Privacy Policy
We have updated our Privacy Policy to reflect changes made to strengthen your privacy rights and provide transparency on how we store and use your data. This update was required and are in alignment with the European General Data Protection Regulation (GDPR). The updates make it clear why we collect the data and how we use it, how we share your data, how we store your data and how you can access and change/amend your data.
White Medical’s Privacy Policy sets out how we use and protects any information that you give us when you use our website or contact us. White Medical is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when interacting with us, then you can be assured that it will only be used in accordance with this privacy statement. White Medical may change/update this policy with no notice therefore please check this page regularly to make sure you are happy with any changes/updates.
This privacy policy was last updated on 23rd October 2023.
WHAT INFORMATION IS REQUIRED FOR THE CONTRACT/ORDER
When an order* is placed the following information will be requested.
a) Contact name
b) Invoice address
c) Delivery address
d) Telephone number (either landline or mobile)
e) E-mail (online orders for confirmation of order, NHS orders for sending invoice)
f) Online order: The White Medical online store website is hosted on a secure server, and all personal details, including your name, address and contact details are protected through a process of encryption. White Medical does not collect or have access to any of your credit/ debit card details. When you select the ‘Pay’ button on the site you will be forwarded to a secure payment gateway that handles all the payment processing.
Once the payment has been processed, confirmation will be forwarded to White Medical and may also include other information i.e. order number, card address, e-mail, fraud detection information etc. Whenever you enter personal details, first ensure that a padlock is displayed somewhere on your internet browser's window. Clicking or double-clicking the padlock will display details of the certificate. Our online store is hosted on the domain epages.co.uk.
If you have any queries or concerns about using the website, send an email with your concerns to our Web Support team using the email address on our home page.
WHAT WE DO WITH THE INFORMATION WE GATHER
We require this information for the following reasons:
- Where your information is necessary for processing the contract (order) between White Medical and you so that we can process your order.
- For customer service and resolution purposes
- For warranty claims and annual servicing of the medical equipment purchased
- Internal record keeping
White Medical will not use the information given at the time of the contract / order to contact you after the order has been processed unless this contact is requested by you. Personal/Retail customers will not be contacted directly after the order has been delivered. NHS accounts may be contacted so that we can communicate with you and send offers and information we feel may interest you. This contact may be by means of post or email. If you want to opt-out of this, please let us know when you place your order and you will not be contacted. Unfortunately, there may be a situation that goes against your wishes and we need to contact you (e.g. delivery issues, warranty, product recalls etc).
So that we can improve our website and make it more user friendly we collect general information about the visitors. This includes, dates, times, durations and the pages you look at; we never record personal information about you from your browsing behavior.
WHO WE SHARE YOUR INFORMATION WITH
For White Medical to fully process your order, a third-party carrier will be used to deliver your order. White Medical’s carriers include TNT, APC and Royal Mail. The only information given to them is the delivery address and contact information which has been provided. Your information may be requested by the manufacturer of the goods supplied for the purposes of product recall only. We do not sell or give your details to anyone else. This excludes any request by the UK's law enforcement agencies.
SECURITY
We are committed to ensuring that your information is secure. To prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online. White Medical is compliant with PCI DSS and our processes run to ISO 9001:2015 which is externally audited annually by UKAS accredited Forefront Certification Limited.
CONTROLLING YOUR PERSONAL INFORMATION
You may exercise any of the rights described in this section by sending an email to enquiries@white-medical.co.uk. Please note that we will ask you to verify your identity before taking further action on your request. We try to respond to all legitimate requests within one month. Occasionaly it may take us longer than a month if your request is particularly complex or you have made several requests. In this case, we will notify you and keep you updated.
You can manage your own information. For our online store you may access and update some of your information through your account settings. Account information held on our database at White Medical please contact our customer services to update your account information. You can ask us to correct inaccurate or incomplete personal information concerning you.
