PRIVACY POLICY

GODIVA MEDICARE LIMITED

Godiva Medicare Limited (“we“, “us”) is committed to protecting and respecting your privacy. This Privacy Policy (“Policy”) (together with and any other documents referred to therein) sets out the basis on which the personal data collected from you, or that you provide to us will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

For the purpose of the General Data Protection Regulation (“GDPR”) and the Data Protection Act 2018 (collectively the “Data Protection Laws”), the Data Controller is Godiva Medicare Limited.

YOUR PERSONAL INFORMATION

Information we collect from you

We collect and process some or all of the following types of information from you in the course of providing our services, in particular your use of the online contact pages located at godivamedicare.co.uk (including subdomains):

From Customers:

Information that you provide when requesting information through the godivamedicare.co.uk website (and any subsequent updates to that information):

  • Full name
  • Email address
  • Telephone number(s)
  • Profile photo
  • Whether your enquiry is for business or personal use (ie. Are you a Pharmacist or a Patient)
  • Company name (if applicable)
  • Any other information you include in your online enquiry
  • Information that you provide in the course of communications with us, or with a Godiva Medicare Limited Driver. This includes:
  • Details provided as part of the booking process (e.g. location, collection and delivery addresses, contact names)
  • Information you provide when requesting further details about our products and services
  • We will keep records of all bookings and payments made by you.
  • If you contact us, we may keep a record of that correspondence.
  • We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
  • Details of your visits to the Website including, but not limited to, traffic data, location data, weblogs and other communication data, and the resources that you access.
  • We process information relating to a booking or potential booking between you (the Customer) and the Driver as a data process on your behalf as the data controller. This includes collection and delivery addresses.
  • The provision of your full name and email address is required from you to enable us to record you as a Customer. We will inform you at the point of collecting information from you, whether you are required to provide the information to us.

From Drivers:

  • Full name
  • Email address
  • Telephone number(s)
  • Home address
  • Copy of driver’s licence
  • MOT documentation (if applicable)
  • Insurance documentation (if applicable)
  • Photograph
  • Photo of the ID or Passport
  • VAT Certificate (if applicable)
  • Company name and address
  • Information about items you are happy to deliver (e.g. alcohol, pork, beef) which may suggest your religion, although we do not store your religious beliefs expressly
  • List of jobs accepted/delivered
  • Various location-based and time-based events related to the deliveries
  • Location-based and time-based events related to the deliveries may be collected automatically from any device we may decide to use, which is necessary as part of providing services to Customers. Other than where that device collects information automatically, we will inform you at the point of collecting information from you, whether you are required to provide the information to us.

Information we collect from other sources

We collect names and email addresses of contacts at potential Customers for the purpose of marketing and business development. This information may be found in a number of ways, including using online searches, LinkedIn profiles and word of mouth

If you are a Driver or are registering to become a Driver, we may obtain:

  • Personal information about you from background checks, for example criminal records checks,
  • Information about your insurance,

USES MADE OF YOUR INFORMATION

Lawful basis for processing

We rely on legitimate interest as the lawful basis on which we collect and use your personal data. Our legitimate interests are performance of contracts with Customers, Couriers and our suppliers, marketing and business development and the administration and improvement of the our service to Customers.

Purposes of processing

We use information held about you in the following ways:

  • To provide you or the organisation that you are engaged by with our services.
  • To carry out our obligations arising from any contracts entered into between you and us. This includes:
  • Where you are a Customer, to provide Drivers you have booked with the information needed for them to carry out their services.
  • Where you are a Driver, to provide Customers who have booked you with the information they need in order to receive your services.
  • To provide you with information and offers that you request from us or which we feel may interest you.
  • To notify you about changes to our services.

Marketing

Our sales team may use personal data to provide potential Customers with information about our services. We use legitimate interests as our lawful basis for collecting and using such personal data. Our legitimate interests are marketing and business development. Individuals have the right to object to our processing of their personal data for marketing purposes.

In addition to the above uses we may use Customer information, to notify you about goods or services which may be of interest to you. Where we do this, we use consent as our lawful basis for processing. This means we will contact you by electronic means (e-mail or SMS) only if you have opted in to receiving such communication.

You can opt out of receiving marketing communications at any time.

If you do not want us to use your data in this way please either:

  • unsubscribe from our electronic communications using the method indicated in the relevant communication; or
  • inform us at any time by contacting us at the contact details set out below.

