Privacy Policy
We are Delphi Care Solutions Limited (company registration number 12269422 / VAT registration number 343 5137 17), whose registered office is at C/O Lavender Medical Limited Unit 4, Niall House, 24-26 Boulton Road, Stevenage, United Kingdom, SG1 4QX (“we”, “our” or “us”).
We take your privacy very seriously. Please read this privacy policy carefully as it contains important information on who we are and how and why we collect, store, use and share any information relating to you (known as “personal data”) in connection with your use of our website, or when you purchase our products and services. When we collect, store, use and share your personal data we are subject to the UK General Data Protection Regulation (UK GDPR).
Our website and our products/services are not intended for anyone under 18 years of age, and we do not knowingly collect personal data belonging to individuals under 18 years of age.
Please note that we provide our products and services to support organisations operating in the healthcare sector (our “Customers”). We are the controller, under data protection legislation and are responsible for your personal data if we collect your personal data as a result of you purchasing or using our products and/or services whilst acting on behalf of one of our Customers.
However, if one of our Customers provides you with products or services and we process your personal data as a result, then our Customer is the controller of your personal data, and we act as a processor only. This means that we only process your personal data as instructed by our Customer. We encourage you to review the privacy policy/notice provided to you by our Customer to understand how our Customer uses your personal data and the reasons as to why it is shared with us.
Please note that links within our website, or contained within any of our software products, may take you to external websites which are not covered by this policy. We recommend that you check the privacy policies before submitting any personal information to such websites. We will not be responsible for the content, function or information collection policies of these external websites.
This privacy policy is divided into the following sections:
- Personal data we collect about you
- How your personal data is collected
- How and why we use your personal data
- Marketing
- Who we share your personal data with
- How long your personal data will be kept
- Transferring your personal data out of the UK
- Cookies and other tracking technologies
- Your rights
- Keeping your personal data secure
- How to complain
- Changes to this privacy policy
- How to contact us
Personal data we collect about you
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
- Identity Data which includes your first name, last name, date of birth and gender.
- Contact Data which includes email address, postal address and telephone number.
- Financial Data which includes bank account and payment card details if used on behalf of a Customer.
- Transaction Data which includes details of products and services you have purchased from us on behalf of a Customer.
- Technical Data which includes details about your location, internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website or any of our software products.
- Profile Data which includes any username and password used by you when accessing our products, or preferences, feedback and survey responses.
- Usage Data which includes information about how you use our website, or our products and services.
- Marketing Data which includes your preferences in receiving marketing from us.
We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website/product/service feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
Where we need to collect personal data by law, or under the terms of a contract we have with one of our Customer, and you, when acting on behalf of that Customer, fail to provide personal data when requested, we may not be able to perform the contract we have or are trying to enter into with such Customer.
We collect and use this personal data for the purposes described in the section ‘How and why we use your personal data’ below.
How your personal data is collected
We use different methods to collect personal data from and about you such as via:
- Direct interactions: You may give us your Identity, Contact, Financial, Transaction, Profile and Marketing Data when you:
-
- enquire about our products and services;
- register with us (on behalf of a Customer);
- contact us (including via email, post or telephone);
- send us feedback; or,
- complete customer surveys or participate in competitions.
- Automated interactions: As you interact with our website or any of our software products, we will automatically collect Technical and Usage Data. We collect this information indirectly using the technologies explained in the section on ‘Cookies and other tracking technologies’ below.
How and why we use your personal data
We can only use your personal data where the law allows us to do so. Most commonly we use your personal data:
- to comply with our legal and regulatory obligations;
- for the performance of a contract with one of our Customer or to take steps at your request before entering into such a contract; and/or
- for our legitimate interests or the legitimate interest of a third party and your interests and fundamental rights do not override those interests.
The table below explains what we use your personal data for and why.
