*** Please see important information about cookies and cookie control ***
At Xiel Limited, we’re committed to protecting and respecting your privacy.
This policy explains when and why we collect personal information, whether you are our customer, supplier or you work or have worked with us; how we use it, the conditions under which we may disclose it to others, how we keep it safe and secure and your rights and choices in relation to your information.
Any questions regarding this policy and our privacy practices should be sent by email to [email protected] or by writing to GDPR and Customer Engagement, Xiel Limited, 2 Yelling Mill, Yelling Mill Lane, Shepton Mallet, Somerset BA4 4JT. Alternatively, you can telephone +44(0)1749 372217.
Who are we?
We’re Xiel Limited, a specialist distributor of medical technologies in UK and Ireland.
In this policy ‘Xiel Limited, ‘Xiel’, ‘we’, ‘us’ or ‘our’ means:
- Xiel Limited, Registered address is 2 Yelling Mill, Yelling Mill Lane, Shepton Mallet, Somerset BA4 4JT.
- Company no. 11875702
How do we collect information from you?
We obtain information about you in the following ways:
Information you give us directly
For example, we may obtain information about you when you take part in one of our events, purchase products and services or when you register to receive one of our webinars.
When you visit our website
We, like many companies, automatically collect the following information:
- technical information, including the type of device you’re using, the IP address, browser and operating system being used to connect your computer to the internet. This information may be used to improve the services we offer.
- information about your visit to this website, for example we collect information about pages you visit and how you navigate the website, i.e. length of visits to certain pages, products and services you viewed and searched for, referral sources (e.g. how you arrived at our website).
When you interact with us on social media platforms such as Facebook and Twitter, we may obtain information about you (for example, when you publicly tag us in an event photo). The information we receive will depend on the privacy preferences you have set on those types of platforms.
What type of information is collected from you?
If you are a customer the personal information we may collect, store and use might include:
- your name and contact details (including postal address, email address and telephone number);
- your date of birth;
- information about your activities on our website and about the device used to access it, for instance your IP address and geographical location;
- any other personal information shared with us.
Employees and/or potential employees. Depending on whether you are applying to work with us or you are already employed by us, we may collect some or all the information listed below. The reason for gathering this data is to enable us to decide about your application or to comply with laws, regulations and other obligations, e.g. fulfilment of your contract of employment.
The personal data that we may gather is:
- Date of birth
- Marital status
- Contact details
- Education details
- Employment history
- Emergency contact details and details of any dependants
- Referee details
- Immigration status
- Nationality/place of birth
- A copy of your passport or Identity Card – to check if you have right to work in UK
- A copy of your driving licence
- National Insurance Number
- Bank details
- Salary, tax, pension and benefits information
- Diversity information including racial or ethnic origin, religious or other similar beliefs, and physical or mental health, including disability related information
If you are one of our suppliers, we need to collect some personal data to ensure a smooth working relationship. We will have details of our contacts within your organisation, such as names, telephone numbers and email addresses. We also collect your bank details, so that we can pay you.
Data protection laws recognise certain categories of personal information as sensitive and therefore requiring greater protection, for example information about your health, ethnicity and religion.
We do not usually collect sensitive data about you unless there is a clear and valid reason for doing so and data protection laws allow us to. For example, we may ask for your health information if you are an employee.
Where appropriate, we will make it clear why we are collecting this type of information and what it will be used for.
How and why is your information used?
We may use your information for several different purposes, which may include:
- providing you with the services, products or information you asked for.
- processing orders that you have submitted;
- carrying out our obligations under any contracts entered between you and us;
- keeping a record of your relationship with us;
- conducting analysis and market research to better understand how we can improve our services, products or information;
- checking for updated contact details against third party sources so we can stay in touch if you move (see the section on ‘Keeping your information up to date’ below);
- dealing with entries into a competition;
- seeking your views or comments on the services we provide;
- notifying you of changes to our services;
- sending you communications which you have requested and that may be of interest to you. This may include information about goods and services;
How long is your information kept for?
We keep your information for no longer than is necessary for the purposes it was collected for. The length of time we retain your personal information for is determined by operational and legal considerations. For example, we are legally required to hold some types of information to fulfil our statutory and regulatory obligations (e.g. health/safety and tax/accounting purposes).
We review our retention periods on a regular basis.
If you would like to know more about how long we hold your personal data for – please email us on [email protected]
Who has access to your information?
We do not sell or rent your information to third parties.
We do not share your information with third parties for marketing purposes.
However, we may disclose your information to third parties in order to achieve the other purposes set out in this policy. These third parties may include:
Third parties working on your behalf
We may pass your information to our third-party service providers, manufacturers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf (for example to provide a manufacturer’s extended warranty). However, when we use these third parties, we disclose only the personal information that is necessary to deliver the services and we have a contract in place that requires them to keep your information secure and prevents them from using it for their own direct marketing purposes. Please be reassured that we will not release your information to third parties for them to use for their own direct marketing purposes, unless you have requested us to do so, or we are required to do so by law, for example, by a court order or for the purposes of prevention of fraud or other crime.
Data protection law requires us to rely on one or more lawful grounds to process your personal information. We consider the following grounds to be relevant:
Where you have provided specific consent to us using your personal information in a certain way, such as to send you email, text and/or telephone marketing.
Performance of a contract
Where we are entering into a contract with you or performing our obligations under it, like when you buy named products and services.
Where necessary so that we can comply with a legal or regulatory obligation to which we are subject, for example where we are ordered by a court or regulatory authority like the MHRA.
Where it is necessary to protect life or health (for example in the case of medical emergency suffered by an individual, or a safeguarding issue which requires us to share your information with the emergency services.
