GDPR is the law that governs your personal data and every company in the UK needs to abide by it and let you know how your personal data is used. Click here to learn more about GDPR.
We promise to respect your personal information by keeping your data safe and private
We collect your delivery name and address – this is passed on the courier for your order (mainly Royal Mail) so that they can deliver your order
We collect the billing name and address – we need that to verify payment details and check for fraud
We collect your email address to send you order and delivery confirmations. We also do marketing and there’s more about this below
We collect telephone numbers so we can call you if there are any issues or to follow up an enquiry that’s been made.
For those who complete a VAT Relief claim, we collect a the users’ name and medical condition – this doesn’t go anywhere and we do not use this for any other purpose: it is securely kept to adhere to tax regulations only
We use tracking and clever technology to provide analytics and a better shopping experience – more on this below
We utterly respect your privacy and have always done our best to keep your data secure. In fact, we go the extra mile and have a monthly independent test to try and hack us
You have rights around your data – more on this in What is GDPR and below
We do not sell your information on to third parties – we never have done and we never will
With GDPR, we will introduce a new level to how we use your data by offering old and new customers different ways to manage their marketing choices.
Who is YourPhysioSupplies?
We sell daily living aids, care equipment and other products and services to help people have an independent lifestyle or to make life that little bit easier for very disabled people. We are bound by applicable data protection laws in respect of the handling and collection of your personal data.
The Personal Data We Collect
YourPhysioSupplies collects data in order to give you the best shopping experience and to make sure we can deliver your orders. There are several types of data that we collect:
Data you type in directly when you place an order
Transaction data includes the payments made and the goods and services you purchase from us
Data you type in to send us an enquiry
Data that records how you use our website, for example, using third-party technologies like Google Analytics
We do not obtain personal contact data from any third parties. We do provide a commission to some websites that link to us if they are signed up as an Affiliate. An Affiliate is a website that links to products on our website. If you would like to explore becoming an affiliate, click here for our Affiliate program. Affiliates do not know who has placed an order and any order details are kept completely anonymous from our Affiliates.
For an order, we only ask you to provide the following personal data:
Name and contact data for both the billing and delivery purposes. We collect your title, first and last name, email address, postal address, phone number and other similar contact data;
The goods and services you want to buy;
Medical condition – if you wish to claim VAT Relief then we are legally obliged to collect the name of the person the goods are for and their long term medical condition or disability. This is NOT used for marketing purposes – please be absolutely assured that this information is kept confidential, secure and only to account to UK Government HMRC should it be required;
Payment details are collected on our website or over the phone. We do not store any credit card details – these are held securely by Paypal. For telephone orders, we stop recording calls when taking card details and our customer services team are not allowed to use any recording devices in their workspace. We are PCI Compliant and regularly test our security;
Marketing data includes your preferences in receiving marketing from us and your communication preferences.
Other information you might provide directly:
We also collect information you provide to us and the content of messages you send to us, from product reviews you might write for example, or any queries and conversations you have with our customer care team. When you contact us, phone conversations or chat sessions with our advisors may be monitored and recorded. Any recorded calls are kept securely on-site and are deleted after 6 months.
Special categories of personal data:
If you wish to claim VAT Relief on eligible products and services on our website (click here for more on VAT Exemption), then we are obliged to collect and securely store the name and the medical condition of the person the goods or services are for. This data is purely for the VAT Relief claim as needed for accounting purposes and for the accurate processing of your order. Be assured that it is NOT used for any other purpose.
We do not collect any other special category details, for example, about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, and genetic and biometric data. Nor do we collect any information about criminal convictions and offences.
Usage Data includes information from browsing our website:
YourPhysioSupplies uses a cookie which is a small, anonymous text file placed on your device to help us follow you through our website so you can add items to the basket, continue shopping and buy when you are ready. This cookie doesn’t contain anything personal in itself as it is just a long string of letters and randomised numbers which gives your visit to the website a unique identity. You can browse our website without this cookie but you cannot add to the basket without it.
Browsing our website will also mean that cookies from carefully selected third party websites will be collecting anonymised data on our behalf. These are used for:
Presenting you with more relevant results based on your browsing and what other people have looked at;
If you wish, you can switch off third-party cookies in your browser settings but switching off our main browser cookie will affect your shopping experience.
Disclosure of your personal data
We may share your data with other reputable businesses and data processors to help provide a great service to you. Our requirement is that all third parties treat this data in full confidence to fully comply with all European and UK Data Protection and Consumer legislation. Please also note:
We will not share your data with third parties for their own mailing or marketing purposes;
Should the UK Government HMRC, the Police or any other regulatory body require to see your data, we are entitled to show this;
We may also share data with parties who may buy or sell this business in future or if any of our assets are acquired.
Storage of your personal data
We take the security of your data storage extremely seriously:
Your data is held on secure servers that are regularly tested for PCI Compliance. Some of the data that is collected from you may be transferred and then stored by one of our approved data processors who have a storage destination outside the European Economic Area (EEA). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers;
For your security, we strictly limit access to our administration of the data to our work-based locations;
By law, we have to keep records of transactions for at least 6 years. For marketing purposes, we don’t write to people who have never responded to any marketing in 6 months – we then keep the record but mark it as unsubscribed so we know not to write to that data again;
The third parties that we engage with are required to only keep your data stored on their systems for as long as is necessary to provide you or ourselves with the relevant services they provide;
Occasionally, our staff may print off order details which includes customer name, address and contact details. Such print is kept in the workplace until it has been dealt with. At this point, it is stored ready for shredding and a professional shredding company regularly collects to confidentially shred and recycle upon which we receive a Certificate of Destruction;
If a call was recorded, it will be deleted from our system after 6 months.
If you have consented to our marketing, which is a great idea as you’ll be kept informed of our offers and products you may not have been aware of, then you will always have a simple way to opt out or amend your preferences with every email sent and we will also attempt to do the same with any printed material should we do a direct mailshot.
From the 25th May, 2018, marketing will only proceed to new customers who opt in to receive it. Customers who bought from us or signed up to receive our newsletters prior to this date will continue to be marketed to as we have evidence that our marketing is of benefit to both the customer and ourselves. Please see our Legitimate Use of Data for Marketing in Our Legitimate Interests.
We take our security very seriously but in the unlikely event of a data breach, we will contact anyone effected by the breach within 3 working days of us knowing about it. This contact is likely to be via email.
You have a right to know what data we hold about you and are welcome to make a Subject Access Request. Please get in touch and allow us up to 30 days to provide you this. If anything is incorrect, please let us know.
Similarly, if you want us to delete any of your data, we’ll work with you on that. Please note that as YourPhysioSupplies only retains data upon an order, and as we don’t ask anything other than the data we need to process that order, then we need to keep a certain amount of data on record.
Wherever possible, we will show you how to control your marketing preferences.
If you wish to exercise any of your rights or want to ask us a question or make a complaint about how we handle your personal data, then please get in touch with us in the first instance.
You also have the right to lodge a complaint with the UK regulator, the Information Commissioner (ICO). Click here to find out how to report a concern to the ICO