top of page

Privacy Policy

GDPR Policy for Website use and Purchasing Medical Education Products

 

Find out how we use and protect the personal data that you provide to us.

We are committed to preserving the privacy of all visitors to www.rivierasurgery.com (the Website). Please read the following Policy to understand:

  1. the personal data we collect about you;

  2. the purpose for which we collect personal data about you;

  3. the manner in which we process your personal data;

  4. with whom your personal data might be shared with; and

  5. how we protect the personal data which you provide to us.

By either registering as a user of any services provided by us on this Website and/or by using this Website generally you consent and agree to the use of your personal data by us in accordance with this Policy.

The Website and its webpages are operated by Riviera Surgery LLP, a company registered in England and Wales. Our registered office is: Westbury Hill, Bristol, Avon,  BS9 3QA. Our company registration number is OC429838. Riviera Surgery LLP is a registered Data Controller with the Information Commissioner's Office (ICO) under registration number ZA645133. We are Care Quality Comission registered as well as NHS Digital.This means that we are responsible for and regulated for the personal data we collect about you. Details of Riviera Surgery LLP notification to the regulator for data protection, may be found in the ICO's Public Register of Data Controllers at www.ico.org.uk.

For the purposes of this Policy, references to "you" or "your" shall mean as a user of the Website and/or a customer of our products and services.

Your use of the Website is also governed by the Website's general Terms and Conditions. Please ensure you have read and understood the Terms and Conditions in addition to this Policy.

  1. 1. Personal data which we collect

1.1 We collect personal data about you when you:

  1. create a new user account with us on our Website;

  2. purchase or make payments for any of our products or services (Products);

  3. contact us through our Website;

  4. contact us by letter, email or telephone;

  5. post material to our Website;

  6. post material through our social media pages on sites such as Facebook and Twitter;

  7. complete customer feedback or surveys;

  8. sign up for newsletters; or

  9. enter competitions on our Website.

1.2 The personal data collected in the above manner may include:

  1. full name;

  2. postal address;

  3. email address;

  4. telephone number;

  5. payment details; and

  6. your user account details.

1.3 There may be instances where you provide us with information which is classified as "special categories of personal data", (an example would be where you provide us with special instructions regarding delivery of your Product because you have a disability). We will only process such data for the purpose of providing the Products (e.g. effecting delivery) and in accordance with the requirements of the EU General Data Protection Regulation 2016/679 (GDPR). You can choose whether or not to provide us with any special categories of personal data.

1.4 If you provide us with personal data relating to another person when you order a Product, you confirm that you have the permission of that other person to share their personal data with us.

1.5 We may monitor and record communications with you (such as telephone conversations and emails) in order to maintain customer service standards, assist staff training and fraud prevention/compliance activities.

1.6 If you post material to our social media pages, such material will also be subject to the policies operated by such sites. Please note that we have no control over these policies and you should familiarise yourself with content of these polices before posting.

  1. 2. Use of your personal data

2.1 We may collect personal data about you so that we can:

  1. register you with our Website and to manage any account you hold with us;

  2. administer our Website services;

  3. fulfil our agreement with you in respect of any Products you purchase and to process your purchases and obtain payment;

  4. notify you about important changes and developments to the Website or our Products;

  5. analyse and profile your purchasing preferences e.g. (market, customer and product analysis) to enable us to:

    1. provide you with a personalised browsing experience when using the Website; and

    2. review, develop and improve the Products which we offer and to enable us to provide you and other customers with relevant information through our marketing programme(s);

  6. aggregate personal data in order conduct research, statistical analysis and behavioural analysis;

  7. respond to queries, refund requests or questions relating to your order;

  8. tailor how we inform you about Products which we think will interest you. An example would be if when you buy one Product type from us, we offer you a related Product at a discounted price; and

  9. carry out security vetting and detect and prevent fraud.

