We will update this page whenever needed to show you everything we do with your personal data. This policy applies whenever you use any of our services, visit our website, use our CustomClear mobile app, email, call or write to us. In certain circumstances an extra privacy notice may apply, which will always refer to this page.
We promise we will never sell your personal data and will never share it with third party organisations other than those who help us in our day to day operations. The privacy and security of your data is assured.
Who We are
Wherever the words 'we', 'us', 'our', or Ortho-Care appears in this policy, it refers to Ortho-Care (UK) Ltd a Private Limited Company. (Our ICO registration number is Z5822662).
With over 30 years' experience of supplying the orthodontic profession, Ortho-Care (UK) Ltd (Reg. number 1600280) is one of the leading UK based, independent suppliers of orthodontic products. Our products are requested and used worldwide by leading orthodontists, hospitals, teaching schools, and orthodontic laboratories. We also supply homecare and hygiene products for patients undergoing orthodontic treatment through our website orthoshop.co.uk, and we support many orthodontic practices who cannot stock these products themselves by providing information for them to give direct to patients.
The personal data we collect
Any information which identifies you, or which can be identified as relating to you personally for example, name, address, phone number, email address is called your personal data. Some of this data will be collected and used by us, but we only collect the personal data that we need.
We collect personal data to help with specific activities such as when you place an order, or if we send you information about our products, or even if you come to work for us.
Personal data is collected by us when you fill in forms on our website, register to use our website, participate in any social media functions on our website, or reply to a promotion or questionnaire, or simply by corresponding with us (by phone, email or by becoming a supplier/customer).
The personal data you supply may include your name, title, address, gender, demographic information, email address, telephone numbers, usernames and passwords.
Personal data provided by you
This includes information you give when interacting with us, for example placing an order or communicating with us. For example:
- Personal details (name, email, address, telephone, and so on) when you become a customer or supplier
- Financial information (payment information such as credit or debit cards)
- Your opinions and attitudes about the company, and your experiences of dealing with us.
The following information may automatically be collected:
- Technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information relating to our site, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform and if you access our website via your mobile device we will collect your unique phone identifier
- Information about your visit, including, but not limited to the full Uniform Resource Locators (URL) and query string, clickstream to, through and from our website (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as but not limited to, scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call our customer service number
- Information about your purchases including but not limited to revenue figures, the types of products purchased, and purchase order number.
- The terms that you use to search our website
How we use your personal data
Ortho-Care will only use your personal data on relevant lawful grounds as permitted by the EU General Data Protection Regulation/UK Data Protection Act and Privacy of Electronic Communication Regulation.
Personal data provided to us will only be used for the purpose or purposes outlined in any fair processing notice in a transparent manner at the time of collection or registration where appropriate, in accordance with any preferences you express. If asked by the police, or any other regulatory or government authority investigating suspected illegal activities, we may need to provide your personal data.
Your personal data may be collected and used to help us complete your order or request. Below are the main uses of your data which depend on the nature of our relationship with you and how you interact with our various services, websites and activities.
We use customer data in order to fulfill retail activities. Your data will be used to communicate with you throughout the process, including to confirm we've received your order and payment, to clarify where we might need more detail to fulfill an order, or to resolve issues that might arise with your order.
As part of our commitment to Quality and to fulfill our accreditation requirements we carry out questionnaires with a sample set of customers to get feedback on their experience with us. We use this feedback to improve our business, customer care and our relationship with customers and suppliers.
If you choose to take part in our questionnaires, you can choose what data you submit to us, and the data is only ever used by us. All the research we conduct is optional and you can choose not to take part.
As your privacy is important to us, we will always keep your details secure.
We would like to use your details to keep you informed about things we are doing that may be of interest to you. If you choose to hear from us we may send you information on our latest offers and new products. We may also show you relevant content online.
We will never share your information with companies outside Ortho-Care for inclusion in their marketing, and we will only send our own marketing to you if you agree to receive them. If you agree to receive marketing information from us you can change your mind at a later date.
However, if you tell us you don't want to receive marketing communications, you may not hear about events or other work we do that may be of interest to you.
We may sometimes use third parties to capture some of our data on our behalf, but only where we are confident that the third party will treat your data securely and never share it with anyone else, in accordance with our terms and in line with the requirements set out in the GDPR. For example we may share cookie data with third parties to help with our own advertising targeting.
Can I change my contact preferences?
When we first have contact with you, if it is relevant to you we may ask if you wish to join our mailing list, sent either by email or by post, and occasionally we may contact you be telephone with details of special offers. You can choose to opt in and we will keep you updated on our latest offers and promotions. We will always respect your choice of how you want to receive communications (for example, by email, post or phone).
However, there are some communications that we need to send. These are essential to fulfill our promises to you as a customer or supplier. Examples are:
- Invoices/Statements/remittances etc
- Transaction messaging, purchase confirmations and account queries
- Product recalls or safety notices
Recruitment and employment
We process personal data, including 'sensitive' personal data, from job applicants and employees in order to comply with our contractual, statutory, and management obligations and responsibilities,
Such data can include, but isn't limited to, information relating to health, racial or ethnic origin, and criminal convictions. In certain circumstances, we may process personal data or sensitive personal data, without explicit consent. Further information on what data is collected and why it's processed is given below.
Contractual responsibilities: Our contractual responsibilities include those arising from the contract of employment. The data processed to meet contractual responsibilities includes, but is not limited to, data relating to: payroll, bank account, postal address, sick pay; leave, maternity pay, pension and emergency contacts.
