DD: your privacy

For over 35 years, our valued customers have relied on us to protect the privacy and security of their personal information. Our reputation is based on the highest standards of personal service and working in partnership with you to understand your business. That’s why looking after the information you entrust in us is so important to us.

Who we are:

DD is a group of companies consisting of DD Products and Services Ltd, DD Group Holdings Ltd, Med-Fx Ltd, BF Mulholland Ltd, TAG Medical Ltd, Dolby Medical Ltd and Mi-Tec Ltd the specific Data Controller for your information will be provided in the Privacy Notice for that activity.

If you have any questions about this document, need additional help or wish to raise a concern about our treatment of your personal data please contact
gdpr@ddgroup.com

Personal Information

For the purposes of this statement, personal information is any information about a specific individual or that identifies or may identify a specific individual. In other
words, it is any piece of information than can be linked to you.

This may be information that we collect directly from you, that is automatically collected or that we receive from third parties. Whenever we are collecting Personal Information, we will provide a Privacy Notice that will give you details of what Personal Information we are collecting, what we use it for and the legal basis upon which we are using it.

Collecting your personal information

We use different methods to collect data from and about you including through:

direct interactions. You may give us your personal information by filling in forms or by corresponding with us by post, phone, e-mail or otherwise. This may include personal information you provide when you:
– apply for our products or services
– create an account on our website
– subscribe to our service or publications
– request marketing to be sent to you
– enter a competition, promotion or survey
– give us some feedback, or
– give us your details at an exhibition or event
automatically. The information we collect automatically may include information like your IP address, device type, unique device identification numbers, browsertype, broad geographic location (e.g. country or city-level location) and other technical information. We may also collect information about how your device has interacted with our Websites, including the pages accessed and links clicked. Some of this information may be collected using cookies and similar tracking technology, as explained further under the heading “Cookies and similar tracking technology” below.
third party sources. From time to time, we may receive personal information about you from third party sources (including companies which facilitate our competitions or provide services to us), but only where we have checked that these third parties either have your consent or are otherwise legally permitted or required to disclose your personal information to us.

Using your personal information

We will only use your personal information when the law allows us to.

Most commonly, we will use your personal information in the following circumstances:

where we need to perform the contract we are about to
enter into or have entered into with you
where it is necessary for our legitimate interests(or those of a third party) and your interests and fundamental rights do not override those interests, and
where we need to comply with a legal or regulatory obligation.

We will provide details of what basis we are relying upon in the relevant Privacy Notice for that activity.

Social Media

We love social media and chatting with you there, whether it be on Facebook, Twitter, LinkedIn and Instagram:

www.facebook.com/ddgroupuk
www.twitter.com/dd_group_uk
www.linkedin.com/company/ddgroupuk/
www.instagram.com/dd_group_uk

Don’t forget, however, that everybody can see everything you do there (our sites are public) so if you want us to keep your information private, please don’t put anything on these sites which you or your loved ones would like to keep private, whether now or in the future.

If you use certain social media features from within our website or connect with us on our social media webpages, the privacy policies of those companies will apply. Please read them carefully before you share your information with us and others as these companies may have different standards of protection of information than we do.

Failing to give us your personal information

Where we need to collect personal information by law, or under the terms of a contract we have with you and you fail to provide that information when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with our products and services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

Changing why we use your personal information

We won’t do this.

We will only use your personal information for thepurposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose or where we are required to by law.

Sharing your personal information

We don’t generally share your Personal Information with third parties unless:

we are required to do so by law or another regulatory body, or where we deem it necessary for legal or safety purposes. it is with other entities in the DD group.
it is with suppliers who provide processing services to us under contract that complies with the law.
professional advisers including lawyers, bankers, auditors and insurers based who provide consultancy, banking, legal, insurance and accounting services.
we have another legitimate reason for doing so.

If we do this, we require these third parties to respect the security of your personal information and to treat it in accordance with the law.

We will, where necessary, share your personal information with other third parties, for example in the context of the possible sale or restructuring of the
business.

The security of your debit or credit card

When you pay us using your debit or credit card you rightly expect the highest levels of security for your card details. This is why we comply with PCI DSS.
(For more details on this, go to: What is PCI DSS?)

This is a worldwide payment card industry data security standard that helps us process your card payments securely and protect you against the misuse of your card information.

Transferring your personal information outside of the EEA

It may be necessary to transfer your personal information outside of the EEA in order for us to make use of service providers based in global jurisdictions. If we undertake such transfer, we will always do so in compliance with the law in a manner that protects the security of your personal information.

Securing and protecting your personal information

Your personal information deserves the greatest protection and security. This is why we have put in place appropriate security measures to prevent it from being
accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality to us.

We have put in place appropriate procedures to deal with any suspected security breach which involves personal information and we will let you and any applicable regulator know of a breach where we are legally required to do so.

Keeping your personal information for as long as necessary

We will only keep your personal information for as long as necessary to fulfil the purposes we collected it unless we need to keep it for other purposes including for satisfying any legal, accounting, or reporting requirements.

To work out the appropriate retention period for personal
information, we consider:

the amount, nature, and sensitivity of the personal
information
the potential risk of harm from unauthorised use or
disclosure of your personal information;
the purposes for which we process your personal
information and whether we can achieve those
purposes through other means, and the applicable
legal requirements.

Each Privacy Notice will set out what the retention period is for the personal information that it deals with.

In some circumstances we may anonymise your personal information (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

Keeping your personal information up to date

It is important that the personal information we hold about you is accurate and current.

Please keep us informed if your personal information changes by e-mailing gdpr@ddgroup.com or updating any account you hold with us when your personal
information changes.

Exercising your legal rights

Under certain circumstances, by law you have the right
to:

access to your personal information (commonly known as a ‘subject access request’). This means you can receive a copy of the personal information we hold about you and check that we are processing it properly
the correction of the personal information that we hold about you. This means you can correct any incomplete or inaccurate information we hold about you
the erasure of your personal information. This means you can ask us to delete or remove personal information where there is no good reason for us continuing to process it
the restriction of processing of your personal information. This means you can ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it; and
the transfer of your personal information to another
party.

If you want to do any of these things please contact the relevant person on the Privacy Notice that your issue relates to or contact our DPO at gdpr@ddgroup.com.

In almost all circumstances you do not have to pay a fee to access your personal information (or to exercise any of the other rights).

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

Dealing with cookies

Not all cookies are bad! Most websites you visit, such as the DD site, use cookies to improve how the website works by letting that website ‘remember’ you, either for the duration of your visit (using a ‘session cookie’) or for repeat visits (using a ‘persistent cookie’).

Exercising your right to withdraw consent

You have the right to withdraw your consent at any time (where we rely on consent as the lawful basis for processing your personal information.

To withdraw your consent, please e-mail gdpr@ddgroup.com or use the unsubscribe function in any e-mail we send.

Contacting the Data Protection Officer

Our Data Protection Officer oversees compliance with this privacy notice.

If you have any questions about this privacy notice or how we collect and use your personal information, please contact the Data Protection Officer. Details are as follows:

Data Protection Officer
DD Products and Services Ltd
6 Perry Way, Witham, Essex, CM8 3SX.
E-mail: gdpr@ddgroup.com

If we have got something wrong, please let us know and we will do whatever we can to try to fix it. Of course, you have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.

Changes to this privacy notice

From time to time will may need to update this privacy notice to reflect how we are collecting and using your information. If we do this, we will let you know (such as by e-mail or a notice on the website) so that you can review
any updates.

Details of any changes will also be recorded in our change log table below.

Changes..png