Our Privacy Policy
Where do we get your information from?
We receive your information in the following ways:
- When you communicate with us in person, via a letter, email, telephone, or direct message via social media or live chat.
- When you sign up to one of our mailing lists, or take part in competitions or promotions, or surveys.
- When you subscribe to an online resource, or purchase a book.
- When you use our websites and mobile apps, or interact with us via social media.
- Through audio, image, video or data recording.
- By collating data freely available on the internet.
What information do we collect about you?
We may collect any of the following data about you:
- Name, email address, address, telephone number.
- Visual and audio media and images.
- Current level of study/job title or role, current medical institution, upcoming exam dates.
- Order, subscription, transactional history and session usage data.
- Digital identification data – e.g. browser type and version, cookies, app device ID, current device, operating system, version, internet service provider (ISP), IP address, domain name, device screen resolution.
How do we use your personal information?
- To administer the purchase and delivery of our products and services.
- To share with selected third parties (Data Processors) to deliver key business functions.
- See below for our list of third parties.
- To serve website content, relevant advertisements and communications to you.
- For analytical, statistical or survey purposes to improve our services to you.
- To answer and resolve queries.
- To manage risk for ourselves and our customers.
- To obey laws and regulations.
- To exercise our rights as set out in contracts and agreements.
What are our legal grounds for using your personal information?
To read more about grounds for processing information, please view the ICO Website.
Consent
- To collate customer feedback, industry knowledge and insight.
- To send you emails and targeted online ads from our non-customer mailing lists.
- To inform you of potential employment or contractual opportunities.
- To use quotations, images or other personal data for our marketing and advertising purposes.
- To use your information for competitions, and contact you if you win.
- To pay you, when it is appropriate to do so.
Legitimate Interests
- To solve customer enquiries that arise through email, telephone, letters, social media direct messages or live chat.
- To send marketing emails, surveys and targeted online ads to website visitors, current and previous customers.
- To inform current and previous customers of potential employment or contractual opportunities.
- To disseminate information to relevant parties whose contact information is freely available in the public domain.
- In some instances, we will contact you using information that we collect. This may be because you are a student governor, med school representative, or other relevant interested party.
- The extent of the information we may collect and process will be your name, email address, telephone contact details, Medical School/University/Hospital (if appropriate) and your job title/role.
- You can ask to be removed from our mailing lists at any time by emailing infopa2be@gmail.com and we promise to only share relevant news and resources with you.
- To deploy Cookies – our online ordering system uses a ‘cookie’ to record a unique reference on your computer so that we can keep track of your order as you use the system. This cookie, that is saved to your system, is only valid for a single visit and each new visit will result in a new cookie overwriting any previous cookies that were generated on previous visits to our site.
- Most web browsers allow some control of cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit aboutcookies.org or www.allaboutcookies.org.
- If your internet browser is set to reject cookies or if your network firewall won’t allow them, you will not be able to use our online store or services.
- In some instances, we will contact you using information that we collect. This may be because you are a student governor, med school representative, or other relevant interested party.
Contractual
If you are a customer of ours, having subscribed online or purchased a book, we use your personal data for the following reasons:
- To provide customer feedback surveys.
- To serve website content and advertisements to a specific customer.
- To administer the website and our online products, including the app.
- To notify customers of products or special offers that may be of interest.
- To back up your data in case of disaster recovery.
- For statistical or survey purposes to improve the website and services to users.
- To store and backup user generated content.
It is a contractual requirement that you provide all data in the subscription process. If you fail to provide data or request erasure of data or restriction of processing during a subscription, we may be unable to deliver the service.
Legal Duty
- For example: to ensure compliance with various regulations, e.g. taxation as administered by HMRC.
Vital Interests
- If we have serious concerns about your wellbeing, we may disclose your information to the police or other relevant authorities.
How long may we keep your personal information for?
- As a customer, we will keep your data for as long as we need to, in order to administer your subscription, or deliver a book. After that date, we may keep your records on file for up to ten years for legal reasons and in order to contact you about relevant products, services and opportunities. You can unsubscribe from marketing emails at any time, however, this may impact your experience of an online subscription.
- As an active subscriber to our mailing lists, we will keep your data indefinitely or until you request that it is deleted.
- If you contact us via our enquiries email inbox, we will keep a record of that enquiry for up to two years. Social media direct messages are kept indefinitely, although you can request deletion of your data from those platforms at any time.