What we use your personal data for |
Our reasons |
|
To create and manage a Customer’s account with us. |
For our legitimate interests or those of a third party, i.e, to be as efficient as we can so we can deliver the best products and services to our Customers. |
|
To provide products and services to our Customers. |
To perform our contract with our Customers or to take steps at your request before entering into such a contract. |
|
To conduct checks to identify you and verify your identity or to help prevent and detect fraud against you, our Customers, or us. |
To comply with our legal and regulatory obligations and for our legitimate interests or those of a third party i.e., to minimise fraud that could be damaging for you, our Customers and/or us. |
|
To enforce or defend our legal or to undertake legal proceedings. |
Depending on the circumstances: - to comply with our legal and regulatory obligations; or - for our legitimate interests or those of a third party i.e., to protect our business, interests and rights or the rights of others. |
|
To customise our website and our software products and their content based on a record of your selected preferences or on your use of the same. |
For our legitimate interests or those of a third party to enable us to be as efficient as we can so we can deliver the best service at the best price. |
|
To retain and evaluate information on your recent usage of our website or any of our software products and how you move around different sections of our website or software products for analytics purposes. This helps us to understand how people use our website and our software products so that we can make them more intuitive or to check they are working as intended. |
For our legitimate interests of reviewing how efficient our website and our software products are in order to improve our service and the quality of our website/software products. |
|
To communicate with you not related to marketing, including about changes to our terms or policies or changes to the products and/or services or other important notices. |
Depending on the circumstances: - to comply with our legal and regulatory obligations; or - in other cases, for our legitimate interests or those of a third party i.e., to be as efficient as we can so we can deliver the best products and services at the best possible price. |
|
To protect the security of our systems and the data that we hold. |
Depending on the circumstances: - to comply with our legal and regulatory obligations; or - for our legitimate interests or those of a third party i.e., to protect systems and data and to prevent and detect criminal activity that could be damaging for you, our Customers, and/or us. |
|
To perform statistical analysis to help us manage our business e.g., in relation to our financial performance, customer base, product range or other efficiency measures. |
For our legitimate interests or those of a third party i.e., to be as efficient as we can so we can deliver the best products and services to you at the best possible price. |
|
To update and enhance our Customer records. |
Depending on the circumstances: - to perform our contract with our Customer or to take steps at your request before entering into such a contract; - to comply with our legal and regulatory obligations; or - where neither of the above apply, for our legitimate interests or those of a third party i.e., making sure that we can keep in touch with our Customers about existing orders and new products/services. |
|
To disclosure other activities necessary to comply with legal and regulatory obligations that apply to our business. |
To comply with our legal and regulatory obligations. |
|
To market our products/services to existing and former Customers. |
For our legitimate interests or those of a third party i.e., to promote our business to existing and former Customers. See ‘Marketing’ below for further information. |
|
To conduct/arrange external audits and quality checks e.g. for the audit of our accounts. |
For our legitimate interests or a those of a third party i.e., to maintain our accreditations so we can demonstrate we operate at the highest standards. |
|
To share your personal data with third parties in connection with a significant corporate transaction or restructuring, including a merger, acquisition, asset sale, initial public offering or in the event of our insolvency. In such cases information will be anonymised where possible and only shared where necessary. |
Depending on the circumstances: - to comply with our legal and regulatory obligations; and/or - in other cases, for our legitimate interests or those of a third party, ie to protect, realise or grow the value in our business and assets |
See ‘Who we share your personal data with’ for further information on the steps we will take to protect your personal data where we need to share it with others.
Marketing
We may use your personal data to send you updates (by email, text message, telephone or post) about our products and/or services, including exclusive offers, promotions or new products and/or services.
We have a legitimate interest in using your personal data for marketing purposes (see above ‘How and why we use your personal data’). This means we do not usually need your consent to send you marketing information. However, where consent is needed, we will ask for this separately and clearly.
You have the right to opt out of receiving marketing communications at any time by:
- contacting us at customer-care@delphi.care; and
- using the unsubscribe link in any communications we send.
We may ask you to confirm or update your marketing preferences if you ask us to provide further products and/or services in the future, or if there are changes in the law, regulation, or the structure of our business.
We will always treat your personal data with the utmost respect and never sell it with other organisations for marketing purposes.
For more information on your right to object at any time to your personal data being used for marketing purposes, see ‘Your rights’ below.
Who we share your personal data with
We routinely share personal data with the following third parties:
- Our service providers, including a service provider based in Bulgaria who provide website monitoring services.
- Professional advisers including lawyers, bankers, auditors and insurers based in UK who provide consultancy, banking, legal, insurance and accounting services.
- HM Revenue & Customs, regulators and other authorities based in the United Kingdom who require reporting of processing activities in certain circumstances.
- Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy policy.
We only allow those organisations to handle your personal data if we are satisfied, they take appropriate measures to protect your personal data. Depending upon the other organisations, we may also impose contractual obligations on them to ensure they can only use your personal data to provide services to us and to you.