2.2 We will only use your personal data in the circumstances set out in paragraph 2.1 where it is permitted by law and where:

  1. we need to use your personal data in order to perform a contract with you;

  2. we need to use your personal data in order to comply with our legal or regulatory obligations;

  3. you have given us your consent to use your personal data (if consent is needed, we will ask for this from you separately);

  4. it is reasonably necessary to use your personal data in order to comply with any legal obligations which we are subject to in the performance of our contract with you; and

  5. we need to use your personal data in pursuit of the legitimate interest of the improving the Website for the benefit of you and other customers to whom we provide Products.

Marketing

2.3 We would like to send you information by post, email, telephone (including automated calls), text message (SMS) or otherwise about our products and services, competitions and special offers which may be of interest to you.

Payment Details

2.4 We do not hold or store any payment details which you provide to us when you order a Product. Any payment details you provide will be held by the relevant third party payment provider (e.g. PayPal or Worldpay).

  1. 3. Disclosure of your personal data

3.1 We may share your personal data with the following third parties who may use it for the same purposes as set out in section 2 above:

  1. to other companies (but only where they are located in the EEA);

  2. to employees and agents of Riviera Surgery LLP and other third parties, some of whom may be located outside the EEA, to administer any accounts and any Products provided to you by Riviera Surgery LLP now or in the future;

  3. to third parties who provide us with technological support that enables us to administer any accounts and any Products provided to you. Examples include our web hosting providers, our enterprise resource planning (ERP) providers, our ecommerce platform providers, our saas providers and our payment gateway and payment service providers;

  4. to our third party logistics and delivery providers who deliver Products to you on our behalf;

  5. to agents who (on our behalf) profile your data so that we may tailor the Products we offer to your specific needs;

  6. to anyone to whom we transfer our rights and duties under our agreement with you to supply Products; and

  7. if we have a duty pursuant to the law to do so or if the law allows us to do so.

3.2 We may also share your personal data with third parties in order to comply with our legal or regulatory obligations.

3.3 We will not and do not sell your personal data to any third party for marketing purposes.

  1. 4. How can I get my name removed from the Riviera Surgery LLP mailing list(s)?

4.1 If you have opted in to our mailing list, and no longer wish to receive our newsletter or other promotional communications, you may opt-out of receiving such communications by following the instructions that are included in each communication. You may also opt out by:

  1. writing to our Data Protection Officer quoting "security and privacy enquiry" at Riviera Surgery LLP , Westbury Hill, Bristol, Avon,  BS9 3QA;

  2. phoning our Customer Services Department on ; or

  3. via email at info@rivierasurgery.com.

4.2 Please be aware that you may still receive communications from us until we have had a reasonable opportunity to process your request.

  1. 5. Consent

5.1 In those cases where we need your consent to hold and process your personal data, we will ask you to check a box on the relevant form or webpage requiring consent. By checking these boxes you are stating that you have been informed as to why we are collecting your personal data, how it will be used, for how long it will be kept, who else will have access to it and what your rights are as a data subject (all of which is set out in this Policy).

  1. 6. How we keep your personal data secure

6.1 To protect your personal data we have policies and procedures in place to make sure that only authorised personnel can access your personal data, that personal data is handled and stored in a secure and sensible manner, and that all systems that can access the personal data have the necessary security measures in place.

6.2 Please note that the internet is not a secure medium and we cannot guarantee the security of any data you disclose online. You accept the inherent security risks of providing information and dealing online over the internet and will not hold us responsible for any breaches of your data protection rights attributable to the transmission of your personal data over the internet.

  1. 7. How long do we keep your personal data

We shall retain your personal data for as long as is reasonably necessary for the purposes listed in paragraph 2.1 unless we are required by law to retain your personal data for a longer period.

  1. 8. Your rights

8.1 You may exercise your rights below by contacting us using the contact details in section 15 of this Policy or by calling.

The right to access personal data we hold on you

8.2 At any point you can contact us to request the personal data we hold on you as well as why we have that personal data, who has access to the personal data and where we got the personal data. Once we have received your request we will respond within a reasonable time period (and in any event no longer than 30 days from the date of your request). Please contact our Data Protection Officer or email info@rivierasurgery.com to request to see your personal data.

