GDPR stands for General Data Protection Regulation and is designed to protect your personal information. GDPR is the law that governs your personal data; every company in the UK needs to abide by it and let you know how your personal data is used.
GDPR is a European privacy law that replaces the 1995 Data Protection Directive. It marks the biggest change in data protection for 20 years. From the 25th May 2018, all UK and EU businesses will have to handle your data in compliance with GDPR. More specifically, it is “Regulation (EU) 2016/619 of the European Parliament, and of the Council of 27th April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.”
With the explosion of the internet, more and more data is being created and stored all over the world. GDPR has been introduced to try and keep up with the phenomenal growth in data and is designed to make use of your personal data more transparent – putting you in control.
Fundamentally, everyone has a right to know how their personal data is used and the right to erase it. NRS Healthcare has always taken personal data seriously and has never sold it to third parties. This means we're really happy to see this change in the law and we will be compliant with it.
What is personal data?
Your personal data is any information that relates to you – like your name, where you live and your contact details.
What is data processing?
A company like us processes data when we do something with it. For example, if we store or remove your data in our database, that's a process. If we need to refund you, we'll need to use your data. If we get in touch with you, we'll be using your personal data. Under GDPR, you have a right to know how a company will process your personal data.
We are a Data Controller
NRS Healthcare decides how to use the personal data it collects so it is known as a Data Controller. We use your data to send orders and marketing emails. For want of a better phrase, under GDPR, our customers are known as “data subjects”.
NRS Healthcare uses carefully selected data processors to help us run efficiently and provide the best shopping experience we can. For example, the search engine on our website uses a specialist processor which takes our data to make the most relevant search recommendations possible. We also upload only names and email addresses to an email newsletter system. Where we utilise other data processors, we make sure that your personal information continues to be protected under GDPR, under legal agreements or by having our suppliers sign up to a regulatory-approved privacy scheme.
Under GDPR you have new rights which include:
- The right to be forgotten – this is where any information we, or our data processors, hold is erased. We can erase everything except what we need to keep for UK Legal Purposes (e.g. proof of invoice and any VAT Relief claims)
- The right to object – for example, if you don't want to receive our email newsletters or don't like the way we're administrating your data, you can object to it
- The right to rectification – under GDPR, you can ask to update your personal data if it is incorrect or incomplete
- The right of access – this is where you have the right to know how your data is being used and why
Read about our legitimate interests in using your data.