VetIndex Ltd takes the privacy of all of its customers, suppliers, partners and employees seriously and takes great care to protect their personal information.
The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) replaces the Data Protection Regulation (Directive 95/46/EC) from 25 May 2018. The Regulation aims to harmonise data protection legislation across EU member states, enhancing privacy rights for individuals and providing a strict framework within which commercial organisations can legally operate. Even though the UK has expressed its intention to leave the EU in March 2019, the GDPR will be applicable in the UK from 25th May 2018.
Your new rights under the GDPR are set out in this notice but will only apply once the GDPR becomes law on 25th May 2018.
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
Who controls your personal data?
The Data Controller is VetIndex Ltd, a company registered in the UK: Company Number 3139495
Registered office: 33 Gay Street, Bath BA1 2NT
The Data Controller’s data protection representative is the Data Manager
You can contact them at email@example.com
You can call them on 01225 445561
What is personal data?
Personal data is data that can identify you as an individual. The personal data we collect or receive may include the following as applicable:
Telephone and mobile numbers
The information we use and and where we get it from
Most of the information we use will have been provided by you. VetIndex Ltd supplies a range of veterinary products and CPD courses/congress.
We may obtain your personal data from the following sources:
You (e.g. via enquiry forms, orders or marketing subscriptions)
Conversations on the telephone or email
Our websites and software applications e.g. enquiry form or online chat service
Visiting our stand at trade shows
We collect the personal data from the following types of people to allow us to undertake our business;
• Prospective and existing customers
• Supplier contacts to support our services
• Employees and business consultants
You may have contacted us directly (e.g. purchasing a CPD course) or we may have your details from our research / information already in the public domain. We are able to process your data if we have a legal basis for doing so.
How we will use your personal data:
The processing of your personal information may include:
Collecting and storing your personal data
Notifying you of potential new products, services and offers
To market our products and services
For the purposes of backing up information on our computer systems
Why we process your personal data and our legal justification for doing so:
There are six legal bases for processing data but we will rely on (1) that the processing is necessary for the performance of a business transaction with you, (2) compliance with legal obligations, (3) that we have a legitimate interest in processing your personal data or (4) your consent to send direct marketing messages about products and services.
1. Entering into and performing a contract with you:
In order to provide our products and services, we may enter into a contract with you and/or a third party. In order to enter into a contract, we will need certain information, for example your name and address. A contract will also contain obligations on both your part and our part and we shall process your data as is necessary for the purpose of those in order to process your order on your behalf.
2. Compliance with legal obligations (regulatory and statutory obligations):
We must comply with a number of statutory provisions when providing our products and services, which necessitate the processing of personal data, which amongst other things requires us to:
• Verify your business details
• Maintain records for specific periods
Where we engage in a contract with a business or person to supply our products or services , there are other statutory obligations that must be complied with including, tax, HMRC reporting requirements, and any other law or regulation.
We are also required to comply with statutory and regulatory obligations relating to business generally, for example complying with tax, bribery, fraud/crime prevention and data protection legislation, and co-operating with regulatory authorities such as HMRC or the Information Commissioner’s Office.
3. Our legitimate interests (carrying on the commercial activity of the provision of products and services):
In providing our products and services, we will carry out some processing of personal data which is necessary for the purpose of our legitimate interests, which include:
• Retaining records of our dealings and transactions and where applicable, use such records for the purposes of establishing compliance with contractual obligations with customers or suppliers
• Addressing any query or dispute that may arise including establishing, exercising or defending any legal claims
• Protecting our reputation
• Maintaining a backup of our system, solely for the purpose of being able to restore the system to a particular point in the event of a system failure or security breach
Using your personal data to:
• Assess suitability and contact you regarding our products and services
• Collate market information or trends on products and services source potential products and services as part of our overall services
• Personalise your experience and our offering, whether via our website or otherwise
• This means that for our commercial viability and to pursue these legitimate interests, we may continue to process your personal data.
4. Consent to our processing of your data:
We may process your personal data on the basis that you have consented to us doing so for a specific purpose, for example, if you have purchased from us previously you may have consented to our processing of the data that has been provided for the purpose of informing you of new products, services or offers considering your suitability either by previous choice of products purchased or by business type.. In other cases, you may have provided your written or verbal consent to the use of your data for a specific reason such as receiving marketing updates on some of our additional services.
You may withdraw your consent to our processing of your personal information for a particular purpose at any stage. Withdrawal of consent will not have any effect on the lawfulness of any processing based on consent before its withdrawal.
Who we share personal data with:
We shall not share your personal information with any third parties.
If you do not wish to provide us with necessary data:
There may be circumstances where we require you to provide data which is necessary for us to meet statutory or contractual obligations, or perform our services. If you do not wish to provide us with information we request then please notify us. However, please be aware that as a result we may be unable to provide you, or the party you represent, with a service, and in some cases, this may result in a breach of the contract we have with you or a third party you represent.
Data Security and Confidentiality
It is our policy to ensure, in so far as is reasonably practicable, that our systems and records are secure and not accessible to unauthorised third parties in line with contemporary practice.
Changes to this Privacy Notice
This Privacy Notice is regularly reviewed and may be updated from time to time to reflect changes in our business, or legal or commercial practice.
• We take the protection of your personal data very seriously and it is important that you know your rights within that context, which include rights to:
• Request a copy of the personal data that we hold about you. If you would like to make a request for information, please contact firstname.lastname@example.org
• Object to our processing of your data where that processing is based upon legitimate interest and there are no compelling grounds for the continued processing of that data
• Request that we restrict processing of your data in certain circumstances
• Request that data is erased where the continued use of that data cannot be justified. Object to any decision, which significantly affects you, being taken solely by a computer or via another automated process
• Withdraw your consent to our processing of your personal data for a particular purpose at any stage.
• Request that direct marketing by us to you is stopped
If you are dissatisfied about any aspect of the way in which your data is processed you may, in the first instance refer the matter to: email@example.com.