Last Updated: 21st May 2018
At Sunrise Medical we are committed to protecting and respecting your privacy.
Who are we?
We are Sunrise Medical Limited and are registered in England and Wales under company number 3570254. Our registered office and main trading address is Thorns Road, Brierley Hill, West Midlands DY5 2LD. Our VAT number is GB 388 6068 02. You can contact us by post at the above address, by email at email@example.com or by telephone on +44 (0)845 605 66 88.
For the purposes of data protection laws in the UK, the data controller is Sunrise Medical Limited. We are registered as a data controller with the Information Commissioner’s office under number Z657975X.
If you wish to contact us about our use of your personal data, you can email us at firstname.lastname@example.org
What personal data do we collect?
We collect and process information about you in the following ways:
Information you give us
This is information about you that you give to us by:
- Requesting product or service information by phone, at a public event such as a trade show or exhibition, or on our website
- Contacting us by filling in forms on our website
- Replying to one of our marketing campaigns (e.g. filling out a response card)
- Enrolling on a STEPS Training course
- Registering for a Sunrise Medical dealer account
- If you have a Sunrise Medical dealer account, placing an order for a refurbished product or reserving a demonstration product
- Requesting to receive email newsletters (e.g. subscribing via our website or filling out a form at a trade show event)
- Corresponding with us by phone, email or otherwise
- Participating in one of our surveys, competitions or prize draws
Depending on the services you use on the Sunrise Medical website, the information you give to us may include your forename, surname, email, address (for example your street, town, city, county or postcode), phone, date of birth, company name, and company account code.
You may decide to supply other personal data when you contact Sunrise Medical (for example when you send us an email or phone our customer services team). If we require personal data during correspondence with you, we will explain to you why we would like this information and what we do with it at each stage.
You can visit the Sunrise Medical website without providing any personal data.
Information we collect about you
In addition to the information identified in the above section, when you visit our website, we will automatically collect the following information:
- Device Information
This includes information from or about your computer, phone or other device that you access our website from. Examples of the device information that we collect includes your operating system, IP address, browser type, device type and date and time of your visit.
- Information about your visit
We collect how you use and interact with our website during your visit. This includes the pages you visit, the products or services you enquired about, clickstream to, through and from our website (including the date and time), what you searched for, page response times, how long you visited, advertising identifiers and page interaction information (for example what was clicked). Depending on the consent that you give us, this information may or may not be associated with you. If you have consented to receive email newsletters from us, we will also record information regarding your interaction with it (such as whether you open, click on a link or forward the email message). If you do not want us to collect this information, you can unsubscribe from receiving email newsletters.
- Combined information
We combine personal data that we collect via the Sunrise Medical website with information we receive from other sources (for example if you have consented to receive email newsletters when visiting Sunrise Medical at a trade show, training event, opening an account with us or other similar activities). We will always explain how we intend to use your information before you give consent.
If you do not provide the information requested or automatically collected by us, we may not be able to provide you with the appropriate products or services (including website services) to the same standard or at all.
Children under 16
If you are under 16 years of age, please do not provide us with any personal data. Our website is not intended for or targeted at children 16 and under, and we do not knowingly or intentionally collect information about children 16 and under. If you believe that we have collected information about a child 16 or under, please contact us using the information found under “Who Are We”, so that we may delete the information.
Basis for collecting, processing and disclosing your personal data
This section explains how and why we process your personal data, as well as the legal basis on which we carry out this processing.
- When you opt-in to receive permission-based email newsletters
Where you have subscribed to receive email newsletters from us about products, services, promotions, news, events and useful resources, we will process your personal data to provide you with this. Our legal basis for processing your personal data in this way is consent. You can withdraw your consent at any time by following the unsubscribe link on any of the email newsletters you receive from us.
- To provide you with the product or service information you request
Where you ask us to provide product or service information to you by email, it is necessary to process your personal data in this way for the performance of a contract with Sunrise Medical. This involves passing your personal data through our in-house technology to generate the email with the information and send it to you. We need to process your personal data in this way to provide you this service.
- To receive a product demonstration
Where you ask us to provide a product demonstration, it is necessary to process your personal data in this way for the performance of a contract with Sunrise Medical. This will involve sending you emails concerning your request (such as acknowledgements , reminders and a feedback survey) and contacting you either by phone or email to arrange your demonstration. Product demonstrations are supplied by one of our third-party product providers (otherwise known as a Sunrise Medical Dealership). When we contact you to arrange your demonstration, we will inform you of the Sunrise Medical Dealership who will handle your product demonstration and request your consent to pass your personal data to them. We disclose only the personal data that is necessary to deliver your product demonstration. Our legal basis for processing your personal data in this way is consent.