Who do we share your personal information with and why do we do it?
Security
- We strongly recommend you DO NOT send anything confidential to us by email. We have rigorous procedures and comprehensive security features to protect any information we receive from you.
- We remind you of the importance of logging out of public devices. Ensure that any device you use to access our online subscriptions or apps has enough security (e.g. PIN code) to stop unwanted users from viewing your personal data.
What are my rights?
You have the right to be informed.
- We have to tell you about the ways in which we collect and process your data, how long we will hold it for, who we share it with and what they do with it.
- We have to tell you whether your data will be transferred out of the European Economic ARea (EEA), where and whether it will be safe.
- We have to tell you whether you will be subject to automated decision making.
- We have to tell you what rights you have in respect of the personal data we hold about you, and the consequences of not providing your data.
- We have to tell you what you can do in the event of your rights being violated.
- We have to tell you where we obtained your data from if not directly from you.
You have the right of access.
- We hold various types of personal information about you, as highlighted in this privacy notice. We are legally obliged to provide you with a copy of this data, should you request it.
- We will try to resolve queries of this nature informally with you, if appropriate. This may involve telling you the information that you need via email, or over the phone.
- If you have any doubt about the accuracy or lawfulness of the processing of your personal data, you have the right to make a ‘Subject Access Request’ (SAR).
- In this instance, we (the Data Controller) must provide you with:
- Confirmation that we are processing your data (if applicable).
- Access to the data that we hold about you, in a reasonable, easily accessed format (e.g a pdf or spreadsheet).
- We will provide this information to you within one month of receiving the request.
- If the request is excessive or complex, we may extend the duration of this response period by two months, and reserve the right to charge a reasonable fee to cover administrative costs.
- In this instance, we (the Data Controller) must provide you with:
- We will not provide personal data where it adversely affects the rights of other individuals, or is protected by legal privilege.
To request any information or make a SAR, please email infopa2be@gmail.com
You have the right to rectification.
- If you discover an error in the personal information that we hold about you, you have the right to rectification.
- If you notify us of a rectification, we will, without undue delay, and within one month, correct the records that we hold internally, and with any third party data processors that we employ.
- As with a Subject Access Request, If the request is excessive or complex, we may extend the duration of this response period by two months.
To exercise these rights, please email infopa2be@gmail.com.
You have the right to restrict processing.
- If we dispute the fact that our information is inaccurate, and request more time to verify this, you have the right to request that data processing is restricted.
- We need to inform you when this restriction is lifted, and ensure that third parties are restricted appropriately too, provided it doesn’t require disproportionate effort.
To exercise these rights, please email infopa2be@gmail.com.
You have the right to object.
- You have the right to object to the following:
- Direct marketing.
- Processing for research or statistical purposes.
- Processing based on legitimate interests.
To exercise these rights, please email infopa2be@gmail.com.
You have the right to erasure.
- If there is a problem with the underlying legality of the data processing activity, you may request that your data is erased.
To exercise these rights, please email infopa2be@gmail.com.
You have the right to data portability.
- Due to the nature of our service, this right has limited applications. We can provide you with name, email address, and other such personal data you have registered with us, but you will appreciate we cannot divulge copyrighted material, e.g. questions.
To exercise these rights, please email infopa2be@gmail.com.
If you feel that your rights have been violated, you can make a complaint to the pa2be Data Protection Team by emailing infopa2be@gmail.com. You also have the right to complain to the supervisory authority, the Information Commissioner’s Office, at www.ico.org.uk/concerns or telephone 0303 123 1113 for further information about your rights, and how to make a complaint.
How do I object?
You have the right to object to the following:
- Direct marketing.
- Processing for research or statistical purposes.
- Processing based on legitimate interests.
You can object to data processing by emailing infopa2be@gmail.com If you wish to unsubscribe from marketing emails, simply click the unsubscribe link at the bottom of any email.
If you feel that your rights have been violated, you can make a complaint to the pa2be Data Protection Team by emailing infopa2be@gmail.com. You also have the right to complain to the supervisory authority, the Information Commissioner’s Office, at www.ico.org.uk/concerns or telephone 0303 123 1113 for further information about your rights, and how to make a complaint.
Changes to our Privacy Notice
This privacy notice was updated on 31 May 2019 to update our Third-Party Suppliers list, and clarify use of personal data.