When we collect and use your personal data, we are subject to the General Data Protection Regulation (GDPR) (EU) 2016/679 (the "Regulation") and for the purposes of the Regulation, Hexpress Healthcare Limited is the "Data Controller", that is, the company responsible for and controlling the processing of your personal data.
We, Us, Ours
HEXPRESS HEALTHCARE LIMITED, trading as
Our Data Protection Officer
Personal data or information
Any information relating to an identified or identifiable individual
Special category personal data or information
Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership
Genetic and biometric data
Health, sex life or sexual orientation data
We may collect and use the following personal information about you:
Your name and contact details, including address, email address, telephone number and company details
Information to enable us to check and verify your identity, e.g. your date of birth, etc
Your opinions and medical/medical history details
Information about your gender
Your location data
Your billing information, transaction and payment card information
Your contact history, order and purchase history and saved items
Information to enable us to conduct credit and other financial checks
Information about your use of our website, IT, communication and other systems
Your responses to surveys, competitions and promotions
Before you can use certain areas of this website, you will be asked to register on it and to provide your personal information, including 'sensitive personal data' as defined by the Regulation. For example, we will obtain your personal data if you register to use this website, complete the medical questionnaire, send us feedback, send something, contact us for any reason, register for a service, and purchase products or services. We may also obtain sensitive personal information about you if you provide it by completing the online medical questionnaire. If you provide such information, you will be consenting to our processing it for the purpose of obtaining a medical opinion and purchasing the treatment. This personal information is required to provide products and services to you. If you do not provide the personal information we ask for, it may prevent us from providing products and services to you.
We collect most of this personal information directly from you through our website and app or by telephone, SMS, email or video consultation. We may also collect information directly from third parties, e.g. sanctions screening providers, credit reference agencies and customer due diligence providers; and from third parties with your consent, e.g. your family doctor or GP; and from cookies on our website, and via our IT systems, e.g. automated monitoring of our websites and other technical systems such as our computer networks and connections, communication systems, e-mail and instant messaging systems.
Under data protection law, we can only use your personal information if we have a proper reason for doing so. Our reasons include but are not limited to:
A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests.
The table below explains what we use (process) your personal information for and our reasons for doing so:
|What we use your personal information for||Our reasons|
To provide treatment to our customers and for billing and order fulfilment
Necessary for the purposes of medical diagnosis and for the provision of healthcare and treatment
To comply with our legal and regulatory obligations
For our legitimate interests or those of a third party
Because you have given consent
|To identify customers and any accounts they have with us.||For the performance of contracts with customers or to take steps at their request before entering into a contract.|
|To notify customers of any changes to this website or to services that may affect them.|
|To prevent and detect fraud against customers, our company, our business partners and other service providers and agencies.||For our and third parties' legitimate interests, i.e. to combat and minimise fraud that can be harmful to customers, to us or to third parties.|
|To conduct checks to identify customers and to verify their identity.||To comply with our legal and regulatory obligations.|
|For security vetting and screening for financial and other sanctions or embargoes.|
|For fraud prevention and detection.|
|For other processing necessary to comply with professional, legal and regulatory obligations that apply to us and third party service providers, e.g. health and safety regulations or rules of our regulatory authorities.|
|To gather and provide information required for audits, enquiries or investigations by government, professional or regulatory authorities.||To comply with our legal and regulatory obligations.|
|To ensure business policies are adhered to, such as security and Internet use policies.||For our and third parties' legitimate interests, i.e. to make sure that we follow our internal processes so that we can provide the best service to customers.|
|For operational reasons, such as administration, improving efficiency, training and quality control.||For our and third parties' legitimate interests, i.e. to be as efficient as possible so that we can provide the best service to customers at the best price.|
|To ensure the confidentiality of commercially sensitive information.||For our and third parties' legitimate interests, e.g. to protect trade secrets and other commercially valuable information.|
|To comply with our legal and regulatory obligations.|
|For statistical and behavioural analysis, and research to support our corporate governance and help us manage our business, e.g. in relation to our business results, financial performance, customer base, product range or other efficiency measures.||For our and third parties' legitimate interests, i.e. to be as efficient as possible so that we can provide the best service to customers at the best price.|
|For customer profiling and analysis of customers' purchasing preferences.|
|To customise this website and its content to customers' personal preferences.|
|To prevent unauthorised access and unauthorised modifications of systems.||For our and third parties' legitimate interests, i.e. to prevent and detect criminal activity that could damage us, third party service providers and customers.|
|To comply with our legal and regulatory obligations.|
|For statutory returns.||To comply with our legal and regulatory obligations.|
|To update and enhance customer records.||For the performance of contracts with customers or to take steps at their request before entering into a contract.|
|To comply with our legal and regulatory obligations.|
|For our and third parties' legitimate interests, e.g. making sure that we can contact our customers about existing orders and new products.|
|To ensure safe working practices, and facilitate staff administration and assessments.||To comply with our legal and regulatory obligations.|
|For our and third parties' legitimate interests, e.g. to make sure that we follow our internal procedures and work efficiently so we can provide the best service to customers.|
|To provide marketing services to:
||For our and third parties' legitimate interests, i.e. to promote our business to existing and former customers.|
|For credit reference checks by external credit reference agencies.||For our and third parties' legitimate interests, i.e. to ensure that customers are able to pay for our products and for services.|
|For external audits and quality checks, e.g. for ISO or "Investors in People" and the audit of our accounts.||For our and third parties' legitimate interests, i.e. to maintain our accreditations, so that we can demonstrate that we operate at the highest standards.|
|To comply with our legal and regulatory obligations.|
We may use your personal information to send you updates (by email, SMS, telephone or post) about our services, including exclusive offers, promotions or new services.
