Privacy policy

This privacy policy applies between you, the User of this Website, and Indigo Freya, the owner and provider of this website. Indigo Freya is responsible for, and controls the processing of, the personal information you provide to us when using this website in accordance with this privacy policy.

​

THE PURPOSE OF THIS POLICY

This Policy is designed to help you understand what kind of information we collect in connection with our services and how we will process and use this information. In the course of providing you with services we will collect and process information that is commonly known as personal data.​

This Policy describes how we collect, use, share, retain and safeguard personal data.​

This Policy sets out your individual rights; we explain these later in the Policy but in summary these rights include your right to know what data is held about you, how this data is processed and how you can place restrictions on the use of your data.

 

WHAT IS PERSONAL DATA?

Personal data is information relating to an identified or identifiable natural person. Examples include an individual’s name, age, address, date of birth, gender and contact details.

Personal data may contain information which is known as special categories of personal data. This may be information relating to and not limited to, an individual’s health, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic and biometric data, or data relating to sexual orientation.

  

PERSONAL DATA WE COLLECT

 In order for us to provide and administer the best healthcare services for you, we will collect and process personal data about you. We will collect, hold and process personal data such as an individual’s name, address,  gender, contact details and address and are therefore the data controller.  

A data ‘controller’ means the individual or organisation which, alone or jointly with others, determines the purposes and means of the processing of personal data. 

A data ‘processor’ means the individual or organisation which processes personal data on behalf of the controller.

For the purposes of meeting the Data Protection Act 2018 territorial scope requirements, the United Kingdom is identified as the named territory where the processing of personal data takes place, ie, your data is not stored outside of the UK.

​

WHY DO WE NEED YOUR PERSONAL DATA?

We collect your personal data to fulfil your purchase orders and for our own internal records only. 

 

DATA RETENTION

The retaining of data is necessary where required for contractual, legal or regulatory purposes. We will retain your data for our internal sales records for a maximum period of one year.

  

YOUR RIGHTS

Individuals are provided with legal rights governing the use of their personal data. These grant individuals the right to understand what personal data relating to them is held, for what purpose, how it is collected and used, with whom it is shared, where it is located, to object to its processing, to have the data corrected if inaccurate, to take copies of the data and to place restrictions on its processing. Individuals can also request the deletion of their personal data.

 

These rights are known as Individual Rights under the Data Protection Act 2018. The following list details these rights: 

-      The right to be informed about the personal data being processed; 

-      The right of access to your personal data; 

-      The right to object to the processing of your personal data; 

-      The right to restrict the processing of your personal data; 

-      The right to rectification of your personal data; 

-      The right to erasure of your personal data; 

-      The right to data portability (to receive an electronic copy of your personal data); 

-      Rights relating to automated decision making including profiling.

 

Individuals can exercise their Individual Rights at any time. As mandated by law we will not charge a fee to process these requests. However if your request is considered to be repetitive, wholly unfounded and/or excessive, we are entitled to charge a reasonable administration fee.

In exercising your Individual Rights, you should understand that in some situations we may be unable to fully meet your request, for example if you make a request for us to delete all your personal data, we may be required to retain some or all data for regulatory and other statutory purposes.

You should understand that when exercising your rights, a substantial public or vital interest may take precedence over any request you make.

 ​

PROTECTING YOUR DATA

We will take all appropriate technical and organisational steps to protect the confidentiality, integrity, availability and authenticity of your data, including when sharing your data with any authorised third parties.

 

BUSINESS TRANSFER

We may sell, transfer or otherwise share some or all of our assets including your Personal Data in connection with an acquisition, merger or sale of some or all of our assets. The information transferred and shared remains subject to the promises made in any pre-existing Privacy Policy

​ 

HOW TO CONTACT US

If you have any questions regarding this Policy, the use of your data and your Individual Rights please contact us via our website.