Where it is reasonably necessary to achieve our or others’ legitimate interests (if what the information is used for is fair and does not duly impact your rights).
We consider our legitimate interests to be running Xiel Limited to service our customers with products that they can use to help patients in the UK and Ireland. For example, to:
- provide essential product updates and product variations;
- conduct research to better understand our customers and to improve the relevance of our products;
- understand how people choose/use our services and products;
- determine the effectiveness of our products and services;
- monitor who we deal with to protect the company against fraud, money laundering and other risks;
- enhance, modify, personalise or otherwise improve our services /communications for the benefit of our customers; and
- better understand how people interact with our website.
When we legitimately process your personal information in this way, we consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. We will not use your personal information where our interests are overridden by the impact on you, for example, where use would be excessively intrusive (unless, for instance, we are otherwise required or permitted to by law).
When we use sensitive personal information, we require an additional legal basis to do so under data protection laws, so will either do so on the basis of your explicit consent or another route available to us at law (for example, if we need to process it for employment, social security or social protection purposes, your vital interests, or, in some cases, if it is in the public interest for us to do so).
We may use your contact details to provide you with information about the vital work we do for older people, our fundraising appeals and opportunities to support us, as well as the products and services you can buy, if we think it may be of interest to you.
We will only send you marketing and fundraising communications by email, text and telephone if you have explicitly provided your prior consent. You may opt out of our marketing communications at any time by clicking the unsubscribe link at the end of our marketing emails.
We may send you marketing and fundraising communications by post unless you have told us that you would prefer not to hear from us.
You have a choice about whether you wish to receive information from us. If you do not want to receive direct marketing communications from us about products and services, then you can contact us at any time using: [email protected], or by telephone: +44(0)1749 372217, or post: GDPR and Customer Engagement, Xiel Limited, 2 Yelling Mill, Yelling Mill Lane, Shepton Mallet, Somerset BA4 4JT. We will not use your personal information for marketing purposes if you have indicated that you do not wish to be contacted.
Under UK data protection law, you have certain rights over the personal information that we hold about you. Here is a summary of the rights that we think apply:
Right of access
You have a right to request access to the personal data that we hold about you.
You also have the right to request a copy of the information we hold about you, and we will provide you with this unless legal exceptions apply.
If you want to access your information, please send a description of the information you would like to see and proof of your identity by post to the address provided below.
Right to have your inaccurate personal information corrected
You have the right to have inaccurate or incomplete information we hold about you corrected. The accuracy of your information is important to us so we’re working on ways to make it easier for you to review and correct the information that we hold about you. In the meantime, if you change email address, or if you believe any of the other information we hold is inaccurate or out of date, please contact us via email or post (see below). Alternatively, you can telephone +44(0)1749 372217.
Right to restrict use
You have a right to ask us to restrict the processing of some or all your personal information if there is a disagreement about its accuracy, or we’re not lawfully allowed to use it.
Right of erasure
You may ask us to delete some or all your personal information and in certain cases, and subject to certain exceptions; we will do so as far as we are required to. In many cases, we will anonymise that information, rather than delete it.
Right for your personal information to be portable
If we are processing your personal information (1) based on your consent, or in order to enter into or carry out a contract with you, and (2) the processing is being done by automated means, you may ask us to provide it to you or another service provider in a machine-readable format.
Right to object
If you want to exercise any of the above rights, please email us at [email protected] or write to GDPR and Customer Engagement, Xiel Limited, 2 Yelling Mill, Yelling Mill Lane, Shepton Mallet, Somerset BA4 4JT. We may to ask for further information and/or evidence of identity. We will endeavour to respond fully to all requests within one month of receipt of your request, however if we are unable to do so we will contact you with reasons for the delay.
Please note that exceptions apply to a number of these rights, and not all rights will be applicable in all circumstances. For more details we recommend you consult the guidance published by the UK’s Information Commissioner’s Office.
Keeping your information safe
When you give us personal information, we take steps to ensure that appropriate technical and organisational controls are in place to protect it.
Non-sensitive details (your email address etc.) are transmitted normally over the internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems.
Keeping your information up to date
We take reasonable steps to ensure your information is accurate and up to date.
Where possible we use publicly available sources to identify deceased records or whether you have changed address.
We really appreciate it if you let us know when your contact details change.
Use of ‘cookies’
It is possible to switch off cookies by setting your browser preferences. Turning cookies off may result in a loss of functionality when using our website. Please see below for details of how to do this.
Links to other websites
Our website may contain links to other websites run by other companies (for example the manufacturers we represent). This policy applies only to our website‚ so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other websites even if you access those using links from our website.
16 or Under
We are concerned to protect the privacy of children aged 16 or under. We do not collect or hold any personal information of children aged 16 or under.
Transferring your information outside of Europe
As part of the products and services offered to you, the information which you provide to us may be transferred to countries outside the European Economic Area (“EEA”). By way of example, this may be a manufacturer who holds a database of all product owners and subsequent warranties. You should be aware that these countries may not have similar data protection laws to the UK. By submitting your personal data, you’re agreeing to this transfer, storing or processing. If we transfer your information outside of the EEA in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this policy.
We undertake regular reviews of who has access to information that we hold to ensure that your info is only accessible by appropriately trained staff.
Changes to this policy
Any changes we may make to this policy in the future will be posted on our website so please check this page occasionally to ensure that you’re happy with any changes. If we make any significant changes, we’ll make this clear on the website.
Review of this Policy
We keep this policy under regular review.This policy was last updated in September 2019.
Now that you have all the information you need to manage and delete cookies in your chosen browser, you can go forth and surf in the pleasure of knowing you have full control.
If you have any questions or concerns about your privacy or any of the settings on this website, please contact us at any time.