Privacy Policy

General Data Protection Regulation – Policy

1. COMPLIANCE

The EU General Data Protection Regulation (GDPR) has the aim of harmonising data protection and processing laws across the European Union and giving individuals stronger rights of access and control of their personal data.

Tier One Health Ltd (the Company) will continue to ensure the security and protection of personal data that is held within the Company. Accordingly, it will comply with the provisions of GDPR where it applies to the Company in a manner, which is appropriate and proportionate to the size, type and geography of its business, and in particular, it will process and protect personal data in accordance with the responsibilities and principles set out in GDPR.

Tier One Health Ltd are registered in accordance with the Information Commissioners Office; our registration number is ZA787521.

2. PRINCIPLES

GDPR will apply to the Company, as in the course of its business the Company will process data relating to individuals, which is personal to those individuals. GDPR describes such data as Personal Data and such individuals as Data Subjects.

In compliance with the provisions of GDPR, the Company will accordingly adhere to the following data protection principles:

  • Process Personal Data lawfully, fairly and in a transparent manner;
  • Collect personal Data for specified, explicit and legitimate purposes and will not process it in a manner that is incompatible with those purposes;
  • Only process Personal Data that is adequate, relevant and limited to what is necessary in relation to the purposes for which the Data has been processed;
  • Ensure that Personal Data is accurate and, where necessary, kept up to date;
  • Keep Personal Data in a form which permits identification of the Data Subject for no longer than is necessary for the purposes for which the Data has been processed; and
  • Retain Personal Data in an appropriately secure manner which will include its protection against unauthorised or unlawful processing and against accidental loss, destruction or damage.
  • The Company is also committed to ensuring that the rights of the Data Subject about whom Personal Data is held will be fully upheld, including in particular the rights to:
  • Know that Data is being processed;
  • Access the Data;
  • Object to or restrict processing of the Data; and
  • Correct, rectify, block or erase any Data, which is wrong.

3. PROCESSING

The Company recognises that Personal Data can only be processed on a lawful basis and accordingly its policy will be to determine such lawful basis before it does so and will document this.

GDPR sets out examples of lawful bases for processing Personal Data and these include in particular where processing:

  • Has been consented to by the Data Subject;
  • Is necessary for the performance of a contract with the Data Subject or for taking steps to enter into a contract;
  • Is necessary for compliance with a legal obligation;
  • Is necessary for the purposes of legitimate interests pursued by the controller or a relevant third party, except where the law requires such interests to be overridden by the interests, rights or freedoms of the Data Subject.

4. STORAGE

The Company will consider how long it intends to store information containing Personal Data and determine the criteria for doing so.  After expiry of the retention period, unless there is a sound business reason to retain them beyond this period, the records containing Personal Data will be disposed of securely and destroyed effectively.

5. PROTECTION

The Company’s employees are required to adhere to this policy and other policies of confidentiality of the Company, together with any instructions which may be given from time to time, so that the integrity, confidentiality and security of the Personal Data which the Company processes and to which its employees may have access is protected. Employees are also required to take particular care with regard to protecting special categories of Personal Data.

The Company and its employees must:

  • Only access Personal Data that they are permitted to access and only for authorised purposes;
  • Not allow any other person (including other Company staff) to access Personal Data unless the employee knows that they have the appropriate permissions;
  • Keep Personal Data secure (for example by complying with rules on access to premises), computer access, password protection, encryption and secure file storage and destruction)
  • Not remove Personal Data (including Personal Data in files), or devices containing Personal Data (or which can be used to access it), from the Company’s premises unless appropriate security measures are in place (such as encryption or password protection) to secure the information and the device;
  • Not store Personal Data on local drives or on personal devices that are used for work purposes.

7. DISCLOSURE

The Company may be legally required to share Personal Data with other bodies or agencies, such as government or other official bodies, in some of the circumstances set out above and where prior consent may not have been given beforehand by the Data Subject.

Subject to such exceptions and any other relevant provisions of GDPR, the Company will not disclose Personal Data to any unauthorised persons or third parties.

8. OTHER MATTERS

Use of Site by Children

We do not sell products or provide services for purchase by children, nor do we market to children. If you are under 18, you may use our website only with consent from a parent or guardian.

Encryption of Data Sent Between Us

We use Secure Sockets Layer (SSL) certificates to verify our identity to your browser and to encrypt any data you give us. Whenever information is transferred between us, you can check that it is done so using SSL by looking for a closed padlock symbol or other trust mark in your browser’s URL bar or toolbar.

How You Can Complain

If you are not happy with our privacy policy or if you have any complaint, then you should contact us via email at customerservice@tieronecbd.co.uk . If a dispute is not settled, then we hope you will agree to attempt to resolve it by engaging in good faith with us in a process of mediation or arbitration. If you are in any way dissatisfied about how we process your personal information, you have a right to lodge a complaint with the Information Commissioner’s Office (ICO). This can be done at https://ico.org.uk/make-a-complaint/. We would, however, appreciate the opportunity to talk to you about your concern before you approach the ICO.

Retention Period for Personal Data

Except as otherwise mentioned in this privacy notice, we keep your personal information only for as long as required by us: to provide you with the services you have requested to comply with other law, including for the period demanded by our tax authorities to support a claim or defence in court.

Compliance With The Law

Our privacy policy has been compiled so as to comply with the law of every country or legal jurisdiction in which we aim to do business. If you think it fails to satisfy the law of your jurisdiction, we would like to hear from you. However, ultimately it is your choice as to whether you wish to use our website.

Review of This Privacy Policy

We may update this privacy notice from time to time as necessary. The terms that apply to you are those posted here on our website on the day you use our website. We advise you to print a copy for your records. If you have any question regarding our privacy policy, please contact us via email at info@tieronecbd.co.uk