What personal data do we collect?
If you purchase any of our products from our website, contact us directly or via one of our retailers we may collect the following information.
- Your title
- Given name and surname
- Your gender
- Your address and email
- Your payment information
- Health related information
How do we obtain your personal data?
- When you purchase any of our products from our website.
- When you opt-in to subscribe to our newsletter on our website.
- When you contact us directly, both through online and offline modes of communication, to provide feedback on one or more of our products.
- When you provide feedback on our products via one of our retailers, including online retailers, and/or distributors.
How do we use your personal data?
- To process and fulfil your online orders of our products purchased via our website.
- To reply to your enquiries.
- To contact you in case that we need to notify you of a serious health risk of one of our products that you have purchased from our website that requires it to be recalled, as required by the Medical Device Directive 93/42/EEC Article 10 Section 3.1 Sub Bullet 7.
- To document and investigate feedback on the use of our products including complaints. We are required to do this under Medical Directive 93/42/EEC Article 11 Annex II Section 6 Administrative provisions. In order to meet this requirement, for products purchased from our website only, we may send you a product feedback survey.
If you have opted-in to receive Marketing communications from us:
- To send you newsletters with information relating to our products.
- To send you invitations to participate in surveys relating to our products.
Use of third party websites
- Our products purchased through a third-party retailer’s website.
- Contacting us through third party website modes of communication.
- Links on the PFLH website to other third-party websites as a service to our users.
How do we store your personal data?
We will only use and store your information for as long as it is required for the purpose it was collected for. How long it will be stored for depends on the information in question, what it is being used for, and statutory legal requirements.
How we secure your data
At PFLH we take your data and its security very seriously. For storage of your data, we are using certified and secure cloud solutions such as Google’s Firebase and Microsoft Dynamics who are using standardised protocols for encryption of data in transit and at rest. You can get more information regarding Firebase compliance with GDPR here:
You can get more information on compliance of MS Dynamics CRM with GDPR here:
Data of EU citizens is stored in data centres located in EEA countries. For any changes regarding the storage of your data and the location of the data centres where your data is stored, we will be notified by our service providers and we will notify you accordingly.
PFLH will not sell or rent your data to any third-party for any purpose.
In certain cases we will disclose your data in the following circumstances.
- We may use carefully selected third-parties to provide us with support services in connection with this website and such parties may obtain access to your information to enable them to provide those services. We require all companies providing such support services to meet the same high level of data protection as our own.
- When we have reason to believe that disclosing this information is necessary to identify, contact or bring legal action against someone who may be causing injury to you or ourselves, or interfering with PFLH’s rights or operations, other users of this site, or anyone else who may be harmed by such activities, or;
- When we believe the law requires it, or in response to any demand by law enforcement authorities in connection with a criminal investigation, or civil or administrative authorities in connection with a pending civil case of administrative investigation, or;
- When we need to demonstrate compliance to our Quality Management System and the standards governing Medical Devices, to our Notified Body. In this scenario we may have to share your data with an external auditor appointed by the Notified Body to demonstrate appropriate documentation and facilitate product recalls and product vigilance.
- If you have consented to participate in a PFLH research your data may be shared with a third-party organisation who has been contracted by PFLH to support the PFLH research programme. We will require as part of our service contract with the third-party organisation that they use and protect data in accordance with the objectives of the PFLH research programme.
Sensitive personal data
The Data Protection Act and Privacy of Electronic Communication Regulations define sensitive personal data as information about racial or ethnic origin, political opinions, religious beliefs, or other similar beliefs, Trade Union memberships, physical or mental health, sexual life, and criminal allegations, proceedings or convictions.
Other than the sensitive data collected from a complaint, an enquiry, feedback on one of our products as part of a PFLH research programme where you have given consent to participate. PFLH will not collect or maintain personal sensitive data.
Session cookies are temporary and are deleted when the web browser is closed. These cookies allow users to be recognized when browsing a website. This means that any page changes or item selection is remembered from page-to-page. Most commonly these are used by e-commerce sites to store items placed in your shopping basket. Without them the checkout page would not remember any past activity on previous pages, and your shopping basket would remain empty.
Persistent cookies are what allow websites to “remember” you when you visit them. This results in faster and more convenient access – often you won’t need to log-in again, or input your preferred settings.
Persistent cookies are designed to store data for an extended amount of time. Each cookie is created with an expiry date – which could be anything from a few days to a few years. When the expiry date is reached the cookie is automatically deleted. This means the website will no longer remember you or your preferred settings.
- Making sure our customers are secure (session cookie).
- Making possible certain site functionality (session cookie).
- Tracking visitor behaviour and website traffic (persistent cookie)
Persistent cookies help us to evaluate and improve the personalisation of our online marketing campaigns. They collect anonymous data about our website visitors and their use of the site. These include Google Analytics cookies, which are used to collect anonymous amassed statistics. These cookies help us understand how visitors use our website.
You must have cookies enabled if you want to access any areas of the website reserved for registered users. Session cookies do not hold personal information.
How to disable cookies
You can accept or decline cookies form any website by adjusting the settings in your browser.
If you want to learn more about cookies, or how to control, disable, or delete them, please visit https://aboutcookies.org. Specific third-party advertisement networks including Google also allow users to modify their preferences for internet browsing. Visit https://google.com to learn more.
What cookies do we use?
- Google Analytics (_ga)- Collects data about the users device and behaviour. Tracks users across marketing channels. Expires after 36mths.
- Cloudflare (cfuid) – Identifies trusted web traffic.
- Woocommerce (wc_) – Tracks cart & store functionality.
- Session Cookies )wfvt_) – Information about geographical location, remembers submitted data and autopopulates forms.
- AWSALB – Allows error from multiple services using a load balancer. Records the cluster serving you.
- Zopin (_zlcmid ) – Zopin live chat system.
- Google adwords (ads/ga) – Visitor engagement and customer conversion utilities.
- Google Doubleclick – Reports clicks to advertisers ads.
- Youtube – Unique ID to track how visitors use Youtube videos across multiple sites.
- WordFence – Verifies if visitor is human or bot.
You can request a copy of the information we hold concerning you, or revoke your consent to our using your information for direct marketing purposes, by contacting the PFLH Data Protection Officer by email via: firstname.lastname@example.org.
Or you can write to:
PFLH Data Protection Officer
Passion For Life Healthcare (UK) Ltd
You will also need to provide information that will help us confirm your identity. Once we have all the information to respond to your request, we will provide the information to you within 1 month.
You have the right to access, delete, rectify and move your data. If you don’t want your data to be processed anymore, you have the right to withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
If for any reason, and after you have raised with our Data Protection Officer any concerns regarding your data, you have the right to lodge a complaint with the supervisory authority. In the UK the supervisory authority is the Information Commissioner’s Office.
The policy will be updated from time to time to ensure it remains up to date and reflects how and why we use our personal data and new legal requirements.