Background
Credenhill Limited has been supplying compression garments, compression devices and associated products to Retail, Pharmacy, Hospitals, Clinics and to the end user via Daylong for more than 60 years. The Credenhill team aim to provide our customers with the highest quality of products and service. To do this we may be given and subsequently process customer and personal data by our customers, and other health care professionals.
In accordance with the General Data Protection Regulation (GDPR) and related UK data protection legislation, we are committed to protecting the confidentiality and security of the information that we hold. We also comply with the NHS Code of Practice on Confidential Information.
This Privacy Notice is intended to explain how we collect and process the information that is provided to us by Pharmacies, Hospitals, Clinics or other Health Care organisations referred to in this policy as “customers”.
For individual persons whom are directly supplied by Credenhill though our trading entity “Daylong“, Daylong’s privacy policy applies and can be found on the Daylong website by accessing the following link:
Collecting Information
We collect, process and store information on lawful grounds of legitimate interest to enable the performance of a contract. This information is necessary for us to fulfil a request or enquiry for our products and services and may include:
- Customer details including address, named contacts, email address and phone numbers.
- Details of all transactions and customer interactions with Credenhill Limited.
- To process and manufacture made to measure stockings a person’s name and limb measurements are required to ensure that the correct size is produced and that the garment is easily identifiable for the specific user.
- To process some special orders, it may be necessary to record the end user’s name so that the item can easily be identified for the specific user.
- Medical information where this is relevant to the product being supplied.
All the personal information that Credenhill Limited collect is either stored by us or by service providers on our behalf.
Sharing Information
We do not share personal data with third party suppliers except under the following circumstances:
- The data subject has requested us to do so.
- We ask and the data subject has given specific permission.
- We are permitted by law, for example, where public interest overrides the need to keep the information confidential.
- Credenhill Limited uses external service providers such as marketing, IT support, Accountants, lawyers, and website providers. When providing such services, these providers may have access to and or may process personal data.
- When supplying made to measure garments it is necessary for Credenhill Limited to share a person’s name and limb dimensions with the selected manufacturer. These suppliers are situated either within the European Economic Area (EEA), or Switzerland.
- Credenhill Limited may transfer in compliance with applicable data protection law personal data to law enforcement agencies, government authorities, such as the NHS Business Services Authority and others in the wider NHS, external consultants or business partners. In case of a company merger or acquisition, personal data may be transferred to third parties being involved in the merger or acquisition.
Anyone who receives information from us also has a legal duty to keep this information confidential, subject to legally recognised exceptions.
Data Subject Rights
The right to confidentiality under the General Data Protection Regulation and (the Data Protection Act 2018) and the common-law duty confidence (confidentiality). All our team members contracts of employment contain a requirement to keep personal information confidential.
The right to be informed about our data processing activities, including through Privacy Policies such as this.
The right of access to the personal information we hold about a person. To request a copy of this information the person concerned must make a subject access request in writing to us. They will need to give adequate information for us to identify them and they will be required to provide evidence to confirm their identity before any information is released.
The right of rectification. The data subject may ask us to correct any inaccurate or incomplete data within one month.
The right to erasure and to restrict processing. A person has the right to have their personal data erased and to prevent processing except where we have a legal obligation to process their personal information. The person should bear in mind that by exercising this right they may hinder or prevent our ability to provide products and services.
The right to data portability. On your request, we will provide the person with their personal data in a structured format.
The right to object. The person has rights in relation to automated decision making and profiling to reduce the risk that a potentially damaging decision is taken without human intervention. The data subject can object to your personal data being used for profiling, direct marketing or research purposes.
How long we keep information. We will keep information for as long as it is required to enable us to continue to provide products and services requested. This will usually be a minimum period of seven years after the last transaction or otherwise as determined by law or regulation.
Should the person wish to invoke any of these rights, they will need to contact us in writing.
Contact
If you have questions or concerns regarding this privacy policy, please contact:
- Email: ig@credenhill.co.uk
- Phone: 0115 932 0144
- Mail:
Information Governance Lead
Credenhill Limited
10 Cossall Industrial Estate
Ilkeston
Derbyshire
DE7 5UG
Should we not resolve concerns to your satisfaction you have the right to lodge a complaint with the Information Commissioner’s Office via mail using the following address:
Information Commissioner’s Office, Wycliffe House, Water Lane Wilmslow Cheshire, SK9 5AF
24-05-18 V2