You have the right to data access and portability and request copies of your personal information held by us. You may also be entitled to request copies of personal information that you have provided to us in a structured, commonly used, and machine-readable format.
Your personal information will be retained for as long as we feel necessary (due to the products we sell are medical devices and most them are in NHS Trust establishments). Paper files are kept for a minimum of seven years (in line with our legal obligation to keep order information for this duration for tax, legal reporting and auditing obligations). If you no longer want us to keep your information, you can request that we erase your personal information and close your account. Please note that if you request the erasure of your personal information:
a) We may retain some of your personal information as necessary for our business interests, such as fraud detection and prevention and enhancing safety. For example, if we suspend an account for fraud, certain information from that Account will be saved to prevent that user from opening a new account in the future.
b) We may retain and use your personal information to the extent necessary to comply with our legal obligations. For example, we may keep some of your information for tax, legal reporting and auditing obligations.
c) Additionally, some copies of your information (e.g. log records) may remain in our database but are disassociated from personal identifiers.
Once a contract is in place i.e. an order has been quoted for and processed between White Medical and a customer, the customer can cancel the contract however if the goods have already been sent a requested under the contract it is the customers responsibility to return the goods to us to cancel the contract within 7 days of receiving the goods. A refund will be issued when the goods are received back at White Medical. Once the refund has been issued the contract is terminated and your account will be deleted if requested.
White Medical complies to the Payment Card Industry Data Security Standards (PCIDSS). The standards are a set of technical and operational requirements to protect cardholder information. Essentially PCIDSS are the rules of engagement for processing payments.
You have the right to lodge complaints about the data processing activities carried out by White Medical before the Information Commissioner's Office. In the UK, please read: https://ico.org.uk/for-the-public/raising-concerns/ for details of how to do this. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us first.
Our ICO Registration number is: Z7841498
* An order placed with White Medical takes one of the following definitions:
i) NHS order by official Purchase Order from a Trust, to be invoiced
ii) GP order either by telephone or e-mail, to be invoiced or payment with order
iii) Personal/retail order by telephone/mail/in-person (Please note, we no longer accept payment via credit / debit cards in person or via telephone)
iv) Personal/retail order via our online store www.white-medical.co.uk
EXTERNAL WEB SITES
Our web site contains links to other web sites outside of our control and which our Privacy Policy does not cover. If you access other sites using the links provided, the operators of these sites may collect information that will be used by them in accordance with their privacy policy, which may differ from ours.
COOKIES
Cookies are small amounts of data sent to your web browser by a web server. They cannot harm your machine in any way. They are small text files with simple information in them. You can see them as small text files inside your 'Temporary Internet Files' folder in Windows. Our cookies keep track of the items in your shopping basket and act as place markers when you move around the site. If you experience problems with our site when you try to buy items, it is usually to do with how you have set up the security settings in your web browser. If you have set your Security Settings in Internet Explorer or any other web browser to 'high' you have disabled cookies. Our site uses cookies to provide some features such as the Shopping Cart and My Account. To ensure proper use of the site you will need to set the security level for the internet to Medium (under Tools/Internet Options). This is for "Safe browsing but still functional". If you wish to learn more about cookies - exactly what they are, how to manage them etc, you could take a look at this website - www.allaboutcookies.org.
YOUR ACCESS RIGHTS
White Medical conforms to the requirements of the GDPR which came into effect on 25.05.2018. You always have access to the information we hold about you. To obtain a copy of this information please contact: The Data Protection Officer, White Medical, Unit 36 Sir Frank Whittle Business Centre, Great Central Way, Rugby, UK, CV21 3XH or alternatively e-mail enquiries@white-medical.co.uk.
VISITORS TO WHITE MEDICAL
Whilst we are primarily a mail order company, we do welcome vistors. You must, if you plan to visit us, telephone or email to make an appointment and be aware that CCTV is operational 24 hours a day.
All visitors must report to the reception desk at Sir Frank Whittle Business Centre on arrival, you will be announced and one of the team will collect you from reception.