Privacy Notice for Customers, Suppliers and Business Associates
Spectrum Medical takes the privacy rights of customers and suppliers seriously. We comply with data protection laws that are applicable in respect of data processing within the UK. The information on this page will help you understand what personal data we collect, why we collect it, what we do with it and for how long it will usually be retained, as well as what rights you have over your data and how you can exercise them.
Our commercial activities are entirely business-to-business, so we gather, store and process minimal personal information concerning the staff members of our customers, prospective customers, suppliers and business associates. This page explains certain information that must be provided under the General Data Protection Regulation (GDPR).
Data Controller Details
Spectrum Medical is the data controller, meaning that we determine the processes to be used when using your personal data. Our contact details are as follows:
Spectrum Medical Ltd
Harrier 4, Meteor Business Park
Cheltenham Road East
Tel: +44 (0)1242 650 120
Data protection principles
We will comply with data protection law and principles, which means that your data will be:
- Used lawfully, fairly and in a transparent way.
- Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
- Relevant to the purposes we have told you about and limited only to those purposes.
- Accurate and kept up to date.
- Kept only as long as necessary for the purposes we have told you about.
- Kept securely.
The information we hold about you
During our relationship, Spectrum Medical collects and stores contact information for customers and suppliers some of which is personal information about you. This information is in the following categories:
- Personal and contact details including full names, job titles, workplace emails addresses, telephone numbers and postal addresses and our contact history.
- Bank details.
- Marketing and data analysis including history of our communications, information about our products and services we think may be of interest to you and data analysis to help target products, services or information you may find useful.
How we collect your data
We collect personal information about customers and suppliers using email, telephone, face-to-face meetings, via the website contact form or through trade shows and exhibitions.
This personal information is from the following sources:
- Information generated about you when you use our products and services.
- Referrals from our business partners / agents / distributors.
- Social media, internet, news articles, scientific meetings / conferences and scientific publications.
Why we process your data
We will use the personal information we collect about you for the following purposes:
- Maintaining our records.
- Managing the products and services we supply.
- Managing and operating our business processes.
- Managing payments and receipts of payments.
- To keep records of communications between us.
- To fulfil our contractual obligations to you.
- Market research and analysis.
- Direct marketing of products and services which we think may be of interest to you via telephone, email, post, and social media.
Legal grounds for processing your personal information
Personal Data Covered
Processing necessary for the performance of a contract with you or to take steps to enter into a contract.
Contractual Information with Customers & Suppliers
Contact details such as name, address, telephone, fax, email, job title.
Bank details for remuneration as per the terms of the contract.
Processing necessary for compliance with a legal obligation.
Invoice preparation, storage and processing in accordance with HMRC requirements.
Processing necessary for the purposes of the legitimate interests of the data controller.
Contact details of existing or potential customers or potential suppliers.
Contact details such as name, address, telephone, fax, email, job title.
Spectrum Medical shares your personal data internally for the purposes of executing our obligations to you under the terms of our contractual relationship or for other legitimate business interests.
We do not share your personal data with third parties.
Protecting your data
Your information is classified as confidential and securely stored accordingly. We have implemented appropriate technological and organisation measures to maintain the confidentiality, integrity, and availability of your data via our ISO27001 certification.
How long we keep your data for
We will continue to retain your personal information providing:
- You remain an appropriate contact to enable us to exercise our obligations to you under the terms of our contractual relationship.
- You remain an appropriate contact for us to continue managing our relationship with you for legitimate business interests.
- You have not withdrawn consent to receive direct marketing communications or newsletters by email, post or telephone.
If none of the above apply, then we will securely destroy your personal information in accordance with our data retention policy and with due consideration of legal and regulatory requirements or guidance on retention.
Automated decision making
No decision will be made about you solely based on automated decision making (where a decision is taken about you using an electronic system without human involvement) which has a significant impact on you.
Your rights in relation to your data
Under certain circumstances, by law you have the right to:
- Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing.
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal information to another party.
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact us in writing at firstname.lastname@example.org.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
Making a Complaint
The Company’s Data Protection Officer is Jan Bainbridge. She can be contacted via e-mail at Jan.email@example.com.
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk