Policies

Last updated: 1 February 2022
Next review: February 2023

1. Introduction

Brosch Direct, a division of Polyco Healthline Limited (“Brosch Direct”, “we”, “us”, “our”) of South Fen Road, Bourne, Lincolnshire, PE10 0DN, company number 02000388, are committed to protecting and respecting your privacy. We are committed to the protection of the personal data we process in line with the data protection principles set out in the UK General Data Protection Regulation, the EU General Data Protection Regulation (where applicable) (together the “GDPR”) and the Data Protection Act 2018 (“DPA18”). 

This privacy notice (“this Notice”) explains what personal data we collect from individuals who visit our website, contact us using our web forms, by email, phone or through one of our social channels; or other marketing communications (“you”, “your”). It also explains what information we collect automatically when you visit our website and the information we collect when you register to use our services.

Brosch Direct is the data controller for the purposes of the GDPR, registered in the UK with the Information Commissioner’s Office, registration number Z1836501.

As an information-led business, we place great importance on ensuring the quality, confidentiality, integrity and availability of the data we hold and in meeting our data protection obligations when processing personal data. We are committed to protecting the security of your personal data and use a variety of technical and organisational measures to help protect your personal data from unauthorised access, use or disclosure.

We update this Notice from time to time in response to changes in applicable laws and regulations, to our processing practices and to the products and services we offer. When changes are made, we will update the date at the top of this document. Please review this Notice periodically to check for updates.

2. What information do we process

We are committed to protecting your privacy. Authorised employees within the company use any information collected from you on a need to know basis only. We constantly review our systems and data to ensure the best possible service to our customers. We will, at all times, endeavour to collect and process your personal information in accordance with the European General Data Protection Regulation and the Privacy and Electronic Communications (EC Directive) Regulations 2003 and other applicable data protection. 

We may process the following information:

  • Name
  • Address
  • Email address
  • Telephone number(s)
  • Company name
  • Job title
  • Customer account number
  • Product order number
  • Payment information including bank account details, method of payment and transaction amount
  • Purchase history
  • Transaction history
  • Any information you share through our free text boxes or social media channels
  • Device information
  • Location data

Cookies and Web Beacons

Our website uses cookies to better the users experience while visiting. Where applicable, this website uses a cookie control system which allows the user, on their first visit to the website, to allow or disallow the use of cookies on their computer / device. 

Cookies are small text files saved to the user's computer which track, save and store information about the user's interactions and usage of our website. This allows our website to provide users with a tailored experience. Users are advised that if they wish to deny the use and saving of cookies from our website on to their computer or device, they should take necessary steps within their web browsers security settings to block all cookies from our website and any external serving vendors.

We use cookies to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services.

Our website uses tracking software to monitor our visitors, to better understand how they use it. This software is provided by Google Analytics which uses cookies to track visitor usage. The software will save a cookie to your computer or device in order to track and monitor your engagement and usage of our website, but will not store, save or collect personal information. You can read Google's privacy policy here for further information.

Other cookies may be stored on your computer by external vendors if we use referral programs, sponsored links or advertisements. Such cookies are used for conversion and referral tracking and typically expire after 30 days, though some may take longer. No personal data is stored, saved or collected. 

The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. To install all other types of cookies, we need your consent.

You can at any time change or withdraw your consent using the Cookie Declaration function on our website. 

Please see our Cookie Notice for details about the cookies we use.

3. Purposes and bases for processing your personal data

We may use your data for the following purposes and on the following lawful bases:

Purpose Lawful Bases for Processing
Responding to correspondence from you. It is our legitimate interest to respond to enquiries made via our website, by email, through our social channels or any other means.
Fulfilling an order / contract. We process your data in order to satisfy our sales/service contract.
Marketing, newsletter and competition administration. Where you give consent to receive such material, we will from time to time send you information and/or offers about our goods and/or services which we believe may be of interest to you. You may withdraw your consent at any time by emailing gdpr.compliance@polycohealthline.com.
Marketing, newsletter and competition administration. Where you have purchased a product or service from us, it is our legitimate interest to send you information and/or offers about our similar goods and/or services, which we believe may be of interest to you. You may withdraw your consent to receiving such material at any time by emailing gdpr.compliance@polycohealthline.com.
Business management, forecasting and statistical purposes. It is our legitimate interest to identify areas for managing current business relationships, develop our services and for managing our business.
Improving our website and the overall website visitor and user experience. We use cookies on our website with your consent.
Prevention and detection of crime including money laundering, fraud or other crimes.  It is our legitimate interest to allow analytics and search engine providers to help improve and optimise our website.
Analyse and track use of our website for reporting and analytical purposes. It is our legitimate interest to monitor our website usage in order to continually improve the user experience.

4. Sharing your information

Your data will only be shared between Brosch Direct and its group companies on a need-to-know basis.  It will not be divulged to any third party other than: 

  • with our third-party contractors and/or service providers in connection with the provision of our website/goods/services;    
  • if we are required to do so under any regulatory code or practice, or if we are asked by any public or regulatory authorities;
  • in connection with a legal claim, as required in connection with that claim;
  • if we're discussing selling or transferring part or all of our business – the information may be transferred to prospective purchasers under suitable terms of confidentiality.

