APOS MEDICAL UK LIMITED
AposTherapy® takes your privacy seriously. We respect and protect the privacy of our users and take appropriate steps to safeguard your personal information.
All your Personal Data shall be held and used in accordance with Data Protection Laws (which include: (i) the Data Protection Act 1998, until the effective date of its repeal (ii) the General Data Protection Regulation ((EU) 2016/679) (GDPR) and any national implementing laws, regulations and secondary legislation, for so long as the GDPR is effective in the UK, and (iii) any successor legislation to the Data Protection Act 1998 and the GDPR, in particular the Data Protection Bill 2017-2019, once it becomes law) and any legislation that replaces it in whole or in part and any other legislation relating to the protection of Personal Data (as defined below).
The Company ensures on an ongoing basis that all of its suppliers and third parties operate in compliance with the GDPR.
- Data Controller
- The Company is the controller and responsible for your personally identifiable information (Personal Data) as listed in the clause headed “Information We Collect” below.
- Information We Collect
- We use automated technologies and interactions to collect data from and about you. With regard to each of your visits to our Site we may automatically collect the following information:
- Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this Site;
- Usage Data includes information about how you use our website, products and services;
- Website Specific Information includes information about your visit to our Website including:
- the full Uniform Resource Locators (URL) clickstream to, through and from our Site (including date and time);
- Products, services or other pages you viewed or searched for;
- page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number.
We collect technical data through analytics providers, advertising networks and search information providers. A list of these third parties can be provided to you on request.
We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information to our advertisers. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual.
- You may give us information about you (i.e. Personal Data) by filling in forms on our Site or by corresponding with us by phone, e-mail, mail or otherwise. This includes information you provide to us when you register to use our Site, subscribe to our service, search for a product, place an order on our Site and when you report a problem with our Site. The information you give us may include:
- Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender;
- Contact Data includes billing address, delivery address, email address and telephone numbers;
- Financial Data includes bank account and payment card details;
- Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us;
- Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses; and
- Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
- We may receive information about you if you use any of the other websites we operate or the other services we provide. In this case we will have informed you when we collected that data that it may be shared internally and combined with data collected on this Website. We are also working closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies) and may receive information about you from them. A list of these third parties can be provided to you on request.
- We sometimes supplement the information that you provide with information that is received from third parties. For instance, if inaccurate postal or zip codes are received, we will use third party software to fix them.
- We may receive sensitive personal information, including medical details, (“Sensitive Personal Data”) about you in the event that a practice, supplier or third party transfers data to AposTherapy® about your treatment or care to be provided by us.
- Use of your Personal Data
- We will use Technical Data, Usage Data and Website Specific Information to:
- administer our Website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- improve our Website to ensure that content is presented in the most effective manner for you and for your computer;
- allow you to participate in interactive features of our service, when you choose to do so;
- to keep our Site safe and secure;
- measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you;
- make suggestions and recommendations to you and other users of our Site about products or services that may interest you or them.
- We will use Identify Data, Contact Data, Financial Data, Transactional Data, Profile Data, and Marketing and Communications Data:
- to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us;
- to provide you, or permit selected third parties to provide you, with information about products or services we feel may interest you. If you are an existing customer, we may contact you by telephone, mail or electronic means (e-mail or SMS) with information about products and services similar to those which were the subject of a previous sale or negotiations of a sale to you. If you are a new customer, and where we permit selected third parties to use your data, we (or they) will contact you by electronic means only if you have consented to this. If you do not want us to use your data in this way, or to pass your details on to third parties for marketing purposes, please tick the relevant box situated on the form on which we collect your data (the registration form);
- to notify you about changes to our service, improvements to our products, Web Site and to help solve any problems regarding the foregoing;
- to ensure that content from our Site is presented in the most effective manner for you and for your computer;
- for security, administrative and legal purposes.
- informing you of new services we will be providing, special offers, events or articles we think may be of interest to you, sending you regular updates by e-mail or by post on AposTherapy® organized or related events, service information, market research, marketing and promotional material.
- We may also use your Personal Data internally to help us improve our products, services and Web Site, to help resolve any problems with the foregoing, and for security, administrative and legal purposes.