The right to correct and update the personal data we hold on you

8.3 If the data we hold on you is out of date, incomplete or incorrect, you can inform us and we will ensure that it is updated. If you are concerned that any of the personal data we hold on you may be incorrect, and you are unable to change it yourself as described below, please contact our Data Protection Officer or email info@rivierasurgery.com.

The right to have your personal data erased

8.4 If you feel that we should no longer be using your personal data or that we are not entitled to be using your personal data, you can request that we erase the personal data we hold. When we receive your request, we will confirm whether the data has been deleted or tell you the reason why it cannot be deleted. Please contact our Data Protection Officer or email info@rivierasurgery.com to request that we delete your personal data.

The right to object to processing of your personal data

8.5 You have the right to request that we stop processing your personal data. Upon receiving the request, we will contact you to tell you if we are able to comply or if we have legitimate grounds to continue to process your personal data. If we no longer process your personal data, we may continue to hold your personal data to comply with your other rights or our legal regulatory obligations. Please contact our Data Protection Officer or email info@rivierasurgery.com to request that we stop processing your personal data.

The right to ask us to stop contacting you with direct marketing

8.6 You have the right to request that we stop contacting you with direct marketing. Further details on this can be found at section 4 of this Policy.

The right to data portability

8.7 You have the right to request that we transfer your personal data to another controller. Once we have received your request, we will comply where it is feasible to do so. Please contact our Data Protection Officer or email info@rivierasurgery.com if you want us to transfer your personal data to another controller.

  1. 9. Cookies

Use of Cookies

9.1 New technologies are emerging on the internet that help us to deliver customised user experiences. In particular, there is a technology called "cookies" which may be used by us to provide you with, for example, customised information from our Website. In most cases we will need your consent in order to use cookies on the Website. The exception is where the cookie is essential in order for us to provide you with Products you have requested.

9.2 A cookie is an element of data that a website can send to your computer (or other electronic device), which may then store it on your system. Cookies allow us to understand who has seen which pages and advertisements on our Website, to determine how frequently particular pages are visited and to determine the most popular areas of our Website. Non-personal information such as browser type, operating system and domain names, may be collected during visitors' use of the Website and this information may be used by us to measure the number of visitors to the Website. Unless you have indicated your objection when disclosing your details to us, our system will issue cookies to your computer when you log on to the Website.

Consent to cookies

9.3 There is a notice on our Website home page which describes how we use cookies. If you use this Website after this notification has been displayed to you, we will assume that you consent to our use of cookies for the purposes described in this Policy.

What types of cookies do we use?

9.4 We may use cookies and similar tools across our Website to improve its performance and enhance your user experience.

First party cookies: We set these cookies and they can only be read by us.

Persistent cookies: We may use persistent cookies which will be saved on your computer for a fixed period (usually 1 year or longer). They won’t be deleted when the browser is closed. We may use persistent cookies to recognise your device for more than one browsing session.

Session cookies: We may use session cookies which are only stored temporarily during a browsing session and will be deleted from your device when the browser is closed.

Third party cookies: We may use a number of third party suppliers who also set cookies on our Website in order to deliver the services that they are providing. These cookies are known as third party cookies.

Depending on the type of cookies we use, cookies also allow us to make our Website more user-friendly. For example, persistent cookies allow us to save your password so that you do not have to re-enter it every time you visit our Website. Our Website may also use cookies to monitor website traffic and/or to make sure you don't see the same content repeatedly and/or to deliver content specific to your interests.

The cookies that we use can be roughly divided into four categories based on the function that they carry out on the Website.

Essential Cookies:Essential cookies enable a website to function at its best. For our Website this means making your shopping experience as straightforward as possible. The Website requires essential cookies to be present to:

  1. remember what is in a shopper's basket;

  2. allow the contents of a shopper's basket to be transferred to the checkout and purchased; and

  3. determine whether a customer is signed into a secure area of the Website such as the checkout area.

Essential cookies are not harmful to your computer and they do not store personal data such as your credit card details.

