Privacy Policy
BioCare is committed to protecting the privacy of our account holders, customers, and those that we have contact with.
BioCare is committed to protecting the privacy of our account holders, customers, and those that we have contact with. We believe in being open and up front with how we use personal data that is entrusted to us, and we are committed to making Privacy a Priority. If you would like to know more about how we process your personal data, please read our detailed Privacy Policy below. If you are applying for a job at BioCare, you can find our recruitment section of the privacy policy at the bottom of this privacy policy.
BioCare makes Privacy a Priority:
We will collect, process, store and share your data safely and securely, by ensuring:
- You’re always in control: Your privacy will be respected at all times, and we will put you in control of your privacy with easy-to-use tools and clear choices.
- We work transparently: We will be transparent about the data we collect and how we use that data so that you can make fully informed choices and decisions.
- We operate securely: We will protect the data that you entrust to us via appropriate security measures and controls. We’ll also ensure that other businesses we work with are just as careful with your data.
- For your benefit: When we do process your data, we will use it to benefit you, to make your experience better and to improve our services.
1. Who we are
“BioCare” (referred to in this policy as “we”, “us or “our”) is a trading name of:
BioCare Limited
1 Hedera Road
Ravensbank Business Park
Redditch
B98 9EY
Registered Company Number: 01948434
ICO Registration Number: Z8972834
We have a Data Protection Lead (DPL), who can be contacted in the following ways should you have any questions or feedback about the way your data is handled:
Email: privacy@biocare.co.uk
Mail:
Data Protection Lead
1 Hedera Road
Ravensbank Business Park
Redditch
B98 9EY
2. How to contact us
We have an appointed Data Protection Officer (DPO), who can be contacted in the following ways should you have any questions or feedback about the way your data is handled:
Email: privacy@biocare.co.uk
Mail:
Data Protection Lead
1 Hedera Road
Ravensbank Business Park
Redditch
B98 9EY
3. How we collect your personal data
We will collect your personal data in the following ways:
- When you request or use the services we provide;
- When you contact us via phone, our live chat feature, through social media or through email;
- When you contact us via phone the call will be recorded;
- When you provide feedback on our products and services;
- When you sign up on our website and create a profile; When you visit our website;
- When you make an order or purchase from us;
- When you fill out our forms;
- When you subscribe to our newsletters or marketing;
- When you visit our site, and your personal data is captured on our CCTV; and
- From third parties or publicly available sources (for example, job boards).
Failing to provide necessary personal data may mean that we are unable to fulfil your requirements.
4. What data we collect about you
We will collect, use, store and transfer different kinds of personal data about you which we have grouped together in the table below.
| Category of personal data | Description |
| Identity data | First Name, Surname, DOB, Gender, Title, Company Name, Company Registration Number, References |
| Contact data | Email Address, Home Telephone Number, Mobile Phone Number, Business Address, Website Address, References Address |
| Payment data | Account Number, Sort Code, Bank Branch, Invoice Total, Payment Type, Amount Paid, Discount |
| Purchase data | Shipping Address, Billing Address, Order History, Suggested Items, Data Purchased |
| Medical data | Nutritional Information, Existing Conditions, Existing Medications |
| Technical data | IP address, browser type and version, cookies, details of website visits, Operating system, time zone and location, account login details. |
5. Our lawful basis
We rely on the following lawful basis for processing your information:
- Article 6(1)(a) - Consent
- Article 6(1)(b) – Performance of a contract
- Article6(1)(f) – Legitimate interest
- Article 6(1)(c) - Legal obligation
Where the information we process is special category data, including medical information, the lawful basis for processing that we rely on is:
- Article 9(2)(h) Health or social care
6. How we use your personal data
We have set out in the table below: the purposes for processing your data, the categories of personal data affected, and the legal ground on which we rely on when we process the personal data.