- Whilst we may share Personal Data with re-sellers where they are better placed to respond to a sales query, we do not share, sell or distribute your Personal Data with third parties outside the Apos® group, except under these limited circumstances:
- If you do not want us to use your data for marketing purposes, or to pass your details on to third parties, please contact the AposTherapy® Data Manager at dataprotection@AposTherapy.co.uk or if you are completing an online or offline form please tick the relevant box.
- The legal basis for processing your Personal Data
- The Company will only process Personal Data where there is a lawful basis as per Data Protection Laws. This lawful basis shall be one or more of the following:
- Express consent from you;
- In order to perform and/or complete a contract with a third party;
- To comply with a legal obligation;
- To protect your vital interest;
- It is in the public interest; and
- There is a legitimate interest.
- Legitimate interests are a flexible basis upon which the law permits the processing of an individual’s Personal Data. To determine whether we have a legitimate interest in processing your data, we balance the needs and benefits to us against the risks and benefits for you of us processing your data. This balancing is performed as objectively as possible by our Data Protection Manager. You are able to object to our processing and we shall consider the extent to which this affects whether we have a legitimate interest.
- Disclosure of your information
- We may share your Personal Data with selected third parties including:
- Business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you.
- Advertisers and advertising networks that require the data to select and serve relevant adverts to you and others.
- Marketing agencies;
- Analytics and search engine providers that assist us in the improvement and optimization of our Site.
- Credit reference agencies for the purpose of assessing your credit score where this is a condition of us entering into a contract with you.
- Professional advisors, such as Solicitors.
- We may disclose your Personal Data to third parties if:
- we sell or buy any business or assets, in which case we may disclose your Personal Data to the prospective seller or buyer of such business or assets.
- the Company or substantially all of its assets are acquired by a third party, in which case Personal Data held by it about its customers will be one of the transferred assets.
- We may use or disclose PHI to regulatory bodies and organizations such Medicines and Healthcare products Regulatory Agency (“MHRA”) in connection with the reporting of adverse events, product defects or problems, product tracking or for other purposes as required by such bodies. We may use or disclose PHI during the course of clinical research activities. We may also disclose PHI when required or instructed by UK or European laws. We have procedures in place for individuals to have access to PHI, and procedures in place to ensure the integrity of our information and for the timely correction of incorrect information.
- Personal Data may occasionally be transferred to third parties who act for or on behalf of AposTherapy®, or in connection with the business of AposTherapy® for further processing in accordance with the purposes for which the data was originally collected or for purposes to which you have subsequently consented. For example, sometimes a third party may have access to your Personal Data in order to handle our mailings on our behalf.
- We may from time to time share your Personal Data with any member of our group, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006. A list of any other group companies holding your Personal Data can be provided to you on request.
- We may share or transfer the information in our databases to comply with a legal requirement, for the administration of justice, to protect your vital interests, to protect the security or integrity of our databases or this Web Site, to take precautions against legal liability, or in the event of a corporate sale, merger, reorganization, dissolution or similar event.
- Subject to your consent, we may disclose information including medical and treatment information to your GP, or to their agents, and, if applicable to any person or organisation who may be responsible for meeting your treatment expenses, or their agents. In addition, subject to your consent, your medical information may be used in the process of obtaining intellectual property protection for AposTherapy® products and methods.
- Where appropriate, before disclosing Personal Data to a third party, we contractually require the third party to take adequate precautions to protect that data.
- Where we permit selected third parties to use your data, we (or they) will contact you by electronic means only if you have consented to this.
- Medical Information and Sensitive Personal Data
- Medical information will always be kept confidential subject to the following clause.
- Your medical information and/or Sensitive Personal Data will only be disclosed to those involved with your treatment or care within AposTherapy®, clinics, National Health Service, regulatory bodies and/or organisations to comply with reporting obligations required by such bodies, during the course of clinical research activities or as required by law.
- Transfer of Personal Data Outside of the EU
- AposTherapy® is a global enterprise and has facilities and databases in different countries. We may, from time to time, transfer or share your Personal Data to one of our databases in another country, namely to our parent research team at APOS – Medical and Sports Technologies Ltd.
