Last Updated 21/02/2020
BioCare® Limited ("we") are committed to protecting and respecting your privacy.
This policy sets out the basis on which we collect personal data from you, or that you provide to us, when you use our website at www.biocare.co.uk (the Site). This policy also applies if you purchase our products or services online, over the phone, by email or interacting with us on social media.
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
INFORMATION WE COLLECT FROM YOU
We will collect and process the following data from:
- Information you provide by completing forms on the Site, such as your name, address, date of birth, telephone number, email address, bank account and payment card details and any feedback you give to us, including by phone, email, post, or when you interact or communicate with us via social media.
- At the time of registering to use our site you have the option to choose the ways you prefer to hear from us by opting in to email, post or telephone. If you opt-in we can keep up to date occasionally on the latest BioCare news, free product samples, seminar events, health articles, product information, competitions and exclusive offers and promotions.
- Your account login details, including your user name and chosen password.
- When registering for a practitioner or retailer account for products and services offered by BioCare Limited (for example, trade discounts, referral scheme incentives and credit accounts) we will require other information from you such as proof of your qualification or study to qualify you as a trade customer.
- Once you’ve registered with us you have the option to manage your communication preferences at any time from your BioCare Account Dashboard. Any consent or change to consent will be recorded by the method the consent was acknowledged (email, telephone, website form, account dashboard), including date and time.
- We will ask you for information when you enter a competition or promotion sponsored by us, and when you report a problem with our site.
- We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
- If you contact us, we may keep a record of that correspondence.
- Information about the products and services that we provide to you (including, for example, the things we have provided to you, when and where, what you paid, the way you use our products and services, details of transactions you carry out through our Site and of the fulfilment of your orders).
- Through Google Analytics and the wider Google Marketing Platform (including, for example, Google Ads) we will collate information about your visits to our Site including, but not limited to: traffic data such as demographic audience data, such as gender, age and user interests; geodemographic data such as location and language; user behaviour such as which pages you’ve viewed, when you visited the Site, how you accessed our Site (e.g. email, social, Google search), and the device you used including make/model, browser and IP address. We also collect transactional information which allows us to optimise our marketing campaigns. We access this information from the Google Analytics server.
- Through Clerk.io we collate Cookie information about visit and spend behaviour on our Site, such as the pages you’ve visited, the products you’ve looked at or bought. We access this information from the Clerk.io server.
- Through Dotmailer we collate information about the interaction you have with our email communications such as when you open, what device you use, what you click on in the email and how you subsequently engage with our website. We access this information from the Dotmailer server.
- Through Facebook, YouTube, Instagram, Twitter and LinkedIn we collate information about the engagement you have with our social posts such as likes, comments and shares and what private messages you send us. We access this information from the Facebook, YouTube, Instagram, Twitter and LinkedIn servers.
- Through Zendesk we collate (email and name) information about the interaction you have with our staff through our web chat function. We access this information through the Zendesk server.
- Through Trustpilot we collate review and star rating information about your product and brand experience of BioCare products and services. This information is normally collated two weeks after your purchase via a review invitation email from Trustpilot. We access this information from the Trustpilot server. Once you have submitted a review it will automatically appear on the BioCare website product, category and review page.
- Through HotJar we collate information about the engagement you have with our website, such as the content you hover over or click on when viewing specific pages (to help populate and drive web page heatmaps) and the engagement you have through HotJar polls and surveys. We access this information from the HotJar servers.
- Through Affiliate Window, we track web conversions that have been generated as a result of affiliate marketing activity and engagement, such as a click on an affiliate banner. This ultimately allows us to pay affiliate commissions. We access this information from the Affiliate Window server.
HOW WE USE YOUR INFORMATION
We use information about you to for the following main purposes:
- To provide you with information you request from us. We will do so on the basis that it is necessary for our legitimate interests in promoting and marketing our products and services.
- We only market to you if you have given your consent, or if there is a ‘legitimate interest’. Marketing to you under legitimate interest will mean that we have established that there is a commercial or business reason to market to you which must be fair to you, so we can’t just send you any marketing material. If you do not want us to collect or process personal data from our website you have the right to prevent future processing. As standard, we will contact you to confirm your choices regarding the use of your personal data in line with changes in the regulation, law, or business changes and we have a specific set of marketing preferences in your BioCare account that you can update at any time.
- To provide you with the products or services that you order from us, and to respond to any queries, complaints or requests for further information and for internal record keeping, billing and accounting. We will do so on the basis that it is necessary for our performance of the contract we have with you, or that it is necessary our legitimate interests in managing our business and improving our products and services.
- To provide you with information about our other products and service that you request or we feel may interest you, where you have consented to be contacted by email, post or telephone.
We may also use information about you for the following additional purposes:
- To build a profile about you so we understand our customers better, identify the products and services you consume, the manner you consume them and how you shop with BioCare, so we can serve you better.
- To conduct market research, either by ourselves or with reputable agencies.
- To improve our online customer experience, content, email and social media communication, to ensure is interesting, personalised and relevant.
- To ensure the content on our Site is presented correctly for the computer or device you are using.
- To process orders, take payment, provide refunds or carry out obligations arising from transactions or contracts entered into between you and us.
- To allow you to participate in interactive features of our service, when you choose to do so.
- Help answer your questions and solve any issues or queries.
- To help us stay secure and ensure our customers are genuine to prevent fraud.
- To notify you about changes to our service.
- To provide details of customer purchases (but not personally identifiable data) to practitioners participating in our Practitioner Referral Scheme.
We will do so in each case on the basis that it is necessary for our legitimate interest in promoting and marketing our products and services, managing the Site and providing a better service for our customers.