If you would like more information about who we share our data with and why, please contact us (see ‘How to contact us’ below).
We will not share your personal data with any other third party that does not have any form of business relationship with us.
We will not sell your data.
How long your personal data will be kept
We will not keep your personal data for longer than we need it for the purpose for which it is used, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you or any Customer.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
Different retention periods apply for different types of personal data. Further details on this are available at request.
By law we have to keep basic information collected in relation to our Customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being Customers for tax purposes.
In some circumstances you can ask us to delete your personal data: see your rights below for further information.
In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
Transferring your personal data out of the UK
Countries outside the UK have differing data protection laws, some of which may provide lower levels of protection of privacy.
It may be sometimes necessary for us to share your personal data to countries outside the UK. In those cases, we will comply with applicable UK and EEA laws designed to ensure the privacy of your personal data.
Under data protection laws, we can only transfer your personal data to a country outside the UK/EEA where:
- in the case of transfers subject to UK data protection law, the UK government has decided the particular country ensures an adequate level of protection of personal data (known as an ‘adequacy regulation’) further to Article 45 of the UK GDPR;
- in the case of transfers subject to EEA data protection laws, the European Commission has decided that the particular country ensures an adequate level of protection of personal data (known as an ‘adequacy decision’) further to Article 45 of the EU GDPR;
- there are appropriate safeguards in place, together with enforceable rights and effective legal remedies for you; or
- a specific exception applies under relevant data protection law.
Where we transfer your data outside the UK, we do so on the basis of an adequacy regulation or (where such is not available) issued further to Article 46(2) of the UK GDPR. In the event we cannot or choose not to continue to rely on either of those mechanisms at any time we will not transfer your data outside the UK unless we can do so on the basis of an alternative mechanism or exception provided by UK data protection law.
Any changes to the destinations to which we send data or in the transfer mechanisms we use to transfer personal data internationally will be notified to you in accordance with the section on ‘Change to this privacy policy’ below.
For further information about such transfers and the safeguards we employ, please contact customer-care@delphi.care (see ‘How to contact us’ below).
Cookies and other tracking technologies
A cookie is a small text file which is placed onto your device (eg computer, smartphone or other electronic device) when you use our website or any of our software products. Cookies help us recognise you and your device and store some information about your preferences or past actions.
For further information on cookies, and how to disable them, please see our Cookie Policy - Delphi Care Solutions.
Your rights
You have the right to:
- Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
- Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
- Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
- Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
-
- If you want us to establish the data's accuracy.
- Where our use of the data is unlawful, but you do not want us to erase it.
- Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
- You have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it.
- Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
For further information on each of these rights, including the circumstances in which they do and do not apply, please contact us (see ‘How to contact us’ below). You may also find it helpful to refer to the guidance from the UK’s Information Commissioner on your rights under the UK GDPR.
If you would like to exercise any of those rights, please email, call or write to us—see below: ‘How to contact us’. When contacting us please:
- provide enough information to identify yourself and any additional identity information we may reasonably request from you; and
- let us know which right(s) you want to exercise and the information to which your request relates.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Keeping your data secure
We have appropriate security measures to prevent personal data from being accidentally lost, used, accessed, disclosed or altered unlawfully. We limit access to your data to those employees, agents, contractors and other third parties who have a genuine business need to access it and they will only process your personal data if they are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
How to complain
Please contact us if you have any queries or concerns about our use of your personal data (see below ‘How to contact us’). We hope we will be able to resolve any issues you may have.
We would appreciate the chance to deal with any compliant you have but you also have the right to lodge a complaint with:
- the Information Commissioner in the UK; or
- a relevant data protection supervisory authority in the EEA state of your habitual residence, place of work or of an alleged infringement of data protection laws in the EEA.
The UK’s Information Commissioner may be contacted at https://ico.org.uk/make-a-complaint or by telephone: 0303 123 1113.
Changes to this privacy policy
We may change this privacy policy from time to time — when we make significant changes to this policy, we will take steps to inform you of such changes.
How to contact us
You can contact us by post, email or telephone if you have any questions about this privacy policy or the information we hold about you, to exercise a right under data protection law or to make a complaint.
Our contact details are: gdpr@delphi.care and 03301 333 002.
If you would like this policy in another format (for example audio, large print, braille) please let us know.