Functionality Cookies:

Functionality cookies are designed to save personal data, such as names and addresses, which on return to the Website will not need to be filled out again. Functionality cookies also remember important information such as your response if asked to fill out a survey which will be remembered to prevent unnecessary repetition. To summarise, functionality cookies do the following:

  1. tell us if you have already logged in to your account;

  2. tell us if this is your first visit to the Website; and

  3. enable live chat services to function correctly.

Third Party Cookies:

Third party cookies determine which adverts are most likely to be preferable to a customer based on their interest. These cookies will also assess how effective an advertising campaign is towards customers and limit how often adverts are shown accordingly. The bulk of third party cookies are placed onto a shopper's computer by the selected advertising organisations that we have granted permission to do so. These cookies work to remember when customers visit our Website and will then inform our advertising organisations so that they can provide adverts of probable interest. To summarise, third party cookies do the following:

  1. gather information about a customer's typical browsing habits; and

  2. display adverts of most relevance to you.

The information stored in third party cookies in order to display adverts is completely anonymous and therefore contains none of your personal details.

We sometimes embed content from websites. As a result, when you visit a page containing such content, you may be presented with cookies from these websites. We do not control the dissemination of these cookies and you should check the relevant third party's website for more information.

GDPR Policy forRiviera Surgery LLP Healthcare IT Systems

Healthcare records are considered special catorgory data and are subject to more strict data protection control.

The way we store and use healthcare records are subject to CQC and NHS Digital regulations.

Riviera Surgery LLP takes data security and confidentiality very seriously. Data entered about patients and users will only be used for the purpose of Riviera Surgery LLP Healthcare IT Systems , it will never be shared with a third party or used for any form of communication not related to the function of Riviera Surgery LLP Healthcare IT Systems.

The GDPR gives individuals rights which are detailed below:

  • Right to be informed: Riviera Surgery LLP Healthcare IT Systems tell patients and users what data of theirs is being collected with a consent document, it will only be used for purpose of the Healthcare IT system, data will only be kept as long as required and it will never be shared with any third parties.

  • Right of access: Patients and users of Riviera Surgery LLP Healthcare IT Systems have the right to request a copy of the information that Riviera Surgery LLP Healthcare IT Systems holds on them.

  • Right of rectification: Patients and users of Riviera Surgery LLP Healthcare IT Systems have the right to correct data that is inaccurate or incomplete.

  • Right to be forgotten: Patients and users of Riviera Surgery LLP Healthcare IT Systems can ask us to erase any personal data that is stored on them and we will immediately comply.

  • Right of portability: individuals can request that Riviera Surgery LLP Healthcare IT Systems transfers any data that it holds on them to another company.

  • Right to restrict processing: Patients and users of Riviera Surgery LLP Healthcare IT Systems can request that we limit the way it use personal data.

  • Right to object: Patients and users of Riviera Surgery LLP Healthcare IT Systems have the right to challenge certain types of processing, any communication from NHSR will only be related to the registry.

  • Rights related to automated decision making, including profiling: Patients and users of NHSR can ask us to provide a copy of its automated processing activities if they believe the data is being processed unlawfully. Patients and users of Riviera Surgery LLP Healthcare IT Systems are free to exercise their rights and ask us to explain how we can do this.

The Website and its webpages are operated by Riviera Surgery LLP, a company registered in England and Wales. Our registered office is: Westbury Hill, Bristol, Avon, BS9 3QA. Our company registration number is OC429838. Riviera Surgery LLP is a registered Data Controller with the Information Commissioner's Office (ICO) under registration number ZA645133. This means that we are responsible for, and control the processing of, the personal data we collect about patients and users. Details of Riviera Surgery LLP notification to the regulator for data protection, may be found in the ICO's Public Register of Data Controllers at www.ico.org.uk. Riviera Surgery LLP is registered and data safety regulated by Care Quality Commission  (CQC), (CQC CRT-9418357166), Riviera Surgery LLP is registered with NHS Digital  and compliant with Data Security and Protection (NHS Digital- C9G2R).

bottom of page