Privacy matters at Optimus Medical. As part of our business we routinely collect information about our employees, our customers, our suppliers and sometimes our patients. It is important that the information we hold at any time is respected and only used in a reasonable and professional manner.
All staff should read the policy carefully and any questions or concerns about privacy and our privacy practices should be referred to a director.
The company data controller is David Rhodes.
What information do we collect?
We collect data on the organisations we work with, customers, suppliers and regulatory bodies. Such organisations are not entitled to privacy considerations, however the people who work within those organisations that we collect data on are entitled to privacy and it is this information which must be respected.
We collect data on natural persons who work for us, our customers, our suppliers, and the regulatory bodies we work alongside.
We collect data on our employees to ensure we can communicate with and pay them. This information is contained in the confidential hard copy personel files which are retained in the secure filing cabinets. This information includes medical information, employment contracts, home addresses, payroll information, reviews and so on.
We collect data on people that work for our customers, suppliers and regulatory bodies. This information is stored on our CRM system, and can include email, telephone details, professional position and history, and all communications between us and them.
We may collect data on patients, where the regulations require us to record and store implant information. Such information would be held in a secure project area within the company portal.
How do we use personal information?
We only use personal information when we need to, for example:
For employees, for the purpose of communications, salary and expense payments, employment reviews and the like.
Optimus Medical Ltd | The Enterprise Centre | Randall Way | Retford | DN22 7GR T: 0845 686 0305 E: enquiries@optimus-medical.com
For customers, suppliers and regulators, for the purpose of communicating with them about the products they are buying selling or regulating. We will only contact customers regarding products they have already expressed an interest in.
What legal basis do we have for processing your personal data?
The legal basis upon which we process all data is either consent, legitimate interest, or both.
We only process personal data of employees after consent to do so. Consent is deemed to have been given when an employee signs their employment contract.
Where a person outside of the company contacts us and provides us with their personal information, we consider consent to use any such data provided to us to have been given. Any further data acquired by us through other means is deemed to be in the public domain and of legitimate interest to us. Any person may contacts us may request details of their data, a correction or amendment, or for the data to be deleted.
When do we share personal data?
We do not share any personal data outside of the organisation.
Where do we store, process and secure personal data?
Employee data is held in hard copy format in the secure filling cabinets for which access is restricted.
All other personal data is held in our CRM system, which is a password and access restricted platform only available to employees.
How long do we keep your personal data for?
We keep all personal data indefinitely, unless a person request that their data is to be deleted.
How to contact us?
Any person may contact us if they believe we may be holding data about them, by writing to us or telephoning us at our published address, telephone or email.