| Purposes for processing | Categories of personal data | Legal basis for processing | Legitimate Interests (if applicable) |
| When you use and browse our website, we collect information to provide you with a personalised experience. |
|
|
To deliver the best experience when browsing online. |
| When you create an account we collect information for the purposes of account creation as a practitioner, retailer, and consumer. |
|
|
|
| When you shop with us, we process your data to complete and deliver your order. This includes providing any aftercare service that we offer. |
|
|
|
| To answer any queries and communicate with you through our live chat, video conferencing, email, and social media. |
|
|
To ensure that enquiries are responded to. To offer a communication mechanism for individuals to contact us. |
| We record calls through our customer service team for quality control and training purposes. |
|
|
To ensure that we deliver the best quality of service. Call recordings will also be used for training, quality control and, where needed, complaints and disputes. |
| To manage, investigate and respond to complaints. |
|
|
To provide perspective customers (who have watched the TV advert) information on offers and products. |
| To adhere to any legal obligations, we may have. |
|
|
|
| To collect feedback for improvement of our products and services. |
|
|
To help improve customer experience and navigate future growth. |
| To enter you into competitions or initiatives. |
|
|
|
| We use profiling to provide us further insights into our marketing database. |
|
|
To give us further insight on our marketing database and offer the best products and services to our customers. |
| To administer CCTV. |
|
|
For the prevention and detection of crime. |
7. Who we share your personal data with
We share information with other organisations including data processors and contracted partners for the purposes set out below:
- To fulfil the services that you have requested from us;
- To host our systems and data, administer IT support, and keep our systems secure;
- To monitor calls;
- To answer any queries or complaints made to us;
- To process debit/credit card payments and any other transactions authorised by the customer;
- To administer and monitor our CCTV system;
- To securely process customer records and information;
- To administer and manage purchases;
- To administer marketing on behalf of BioCare;
- For audit purposes;
We will never make your personal data available to anyone outside BioCare for them to use for their own marketing purposes without your prior consent.
8. Third party links
Our website includes links to third-party websites and plug-ins. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice or policy of every website you visit.
9. Transferring your personal data outside the EEA
If we transfer your personal data outside of the EEA, we must tell you and we will rely on one of the following:
- Adequacy Decision: The country we send your personal data to provides an adequate level of protection which has been approved by the European Commission.
- Standard Contractual Clauses: The recipient of your personal data has provided us with signed Standard Contractual Clauses which has been approved by the European Commission. This holds the recipient accountable to safeguard the personal data.
Circumstances where your personal data may be transferred outside of the EEA are as follows:
| Purpose of Processing | Categories of Personal Data | Third Party | Location | Safeguards For Transfer |
| Online orders/accounts |
|
Magento | USA | SCC's |
10. How long we retain your personal data
We will keep your personal data for as long as necessary to allow us to carry out our business functions. This includes satisfying any legal, accounting, or reporting requirements. When we assess how long to retain your personal data, we will consider the following:
- Any statutory or legal obligations;
- The purposes for which we originally collected the personal data;
- The lawful grounds on which we based our processing;
- The types of personal data we have collected;
- The amount and categories of your personal data; and
- Whether the purpose of the processing could reasonably be fulfilled by other means.
At BioCare, we regularly review the retention of your personal data held within our care to ensure that we are not keeping your personal data for longer than is necessary.
11. How we look after your personal data
We will protect your personal data that you have provided to us via appropriate security measures and controls. This includes implementing technical and organisational measures to prevent the loss, misuse or alteration of your personal data. BioCare limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instruction, and they are subject to a duty of confidentiality.
12. Your rights
Everyone in the scope of the UK GDPR has rights relating to the collection and use of their personal data. The rights that apply to your personal data that is held within BioCare are listed below:
Right to be Informed: We will always be transparent in the way we use your personal data. You will be informed about the processing through relevant privacy policies.
Right to Access: You have a right to request access to the personal data that we hold about you and this should be provided to you.
Right to Rectification: We want to make sure that the personal data we hold about you is accurate and up to date. If any of your details are incorrect, please let us know and we will amend them.
Right to Erasure: You have the right to have your data ‘erased’ in the following situations:
- Where the personal data is no longer necessary in relation to the purpose for which it was originally collected or processed;
- When you withdraw consent;
- When you object to the processing and there is no overriding legitimate interest for continuing the processing;
- When the personal data was unlawfully processed; or
- When the personal data has to be erased in order to comply with a legal obligation.
Please note that each request will be reviewed on a case-by-case basis and where we have a lawful reason to retain the data or where exceptions exist within our retention policy, then it may not be erased.
Right to Restrict Processing: You have the right to restrict processing in the following situations:
- Where you contest the accuracy of your personal data, we will restrict the processing until you have verified the accuracy of your personal data;
- When processing is unlawful, and you oppose erasure and request restriction instead; or
- Where we no longer need the personal data, but you require the information to establish, exercise or defend a legal claim.
