Prior to GDPR coming into force, we carried out marketing activity to many thousands of established customers. This article describes how we have carefully considered our marketing to those customers in order to comply with the regulations.

There are 4 key areas outlined below where we have a legitimate interest to use personal data, as gathered from orders placed with us: for order fulfilment; to respond to queries; to invite reviews; and to continue marketing to data collected prior to 25th May, 2018.

Legitimate use of data for order fulfilment

We gather data such as billing name, address and contact details and the delivery name, address and contact details so we can legitimately:

  • Check card details match the billing details to detect fraud
  • Send orders to customers via Royal Mail, Parcelforce, FDC and other couriers we may use
  • Email order and dispatch confirmations
  • Call customers if something has gone wrong with the order

Legitimate use of data from your queries

We will continue to gather data such as contact name, address and contact details that are offered to us directly so we can legitimately:

  • Check whereabouts you are in the country for an accurate quote
  • Pass on your data to our select suppliers and partners who can fulfil assessments such as the cost of a stairlift installation
  • Email, mail or call you to follow up your query with a suitable response
  • Fill in credit applications where applicable

Legitimate use of data for reviews

When somebody orders from us, we usually send them invitations to review the service and the product(s) they have purchased.

We conducted a 3-Stage test in order to assess whether we should continue to do this from the introduction of GDPR on the 25th May 2018 as follows:

1. Identification of a legitimate interest

Reviews are invaluable to customers who are researching a company and the products they sell. They also help a company to build a trust factor with their customer base.

Reviews by people who have bought before are of huge benefit to other people. They also help a company to understand how their customers feel about their service and products. In short, reviews are critical to how business is done online.

We feel we have not only a legitimate interest, but a duty to run and maintain independent feedback from our customers.

2. The necessity test

If we cannot invite people to review our products and services, there will be an imbalance of reviews, which will affect the validity of the feedback.

A survey by Podium.com (2017 State of Online Reviews) showed that 93% of consumers said that online reviews made an impact on their buying decision and 82% said that the content of a review has convinced them to buy. In the same survey, 77% said they would leave a review if invited to do so. Therefore, if all customers are not invited to leave reviews, there will be an imbalance as people are more likely to write a bad review without prompt than a good review. If we do not invite reviews, then the accuracy and trustworthiness of the reviews would cease to be of any value. Reviews are vital to people buying online and invitations are vital to people leaving reviews.

3. The balancing test

Accurate service and product reviews are vital to help people make buying decisions. They are of such a benefit to people online that we need to provide an independent review service.

For a service review, we send the order number, customer name and email address to Trustpilot, who then invite the customer to leave a review. The customer can easily opt out of the email from Trustpilot or easily leave a quick review. The service reviews are of enormous value to customers and potential customers alike. They are also of benefit to the company and help us to measure our performance.

Once a product review is left on Trustpilot, we then ensure this appears on the correct product page on our website. This provides honest feedback for products that are both well-received and products that we should consider not selling any more, making the product reviews beneficial to both customers and our company in equal measure.


Overall, reviews bring balance and trust to online retail. This is one of the things that is good about the internet – giving people the means to collaborate and the ability to share feedback to help others make better decisions. Reviews are people power that are of equal benefit to customers, potential customers and the company. We therefore feel that asking to review us is a legitimate interest.

Legitimate use of data for marketing

For many years, we have carried out marketing to people who have ordered from us (our customers) and those who have chosen to receive our emails. Our database for emails has never included any third party data and we have never sold data to any third party.

We have conducted a 3-Stage test in order to make sure that we can continue to send emails and product information to our customer email addresses which were collected prior to 25th May 2018 as follows:

1. Identification of a legitimate interest

For all the time prior to the 25th May, 2018, we used email and print to stay in touch with our customer base. At NRS Healthcare, we only use collected data for our own marketing and we have never passed it on to third parties so we only use the data to promote the products and services that are shown on our website.

As the marketing is well-received and sales are driven, we feel that we are providing a legitimate service to our customers to keep them informed of our products and services. Our range and value-for-money means that our customers often have more choice and better prices than shopping elsewhere and we need to keep them updated on what we can offer them. Every email stimulates sales and these sales can be attributed to the marketing.