We have a legitimate interest in processing your personal information for promotional purposes (see above: "How and why we use your personal information"). This means we do not usually need your consent to send you promotional communications. However, if your consent is required, we will ask for your consent separately and clearly.
We will always treat your personal information with the utmost respect and we will never share it with other organisations for marketing or other purposes. If you have given us permission to process your personal information, we may share your personal information with group or partner companies, business partners including affiliates, and we or they may contact you (unless you have asked us or them not to do so) by post, email, telephone, SMS, text/picture/video message or fax, about our services, products, promotions, offers or charitable purposes that may be of interest to you.
You have the right to opt out of receiving promotional communications any time by:
Using the link "unsubscribe" in our emails or "STOP" number in SMS.
Update your marketing preferences via your customer account or secure members area.
We may ask you to confirm or update your marketing preferences if you instruct us to provide further products and services in the future, or if there are changes in the law, in regulations, or the structure of our business.
We routinely share your personal information with:
Group or partner companies and business partners.
Third parties we work with to carry out our services and deliver products and services to you such as payment service providers, warehouses, delivery companies and courier services such as Royal Mail, UPS and others, and third parties who act on your behalf to collect your order from us and deliver it to you such as Kwik Shipments Limited.
Other third parties who help us with business operations, e.g. marketing agencies or web/website host providers.
Third parties you have authorised, such as social media sites with which you have linked your account, or third party payment providers.
Law enforcement agencies in connection with any investigation into the prevention of unlawful activity.
Credit reference agencies.
Insurers and brokers.
Banks and merchant account providers.
Contacting Ve at [email protected] to inform Ve that you would like to opt-out of their use of your personal information
Deleting cookies from your devices and browsers
If you are using Safari browser version 11.2 or above, toggling the "Limit Ad Tracking" setting on your device or computer
Visiting hhttps://www.youronlinechoices.com/uk/your-ad-choices, finding VE in the list of online behavioural advertising companies and selecting 'off'
If you have an Apple device, updating to iOS 6.0 or higher and setting Limit Ad Tracking to 'ON'
If you have an Android device, selecting "Google on your main settings menu, choosing the "Ads" option and selecting "Opt out of Ads Personalization"
We only allow service providers to handle your personal information if we are satisfied that they will take appropriate measures to protect your personal information. We also impose contractual obligations on service providers requiring them to use your personal information only to provide services to us or to you. In specific circumstances, we may share your personal information with external auditors, e.g. with respect to ISO or our "Investors in People" accreditation and the audit of our accounts.
We may disclose and exchange information about you with law enforcement agencies and regulators to comply with our legal and regulatory obligations.
We may also share your personal information with other parties, such as potential buyers of some or all of our business or during a business re-structuring. All personal information is normally anonymised, but this may not always be possible. The recipient of any information will be bound by confidentiality obligations.
Information may be held at our offices, the offices of our group or partner companies, by third party persons, service providers, agencies and agents , as described above (see "Who we share your personal information with").
Some of these third parties may be located outside the European Economic Area. For more information on how we shall safeguard your personal information in such circumstances, please see below "Transferring your personal information out of the EEA".
The Ministry of Health provides for a minimum retention period for health data. The company follows these guidelines at all times. Under the 2016 Record Management Code of Practice for Health and Social Care, the statutory retention period for medical data is 8 years, after which the records are reviewed and, if no longer required, destroyed.
We will retain your personal information for as long as you have an account with us or we provide you products and services to:
Fulfil our legal obligations about data retention.
Respond to any questions, complaints or claims made by you or on your behalf.
Show that we have treated you fairly.
We use adequate security measures to prevent the unwanted loss, misuse or unlawful access to your personal information, and continually test our systems. We limit access to your personal information to those with legitimate business reasons. The processing of your personal information takes place only in an authorised manner and confidentially.