- To enrol you on the STEPS training course
Where you request to attend a STEPS training course, it is necessary to process your personal data in this way for the performance of a contract with Sunrise Medical. Our use of your personal data in this way includes passing your personal data through our in-house technology to administer your booking (for example, generating emails to confirm the enrolment, course reminders and to gather feedback). We need to process your personal data in this way to enrol you on the course.
- To answer your questions and enquiries
Where you submit an online enquiry or send us an email, we need to process your personal data to respond to you. If appropriate, we may need to pass your personal data to other internal departments to help with, or reply to your enquiry. These internal departments are not authorised to use or disclose your personal data except as provided in this Policy. Please remember if you intend to send sensitive information (such as your disability) it is advisable to contact us by telephone rather than by email or via our website. It is necessary to process your personal data in this way for the performance of a contract with Sunrise Medical.
- To register and manage your online dealer account
If you are a Sunrise Medical dealership and register for a Sunrise Medical dealer online account, we need to process your personal data to create and maintain your account, and to verify that you are an authorised Sunrise Medical Dealership. Our use of your personal data in this way may include providing you with emails about password reminders, notification of website maintenance and account de-activation. Where you place an order for a refurbished product or reserve a demonstration product through your online account, we will process your personal data to provide these products to you. Our use of your personal data in this way includes passing your personal data through our in-house technology to process your order (for example, notifying Customer Services of your order and emailing you an order acknowledgement). It is necessary to process your personal data in this way for the performance of a contract with Sunrise Medical.
- To enter you into a competition or prize draw
Where you submit your personal data for the purposes of entering a competition or prize draw, we will need to process your personal data to provide this service to you. Our reason for doing so is for the performance of a contract with Sunrise Medical.
- To personalise your website and email experience
Our legitimate interest for processing your personal data this way is to provide you with a more tailored experience when you visit our website or receive email communications from us. For example, we may use your personal data to make sure the website or an email communication is displayed in the most effective way for the device you are using, or highlight products that you may have previously shown interest in.
- To make our website better
We use various third-party cookies such as Google Analytics to help us improve our website by gathering information on usage trends and preferences of our website visitors. These cookies collect information in an aggregate form. Our legitimate interest for processing your personal data this way is to provide you with the best possible website we can.
- To make our website secure
Our legitimate interest for processing your personal data this way is for the purpose of making our website more secure. This may involve using your IP address to block you from using our website if your actions are disruptive or illegal. We also use it for general website administration and for internal operations including troubleshooting, data analysis, research, testing and statistical purposes.
- To ensure you don’t receive email communications from us when you opt-out
Where you have opted-out of receiving email communications from us, we will process your personal data to assign you to a suppression list. This involves holding on to limited personal data (such as your email). Our legitimate interest for processing your personal data this way is to ensure email communications are no longer sent after you have withdrawn consent.
- To create data sets
We will also process your personal data into an aggregate format where it can be used for reporting purposes (for instance to show the amount of product demonstration requests, measure the success of advertising campaigns or the number of visitors who subscribe to email newsletters). Our legitimate interest for processing your personal data this way is to evaluate the efficiency of marketing campaigns.
- If our business is sold, we will transfer your personal data to a third party
In the event that we buy or sell any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets (at all times in accordance with all applicable data protection laws); or if Sunrise Medical or substantially all of its assets are acquired by a third party, in which case personal data held by Sunrise Medical will be one of the assets transferred to the purchaser. Our legitimate interest for processing your personal data this way is to ensure our business can be continued by a purchaser. If you object to our use of your personal data in this way, the relevant seller or buyer of our business may not be able to provide services to you.
What are your rights?
Right to Access
You have the right to receive confirmation as to whether your personal data is being processed by us, as well as various other information relating to our use of your personal data. You also have the right to access your personal data which we are processing. If you wish to access the personal data we hold about you, please contact us using the details provided above.
Right to Object
You have the right to object to our processing your personal data where we are processing your personal data based on our legitimate interests (as set out above) or you can show that your interests, rights and freedoms regarding your personal data outweigh our interest to process it. If you ask us to stop processing your personal data on this basis, we will stop unless we can demonstrate compelling grounds as to why the processing should continue in accordance with data protection laws.
Right to withdraw consent
If you have given us your consent to use personal data (for example to receive email newsletters), you can withdraw your consent at any time by sending an email to the address provided in the “Who We Are” section. If you do choose to withdraw your consent, this will not mean that our processing of your personal data before you withdrew your consent was unlawful.
Where consent is related to email communications, you can exercise your right to withdraw consent by clicking on the “unsubscribe” link in the email communications we send you. Please remember that if you request to be emailed product information, made a course reservation, made an enquiry or registered for a Dealer account after unsubscribing, you will still receive emails about your request and other administrative messages even if you have opted out of receiving email communications.