- The internet is made up of a large number of international connections. If you are visiting this Web Site from a country other than the country in which our server is located, the various communications will necessarily result in the transfer of information including your Personal Data across international boundaries.
- Anonymous Data Collected Through This Web Site
- In addition to the information we collect as described above, we may use technology to collect anonymous information about the use of our This technology does not identify you personally; it simply enables us to compile statistics about our visitors and their use of our Website.
- We use this anonymous data to improve the content and functionality of this Website and our e-mail updates, to better understand our customers and markets, and to improve our products and services.
- Where We Store your Personal Data
- Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
- Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your Personal Data, we cannot guarantee the security of your data transmitted to our Website and any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
- As a result of increased risk posed by cyber fraud please do not send any funds until you have received confirmation from your relevant contact and are certain as to the correct account details. Unfortunately, we do have to warn you that we cannot accept responsibility if you transfer money into an incorrect account.
- Your Legal Rights
- When reading this notice, it might be helpful to understand that your rights arising under Data Protection Laws include:
- The right to be informed of how your Personal Data is used (through this notice);
- The right to access any Personal Data held about you;
- The right to withdraw consent at any time, by emailing email@example.com;
- The right to rectify any inaccurate or incomplete Personal Data held about you;
- The right to erasure where it cannot be justified that the information held satisfies any of the criteria outlined in this policy, or where you have withdrawn consent;
- The right to prevent processing for direct marketing purposes, scientific/historical research or in any such way that is likely to cause substantial damage to you or another, including through profile building; and
- The right to object to processing that results in decisions being made about you by automated processes and prevent those decisions being enacted.
- Our Website may, from time to time, contain links to and from the Websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any Personal Data to these websites.
- You have the right to ask us not to process your Personal Data for marketing purposes. We ask your consent (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting AposTherapy® Data Manager at dataprotection@AposTherapy.co.uk
- You have the right to access your Personal Data held by us. Any written request for access to information held about you may be subject to a fee of £10 to meet our costs in providing this information. If you wish to do this, please contact AposTherapy® Data Manager at DataProtection@AposTherapy.co.uk
- Data Retention
- The Company will only retain your Personal Data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
- AposTherapy® Email Marketing Communication Policy
- AposTherapy® sends promotional emails only to:
- People who have given consent to AposTherapy® to receive promotional email
- People on rented email lists who have given permission to the list owner to receive third-party promotional email
- All of the abovementioned who have not opted out after having received promotional email from us.
- In each promotional email, we provide an easy and clear way to opt out of future AposTherapy® email. Opt-out requests using the opt-out link in our emails are processed and go into effect within 10 business days. Opt-out requests sent to the following email address DataProtection@AposTherapy.co.uk are processed within 10 business days. When sending email to rented email lists, we suppress addresses of those people who have opted out of AposTherapy® email in the past.
- We always disclose our identity in mass email communications, including the address of our headquarters location.
- We never use deceiving header information or subject lines.
- We never send mass, promotional email to email addresses “harvested” from websites.
- We never, under any circumstances, rent or sell email addresses to any other company or individual.
- When coordinating with our resellers for the purpose of follow-up on sales inquiries made to us, we provide full contact information of the inquirer to the reseller, including email address, so the reseller can follow up on the inquiry.
- Our marketing email policy and practice conforms to the United States Federal “CAN SPAM” act of 2003, the Israeli applicable statues such as the Protection of Privacy Law 5741-1981 and the EU Data Protection Directive of 1995 and Privacy and Electronic Communications Directive of 2002 each as implemented nationally. We welcome and encourage your thoughts on this policy at DataProtection@AposTherapy.co.uk.
- A cookie is simply a small text file that we may store on your computer when you visit our Website. Cookies help us remember your preferences and enable us to improve your experience on our Website. Cookies do not contain information that can personally identify you.
- There are different types of cookies. We only use the following cookies that we think are necessary or helpful to you.
- Strictly necessary cookies: these are cookies that are required for the operation of the Website. Without them, for example, you would not be able to register or log in for any services that we may offer.
- Analytical/performance cookies: these cookies allow us to recognise and count the number of visitors and to see how visitors move around our website. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily and do not encounter technical errors.
- Functionality cookies: these are used to recognise you when you return to our website. This enables us to personalise our content for you and remember your preferences (for example, your choice of language or region).
