- Norton Medical uses industry-standard HTTPS certificates.
- We are compatible with Microsoft 365 documents.
1. What is the General Data Protection Regulation (GDPR)?
- GDPR is designed to unify data privacy requirements across the European Union (EU). If you market to or process the information of EU Data Subjects – which include end users, customers and employees – a company needs to conform to GDPR to continue conducting business.
- Legitimate interest. This is a very helpful for companies to consider when deciding if they need GDPR consent as their legal basis to store and process data. For paying customers with whom there is a clear relationship then legitimate interest may suffice. PECR/ePrivacy compliance is important too and all Norton Medical websites are secure compliant.
- Your company information is securely stored at Norton Medical Industries main office.
- We have acknowledge that consent is the most appropriate lawful basis for processing your business information.
- We have made the request for consent to maintain your company information prominent and separate from our terms and conditions.
- We ask people to positively opt in.
- We don’t use pre-ticked boxes or any other type of default consent.
- We use clear, plain language that is easy to understand.
- We specify why we want the data and what we’re going to do with it.
- We give individual (‘granular’) options to consent separately to different purposes and types of processing.
- We name our organization Norton Medical Industry and any third party companies such as laboratories and collection who will be relying on the consent.
- We tell individuals they can withdraw their consent.
- We ensure that individuals can refuse to consent without detriment.
- We avoid making consent a precondition of a service.
2. What kinds of personal information about you do and your employees do we process?
Personal information that we’ll process in connection with all of our services, if relevant, includes:
- Personal and contact details, such as title, full name, contact details and contact details history
- Your date of birth, gender and/or age/ driver license number
- Records of your contact with ussuch as via the phone number of our breakdown service and, if you get in touch with us online using our online services or via our smartphone app, details such as your mobile phone location data, IP address and MAC address
- Products and servicesyou hold with us, as well as have been interested in and have held and the associated payment methods used
- The usage of our products and services, any call outs and claims and whether those claims were paid out or not (and details related to this)
- Marketing to you and analyzing data, including history of those communications, whether you open them or click on links, and information about products or services we think you may be interested in, and analyzing data to help target offers to you that we think are of interest or relevance to you.
- Information about your use of products or services held with our business partners, such as insurance policies, mortgage, savings or financial services and products
- Information we obtained from third parties,
- Prevention Agencies(see the section on ‘Fraud Prevention Agencies’ below), including public (for example, defaults, CCJs) and shared credit history, financial situation and financial history
- Fraud, debt and theft information, including details of money you owe, suspected instances of fraud or theft, and details of any devices used for fraud
- Criminal records information, including alleged offences, for example if you apply for car insurance
- Information about your employment status, if relevant
- Insights about you and our customersgained from analysis or profiling of customers
- Where relevant, information about any guarantorwhich you provide in any application
- Third party transactions; such as where a person other than the account holder uses the service, information about that person and the transaction
3. What is the source of your personal information?
We’ll collect personal information from the following general sources:
- From you directly, and any information from family members, associates or beneficiaries of products and services
- Information generated about you when you use our products and services
4. What do we use your personal data for?
We use your personal data, including any of the personal data listed in section 1 above, for the following purposes:
- Managing the product or service you have with us
- Managing any aspect of the product or service
- To perform and/or test the performance of, our products, services and internal processes
- To improve the operation of our business and that of our business partners
- To follow guidance and best practice under the change to rules of governmental and regulatory bodies
- For management and auditing of our business operations including accounting
- To monitor and to keep records of our communications with you and our staff (see below)
- To administer our good governance requirements and those of other members of our AA Group, such as internal reporting and compliance obligations or administration required for Annual General Meeting (“AGM”) processes
- For market research and analysis and developing statistics
- For direct marketing communications and related profiling to help us to offer you relevant products and service, including deciding whether or not to offer you certain products and service. We’ll send marketing to you by SMS, email, phone, post,
- To provide personalized content and services to you, such as tailoring our products and services, our digital customer experience and offerings, and deciding which offers or promotions to show you on our digital channels
- To develop new products and services and to review and improve current products and services
- To comply with legal and regulatory obligations, requirements and guidance
- To provide insight and analysis of our customers both for ourselves and for the benefit of business partners either as part of providing products or services, helping us improve products or services, or to assess or improve the operating of our businesses
- To share information, as needed, with business partners (for example, financial services institutions, insurers), account beneficiaries, service providers or as part of providing and administering our products and services or operating our business
