Data Protection and Privacy Policy

Introduction
CLS Surgical Ltd processes and holds personal data from, and about, prospective, current, and other individuals, to operate our businesses, and to serve our customers.
This Statement sets out the basis on which such information is held.
We may make changes to this statement from time to time to reflect developments in the law.

Scope
This policy statement details the basis on which such information is held, what we might do with the information, and who it will be shared with.
It sets out our position and commitment relating to data protection. We hold and process individual’s personal and sensitive personal data in regards to our business and services. We hold individual data in secure paper based, and electronic files and systems.
The data we process may relate to former, present and potential future business partners. We collect and maintain such data in order to meet our legitimate interests as a business, to comply with statutory requirements and fulfil individual contracts.

Responsibility
The specific responsibilities of the Data Controller, the Data Protection Officer, the IT Manager and the Business Development Manager to ensure the data is collected, handled and stored appropriately are set out in our Data Protection Policy.
Where personal data is to be processed, all members of staff are responsible for ensuring data is processed in line with the current legislation and the General Data Protection Regulations.
Reasons and purposes for processing information
We process personal information to enable us to promote our goods and services, to maintain our accounts and records and to support and manage our partners.

Type of personal information held
We process information relevant to the above reasons/purposes. This may include
• Personal details
• Financial details
• Goods or services provided

Use of the data
When we ask you for personal information we will keep to the law, including the General Data Protection Regulations, and we will:
• Make sure you know why we need it
• Only ask for what we need, and not to collect too much or irrelevant information
• Protect it and make sure nobody has access to it who should not have access
• Let you know if we share it with other organisations – and if you can say no
• Make sure we don’t keep it longer than necessary

When deciding the retention period for personal data we will take into account our legal and business interests.

Security procedures in place to protect the data
We have established systems in place to protect personal data. Our company codes of conduct/policies protect data while allowing us to utilise processes designed to make our businesses more efficient and effective in managing and supporting our business partners.
In protecting personal data, we will not allow the misuse of individuals data and we shall protect our legitimate interests as a business, and the vital interests and freedoms of our partners.

All personal data shall be:
• Obtained by lawful and fair means and, where appropriate, with knowledge or consent; processed within the strict terms of the law, including but not limited to the General Data Protection Regulations, and any associated rules, regulations, statutory provisions, extensions or re-enactments thereof and where possible, in line with any current guidance and other publications of the Information Commissioner;
• Relevant for the purposes of which it is to be used;
• Accurate, complete and up to date;
• Kept for no longer than is necessary for its declared purpose;
• Held in the full knowledge of the individual (except in cases specifically excluded under the law);
• Protected by reasonable security safeguards against such risks as loss or unauthorised access, destruction, use, modification or disclosure of data;
• Protected from unauthorised cross border transmission to any other state which does not meet those standards laid down by the Council of Europe Convention (1981), the EC Data Protection Directive (95/46/EC) and the GDPR 2015.

Disclosure of information to third parties
We sometimes need to share the personal information we process with the individual it concerns and also with other organisations. Where this is necessary we will comply with all aspects of the law including the General Data Protection Regulations. We do not disclose your information to any third parties or bodies unless we have permission to do so or are required to do so by law.
Obtaining the information we hold about you
You have the right to ask for a copy of your information and to correct any inaccuracies.
If you wish to gain access to information you should write to the Data Protection Officer requesting this. The provision of personal data shall be satisfied within a month from receipt of written request.
We can refuse or charge for results that are manifestly unfounded or excessive. If we refuse a request, we will tell you why without undue delay and at the latest, within one month.

In all cases the relevant information will only be disclosed following a written request instructing the Data Protection Officer, and giving consent to the Data Protection Officer to make such disclosure. We will need to be satisfied of the identity of the individual making the Subject Access Request.
You have the right to make any reasonable request for the rectification or amendment of personal data provided that:
• You can readily demonstrate the existence of an identifiable error, relevant omission or superfluous fact,
• It is unlawful to maintain such a record
The rectification of personal data shall be satisfied within a month from receipt of a request.

Retention and disposal of personal data
When we ask for personal information we will keep to the law, including the GDPR. Under the Regulations personal data processed for any purpose must not be kept for longer than in necessary for that purpose. When deciding the retention period for personal data we will take into account our legal and business interests. It is a matter for reasonable judgement and common sense as to how long personal data should be retained.

Length of time for retention of personal data
We will retain your personal information only for as long as is necessary for the purposes for which the information was collected, or as long as it is required pursuant to law.

