How is the Medasun data used?
Medasun Ltd stores only personal data that is required to fulfil the purpose for which they were collected.
Paypal data and sage pay data used for records of historical sales and to inform TPS of sales to customers to verify delivery costs to customers.
Medasun Ltd., customers names and addresses are not shared with any other 3rdparty for marketing purposes.
Medasun Ltd delete all customer data after a period of 6 years for HMRC purposes.
The personal information you supply to MedasuN will be stored on MedasuN’s computer systems and may be used by MedasuN in its business. In addition MedasuN may use your information for the purpose of billing and payment or otherwise supporting MedasuN’s business. The information may also be used and shared with third parties for credit and/or identity checking. The personal information collected will be processed in accordance with the United Kingdom’s Data Protection Act.
If Medasun intends to use customer data for sales and marketing purposes a consent form will be sent to the customer to agree with their data being used in this way and an opt out clause if the customer does not want to continue receiving sales or marketing information from Medasun. You can withdraw this consent at any time by advising MedasuN by e mailing; [email protected]
MedasuN does not use any Spyware on its web site. Cookies may be used on the site to manage the website. Cookies are not used to collect personal data. You may set your browser not to accept Cookies, but non-use of the Cookies may affect your use of the website.
If you have any concern or questions about privacy at MedasuN please contact us [email protected]
- THIRD PARTY RIGHTS
Except for our affiliates, directors, employees or representatives, a person who is not a party to these Conditions has no right under the Contracts (Rights of Third Parties) Act 1999 to enforce any term of this agreement but this does not affect any right or remedy of a third party that exists or is available apart from that Act.
- EXTERNAL LINKS
To provide increased value to our users, we may provide links to other websites or resources for you to access at your sole discretion. You acknowledge and agree that, as you have chosen to enter the linked website we are not responsible for the availability of such external sites or resources, and do not review or endorse and are not responsible or liable, directly or indirectly, for:
16.1. the privacy practices of such websites;
16.2. the content of such websites, including (without limitation) any advertising, content, products, goods or other materials or services on or available from such websites or resources; or
16.3. the use which others make of these websites or resources, nor for any damage, loss or offence caused or alleged to be caused by, or in connection with, the use of or reliance on any such advertising, content, products, goods or other materials or services available on such external websites or resources.
New data rules for individuals
Medasun Ltd respects the GDPR regulation that a customer has the right to be forgotten, and if the customer requires this please contact [email protected] if the information is no longer necessary for the purpose for which it was collected, or the data subject withdraws their consent
Customers have a right to see what information Medasun Ltd., holds on their database, if any, and Medasun is happy to share this information for a fee of £10 for administration purposes. Contact [email protected]
Medasun Ltd does not use profiling of their customer data.
Profiling – is defined broadly and includes most forms of online tracking and behavioural advertising, making it harder for businesses to use data for these activities. The fact of profiling must be disclosed to the data subject, and a PIA is required
The right to data portability
Data subjects have a new right to obtain a copy of their personal data from Medasun Ltd. They will also have the right to transmit those data to another controller – for example, another online service provider
In exercising their right, data subjects can request the information be transmitted directly from one controller to another, if it is technically feasible.
Data subject access requests
Business must reply within one month from the date of receipt of the request and provide more information than was required by the regulations previous to GDPR
Medasun Ltd Data Breach response plan.
GDPR requires Medasun Ltd.,to notify the NDPA of all data breaches without undue delay, within a maximum of 72 hours, unless the data breach is unlikely to result in a risk to individual data subjects.
In cases where the breach is likely to result in high risk to the individuals, Medasun Ltd., will inform data subjects “without undue delay”, unless an exception applies
Data subjects must give Medasun Ltd., consent in all cases“by a clear affirmative action establishing a freely given, specific, informed and unambiguous indication of the individual’s agreement to their personal data being processed, such as by a written statement.” Businesses will bear the burden of proof that customers or employees have given their consent to the processing of their data and that it was obtained in a valid manner