Under certain circumstances, we may use an external credit reference agency to provide information on your credit scoring or credit rating. This will provide an automated decision on your eligibility for credit when it is necessary in order to process your order.

We will not sell or rent your personal information to any third party. Any emails sent will only be in connection with the provision of agreed services and products, or to share relevant information you have either consented to or is in our legitimate interest to share with you.

We will not collect any personal data from your visits to our site unless you provide this information voluntarily. In any event, you have the right to withdraw your permission for us to hold or use the data listed above. 

In all cases, the servers where your personal data is stored and processed are located within the United Kingdom (“UK”) and European Economic Area (“EEA” – the 27 EU member states, plus Norway, Iceland and Liechtenstein).

Under some circumstances we may be required to disclose or share your information without your consent, for example if we are required to by the police, the courts or for other legal reasons.

Your data will only be held by us for as long as is legally required, in accordance with the our Data Retention and Destruction Policy. 

We will rarely share your personal data outside the UK or the EEA. If this becomes necessary for the purposes of providing our services to you, we only share personal data where appropriate safeguards are in place, such as the International Data Transfer Agreement (“IDTA”) for personal data transfers out of the UK, or Standard Contractual Clauses (“SCCs”) with supplementary measure for personal data transfers out of the EU, to ensure your personal data is protected to the same standard expected within the UK and EEA.

Our website includes links to other third-party websites and social media platforms (LinkedIn, Facebook, Instagram, Twitter, YouTube). Once you navigate away from our site via one of the links, the site may collect your IP address and may set a cookie on your device. When you use one of these links, you are sharing information to another website or service and this Notice will no longer apply. Please read the privacy notices provided by the particular service website you are directed to before posting any personal information using these links.

5. Your Rights 

The GDPR provides you with certain rights in relation to the processing of your personal data, including to:

  • Request access to personal data about you (a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are processing it lawfully.
  • Request rectification, correction, or updating to any of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request your personal data be transferred to another data controller in machine-readable format.
  • Request erasure of personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove personal data where you have exercised your right to object to processing (see below).
  • Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you (e.g., if you want us to establish its accuracy or the reason for processing it).
  • Object to the processing of your personal data in certain circumstances. This right may apply where the processing of your personal data is based on our legitimate interests.

Some of these rights are not absolute and are subject to various conditions under applicable data protection and privacy legislation, laws, and regulations to which we are subject. If at any time you decide that you no longer wish to be contacted for marketing purposes, or if you would like to exercise any of your rights as set out above, you can contact us at gdpr.compliance@polycohealthline.com. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

In addition to the above, please note that you have the right to make a complaint at any time to the Information Commissioner’s Office in the UK, or to your local supervisory authority, if you are concerned about the way in which we are handling your personal data.

6. Data Retention Period

We will retain your personal data for as long as is necessary to provide you with our products and ongoing services and for a reasonable period thereafter, to enable us to meet our contractual and legal obligations and to deal with complaints and claims.

At the end of the retention period, your personal data will be securely deleted in accordance with our Personal Data Retention and Destruction Policy.

7. Contact

You can contact us in relation to data protection and this privacy notice by emailing gdpr.compliance@polycohealthline.com.

This website uses cookies to better the users experience while visiting the website. Where applicable this website uses a cookie control system allowing the user on their first visit to the website to allow or disallow the use of cookies on their computer / device. This complies with recent legislation requirements for websites to obtain explicit consent from users before leaving behind or reading files such as cookies on a user's computer / device.

Cookies are small files saved to the user's computers hard drive that track, save and store information about the user's interactions and usage of the website. This allows the website, through its server to provide the users with a tailored experience within this website. Users are advised that if they wish to deny the use and saving of cookies from this website on to their computers hard drive they should take necessary steps within their web browsers security settings to block all cookies from this website and its external serving vendors.

This website uses tracking software to monitor its visitors to better understand how they use it. This software is provided by Google Analytics which uses cookies to track visitor usage. The software will save a cookie to your computers hard drive in order to track and monitor your engagement and usage of the website, but will not store, save or collect personal information. You can read Google's privacy policy here for further information.

Other cookies may be stored to your computers hard drive by external vendors when this website uses referral programs, sponsored links or adverts. Such cookies are used for conversion and referral tracking and typically expire after 30 days, though some may take longer. No personal information is stored, saved or collected. 

This website uses cookies. We use cookies to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services.

Cookies are small text files that can be used by websites to make a user's experience more efficient.

The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission.

This site uses different types of cookies. Some cookies are placed by third party services that appear on our pages.

You can at any time change or withdraw your consent from the Cookie Declaration on our website.

Learn more about who we are, how you can contact us and how we process personal data in our Privacy Policy.

Our quality policy can be found here.

Our ethical trading policy can be found here.

Copyright © 2022 Brosch Direct
|