Right to Rectification
You have the right to require us to rectify any inaccurate personal data we hold about you, and have incomplete personal data that we hold about you completed by providing it to us. If you have registered for a Sunrise Medical Dealer account, you can update your Account information and preferences at any time by accessing your Account settings page on the website.
Right to Erasure
You have the right to require we erase your personal data which we are processing where at least one of the following grounds applies:
- The processing is no longer necessary in relation to the purposes for which your personal data was collected for
- Our processing of your personal data is based on your consent, you have subsequently withdrawn your consent and there is no other legal ground we can use to process your personal data
- You object to the processing as set out in the “right to object” section of this Policy and we have no overriding legitimate interest for our processing
- The personal data has been unlawfully processed and the erasure is required for compliance with a law to which we are subject.
Right to Data portability
You have the right to receive your personal data that you have provided to us in a structured, standard machine readable format and the right to transmit such personal data to another controller if the legal basis for processing your personal data is the fulfilment of a contract or consent.
Right to Restriction
You can ask us to restrict our processing of your personal data where:
- The accuracy of the personal data is being contested by you
- The processing by us of your personal data is unlawful (but you do not want the relevant personal data erased)
- We no longer need to process your personal data for the agreed purposes (but you want to preserve your personal data for the establishment, exercise or defence of legal claims)
- We are processing your personal data on the basis of our legitimate interest and you object to our processing on this basis and you want processing of the personal data to be restricted until it can be determined whether our legitimate interest overrides your legitimate interest.
Where any exercise by you of your right to restriction determines that our processing of your personal data is to be restricted, we will then only process the relevant personal data in accordance with your consent and, in addition, for storage purposes and for the purpose of legal claims.
Automated Decision Making
Automated decision-making takes place when an electronic system uses personal data to make a decision without human intervention.
You have the right to ask Sunrise Medical to:
- Give you information about our processing of your personal data for automated decision making purposes
- Request human intervention or challenge a decision where processing is done solely by automated processes
- Carry out regular checks to make sure that our automated decision making processes are working as they should.
Sunrise Medical does not currently use automated decision making.
How to exercise your rights
If you wish to exercise your rights, you can contact us using the details in the “Who Are We” section. Please note that while any changes you make will be reflected in active user databases instantly, we may retain all information you submit for backups, archiving, prevention of fraud and abuse, analytics, suppression, satisfaction of legal obligations, or where we otherwise reasonably believe that we have a legitimate reason to do so.
Please note, some of these rights only apply in certain circumstances and we may not be able to fulfil every request.
In order to collect certain data described above, we use cookie technology on our website.
Cookies are small pieces of information that websites send to a visitor’s computer and are saved to your device to allow that website to store your interactions and recognise you when you visit. This allows us to provide you with a tailored experience when using the Sunrise Medical website. Cookies are either session-based (they only last until you close your internet browser) or persistent (they remain on your computer for a specific amount of time or until you delete them). For example, Sunrise Medical uses persistent cookies to remember when you return to our website or to track your activities when using our website. We may associate personal data with a cookie in those instances.
When you visit the Sunrise Medical website, it is your decision if you consent to third-party advertising. Third-party advertising is used to manage our advertising on other websites and evaluate their performance. They do this by using cookies and web beacons to collect non-personal data about your activities on this and other websites over time. This information is used to provide you with targeted advertising based on your interests and to help us evaluate the success of our advertising. This data collection takes place on both our website and third-party websites that participate in the ad networks. You can opt out of delivery of targeted advertising to you by visiting: https://www.aboutads.info/choices
Please note that even if you opt-out, you will continue to receive advertisements on other websites, but they will not be tailored to your specific interests.
Will we disclose your personal data to anyone else?
We will only use your personal data within Sunrise Medical for the purposes for which it was obtained. We will not, under any circumstances, share or sell your personal data with any third party for their own marketing purposes, and you will not receive marketing from any other companies or other organisations as a result of giving your details to us. However, there are some situations where we use trusted providers to help us with administration of the services you have asked us to supply to you for example:
- Third-Party Product Providers
We need to share your personal data with third-party product providers (Sunrise Medical Dealerships) to help us to deliver your product demonstration. These "Sunrise Medical Dealerships" will only act under our instruction and we have a contract in place with them that requires them to keep your information secure and to only use it for the reason it was collected. We will always provide you the name of the Sunrise Medical Dealership before disclosing your personal data and require your consent either verbally by phone or by email in order to do so.
- Other Sunrise Medical Divisions
Under some circumstances we may be required to disclose or share your information without your consent, for example if we are required by the police, the courts or for other legal reasons.