We conclude we have a legitimate interest to continue to market to our customer database up to the 25th May 2018. From thereon, website changes mean that customers opt-in and everything is much clearer about how we handle customer data thanks to GDPR.

2. The necessity test

Based on our figures for 2018, sales from our email marketing account for 7 to 10% of all sales (based on Analytics data) and therefore is a sizeable amount of our day to day business. We could not continue to offer such a wide range and value-for-money without this marketing activity. It is therefore critical to our business.

3. The balancing test

New customers prior to the 25th May 2018, would likely have received three to four emails per week. This is normal for us and those customers would expect this to continue. Due to the sales generated, these emails must be of value to our customers as they are receiving good offers and/or hearing about other products and services that they didn't necessarily know existed before. What's more, we really want to develop a relationship with our customers – they are important to us and we are important to them. As a business specialising in products that help people with disabilities or who are older and find it more difficult to carry out day-to-day tasks like dressing, bathing or picking up something they've dropped on the floor, people need to know that there are products available to help them maintain a level of dignity at home and therefore stay as independent as possible.

In no way would we ever intend to harm anyone from our marketing. The data we use for our marketing has never and will never be used to discriminate, cause financial loss, reputational damage, loss of confidentiality nor professional secrecy. We value our customers’ rights and privacy so the data we gather from them is limited and is not used to harm in any way. We do recognise, however, that if we write to someone who has died that this may cause distress to a friend or relative. Once we are notified of this, we ensure that we do not market to this data again. All emails also carry an automatic unsubscribe link.

Over the years, we have gathered significant numbers of customer records that we keep securely. If we did not market ourselves to this database, there would be a significant commercial impact.

Considering that our customers respond well to our emails, we can only conclude that they also benefit from learning about new products and pricing that can help them. Many people don't know about all the products we sell – there are thousands to browse through – so our emails do help to promote new products and educate people who are caring for loved ones about equipment that can help.

The data we are looking at here covers all customers and anyone who has opted to join our mailing lists up to the 25th May 2018. This data may cover individuals, care homes, schools, an NHS Trust, a local authority or other businesses. The data held for email marketing is only the name we use to greet the recipient and their email address. Similarly, for direct mail, we use the recipient name and their postal address. We do not use any GDPR Article 9 personal medical data for marketing.

The data we have is used regularly to maintain contact with our customers and they supplied this data originally. Any marketing can be unsubscribed from at any time (and this has always been the case). Our marketing is to the original data as supplied – we do not reveal any of this data to anyone else. As such, our emails are non-intrusive and are appropriate to each customer using a personal greeting wherever possible.

All our emails carry a simple unsubscribe link so a customer can easily control whether we contact them or not. This easy unsubscribe link will continue to appear for all marketing under GDPR.

Further to being able to unsubscribe, we have regularly examined our data as an added safeguard. Every month, we examine inactive emails and do not continue to market to those who have not opened emails for 6 months or more.


We have carefully considered how we continue to market to our customer database after GDPR is implemented from 25th May 2018.

In summary:

  • We know and can evidence that many customers respond to this marketing
  • The data used is not harmful in any way and we have plenty of evidence to demonstrate that customers respond positively to our marketing and, indeed, benefit from it
  • We have always looked after customer data responsibly and have maintained it well by removing unsubscribers immediately, regularly removing hard bounces and people who just don't open emails
  • The data we use for marketing is only from orders or people who have opted to join our mailing lists – we can demonstrate this
  • We have been regularly using email marketing for many years
  • We have always offered an opt-out via a simple unsubscribe link on our email marketing
  • We only market products and services that are available on our website

As such, we have established a legal basis on which to continue to market to our pre-GDPR database on the grounds that our marketing is both beneficial to our customers and is commercially vital to our business.

We shall inform all those customers via email of the changes to our Privacy Policy, maintain our data cleansing routines and offer the unsubscribe link as a matter of course.

From the 25th May 2018, we will only market to new customers who have specifically opted in. In reality, we will be inviting new customers to opt in who bought from us from the 7th May 2018 as we haven't made any presumption on data consent since that date.

View Our Privacy Policy

Original tests and review completed: 14th May, 2018