- Targeting cookies: these cookies record your visit to our website, the pages you have visited and the links you have followed. This helps us to provide a website and deliver adverts or messages that are relevant to you and your interests. We may also share this information with third parties for this purpose.
You can find more information about the individual cookies we use and the purposes for which we use them in the table below:
|Therse cookies enable us to collection information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited.||Please refer to http://www.google.|
|Session||This cookie is used to store user preference and choices made as the user browses the site. This cookie expires when the browser is closed. This cookie collects the first level domain name of the user and the date and time you accessed this website. This cookie customises the online advertisements you encounter to those we believe are aligned with your interests. This cookie determines what country our visitors are accessing the website from.|
|Google Adwords||Adwords uses targeting and advertising cookies, such as AdWords Remarketing and Remarketing with Google Analytics. These are Remarketing are Behavioural services provided by Google. These cookies collect anonymous, aggregated information about website browsing habits, to ensure advertising is more accurately targeted to users and their interests. Google Analytics also enables us to anonymously report on audience demographic and interest data which we use to guide the enhancement of our website experience and advertising.|
|Facebook Advertising||These cookies and similar technologies (such as information about your device or a pixel on a website) enable us to deliver ads and understand their performance, as well as make them more relevant to users. Facebook cookies enable us to gain insights about the users that see and interact with our advertising, visit our website and use our apps. Facebook may also work with an advertiser or its marketing partners to serve you an ad on or off Facebook Services, such as after you’ve visited our site or app, or show you an ad based on the websites you visit or the apps you use across the Internet.||Opt out of Facebook Advertising link:
- Except for essential cookies, all cookies will expire after the duration set by a third party provider.
- Any behaviourally targeted advertisements appearing on our Website will be clearly identified as such (e.g. through an icon in the corner of the advertisement).
- User Communications
When you send e-mail or other communication to AposTherapy®, we may retain those communications in order to process your inquiries, respond to your requests and improve our services.
- Links to Other Web Sites
- Information Security
- We take appropriate security measures to protect against unauthorized access to or unauthorized alteration, disclosure or destruction of data. These include internal reviews of our data collection, storage and processing practices and security measures, as well as physical security measures to guard against unauthorized access to systems where we store personal data.
- Access to Personal Data is restricted to designated AposTherapy® employees, contractors and agents who need to know that information in order to operate, develop or improve our services. These individuals are bound by confidentiality obligations and may be subject to disciplinary proceedings, including termination, if they fail to meet these obligations.
- All information you provide to us is stored on our secure servers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential and for restricting access to your account.
- Special Note for Parents and Children under Age 18
- The site you are visiting is a general audience site. The Website is not directed to persons under 18. If a parent or guardian becomes aware that his or her child has provided us with personal information without their consent, he or she should contact us. We do not knowingly collect or solicit personal information from people under 18. If we become aware that a person under 18 has provided us with personal information, we will delete such information from our files.
If you are under 18, do not attempt to provide us any information about yourself.
- If you fail to provide us with Personal Data
The information about you that we have collected for the performance of our contracts is required in order for us to successfully fulfil our obligations to you. If you choose not to provide the Personal Data requested, we will not be able to enter into a contract with you to provide the benefits we offer. If we are already processing your Personal Data under a contract, you must end our contractual relationship (as/where permitted) in order to exercise some of your rights.
- Your Duty to Provide us With Accurate Data
It is important that the Personal Data we hold about you is accurate and current. Please keep us informed if your Personal Data changes during your relationship with us.
- Changes to This Policy
- This Policy may change from time to time. We will post any Policy changes on this page and, if the changes are significant, we will provide a more prominent notice. Each version of this Policy will be identified at the top of the page by its effective date, and we will also keep prior versions of this Policy in an archive for your review.
- AposTherapy® may find it necessary to revise and update this policy from time to time as changes to the privacy regulations emerge, and will communicate any such changes to our patients and business partners.
If you are unhappy about our use of your Information, you can contact us at the address or email address above. You are also entitled to lodge a complaint with the UK Information Commissioner’s Office using any of the below contact methods.
Telephone: 0303 123 11113
Post: Information Commissioner’s Office