We profile personal data to help us to tailor your website experience and provide you with email communications to help prevent unwanted communications from filling up your inbox. You can object to such use of your personal data for profiling at any time by contacting us at the details set out in the “Who Are We” section. This section explains how and why we use personal data to understand our visitors and email subscribers and provide a better experience.
We analyse our visitor data to identify common characteristics and preferences. We do this by assessing various types of information including behaviour (for example, products that have been enquired about or are interested in, or demographic information, such as location). By grouping people together based on common characteristics, we can ensure you see and receive the communications, products and information which are most important to you. This helps to ensure you receive relevant information, and means we aren’t wasting resources on contacting you with, or showing you information which isn’t of interest.
- Profiling to help us understand your interest in a product
We profile visitors to our website to assess their interest in a product. For example, we keep track of the products and services you have visited, marketing campaigns you have responded to and the products or services you have enquired about. If, based on the information that you have provided, it appears you might be interested in learning more about a product or service, we may contact you by email or personalise our website pages to promote it to you.
How long will we retain your personal data?
We only retain personal data that’s been submitted to our website for the following periods, unless otherwise required by law:
- Where we have built a profile of your interaction with us (such as the products and services you have enquired about or used and the pages you have visited), we will keep your personal data for two years from the last time you used or interacted with our website and its services.
- The personal data you submit to us when requesting product information will be retained for 3 days, for auditing and administration purposes.
- Personal data you submit to us when enrolling on a STEPS training course will be retained for 12 months after the course date, for auditing and administration purposes.
- Personal data you submit to us when requesting a product demonstration will be retained by Sunrise Medical for 12 months after the scheduled demonstration date to deal with any queries regarding your request.
- Personal data you submit to us when making an enquiry or correspondence via email will be kept up to 2 years from the last date of interaction with us, for administration purposes.
- Personal data you submit to use when entering a competition or prize draw will be kept for 1 month after the closing date.
- If you have a Sunrise Medical website Dealer account, we retain the personal data collected for as long as the account is active.
- If you have subscribed to receive email newsletters, we retain the personal data collected for as long as you are subscribed. We will contact you every 2 years to ensure you are happy to continue receiving such newsletters. If you tell us that you no longer wish to receive such newsletters, you will be unsubscribed. If you unsubscribe, we keep your email address recorded on a suppression list to prevent you receiving further email newsletters from us.
After these periods, your personal data is removed for analytical reasons.
In situations where you have consented to receive email newsletters alongside your request (for example if you requested product information and consented to receive email newsletters) we will retain your name, email address and country. All other un-necessary personal data will be removed.
If legally required, or if it is reasonably necessary to meet regulatory requirements, resolve disputes, prevent fraud and abuse or enforce our Terms and Conditions, we may also retain some of your personal data for the applicable period during which claims may be raised (the statute of limitations), or for any mandatory retention period, even after you have closed your account or it is no longer needed to provide the services to you.
How do we keep your personal data safe?
All personal data you provide to Sunrise Medical is stored on our secure servers in the United Kingdom. We use a variety of security techniques, including encryption and authentication, to help with the protection and maintain the availability, security and integrity of your personal data.
Please remember that data transmission over the internet is not guaranteed to be secure. Sunrise Medical is committed to protecting your information in accordance with data protection requirements. These include:
- Restricting access to your personal data to only those who need to use it for the relevant purpose
- Keeping your personal data stored in encrypted form
- Prevent unauthorised access to IT systems by using firewalls
- Permanent monitoring of IT systems to detect and stop misuse of personal data
If you have a Sunrise Medical website account, you have a username and password which enables you to access certain parts of our website. You are responsible for keeping this username and password confidential. We ask you not to share your username and password with anyone.
Changes to our Policy
We may change this Policy from time to time. If we do, we will post the revised version here and change the “Effective Date” listed at the top of this Statement before such changes take effect. If we make changes to this Policy that impacts the purposes of processing your personal data, we will also inform you by email.
Further information and complaints
You may request further information about the way we manage your Personal Data or lodge a complaint by contacting us using the details above.
We will deal with any complain by investigating it, and providing a response to you within a reasonable time, provided that we have all necessary information and have completed and investigation required. In some cases, we may need to ask you to put your complaint in writing so that we are sure that we understand it, and may also need to ask you for further information or to verify your identity. In cases where further information, assessment or investigation is required, we will seek to agree an alternative timeframe with you.
If you are dissatisfied with the outcome, please contact us. Alternatively, you may take your compliant to the Information Commissioner’s Office via their website at https://ico.org.uk/your-data-matters/raising-concerns/ or write to them at:
Information Commissioner's Office