DISCLOSURE OF YOUR INFORMATION
We may disclose your personal information to any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1179 of the UK Companies Act 2006, where this is necessary for our legitimate interest of group management and administration.
We may disclose your personal information to the service providers we work with, including suppliers, insurers and agencies, so they can process your personal information on our behalf, where this is necessary for our legitimate interest in managing our business and improving our products and services, and where they meet our standards on the processing of data and security. Our current ecommerce suppliers include:
- Google Analytics
- Affiliate Window
- Soreto (Refer-A-Friend)
- Facebook, Twitter, LinkedIn, Instagram
- Royal Mail
- P2P Mailing Limited
We only share information that allows them to provide their services to us or to facilitate them providing their services to you. For example, some of our service providers place advertising for us online, about our products and services and those of our retail partners, suppliers and third parties. As a result, where you have indicated you are happy to receive marketing from us, you might see online advertising that we have placed on the web sites you visit, or the interactive services you use.
We may also disclose your personal information to third parties in the following circumstances where this is necessary for our legitimate interest, or we are obliged by law to do so, as follows:
- In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
- If we or substantially all of our assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
- If required to by law, under any code of practice by which we are bound or we are asked to do so by a public or regulatory authority such as the Police or the Department for Work and Pensions.
- If we need to do so in order to exercise or protect our legal rights, users, systems and services.
- In response to requests from individuals (or their representatives) seeking to protect their legal rights or the rights of others.
TRANSFERRING YOUR PERSONAL DATA OUTSIDE THE EEA
The data that we collect from you may be processed (for the fulfilment of your order, the processing of your payment details and the provision of support services) by staff operating outside the EEA who work for us or for one of our suppliers, or otherwise transferred to, and stored at, a destination outside the European Economic Area ("EEA") where local laws provide for a lower standard of protection for personal data than in the European Union. We do so on the basis of our legitimate interests in managing our business and improving our goods and services.
- We use Box, Inc. (www.box.com) and Dropbox, Inc. (www.dropbox.com) for data storage and content management.
- For customer insight and marketing purposes, data relating to customer visits, interactions and spend behaviour is also stored on various external servers, such as Google Analytics, Clerk.io (https://clerk.io), Dotmailer (https://www.dotmailer.com), Zendesk (https://www.zendesk.co.uk) Trustpilot (https://uk.trustpilot.com), Facebook, Twitter, Instagram and LinkedIn.
Please see the privacy policies on their websites for the safeguards used to protect your data.
HOW LONG WE KEEP YOUR INFORMATION
If you contact us with an enquiry but do not enter into a contract with us, we will normally delete your personal data after 12 months. If you order any of our goods or services, we will normally retain contract information (including personal data) for 6 years after the end of the relevant contract, in case issues arise after the termination of the contract, or for longer if we are required by law or regulatory requirements to do so.
We will always retain your personal information in accordance with the Data Protection legislation and will aim never to retain your information for longer than is necessary.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Security measures to protect your information also include:
- limiting access to our buildings to those that we believe are entitled to be there (by use of password access and other related technologies);
- implementing access controls to our information technology, such as firewalls, ID verification and logical segmentation and/or physical separation of our systems and information;
- never asking you for your passwords;
- advising you never to enter your login details or password into an email or after following a link from an email.
As a data subject you have certain legal rights under the Data Protection legislation including:
- the right to access the personal data held about you;
- the right to ask us not to process your personal data for marketing purposes;
- the right to withdraw at any time any consent you have given to receive marketing material from us (without affecting the lawfulness of processing based on consent before its withdrawal)
- the right to ask us to rectify inaccurate personal data about you
- the right to ask for the restriction of personal data concerning yourself that is inaccurate, unlawfully processed, or no longer required;
- the right to ask for the erasure of personal data concerning yourself where processing is no longer necessary, or the legitimate interests we have in processing your personal data are overridden by your interests, rights and freedoms as the data subject; and
- the right to make a complaint about to the Information Commissioner’s Office.
At the time of registering to use our Site you have the option to choose the ways you prefer to hear from us by opting in to email, post or telephone. If you opt-in we can keep up to date occasionally on the latest BioCare news, free product samples, seminar events, health articles, product information, competitions and exclusive offers and promotions.
Once you’ve registered with us you have the option to manage your communication preferences at any time from your BioCare Account Dashboard or call our customer service team on Tel: 0121 433 3727.
To prevent Google Analytics from monitoring your website visit behaviour and tracking data about audience demographics and interests, please download the Google Analytics opt-out Browser add on.
You can exercise these rights at any time by contacting us at BioCare®, 1 Hedera Road, Ravensbank Business Park, Redditch, B98 9EY, England or email us at: firstname.lastname@example.org or by calling our customer service team on Tel: 0121 433 3727.
We may modify or amend this privacy notice at our discretion at any time. When we make changes to this notice, we will amend the last modified date at the top of this page. Any modification or amendment to this privacy notice will be applied to you and your data as of that revision date. We encourage you to periodically review this privacy notice to be informed about how we are protecting your data.
HOW TO CONTACT US
If you have any questions, comments or requests about the Site generally, please contact us by email to: email@example.com
If you any questions, comments or requests regarding our use of your personal data, or wish to delete your personal data from the Website, please contact us by email to: firstname.lastname@example.org or write to us at the following address: The Data Protection Manager, Biocare, 1 Hedera Road, Ravensbank Business Park, Redditch, B98 9EY.
BioCare Limited is registered in England and Wales, with company number 01948434. Our registered office is at 1 Hedera Road, Ravensbank Business Park, Redditch, B98 9EY.