GDPR Privacy Notice Summary

APC Cardiovascular Ltd is committed to protecting the privacy and security of your personal information. This privacy notice describes how we collect and use personal information about you during and after your working relationship with us, in accordance with the General Data Protection Regulation (GDPR).

What information do we keep?
As a business to business organisation, we mainly collect, store, and use the following categories of information: Business contact details such as name, job title, department, address, telephone numbers, and work email addresses.

Very occasionally, with your explicit consent, we collect, store, and use the following categories of personal information about you: personal email addresses & personal mobile numbers.

We collect personal and business information about customers and suppliers directly from the companies that we interact with, usually the first time we meet or do business with you. This may be from purchase orders, email messages, phone calls or face to face meetings.

Why do we need this information?
We need information primarily to allow us to perform our contract with you and to enable us to comply with legal obligations. In some cases we may use your personal information to pursue legitimate interests of our own or those of third parties, provided your interests and fundamental rights do not override those interests.

The situations in which we will process your personal information are listed below.

  • Delivering products or samples directly to you
  • Contacting you about deliveries or returned goods
  • Contacting you about purchase orders
  • Contacting you about product changes and updates
  • Contacting you about opportunities for training and development
  • Special prices or promotions
  • Price changes & queries
  • Arranging meetings and visits
  • Other administration of contracts

Do we share this information?
We may have to share your data with third parties, including service providers. We require third parties to respect the security of your data and to treat it in accordance with the law. We may transfer your personal information outside the EU.  If we do, you can expect a similar degree of protection in respect of your personal information.

How do we protect our data?
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

How do you find out what data we hold?
Under certain circumstances, by law you have the right to:

  • Request access to your personal information (known as a "data subject access request").
  • Request correction of the personal information that we hold about you.
  • Request erasure of your personal information.
  • Object to processing of your personal information where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
  • Request the restriction of processing of your personal information.
  • Request the transfer of your personal information to another party.

Who do I contact about my personal data?
We have appointed a data protection officer (DPO) to oversee compliance with this privacy notice. If you have any questions about this privacy notice or how we handle your personal information, please contact Amanda Law-Lyons, Operations Director, in writing or via email

Please click here to view our full GDPR Privacy notice for customer, suppliers and stakeholders