Policies
Privacy Policy
OVERVIEW
This website is operated by Medinox UK. Throughout the site, the terms “we”, “us” and “our” refer to Medinox UK.
This Privacy Policy explains how Medinox UK (“Medinox”, “we”, “us”, “our”) collects, uses, stores, and protects personal data in connection with this website (the “Service”), in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
By using the Service, you agree to the collection and use of your information as described in this Policy. If you do not agree with this Policy, please do not use the Service.
This Policy covers the UK only. UK GDPR is a separate legal regime from EU GDPR following the UK’s departure from the EU — if you are located in the European Union rather than the UK, see the EU GDPR Addendum at the end of this Policy for your specific rights.
We reserve the right to update, change or replace any part of this Privacy Policy by posting updates and/or changes to our website. It is your responsibility to check this page periodically for changes.
SECTION 1 – DATA CONTROLLER
Entity: Medinox UK Address: Unit 1b Munday Works, 58–66 Morley Road, Tonbridge, TN9 1RP, United Kingdom Email: info@medinox.co.uk Phone: +44 20 8888 6398 Privacy Contact: Duane Brown, Managing Director — duane@medinox.co.uk
Medinox UK acts as the Data Controller for personal data collected via this Service, meaning we determine the purposes and means of processing your personal data.
SECTION 2 – PERSONAL DATA WE COLLECT
We may collect the following categories of personal data: identity and contact data — name, email address, phone number, company name; enquiry and communications data — the content of forms, messages, or reseller applications you submit; technical data — IP address, browser type and version, device data, and other diagnostic data collected via cookies and similar technologies; and marketing preferences — your consent status for marketing communications.
SECTION 3 – LAWFUL BASIS FOR PROCESSING
Under Article 6 of the UK GDPR, we rely on the following lawful bases, depending on the purpose: consent — where you have actively opted in, for example to receive marketing emails; contract — where processing is necessary to respond to your enquiry or take steps towards a contract (for example, a reseller application) at your request; legitimate interests — where processing is necessary for our legitimate business interests (for example, improving the Service or preventing fraud), provided this does not override your rights and interests; and legal obligation — where we must process data to comply with the law.
Where we rely on consent, you may withdraw it at any time, free of charge, without affecting the lawfulness of processing carried out before withdrawal.
SECTION 4 – HOW WE USE YOUR DATA
We use personal data to respond to enquiries and fulfil requests, including catalogue downloads; to process reseller/distributor applications; to send marketing communications, where you have consented or in line with the “soft opt-in” rules under PECR for existing customers; to analyse and improve the Service; and to comply with legal and regulatory obligations.
SECTION 5 – SHARING YOUR DATA
We may share your personal data with trusted third-party service providers (for example, hosting, email, CRM, and marketing platforms) who process data on our behalf under written contracts requiring UK GDPR-standard protections. We do not sell your personal data to third parties.
SECTION 6 – INTERNATIONAL TRANSFERS
Where personal data is transferred outside the UK — for example, to our group entities in South Africa or Australia, or to service providers based overseas — we ensure an appropriate safeguard is in place, such as the UK’s International Data Transfer Agreement (IDTA), the UK Addendum to the EU Standard Contractual Clauses, or a UK adequacy regulation covering the destination country, in each case as required by Chapter 5 of the UK GDPR.
SECTION 7 – DATA RETENTION
We retain personal data only for as long as necessary for the purposes it was collected, including to satisfy any legal, accounting, or reporting requirements, after which it is securely deleted or anonymised.
SECTION 8 – YOUR RIGHTS UNDER UK GDPR
Subject to certain exceptions, you have the right to: be informed about how your data is used (right to be informed); access the personal data we hold about you (right of access); request correction of inaccurate or incomplete data (right to rectification); request deletion of your data in certain circumstances (right to erasure, or the “right to be forgotten”); request that we restrict processing in certain circumstances (right to restriction); receive your data in a portable format (right to data portability); object to processing based on legitimate interests or for direct marketing (right to object); and not be subject to solely automated decision-making with legal or similarly significant effects, without safeguards.
To exercise any of these rights, please contact us using the details in Section 1 above.
SECTION 9 – COOKIES
This Service uses cookies and similar tracking technologies, in line with the Privacy and Electronic Communications Regulations (PECR) alongside the UK GDPR. Non-essential cookies (for example, analytics and marketing cookies) are only set with your consent, given via the cookie banner where applicable. You can manage or withdraw consent at any time through your browser settings or our cookie preference tool.
SECTION 10 – DATA SECURITY
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner’s Office (ICO) within 72 hours of becoming aware, where required, and will notify affected individuals where the breach is likely to result in a high risk to them.