Statutory responsibilities: Our statutory responsibilities are those imposed through law on the organisation as an employer. The data processed to meet statutory responsibilities includes, but is not limited to, data relating to: tax, national insurance, statutory sick pay, statutory maternity pay, family leave, work permits, health care scheme, equal opportunities monitoring.
Management responsibilities: Our management responsibilities are those necessary for the functioning of the organisation. The data processed to meet management responsibilities includes, but is not limited to, data relating to: recruitment and employment, training and development, absence, disciplinary matters, e-mail address and telephone number.
Sensitive personal data
The Act defines 'sensitive personal data' as information about racial or ethnic origin, political opinions, religious beliefs or other similar beliefs, trade union membership, physical or mental health, sexual life, and criminal allegations, proceedings or convictions.
In certain limited circumstances, we may legally collect and process sensitive personal data without requiring the explicit consent of an employee.
(a) We will process data about an employee's health where it is necessary, for example, to record absence from work due to sickness, to pay statutory sick pay, to make appropriate referrals to the Occupational Health Service, and to make any necessary arrangements or adjustments to the workplace in the case of disability. This processing will not normally happen without the employee's knowledge and, where necessary, consent.
(b) We will process data about, but not limited to, an employee's racial and ethnic origin, their sexual orientation or their religious beliefs only where they have volunteered such data and only for the purpose of monitoring and upholding our equal opportunities policies and related provisions.
(c) Data about an employee's criminal convictions will be held as necessary.
Disclosure of personal data to other bodies
In order to carry out our contractual and management responsibilities, we may, from time to time, need to share an employee's personal data with one or more third party supplier. For example, with regard to the employment contract, we are required to transfer an employee's personal data to third parties such as pension providers and HM Revenue & Customs.
In order to fulfill our statutory responsibilities, we are required to give some of an employee's personal data to government departments or agencies e.g. provision of salary and tax data to HM Revenue & Customs.
Updating your data and marketing preferences
We want you to remain in control of your personal data. If, at any time, you want to update or amend your personal data or marketing preferences please contact us in one of the following ways:
Call us: 01274 533233. Open 8.30am - 5.15pm weekdays excluding Bank Holidays and over the Christmas and New Year period - details of which appear on our website when relevant.
Ortho-Care UK Ltd, 1 Riverside Estate, Shipley, West Yorkshire, BD17 7DR
Should you require verification, updating or amendment of your personal data, we will do so within 30 days of your request.
Your data protection rights (DPO)
You also have the right to ask us to stop using your personal data for direct marketing purposes.
Contact us using the details above.
Subject access rights
If you would like further information on your rights or wish to exercise them, please write to us at The Data Controller, Ortho-Care UK Ltd, 1 Riverside Estate, Shipley, West Yorkshire, BD17 7DR or email email@example.com.
You will be asked to provide the following details:
- The personal information you want to access;
- Where it is likely to be held;
- The date range of the information you wish to access
So that we keep your details safe, we will also ask you to provide information confirming your identity. If we hold personal information about you, we will give you a copy of the information in an understandable format together with an explanation of why we hold and use it.
Once we have all the information necessary to respond to your request we will provide your information to you within one month. This timeframe may be extended by up to two months if your request is particularly complex.
What to do if you're not happy
In the first instance, please talk to us directly so we can resolve any problem or query. You also have the right to contact the Information Commissions Office (ICO) if you have any questions about Data Protection. You can contact them using their help line 0303 123 113 or at www.ico.org.uk or write to them at Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Keeping your information
We will only use and store your information for as long as it is required for the purposes it was collected for. How long it will be stored for depends on the information in question, what it is being used for and, sometimes, statutory legal requirements.
How we secure your data
Information system and data security is imperative to us to ensure that we are keeping our customers, employees and suppliers safe.
We operate a robust and thorough process for assessing, managing and protecting new and existing systems which ensures that they are up to date and secure against the ever changing threat landscape. In addition to this, we follow an in depth security model, which means that your data is protected by multiple layers of security.
Our staff complete mandatory information security and data protection training when they start employment with us to reinforce responsibilities and requirements set out in our information security policies.
When you trust us with your data we will always keep your information secure to maintain your confidentiality. By utilizing strong encryption when your information is stored or in transit we minimize the risk of unauthorized access or disclosure; when entering information on our website. You can check this by right clicking on the padlock icon in the address bar.
Disclosing and sharing information
When we allow third parties acting on behalf of Ortho-Care to access to your information, we will always have complete control of what they see, how long they see it for and what they are allowed to do with it. We do not sell or share your personal information with any other organisations.
However, personal data collected and processed by us may be shared with the following groups where necessary:
- Ortho-Care employees
- Third party cloud hosting and IT infrastructure providers who provide IT support
Also, under strictly controlled conditions:
- Service Providers providing services to us
Storage of information
Ortho-Care are based in the UK and we store all of our data within the European Union (EU).
Payment card Security
Ortho-Care has an active PCI-DSS compliance program in place. This is the international standard for safe card payment processes. As part of our compliance to this very stringent standard, we ensure that our IT systems do not directly collect or store payment card information; for example the full 16 digit number on the front of the card or the security code on the back.
When you input card data into the secure payment page or dictate your details over the phone, we use the data you have given us on our card machine, and when the payment is complete and the transaction finalised, we delete the details and redact them from any printed copies ensuring we do not hold the data any longer than necessary.
Our offices and warehousing have Closed Circuit Television (CCTV) and anyone visiting may be recorded.
CCTV is used to provide security and protect both our staff and visitors. CCTV will be only be viewed when necessary (e.g. to detect or prevent crime) and footage is stored for set period of time after which it is recorded over. Ortho-Care complies with the Information Commissioner's Office CCTV Code of Practice and we put up notices so you know when CCTV is used.