
Typical content: randomly generated number and information about how the page was reached (eg directly or via a link, organic search or paid search)
Expires: 6 months

For further details on the cookies set by Google Analytics, see the link below.

 

Social networking websites

Social networking websites may place cookies on your computer. Social bookmarks are a way of saving links to web pages that interest you and sharing those links with other people. You should read their respective privacy policies carefully to find out what happens to any data that these services collect when you use them.

Managing your cookies

To find out how to allow, block, delete and manage cookies, follow the link below and select the browser you are using. You can also read your browser’s built-in or online help for more information.

For more information about deleting and controlling cookies, please visit…