Last updated: November 2019
1.1 We take privacy and the protection of personal information seriously. This Privacy Notice sets out details about how we gather, use and share personal information and about individual privacy rights. How we use personal information depends upon the context in which it is made available to us.
1.2 This Privacy Notice provides up to date information about how we use personal information and will update any previous information we have published about using personal information. We may make minor updates to this Privacy Notice from time to time.
2.1 We are what is known as the "controller" of the personal information which we gather and use. When we say "we" or "us" in this Privacy Notice, we mean SimplyDiag Network Limited. We are registered with the UK's Information Commissioner's Office, or ICO, under registration number A8508566.
3.WHAT KINDS OF PERSONAL INFORMATION WE USE
3.1 We use a variety of personal information depending on the circumstances under which personal information is made available to us.
3.2 We may use personal information in the following circumstances:
(a) Business Contacts: We hold the names, job titles, employer details and professional contact details for various business contacts, including client contacts, supplier contacts and interested parties who have signed up for our newsletter via our website;
• SDN Portal Membership: We may collect and use personal information of individuals that sign up to our portal. This can include names, contact details and information about an individual's work or role; and
• Training Services: If you have signed up to one of our training courses, we will process your name, job title, employer details, professional contact details and information about your performance on the training course. We may also collect and use some special categories of personal data such as dietary information or disabilities in relation to access;
4. HOW WE GATHER YOUR PERSONAL INFORMATION
4.1 We only use personal information which we have obtained directly for the purposes described in this Privacy Notice.
4.2 Personal Information is gathered in the following ways:
(a) Business Contacts: These may be collected via forms on our website, or in the course of business-as-usual correspondence with business contacts;
• SDN Portal Membership: We may collect personal information for the purposes of verifying users for membership; and
• Training Services: Personal information will be gathered directly from the individual that has signed up to attend one of our training courses.
5. WHY WE USE PERSONAL INFORMATION
5.1 We will use personal information for the following purposes:
(a) Business Contacts: We process the personal information of our business contacts as necessary for the legitimate interests of managing the day-to-day operation of our business, including correspondence, engaging suppliers, and promoting our services to business contacts;
• SDN Portal Membership: We process the personal information of individuals that join our Portal;
• Training Services: We require to process personal information in order to perform the contract which we have entered into with the individual who has signed up to one of our training services. Where our contract for training services is entered into with a corporate entity for the provision of training to their employees, our processing of personal information is in the legitimate interests of such corporate entity to improve and/or add to the qualifications and skills of their employees.
5.2 If we are not provided with access to personal information for the purposes outlined in this paragraph 5, we may not be able to offer or provider certain services, or we may not be able to approve membership to the SDN Portal.
6. HOW LONG WE KEEP PERSONAL INFORMATION
6.1 We will never retain personal information for any longer than is necessary for the purposes we need to use it for.
6.2 Generally, in respect of personal information gather in the context of a contract, we will retain personal information for the duration of the contract and a period of up to six years after the contract has expired or terminated, in case such personal information is required for the exercise or defence of a legal claim during this period.
6.3 We may also retain personal information for as long as required by law or regulation.
6.4 We will retain the personal information of business contacts that receive our newsletter until they opt-out or unsubscribe from our newsletter.
7. SHARING PERSONAL INFORMATION WITH THIRD PARTIES
7.1 We only share personal information with third parties:
(a) to the extent necessary for fulfilling the purposes outlined in paragraph 5, including where necessary for the provision of services;
(b) where we are under a legal or contractual obligation to do so; or
(c) where is it fair and reasonable for us to do so in the circumstances.
7.2 We may share personal information with the following third parties:
(a) Suppliers: We use a number of different suppliers, including IT suppliers, payment processors and consultants, with whom we share personal information so that these suppliers can process personal information on our behalf. In these circumstances, we take steps required by data protection laws to ensure that these suppliers protect the personal information we share with them;
8. SENDING PERSONAL INFORMATION OVERSEAS
8.1 We may need to transfer personal information outside the UK and the European Economic Area (EEA) to our group companies / agents / franchisees and suppliers (including consultants) based in countries where data protection laws may not provide the same level of protection as those in the EEA – including China, the USA and India.
8.2 We will only transfer your personal information outside the EEA where either:
(a) the transfer is to a country which the EU Commission has decided ensures an adequate level of protection of personal information; or
(b) we have put in place our own measures to ensure adequate security as required by data protection laws. These measures include ensuring that personal information is kept safe by carrying out security checks on our overseas partners and suppliers, backed by strong contractual undertakings approved by the EU Commission (known as EU standard contractual clauses). Some US partners and supplier may also be certified under the EU-US Privacy Shield which confirms they have appropriate measures in place to ensure the protection of personal information.
9. PRIVACY RIGHTS
9.1 Individuals are entitled to exercise any of the following privacy rights in respect of our processing of personal information:
(a) Access: Individuals can request access to a copy of their personal information held by us, along with details of what personal information we use, why we use it, who we share it with, how long we keep it for and whether it has been used for any automated decision-making.
(b) Rectification: Individuals can ask us to change or complete any inaccurate or incomplete personal information held about them.
(c) Erasure: Individuals can ask us to delete their personal information where it is no longer necessary for us to use it, or where we have no legal basis for keeping it.
(d) Restriction: Individuals can ask us to restrict the personal information we use about them where we are not able to erase their personal information or where an individual has objected to our use of their personal information.
(e) Object: Individuals can object to our processing of their personal information.
(f) Portability: Individuals can ask us to provide them or a third party with some of the personal information we hold about them in a structured, commonly used, electronic format so it can be easily transferred.
(g) Withdraw Consent: Generally, we do not require consent to process personal information and so we do not ordinarily ask for consent to process personal information. However, where we do ask for consent to process personal information, individuals have the right to withdraw their consent at any time. 9.2 Please make all requests to exercise privacy rights in writing to firstname.lastname@example.org
9.3 We are required to verify the identity of anyone requesting to exercise their privacy rights and we may ask individuals to provide valid identification documents when making a request to allow us to do this.
9.4 We will not make any charge for responding to any request from an individual exercising their privacy rights, and we will respond to any requests in accordance with our obligations under data protection laws.
9.5 Individuals can make a complaint about how we have used their personal information to us by contacting us as noted above, or to the ICO
10. ONLINE ACTIVITIES
10.2 A cookies is a small file which is sent to your browser and stored on your computer's hard drive. Cookies help us understand and track your use of our websites and help us identify where we can improved the information and services provided via our website.
10.3 We use the following categories of cookies on our website:
(a) Strictly necessary: These cookies are essential for certain features of our websites to work (for example, making payments online). These cookies do not record personally identifiable personal information and we do not need your consent to place these cookies on your device. Without these cookies some services on our website cannot be provided and certain parts of our website cannot be accessed.
(b) Performance: These cookies are used to collect anonymous information about how you use our website. This information is used to help us improve our website and understand how effective our website is. In some cases we use trusted third parties, such as Google Analytics to collect this information for us but they only use the information for the purposes explained.
(c) Functionality: These cookies are used to provide services or remember settings to enhance your visit, for example by using your IP address to return you to your preferred settings for the SDN Portal. The information these cookies collect is anonymous and does not enable us to track your browsing activity on other websites.
10.4 If you would prefer to restrict, block or delete cookies from us and our third party advertisers, or any other website, you can use your browser to do this. Each browser is different, so check the "Help" menu of your particular browser to learn how to change your cookie preferences. If you choose to disable all cookies we cannot guarantee the performance of our websites and some features may not work as expected.