(together “Bimeda UK” each of the above is together referred to as “Bimeda”, "we", "us" and "our").
We are not required by law to have a data protection officer, so any enquiries about our use of your personal data should be addressed to the contact details of the relevant company above.
2. WHAT PERSONAL DATA DO WE COLLECT AND PROCESS?
In operating its business Bimeda will collect and gather the following categories of personal data:
- Identity Data such as first name, surname, gender, date of birth.
- Contact Data such as address, e-mail address, telephone number.
- Financial Data such as your payment card details, bank details, VAT number, information about payments to and from you and other details of goods/ products you have purchased from us.
- Profile and Technical Data, in cases only where a Bimeda group website (www.Bimeda.co.uk) is used, such as your username and password, as internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology.
3. WHAT PRINCIPLES WE APPLY TO THE COLLECTION AND PROCESSING OF PERSONAL DATA
In relation to personal data, we are committed to:
- Processing personal data fairly and lawfully in line with individuals’ rights;
- Keeping all personal data confidential, safe and secure;
- Making sure the data is accurate and kept up to date;
- Making sure that any personal data processed for a specific purpose are adequate, relevant and not excessive for that purpose;
- Removing irrelevant information as necessary.
4. HOW WE USE YOUR PERSONAL DATA
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
Where we need to perform the contract we are about to enter into or have entered into with you.
Where it is necessary for our legitimate interests (or those of a third party) and your interests and
fundamental rights do not override those interests.
Where we need to comply with a legal or regulatory obligation.
Generally we do not rely on consent as a legal basis for processing your personal data other than in relation to sending direct marketing communications to you via email or otherwise. In such cases, you have the right to withdraw your consent at any time by contacting us.
We do not request from you and we request you do not provide any special categories/sensitive personal data (e.g. personal data relating to racial or ethnic origin, political or religious opinions, membership of a trade union, physical or mental health or condition or sexual life or orientation). This type of personal data is subject to special protections under EU law.
We use your personal data in the following ways:
- We will collect and use your Identity; Contact; Profile and Financial Data to perform our contract with you (e.g. purchase of goods/services) and/or to comply with any legal or regulatory obligation.
- Only where our website(s) have been used, we will collect and use Profile and Technical for data analytics purposes to improve the Website, products/services, marketing, user/Customer relationships and experience. This is necessary for our legitimate interest to ensure any website content is presented in an effective manner for you and for your computer/device.
- We will collect and use Identity; Contact and Technical Data to administer and protect our business and our websites (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) which is necessary (i) for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganization or group restructuring exercise) and (ii) to comply with a legal obligation.
We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you. However, you will receive marketing communications from us only if you have requested information from us or purchased services from us or if you provided us with your details when purchasing a product/service and, in each case, you have not opted out of receiving that marketing.
You can opt out of any marketing communications from us at any time by notifying us on the details above.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to restrict, block or delete cookies. Each browser is different, so check the 'Help' menu of your particular browser (or your mobile phone's handset manual) to learn how to change your cookie preferences.
7. LINKS TO OTHER WEBSITES
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
8. CHANGE OF PURPOSE
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
9. DISCLOSURE OF PERSONAL DATA TO OTHERS
- any third party that is necessary in the performance of our contract with you i.e. delivery companies, couriers, parties to whom you have expressly consented the information to be provided to for the performance of the contract;
- any member of our group of companies, which means our subsidiaries, our ultimate holding company and its subsidiaries, where it is necessary to do so for the provision of goods/services to and administration of the contract/operation of our business;
- we contract with other entities that perform certain tasks on our behalf and who are under our control (“Service Providers”). This is required in order to operate our business and provide and manage our websites. Such Service Providers include IT systems suppliers and support, data storage, IT developers, insurance, credit card companies, payment processors, and other service providers necessary for the performance of our contract with you;
- professional advisors such as accountants, auditors, lawyers, bankers, insurers, and other outside professional advisors;
- entities that regulate or have jurisdiction over our business. We will disclose your personal data in order to comply with any legal obligation, if we are ordered to do so by a court of competent jurisdiction, law enforcement, regulatory or administrative authorities or in order to enforce or apply our contract with you or to protect the rights, property, or safety of Bimeda, our Customers, Suppliers, Distributors, Consultants, Agents or others. This includes exchanging personal data with third parties for the purposes of fraud protection and credit risk reduction.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our Service Providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. The Service Providers are bound by obligations of confidentiality.
- Where the country has been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.
- We may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.
- Where service providers are based in the US, we may transfer data to them if they are part of the EU-U.S. Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see European Commission: EU-US Privacy Shield.
We will provide you on request a list of the countries located outside the EEA to which personal data may be transferred, and an indication of whether they have been determined by the European Commission to grant adequate protection to personal data. Where applicable, you are entitled, upon request to receive a copy of the relevant safeguard (for example, EC model contractual clauses) that has been taken to protect personal data during such transfer.
11. DATA SECURITY
We are committed to protecting the personal data you provide us. To prevent unauthorised access or disclosure of personal data under our control, Bimeda has appropriate security systems in place to safeguard the personal data we collect. Encryption is also used on where security is particularly important.
12. DATA BREACH
It is Bimeda’s policy to be fair and proportionate when considering the actions to be taken to inform affected parties regarding breaches of personal data. In line with the GDPR, where a breach is known to have occurred which is likely to result in a risk to the rights and freedoms of individuals, the relevant supervisory authority will be informed within 72 hours. This will be managed in accordance with our Data Breach policy which sets out the overall process of handling information security incidents.
