When you either visit our store, one of our websites, we will collect and process your personal data. In this notice, we will explain what personal data we collect and what we do with it. We will also inform you on several other topics related to the way we process your personal data. This privacy notice is structured in the same way you interact with us.
The version that you find on our website will be updated on a regular basis.
- WHO IS THE CONTROLLER?
Saint Francis Medical Tecnologies Ltd (“SFMT”) is responsible for this privacy notice.
- WHAT INFORMATION DO WE COLLECT?
When you make a purchase on one of our websites
When you purchase an item online via one of our websites, we collect your name and your company name, full postal and/or separate billing address, e-mail address, ordered and returned products, delivery information and invoice information. We will also collect data on your usage vouchers. Furthermore, you may choose to provide us with your date of birth and telephone number. We do not collect information related to the payment instrument that you use, e.g. credit card information. This information is processed solely by our payment service provider and by the providers of the payment instruments subject to strict information security assurances.
During the purchasing process, you have the option to set up a personal SFMT account. If you choose to do so, we will ask you to consent to receiving newsletters and other (electronic) communications via post, e-mail and/or SMS.
When you visit one of our websites
For which purposes do we process your personal data?
- To fulfil your orders, this includes answering your queries on the phone, via post, via e-mail or online via chat;
- To validate whether your personal data is not associated with fraudulent credit card usage or excessive credit card charge backs;
- To provide effective targeted advertising to you. Effective targeted advertising is advertising optimized to your (inferred) personal preferences. Targeted advertising includes both online advertisements and advertisements in direct marketing communications;
- If you have opted-in and thus agreed to receive these; send direct marketing messages to you and monitor your interaction with these messages;
- To further improve the functionality and the responsiveness of our chatbot(s);
- To perform social listening. Social listening is performed to enable us to have a general view of the opinion of people about us and our brands and to get an idea of relevant online influencers;
- To compose future item collections that meet your requirements and those of other customers;
- To fulfil our legal obligations, for example our financial bookkeeping obligations;
- To improve your user experience i.e. provide clear information, guidance to complete purchase etc.;
- To provide high level of service, so when you contact us we can support you with reference to your interactions with us;
- To enable the technical and functional management of our websites (including maintaining information security), for example by identifying parts of the websites that have a low latency;
What processing grounds do we utilise?
The way we process data is based on four processing grounds: (i) the performance of the purchase agreement between you and us for one or more items, (ii) to perform one or more of our legal obligations, (iii) your consent and (iv) our legitimate interest. These processing grounds may be combined whenever appropriate. When we request your consent, you may withdraw it at any time. The legitimate interests that we pursue is our interest to sell more items to you and make sure that these items are to your liking. For instance, when we validate whether your personal data is not associated with fraudulent credit card use or excessive credit card charge backs, this is because we want to avoid delivering an item to you without receiving the purchase price in return.
If you fail to provide the obligatory data we request from you in the context of a purchase, the consequence of such failure is that the purchase cannot be completed.
Who has access to your personal data?
Your personal data can be accessed by our employees to the extent that this access is required to enable them to perform their work for us. In addition, your personal data can be accessed by our external service providers. IT services, hosting services, digital advertising services and other services are offered by third parties companies. All third parties that we work with, that have access to your personal data, are subject to data processing agreement(s) that guarantee(s) that this data is exclusively processed for the purposes listed above.
If specifically required, by applicable law we may provide your personal data to regulatory authorities, police, justice department, fiscal authorities and other authorities assigned with investigative powers pursuant to applicable law.
How long do we retain your personal data?
We retain your personal data for the period that you actively interact with us. You are no longer considered to be actively interacting with us if, for a consecutive period of two (2) years, you have not purchased an item from us or have not visited one of our website(s). After this two (2) year period, we will only retain specific data that needs to be retained pursuant to a legal obligation of ours, e.g. records such as an invoice or a payment record.
In case you’ve opted-in to receive direct marketing communications from us, the data that we need to send you these communications will continue to be used (processed) by us until you opt-out from receiving them.
If you have an account, you can always request that we delete the account and its contents. You can do so by sending an e-mail to the e-mail address listed below.
Do we transfer your data outside of the EEA?
Yes, your personal data may be transferred outside of the European Economic Area to the United States to one or more of our other service providers. This transfer is required to enable you to visit our website(s), make an online purchase with us and for back-up purposes. Currently, our website(s) are hosted in the United Kingdom.
You have the right to access your personal data that we collect and process and may request from us that we rectify or erase personal data or restrict the processing of your personal data or object to the processing. In addition, you have the statutory right to file a complaint with a competent data protection authority.
You can exercise your rights towards us by sending an e-mail to the contact e-mail address listed below.
If you wish to opt-out from receiving direct marketing communications you can click the opt-out link in the respective message or indicate your opt-out in your account settings. For your rights in relation to cookies, please check our cookie notice which can be found here.
Our Contact Details
Saint Francis Medical Tecnologies Ltd
36 Jellicoe Close
E-mail: [email protected]