SECTION 11 – HOW TO COMPLAIN
If you have concerns about how we handle your personal data, please contact us first so we can try to resolve the issue. You also have the right to lodge a complaint with the UK’s supervisory authority, the Information Commissioner’s Office (ICO):
Website: https://ico.org.uk Phone: 0303 123 1113 Postal Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom
SECTION 12 – CHANGES TO THIS POLICY
We may update this Policy from time to time. The “Last Updated” date above will be revised accordingly, and we will notify you of material changes where appropriate.
EU GDPR ADDENDUM
This addendum applies to individuals located in the European Union (EU) or European Economic Area (EEA) who use this website or purchase from, or are enquired to by, Medinox as a customer or reseller. Under Article 3(2) of the EU GDPR, the Regulation applies to us whenever we offer goods or services to, or monitor the behaviour of, individuals in the EU — regardless of where Medinox itself is based. It applies alongside, not instead of, the Privacy Policy above.
SECTION 13 – DATA CONTROLLER (EU)
For the purposes of the EU GDPR, the relevant Medinox entity that determines the purposes and means of processing your personal data is the entity operating the site through which you engaged with us — for this website, the entity identified in Section 1 above.
General Privacy Contact (non-EU): Duane Brown, Managing Director — duane@medinox.co.uk
Duane Brown is based in the UK, which is not part of the EU following Brexit, and therefore cannot serve as the EU Representative required under Article 27. He is listed here as a general point of contact only; EU data subjects and supervisory authorities should be directed to the EU Representative once appointed.
EU Representative: [TO BE APPOINTED — INSERT NAME, ORGANISATION, AND EU ADDRESS]
SECTION 14 – LAWFUL BASIS FOR PROCESSING (EU GDPR)
Under Article 6 of the EU GDPR, we process your personal data on one or more of the following bases: consent — for example, where you opt in to marketing communications; contract — where processing is necessary to respond to your enquiry, process an order, or manage a reseller/distributor relationship; legitimate interests — for purposes such as improving the Service or preventing fraud, balanced against your rights and freedoms; and legal obligation — where required to comply with applicable law.
Where we process special category data (which we do not expect to occur through normal use of this Service), we would only do so with your explicit consent or another basis permitted under Article 9.
SECTION 15 – INTERNATIONAL TRANSFERS (EU GDPR)
Because Medinox’s group entities and infrastructure are based in South Africa, Australia, and the UK — none of which currently holds a full, unconditional EU adequacy decision covering all processing at the time of writing — any transfer of your personal data from the EU to those entities is treated as a restricted transfer under Chapter V of the EU GDPR. We rely on appropriate safeguards for such transfers, in particular the European Commission’s Standard Contractual Clauses (SCCs), together with a transfer risk/impact assessment, and will provide further information about these safeguards on request.
SECTION 16 – YOUR RIGHTS UNDER EU GDPR
Subject to certain exceptions, you have the right to: be informed about how your personal data is collected and used; access the personal data we hold about you; request rectification of inaccurate or incomplete data; request erasure of your data in certain circumstances (“right to be forgotten”); request restriction of processing in certain circumstances; receive your data in a structured, commonly used, machine-readable format and transmit it to another controller (data portability); object to processing carried out on the basis of legitimate interests or for direct marketing purposes; not be subject to a decision based solely on automated processing, including profiling, which produces legal or similarly significant effects concerning you, without appropriate safeguards; and lodge a complaint with a supervisory authority.
To exercise any of these rights, please contact us using the details in Section 1 above, or our EU Representative once appointed.
SECTION 17 – DATA RETENTION (EU GDPR)
We retain your personal data only for as long as necessary for the purposes for which it was collected, including to meet legal, accounting, or contractual obligations, after which it is securely deleted or anonymised.
SECTION 18 – DATA SECURITY AND BREACH NOTIFICATION (EU GDPR)
We implement appropriate technical and organisational measures to protect your personal data. In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority within 72 hours of becoming aware, where required under Article 33, and will notify affected individuals without undue delay where the breach is likely to result in a high risk to them, in accordance with Article 34.
SECTION 19 – HOW TO COMPLAIN (EU GDPR)
If you have concerns about how we handle your personal data, please contact us first so we can try to resolve the issue directly. You also have the right to lodge a complaint with the supervisory authority in your EU member state of residence, work location, or the place of the alleged infringement. A list of EU supervisory authorities is available from the European Data Protection Board:
Website: https://edpb.europa.eu/about-edpb/about-edpb/members_en
SECTION 20 – CHANGES TO THIS ADDENDUM
We may update this addendum from time to time to reflect changes in our practices, the appointment of an EU Representative, or legal requirements. The “Last Updated” date above will be revised accordingly.