We are committed to protecting your privacy and are fully compliant with The Data Protection Act 1998 (reg: Z8480955) and the General Data Protection Regulation (GDPR). We only use information that you give us lawfully and NEVER sell or exchange customer information with other companies or individuals, nor with government organisations unless legally required to do so.
Any information collected about you is done so purely to process orders and to ensure that we always provide you with the best possible service. You will NOT be contacted for marketing purposes unless you have opted-in to our occasional newsletter. When accounts become inactive for a few years, we permanently delete them.
The information we collect and store from you (our customer database) includes:
- Trading Name (if applicable)
- Address (including delivery address if different)
- Telephone number (only for order related issues)
- Email (to send order-related info and opt-in newsletters)
- Where you heard about us
- Purchase History
- Referral practitioner name (if applicable)
- Practitioner client name (if applicable)
- Practitioner client address (if applicable)
- Web address (if applicable)
- Emails you send us
The information we DO NOT collect from you includes:
- Payment information such as credit card or debit card details as this is processed by Global Payments — a super-secure third party payment gateway. This means that when you pay for an order your payment details are SSL encrypted and stored on Global Payments’ servers. And card payment info given to us over the phone or sent to us in the post is shredded within two business days after processing.
- Medical information communicated to us by customers. So we do not add medical notes to our customer database (see above). This does not apply to emails sent to us which accumulate on our server in the normal way emails do.
Your Right to Your Data and Modification:
Any time you would like a digital copy of the above data that we store on you, we are happy to send it to you. And should you want us to modify any of your data, we will usually do that immediately or within a couple of business days if you have emailed us the request.
Your Right to be Deleted:
Customers also have the right to ask us to delete their accounts. However, we are obliged by law to keep accounting records for a six-year period, after which they can be deleted. And as practically all the info we keep on customers is basic order-related info, we are limited in what we can delete. But we can certainly take you off our newsletter list if you originally opted in, and we can delete non order-related emails.
Finally, please also note the following:
- Online collection and storage of the above info always uses SSL encryption.
- Our web platform, and third-party payment and accounting systems are all themselves GDPR and PCI compliant.
- We do monitor website visitor traffic. However, we do so anonymously and only have access to IP address information.
- We have no control over the sites listed on our links page so they are obviously not covered by this privacy statement. If you visit them, please check their privacy policies before submitting any private information.
If you have any issues or concerns regarding privacy, please do not hesitate to contact us.