Please note, D&D may update these policies from time to time, so please refer to this page for any updates. When necessary, updates will be emailed to you. This policy is effective from 25th May 2018.
Draper & Dash would also like to distinguish the fact that, although our primary customers are NHS Trusts and private healthcare organisations, we do not hold any private patient information. The following guidelines apply to client details and information collected via our website – D&D do not hold any personally identifiable hospital data.
What we collect:
- Full name
- Job title
- Contact information, including email address
- Company name
- Other relevant information
What we do with the collected information:
D&D require the above information for various reasons. We will use this information to provide our customers with a better, more tailored service. We will also use this for:
- Internal record keeping
- Improve our applications, services and support
- We may also, periodically, send personalised emails on new products/services, promotional offers, or other information that we think you will find useful and interesting.
How we keep your information secure:
- Your information is never sold or distributed to third parties, without explicit permission or if required by law.
- We have put in place physical, electronic and operational procedures to effectively manage and safeguard all information we collect online.
What control we have on your information:
Draper & Dash use suitable technical and operational safeguards to protect all information from unauthorized access, use/misuse and changes. We will make every possible effort to protect data stored on our website’s server from unauthorized access, although would like to make clear that we are unable to guarantee 100% security in every situation.
Draper & Dash are the sole controllers and processors of any data we collect. This means we are responsible for deciding how and why any collected data is used, and for ensuring that all data is handled fairly and legally.
D&D have also appointed a Data Protection Officer (DPO) who is responsible for ensuring all collected data is treated in accordance with new GDPR regulations and the law. Our DPO can be contacted via email@example.com.
What control you have on your information;
D&D are committed to ensuring you have total control over your information, and you are able to restrict the collection and use of your personal information in the following way:
- If you have previously agreed to allow D&D access to your information, but have changed your mind, you can simply update your preferences by writing to firstname.lastname@example.org
- You may request details of the personal information that we store about you under the Data Protection Act 1998. If you would like this information, please contact email@example.com. Please also refer to this email address, if you believe any of the information we hold is outdated, incomplete or incorrect, whereupon we will immediately correct this.
How we use your information for marketing and advertising purposes:
- We will use your email address to send you email marketing, including updates on our services, where you have signed up to receive this from us.
- You can opt-out of this at any time clicking unsubscribe in any email you receive.
- We occasionally will use your name to personalise marketing, tailored to what services and products of D&D’s that we believe you will be the most interested in, or benefit the most from.
As a key provider of services and technology in the healthcare industry, D&D have implemented a number of processes to ensure that all information and data that is held within our company, is legally covered. D&D are ISO 270001 certified and are also registered with the Information Commissioner’s Office (ICO reference ZA319679).
Third Parties; How they affect you:
D&D would like to thank you for taking the time to read this Privacy Notice and welcome all questions and feedback via firstname.lastname@example.org.