Right to be forgotten – erasure of personal data

You have the right to ask for your personal data to be erased.
Individuals have the right to have their personal data erased if:
• The personal data is no longer necessary for the purpose for which it was originally collected;
• We are relying on consent as the lawful basis for holding the data, and you withdraw your consent;
• We are relying on legitimate interests and there is no overriding legitimate interest to continue this processing;
• We have processed the personal data unlawfully;
• We have to do it to comply with a legal obligation.

The right to erasure does not apply if retaining the personal data is necessary for one of the following reasons:
• To exercise the right of freedom of expression and information;
• To comply with a legal obligation;
• For the performance of a task carried out in the public interest or in the exercise of official authority;
• For archiving purposes in the public interest, scientific research historical research or statistical purposes where erasure is likely to render impossible or seriously impair the achievement of that processing; or
• For the establishment, exercise of defence of legal claims.

If you wish to have personal data erased you should request this verbally or in writing to the Data Protection Officer. The erasure of the personal data relating shall be satisfied within a month from receipt of a request.
We can refuse or charge for requests that are manifestly unfounded or excessive. If we refuse a request, we will tell you why without undue delay and at the latest, within one month.

In compliance with the Data Protection Act 1998.

Information Collection and Use

We collect information from our users on the web site – this is for customer service purposes, and we also collect data from our users so that we can contact them regarding their queries. CLS Surgical is the sole owner of the personal information collected from this site. We will not sell, share, or rent this information to others. Registration in order to access our 'free stuff' section or to submit a query on the 'Contact' page, users have to complete personal details fields or a registration form. During such registration a user is required to give contact information (such as name and email address). This information is used to contact the user about the services on our site for which they have expressed interest. It is optional for the user to provide demographic information (such as income level and gender), and unique identifiers, but encouraged so we can provide a more personalised experience.

Cookies

A cookie is a small text file written to a user's hard drive that contains the User ID and IP address. The cookies do not contain any personal information about users. The use of cookies is now widespread. The reason we use cookies is to save our users time on the site (so that users do not have to log in with a password more than once); and also so that we can personalise our contact with the user. If a user sets up his or her browser to reject the cookie, he or she may still use the site although functionality will be impaired.

Log Files

We use a program called WebTrends, which records IP addresses to analyse trends, administer the site, track user's movement, and gather broad demographic information for aggregate use.

Links

This web site contains links to other sites. Please be aware that CLS Surgical is not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of these third party sites. This privacy statement applies solely to information collected by this Web site.

Surveys & Contests

From time-to-time our site requests information from users via surveys or contests. Participation in these surveys or contests is completely voluntary and the user therefore has a choice whether or not to disclose any information requested. Information requested may include contact information (such as name and delivery address), and demographic information (such as postcode, age level). Contact information will be used to notify the winners and award prizes. Survey information will be used for purposes of monitoring or improving the functionality of the site.

Security

This web site takes every precaution to protect our users' information. When users submit sensitive information via the web site, your information is protected both online and off-line.

If you have any questions about the security at our web site, you can send an email to info@cls-surgical.com

Correcting/Updating Personal Information

If a user's personally identifiable information changes (such as your postcode), or if a user no longer desires our service, we will endeavour to provide a way to correct, update or remove that user's personal data provided to us. This can usually be done at the 'Contact Us' page or by sending an email to info@cls-surgical.com

Notification of Changes

If we decide to change our privacy policy, we will post those changes on our Home page so our users are always aware of what information we collect, how we use it, and under circumstances, if any, we disclose it. If at any point we decide to use personally identifiable information in a manner different from that stated at the time it was collected, we will notify users by way of an email. Users will have a choice as to whether or not we use their information in this different manner. We will use information in accordance with the privacy policy under which the information was collected.

Summary of terms

Browser

Used to locate and display Web pages via a software application. The most popular ones are Netscape Navigator and Microsoft Internet Explorer.

Cookie

Message given to a web browser by a web server. The message is then stored by the browser in a text file of the format cookie@you.txt. Each time the browser requests a page from the server, this message is sent back. A cookie's main objective is to identify users and personalise their visit by customising web pages for them for example by welcoming them by name next time they visit the same site. A site using cookies will usually invite you to provide personal information such as your name, e-mail address and interests.

IP (Internet Protocol)

All networks connected to the internet speak IP, the technical standard which allows data to be transmitted between two devices. TCP/IP (Transmission Control Protocol/Internet Protocol) is responsible for making sure messages get from one host to another and that the messages are understood.

IP address

If you are connected to the Internet you have one which is unique to you, for example it may look something like this 198.184.98.9

Web Server

Delivers (serves up) web pages to your computer.