Retail Customers: anyone who books equipment either online via the company website or by telephone and makes payment at time of booking.
Please Note: all telephone orders are ultimately processed through the website by MESD sales staff. Any personal data written on paper before processing is shredded after processing.
Retail Data subjects: the individuals of whom Mobility Equipment Sales Direct Ltd holds and uses personal data for the purpose of processing website orders, this includes suppliers, retail customers, agents and agent customers.
Non-Retail Data subjects: the individuals of whom Mobility Equipment Sales Direct Ltd holds and uses personal data NOT for the purpose of processing website orders, this includes staff.
Personal Data: data that can identify a person
Non-Personal Data: data that cannot identify a person
This Privacy Statement sets out an overview of how all personal data that we collect from you as the data subject (retail and non-retail) will be processed by us.
MESD acts as a data controller in the United Kingdom for the purposes of any relevant data protection laws. The data you provide is processed fairly and lawfully and used only for the purposes set out in this policy.
MESD will collect data about you in accordance with our legitimate interests as a data controller. We collect both non-personal data and personal data. Non-personal data includes any data that cannot be used to identify you such as shopping cart data and how users navigate through the website. Personal data includes your name, contact details and any other data that can be used to identify you. We do not store any sensitive personal data.
MESD will also obtain explicit consent from you before processing any personal data.
We process personal information for certain legitimate business purposes which include some of the following:
- To dispatch equipment either via a courier company, a supplier or some other ground transport service
- For customer service enquiries
- For the purpose of communication
- To improve user experience on the MESD website(e.g. website chat, address lookup)
- To improve our service and to make our services more relevant to you (including updating our website to enhance your digital experience)
- To carry out our obligations arising from any contracts that MESD enters into with third parties in relation to providing your mobility equipment
- Where you have consented to being contacted, send you promotions, offers and market information
- To facilitate the MESD's payroll and invoicing processes
Retail Data Subject personal data is stored in a database with our hosting company VPCART.
The MESD website has a SSL certificate. This establishes:
All Retail Data Subject personal data in paper format is stored in locked cabinets.
MESD do not store customer credit card numbers or any other payment information other than invoices, statements and confirmation of payments. Credit card details taken by phone are shredded immediately.
All Non-Retail Data Subject personal data in digital format is stored on in-house computer systems. These computer systems are password protected. Some of this information will be stored in cloud and backup systems. (Including, but not limited to Norton)
Under GDPR Data Subjects have the right to access their personal data.
All Retail Customers personal data we store can be viewed at any time by logging into your account.
- Select the My Account link in the top right hand corner of the site
For Retail Customers personal data and previous order information can be viewed and modified here. Personal data can be modified at any time by selecting the Update Personal Information page.
Some personal information that you provide to us may be passed on to our suppliers and the third parties as specified above. Some of these are located outside of the European Economic Area. When we transfer your personal information outside this area, we will take steps to ensure that your privacy rights continue to be protected.
At MESD we hold personal data for "as long as is necessary" to adhere to our statutory and contractual obligations and in line with our legitimate interests as a data controller. "As long as necessary" considers data processing of holiday bookings as well as to comply with financial services regulations (e.g. accounting and tax).
The GDPR introduces a right for Data Subjects to have personal data erased. This is known as 'the right to be forgotten'. A request to delete personal data should be made by email. Please email your request to email@example.com.
When we receive a delete request we may require further identity verification or to clarify your request. In order to fulfil our legitimate interests as data controller, we may refuse your delete request based on the "as long as necessary" obligation described above.
MESD will delete personal data after the "as long as necessary" period if we have not had any meaningful contact with the Data Subject or if we do not hold any records on you that are in our legitimate interests to keep. "Meaningful contact" means contact that adds to the information we already have about you.
We also keep all payroll records, holiday pay, sick pay and pension's auto-enrolment records for as long as is legally required by HMRC and associated national minimum wage, social security and tax legislation.
We use Mailchimp for all our marketing campaigns and there is always a link to unsubscribe at the bottom of the email. Our marketing campaigns include information about special offers and the latest products to be added to the website
If you wish to contact us about any of this or request that we delete you from our mailing list then please email firstname.lastname@example.org
MESD takes every precaution to protect our users' information. We use the following security measures to safeguard your data;
- Firewalls including anti-spyware software
- Anti-virus software (Norton)
- Anti-spam filters
- All data is backed up daily
- All files/data are stored on password protected systems
- Only employees who need the information to perform a specific job (for example, Equipment Administrator, our accounts clerk or a marketing assistant) are granted access to your information.
MESD uses all reasonable efforts to safeguard your personal information. However, you should be aware that the use of email/the Internet is not entirely secure and for this reason MESD cannot guarantee the security or integrity of any personal information which is transferred from you or to you via email/the internet.
The following information is transmitted by us across the internet:
- Correspondence with suppliers to fulfil an order on behalf of the customer (usually but not limited to the retail customer name, contact phone number, and delivery address). This is usually done by email.
In the unlikely event of any data breach, we will notify the appropriate supervisory authority within 72 hours of discovering the breach.
In the unlikely event of such a data breach resulting in a high risk to the rights and freedoms of individuals, we will notify those individuals wherever feasible within 72 hours of discovering the breach.
Any queries or complaints relating to our data protection policy, should be directed to our Data Protection Officer via email: email@example.com. We will aim to respond to any requests within 5 working days of receipt.
The MESD website monitors how visitors use its website to improve services. The information collected does not allow any individual to be identified, and is only be used to understand the website users better. We may also undertake marketing profiling to help us identify services that may be of interest to you.
Mobility Equipment Sales Direct is a trading name of Mobility Equipment Hire Direct Limited which is registered in Scotland No. SC434251 to 84 Berkeley Street
Charing Cross, Glasgow, G3 7DS.
Mobility Equipment Hire Direct
84 Berkeley Street
Tel: 0800 994 9000
Privacy Email: firstname.lastname@example.org