DISCLOSURE OF YOUR INFORMATION

We routinely pass Customer information to Drivers they have booked, and Driver information to the Customers who have booked (or are considering booking) their services.

We may pass your information to our third party service providers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf (e.g. to host our servers, to send out newsletters or surveys on our behalf).

We may disclose your personal data to any member of our corporate group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006 (where applicable).

We may also disclose your personal data to third parties:

  • in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets; or
  • if we or substantially all of our assets are acquired by a third party, in which case personal data held by us about our customers will be one of the transferred assets; or
  • if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Terms and Conditions and other agreements; or
  • to protect our rights, property, or safety or that of our affiliated entities and our users and any third party we interact with to provide any web based services, or in relation to selected third parties only, only to the extent that you have consented to such selected third parties notifying you about certain goods or services, which may be if interest to you.
  • Other than as set out above, and save insofar as is necessary in order for us to carry out our obligations arising from any contracts entered into between you and us, we will not share your data with third parties unless we have procured your express consent to do so.

STORING YOUR PERSONAL DATA

Security

We take appropriate measures to ensure that any personal data are kept secure, including security measures to prevent personal data from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal data to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data; any transmission is at your own risk. Please make sure your browser indicates “Secure connection”. Once we have received your information, we will use strict procedures to try to prevent unauthorised access.

The Godiva Medicare Limited website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and terms of use and that we do not accept any responsibility or liability for these policies and terms of use. Please check these policies before you submit any personal data to these websites.

Keeping your personal data up to date

If your personal details change you may update them by contacting us using the contact details below.

We will endeavour to update your personal data within seven (7) working days of any new or updated personal data being provided to us, in order to ensure that the personal data we hold about you is as accurate and up to date as possible.

How long we keep your personal data

We will hold the data set out above for a reasonable time having regard to the nature of the personal data and the purpose for which it was collected. In particular:

  • Where we hold your personal data in connection with the performance of a contract with one of our customers or suppliers, we will hold your data, and in particular any communications between you and us in relation to the negotiation or performance of the contract by either party for so long as that contract is in force and for a period of at least 7 years after.
  • Where we hold your data in connection with the marketing or promotion of our business, we will hold your data for up to 2 years, or for up to 2 years after you last communicated with us, if later.
  • In respect of website usage data, we hold your data for 5 years from the date of collection.

Where we store your personal data

All information we hold about you is stored on Google Cloud Platform servers in the UK and/or the European Economic Area.

We may transfer your personal data to, and store it at, a destination outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff maybe engaged in, among other things, the fulfilment of your orders, the processing of your payment details and the provision of support services.

Where the United Kingdom and/or the European Commission has not given a formal decision that any country your personal data may be transferred to or stored in provides an adequate level of data protection similar to those which apply in the United Kingdom and EEA, any transfer of your personal data will be subject to a United Kingdom and/or European Commission approved contract designed to help safeguard your privacy rights and give you remedies in the unlikely event of a misuse of your personal data. To obtain a copy of such safeguards or if you would like further information please contact us (see ‘Contact’ below).

YOUR RIGHTS

Under the General Data Protection Regulation you have a number of important rights free of charge. In summary, those include rights to:

  • access to your personal data and to certain other supplementary information that this Policy is already designed to address
  • require us to correct any mistakes in your information which we hold
  • require the erasure of personal data concerning you in certain situations
  • receive the personal data concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations
  • object at any time to processing of personal data concerning you for direct marketing
  • object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
  • object in certain other situations to our continued processing of your personal data
  • otherwise restrict our processing of your personal data in certain circumstances
  • claim compensation for damages caused by our breach of any data protection laws.
  • For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals rights under the General Data Protection Regulation.

If you would like to exercise any of those rights, please:

  • email us (if you prefer to call or write to us, we will need you to follow up by email in order to identify you),
  • let us have enough information to identify you (e.g. your email)
  • let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill), and
  • let us know the information to which your request relates, including any account or reference numbers, if you have them.

HOW TO COMPLAIN

We hope that we can resolve any query or concern you raise about our use of your information.

The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns or telephone: 0303 123 1113.

CHANGES TO OUR PRIVACY POLICY

We reserve the right to modify this Policy at any time. Any changes we may make to our Policy in the future will be notified and made available to you using the Website. Your continued use of the services and the Website shall be deemed your acceptance of the varied privacy policy.

CONTACT

All questions, comments and requests regarding this Privacy Policy should be addressed to info@godivamedicare.co.uk or write to us at PO Box 6942, Coventry, CV3 9ST.