We also have procedures to deal with suspected or alleged data security breaches. We will notify you and the relevant regulatory authorities of any suspected or alleged data security breach where we are legally required to do so.
We use technical and organisational security measures to protect your personal information, for example:
Your data is stored on secure servers.
Payment details are encrypted using SSL technology.
Access to your account is controlled by individual username and password that are unique to you.
While we make every reasonable effort to protect your personal information, you acknowledge that the use of the Internet is not completely secure and therefore we cannot guarantee the security or integrity of any personal information provided by you or transmitted to you via the Internet.
If you would like detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online challenges, please visit www.getsafeonline.org. Get Safe Online is supported by the UK government and leading companies.
We may monitor and record communications with you, including telephone calls and emails, for training, quality assurance, fraud prevention, and compliance.
To enable us and other group or partner companies to make credit decisions about you and to prevent fraud and money laundering, we may search the files of credit reference and fraud prevention agencies (which will record such searches). We may share information about how you manage your customer account with these agencies, and your information may be linked to records of other people who live at the same address and/or with whom you are financially connected. Other lenders or credit agencies may use this information to help them make credit decisions about you and those with whom you are financially connected, as well as for fraud prevention, debt collection and money laundering prevention. If you provide false or inaccurate information and we suspect fraud, we will record this.
If you provide us with information on behalf of someone else, you confirm that this person has designated you as their representative, has authorised you and appointed you to act on their behalf and to take the following actions on their behalf:
Receive data protection notices.
Consent to the transfer of their personal information abroad.
Consent to the processing of their personal information.
Consent to the processing of their sensitive personal information, such as health information.
In order to provide our services and to meet all our obligations, it may be necessary for us to transfer your personal information outside the European Economic Area (EEA). We may share your personal information outside the EEA, e.g.:
With our business partners outside the EEA.
With your and our service providers located outside the EEA.
If you yourself are located outside the EEA.
If the services we provide have an international dimension.
By registering on this website, you agree that we may transfer your personal information outside the EEA. Please be assured that we always use all appropriate security measures to safeguard your personal information. These transfers are subject to special regulations under European and UK data protection laws.
We may transfer your personal information to countries that have been evaluated by the European Commission as providing an adequate level of protection for personal information. We may also transfer your personal information to non-EEA countries, which do not have the same data protection laws as the United Kingdom and the EEA; and in those circumstances, we will ensure that any transfer of personal information complies with our data protection laws and we will use standard data protection contract clauses, which have been approved by the European Commission, thus safeguarding your privacy rights and giving you access to remedies in the unlikely event of a security breach.
If you would like any further information, please contact us or our Data Protection Officer (see "How to contact us" below).
You have the following rights, which you can exercise free of charge:
|Right of access||The right to be provided with a copy of your personal information.|
|Right to rectification||The right to require us to correct any mistakes in your personal information.|
|Right to be forgotten||The right to require us to delete your personal information in certain situations. Please note: Pursuant to the Records Management Code of Practice for Health and Social Care 2016, we are legally required to keep your medical information for 8 years after using our service and cannot erase your personal information prior to this deadline.|
|Right to restriction of processing||The right to require us to restrict the processing of your personal information in certain circumstances, e.g. if you contest the accuracy of the information we hold.|
|Right to data portability||The right to receive the personal information you have provided to us in a structured, commonly used and machine-readable format and/or to transmit that information to a third party in certain situations.|
|Right to object||The right to object:
|Right against automated individual decision-making||The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects or similarly significantly adversely affects you.|
For more information on each of these rights and the circumstances in which they apply, please contact us or use the information Commissioner's Office (ICO) zu den individuellen Rechten.
If you want to exercise any of these rights, please:
Email, call or write, to us or our Data Protection Officer (see below: "How to contact us");
Give us enough information to identify you (e.g. your full name, address, username, registration details and customer account or order reference number);
Give us a proof of your identity and address (copy of driver's license, identity card or passport and a recent utility bill or credit card statement);
Indicate what information is incorrect and what it should be replaced with (if you are requesting that we correct any inaccuracies in your information);
Indicate the communication channel you are complaining about (if you are asking us not to use your personal data for direct marketing in a certain way, e.g. email or telephone); and
Confirm the right you want to exercise and the information to which your request relates.
Our contact details are as follows:
Headquarters: 144 Mitcham Road, Tooting, London, SW17 9NH
Our Data Protection Officer contact details are as follows:
We hope that we or our Data Protection Officer can resolve any query or concern about our use of your information.
The General Data Protection Regulation also gives you the right to lodge a complaint with a regulatory authority, in particular in the EU (or EEA) country where you work, normally reside, or in which any alleged breach of data protection laws has occurred. The UK regulator is the Information Officer, which can be reached via https://ico.org.uk/make-a-complaint/ or by phone (0303 123 1113)
Fill out a short