13. UPDATING YOUR PERSONAL DATA
It is important that the personal data we hold is accurate and current. Please keep us informed, using the relevant contact details if any of your personal data changes during your relationship with us. It is your responsibility to keep your personal data up to date at all times.
14. DATA RETENTION
We retain personal data for no longer than is allowed under data protection law, the statute of limitations and any other relevant laws in place at the relevant time. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure, the purposes for which we process personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
15. YOUR LEGAL RIGHTS
You have rights under applicable data protection law in relation to personal data, namely:
- Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Request correction of the personal data that we hold about you This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
- Request erasure of your personal data This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing, where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law.
- Object to processing of your personal data where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data.
- Request restriction of processing of your personal data This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data's accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- Request the transfer of your personal data to you or to a third party We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine- readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Withdraw consent at any time if and to the extent we are relying on consent as the legal basis to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights) except in cases where in cases where it is determined by Bimeda that the request is “manifestly unfounded or excessive”, then Bimeda is entitled to charge a fee for this information.
In order to exercise one or more of your rights in respect of your personal data, please contact us on the relevant company details above. We will respond to your request(s) as soon as reasonably practicable, but in any case within the legally required period of time.
You have the right to make a complaint at any time to the Information Commissioner’s Office, the UK supervisory authority for data protection issues (https://www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the Data Protection Commission so please contact us in the first instance on the contact details above.
17. CONTACT US
Job Applicant Privacy Statement
1. Our Privacy StatementDownload a PDF Version
The General Data Protection Regulation 2016 (GDPR) is one of the most significant pieces of legislation affecting the way that the Bimeda Group carries out its information processing activities. The purpose of this Privacy Statement for job applicants is designed to tell you about the information we process about you during the recruitment process. In collecting this information, we are acting as a data controller and, by law, we are required to provide you with information about us, about why and how we use your data, and about the rights you have over your data.
This Privacy Statement for job applicants has been updated to ensure Bimeda UK’s compliance with GDPR and is applicable to Bimeda UK’s operations and in particular the companies listed below whose addresses and contact details are:-
(together “Bimeda” each of the above is together referred to as “Bimeda”, "we", "us" and "our").
We are not required by law to have a data protection officer, so any enquiries about our use of your personal data should be addressed to the contact details of the relevant company above or Human Resources.
2. What personal data do we collect and process?
We may collect the following information up to and including the shortlisting stage of the recruitment process:
- Your name and contact details (ie address, home and mobile phone numbers, email address);
- Details of your qualifications, experience, employment history and interests;
- Information regarding your criminal record (only if required for the position you are applying for);
- Details of your referees.
You are under no statutory or contractual obligation to provide data to Bimeda during the recruitment process. However, if you do not provide the information, we may not be able to process your application properly or at all.
3. How we collect the information
We may collect this information from you, your referees (details of whom you will have provided) or from our HR agency.
4. Why we collect the information
We will typically collect and use this information for the following purposes:
- to take steps to enter into a contract;
- for compliance with a legal obligation; and
- for the purposes of our legitimate interest, which is to recruit a suitable candidate for the job. We use this information for the purposes of our legitimate interests only if these are not overridden by your interests, rights or freedoms.
5. Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
6. Disclosure of personal data to others
We may also need to share some of the above categories of personal information with other parties, such as HR consultants and professional advisers. Usually, information will be anonymised but this may not always be possible. The recipient of the information will be bound by confidentiality obligations. We may also be required to share some personal information with our regulators as required to comply with the law.
7. International Data Transfers
Your personal data will not be transferred, stored or accessed outside the European Economic Area (“EEA”) without your consent.
8. Data Security
We are committed to protecting the personal data you provide us. To prevent unauthorised access or disclosure of personal data under our control, Bimeda has appropriate security systems in place to safeguard the personal data we collect. Encryption is also used on where security is particularly important. All personal information regarding a job applicant may be held on computer and/or in the employee’s file. Staff will keep personal data secure against loss or misuse.
9. Updating your personal data
It is important that the personal data we hold is accurate and current. Job applicants are responsible for ensuring that their personal information is accurate, complete and up to date. Job applicants should contact Bimeda to make any changes to personal information, including phone numbers, names or addresses.
10. Data Retention
If your application for employment is unsuccessful, the organisation will hold your data on file for 12 (twelve) months after the end of the relevant recruitment process.
If your application for employment is successful, personal data gathered during the recruitment process will be transferred to your Human Resources file (electronic and paper based) and retained during your employment.
11. Your legal rights
By law, you can ask us what information we hold about you, request to have access to it, and you can ask us to correct it if it is inaccurate.
In those cases where we process your information for contractual reasons, you can ask us to give you a copy of the information.
If you believe we are not using your information lawfully you can ask us to stop using it for a period of time. In some circumstances, you may have the right to ask us to erase your personal data.
You have the right to make a complaint at any time to the Information Commissioner’s Office, the UK supervisory authority for data protection issues (https://ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the Information Commissioner’s Office so please contact us in the first instance on the contact details above.
12. Changes to our privacy statement
Our Privacy Statement is an evolving document and will be amended on a regular basis. Any changes to our Privacy Statement will be available to you on request.
13. Contact us
If you have any questions about this Privacy Statement for job applicants, including any requests to exercise your legal rights, please do not hesitate to contact us. To submit a request by email, post or telephone, please use the contact information provided above (page 1).