Ian Kelly Orthopaedics collects personal data as legislated in the General Data Protection Regulation (GDPR) (EU) 2016/679. We are fully committed to data protection and compliant with the Data Protection Acts 1988 & 2003.
1. What data do we need?
Ian Kelly Orthopaedics is a Controller of the personal data you the Customer (data subject) provide us. We collect the following types of personal and non-personal data from you:
- Personal Data: Name, Address, Telephone Number, Email and Payment information. We may also retain records of your queries and correspondence in the event you contact us e.g. by email.
- Non-Personal Data: Browser types and cookies
If you provide us with personal data about a third-party (e.g. one of your customers), you warrant that you have obtained their express consent for the disclosure and use of their personal data.
2. Why do we need such data?
We need your personal data to provide you with the following services:
- To provide services and fulfil our obligations to you, our customer
- To provide technical support and customer care
- To process payments
- To detect incorrect order details
- To communicate with you and consenting subjects regarding our services
- To facilitate access for users on our website (including your customers)
- To provide you with information about products or services that you request from us
- To review job applications
3. What do we do with it?
Your personal data is controlled in our office in Waterford, Ireland. Hosting and storage of your data is managed by our hosting provider – Hosting Ireland – and takes place in BT Citywest Datacentre in Dublin, Ireland. The security of your data is important to us and we take appropriate technical and organisational measures to protect it.
Your data (including your customers’ data) will not be transferred to any third-party unless this is required for one of the following reasons:
- To fulfil the service ordered and meet our obligations (for example to deal with your website hosting or domain provider)
- Irish law enforcement request, court order or statutory requirement
- Merger, acquisition of company or sale of company assets
Any such third-party will have similar appropriate data protection policies.
We do not and never shall sell your personal data to third parties for marketing or advertising purposes.
4. How long do we keep it?
We will keep your personal data as long as is required to fulfil our obligations to you. After we have fulfilled our obligations, under Irish law, we are required to keep your documents for a further 6 years. After this period, your personal data will be irreversibly destroyed. Any personal data held by us for marketing and service update notifications will be kept by us until such time that you notify us that you no longer wish to receive this information.
5. What are your rights?
Under GDPR regulations should you believe that any personal data we hold on you is incorrect or incomplete, you have the ability to make reasonable requests to see this information, rectify it or have it deleted. Please contact us and request a Data Subject Access Request Form.
In the event that you wish to complain about how we have handled your personal data, please contact email@example.com. Our Data Protection Officer will then look into your complaint and work with you to resolve the matter.
If you still feel that your personal data has not been handled appropriately according to the law, you can contact the Data Protection Commissioner at www.dataprotection.ie and file a complaint with them.