Right to Data Portability: In certain situations, you have the right to obtain and reuse your personal data for your own purposes via a machine-readable format, such as a .CSV file.
Right to Object: You have the right to object to the processing of your personal data in the following circumstances:
- You no longer want to receive direct marketing.
- Where processing is based on our legitimate interests
If you want to exercise any of your rights listed above, please contact us by using the details below.
13. Not happy?
If you feel that BioCare have not upheld your rights, we ask that you contact us by emailing privacy@biocare.co.uk .
If you are not satisfied with our response or believe that we are not processing your personal data in accordance with the law, you have the right to lodge a complaint with the Information Commissioners Office (ICO) by using the details below. We would be grateful for the opportunity to manage your concerns directly before you approach the ICO so please contact us in the first instance.
Address:
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 0303 123 1113
Website: https://ico.org.uk/make-a-complaint/
Recruitment Privacy Notice
This privacy notice sets out how BioCare uses and protects your personal information as part of the recruitment process.
How we collect your personal data
We collect information about you in the following ways:
- Directly from you
- From referees
- From government departments (HMRC)
- Failing to provide necessary personal data may mean that we are unable to consider you for employment.
What data we collect about you
We will collect, use, store and transfer different kinds of personal data about you which we have grouped together in the table below.
| Category of personal information | Description |
| Identity details | First name, last name, title, driving license, date of birth, national insurance number, passport, birth certificate, signature, image, official identification documents, gender, nationality, ethnicity. |
| Contact details | Telephone number(s), email address(es), address(es). |
| Professional details | Job description, CV, work history, references, contracted hours, department, start date, progression opportunities, training records and professional memberships (if any). |
| Education details | School/college/universities attended, qualifications achieved. |
| Vetting details | Details concerning criminal convictions, DBS checks, credit checks, HMRC employment checks, details of your interest in and connection with the intermediary through which your services are supplied. |
Our lawful basis
We rely on the following lawful basis for processing your information:
- Article 6(1)(b) – Performance of a contract
- Article 6(1)(c) – Legal obligations
- Article 6(1)(f) – Legitimate interest
- Where the information we process is special category data, including medical details and nationality, the lawful basis for processing that we rely on is:
- Article 9(2)(b) – Employment, social security, and social protection
- Article 9(2)(h) - Health or social care (with a basis in law)
How we use your personal data
We are only allowed to use your personal data if we have a legal basis to do so, and we are required to inform you of what that legal basis is. We have set out in the table below: the purposes for processing your data, the categories of personal data affected, and the legal basis on which we rely on when we process your personal data.
| Purposes for processing | Categories of personal data | Legal basis for processing | Legitimate interests (if applicable) |
| To consider your suitability for a role within BioCare. | Identity, Contact, Professional, Education, Vetting | Contract | |
| To contact you regarding your potential employment. | Identity, Contact | Contract | |
| To conduct and confirm your right to work. | Identity | Legal obligation |
Who we share your personal data with
We share information with other organisations including data processors and contracted partners for the purposes set out below:
- To host our systems and data, administer IT support, and keep our systems secure;
- To meet our legal obligations such as HMRC;
- To obtain legal or professional advice;
- To manage and maintain our CCTV on site;
- To meet legal obligations including criminal investigations and taxation.
- We will never make your personal data available to anyone outside BioCare for them to use for their own marketing purposes without your prior consent.
Transfering your personal data outside of the EEA
At present, we do not transfer your data outside of the EEA. Should this change, we will update this privacy notice and notify you of the changes.
How long we retain your personal data
We will keep your personal data for as long as necessary to allow us to carry out our business functions. This includes satisfying any legal, accounting, or reporting requirements. When we assess how long to retain your personal data, we will consider the following:
- Any statutory or legal obligations;
- The purposes for which we originally collected the personal data;
- The lawful grounds on which we based our processing;
- The types of personal data we have collected;
- The amount and categories of your personal data; and
- Whether the purpose of the processing could reasonably be fulfilled by other means.
- At BioCare, we regularly review the retention of your personal data to ensure that we are not keeping your personal data for longer than is necessary.
How we look after your personal data
We will protect your personal data that you have provided to us via appropriate security measures and controls. This includes implementing technical and organisational measures to prevent the loss, misuse or alteration of your personal data. BioCare limits access to your personal data to those employees, agents and other third parties who have a business need to know. They will only process your personal data on our instruction, and they are subject to a contractual duty of confidentiality.