5. What are the legal grounds for our processing of your personal information (including when we share it with others)?
We rely on the following legal bases to use your personal data:
- Where it is needed to provide you with our products or services, such as:
- a) Assessing an application for a product or service you hold with us, including consider whether or not to offer you the product, the price, the payment methods available and the conditions to attach
b) Managing products and services you hold with us, or an application for one
c) Updating your records, tracing your whereabouts to contact you about your account
d) Sharing your personal information with business partners and services providers when you apply for a product to help manage your product
e) All stages and activities relevant to managing the product or service including enquiry, application, administration and management of accounts,
f) For some of our profiling and other automated decision making to decide whether to offer you a product and/or service, particular payment method and the price or terms of this
- Whereit is in our legitimate interests to do so, such as:
- a) Managing your products and services relating to that, updating your records, tracing your whereabouts to contact you about your account b) To perform and/or test the performance of, our products, services and internal processes
c) To follow guidance and recommended best practice of government and regulatory bodies
d) For management and audit of our business operations including accounting
e) To carry out searches at Credit Reference Agencies pre-application, at the application stage, and periodically after that. Where you have been introduced to us by a broker or other intermediary they may do these searches on our behalf
f) To carry out monitoring and to keep records of our communications with you and our staff (see below)
g) To administer our good governance requirements and those of other members of our Group, such as internal reporting and compliance obligations or administration required for AGM processes
h) For market research and analysis and developing statistics
i) For direct marketing communications and related profiling to help us to offer you relevant products and services, including deciding whether or not to offer you certain products and service. We will send marketing to you by SMS, email, phone, post) Subject to the appropriate controls, to provide insight and analysis of our customers to business partners either as part of providing products or services, helping us improve products or services, or to assess or to improve the operating of our businesses
k) For some of our profiling and other automated decision making
l) Where we need to share your personal information with people or organizations in order to run our business or comply with any legal and/or regulatory obligations
- To comply with our legal obligations
- With yourconsent or explicit consent:
- a) For some direct marketing communications
b) For some of our profiling and other automated decision making
6. When do we share your personal information with other organizations?
We may share information with the following third parties for the purposes listed above:
- Client laboratories and collection sites and service providers
- Market research organizations who help us to develop and improve our products and services
7. How and when can you withdraw your consent?
Where we’re relying upon your consent to process personal data, you can withdraw this at any time by contacting us using the details below.
8. Is your personal information transferred outside the United States
9. How do we share your information with credit reference agencies?
We do not share your information with credit reference agencies.
We’ll use this information to:
- Verify the accuracy of the data you have provided to us
- Prevent criminal activity, fraud and money laundering
- Manage your account(s)
- Assess payment methods available to you
- Trace and recover debts
- Make sure any offers provided to you are appropriate to your circumstances
When CRAs receive a search from us they will place a search footprint on your credit file that may be seen by other lenders.
10. How do we share your information with Fraud Prevention Agencies?
There are more details about how credit reference and fraud agencies use your personal data here.
11. What should you do if your personal information changes?
You should tell us so that we can update our records using the details in the Contact Us section of our website. We’ll then update your records if we can.
12. Do you have to provide your l information to us?
We’re unable to provide you with our products or services if you do not provide certain information to us. In cases where providing some personal information is optional, we’ll make this clear.
13. Do we do any monitoring involving processing of your personal information?
In this section monitoring means any: listening to, recording of, viewing of, intercepting of, or taking and keeping records (as the case may be) of calls, email, text messages, social media messages, in person (face to face) meetings and other communications.
We may monitor where permitted by law and we’ll do this where the law requires it, or to comply with regulatory rules, to prevent or detect crime, in the interests of protecting the security of our communications systems and procedures and for quality control and staff training purposes. This information may be shared for the purposes described above.
14. What about other automated decision making?
We sometimes make decisions about you using only technology, where none of our employees or any other individuals have been involved. For instance, we may do this to decide: whether to offer you a product or service, to determine the risk of doing so, the price we will offer, whether to offer you credit, what terms and conditions to offer you, assess lending, insurance and business risks, or to assess what payment methods we can offer you. We may also do this using data from other parts of the AA, including product or services details (including usage of them or claims made) and telematics data captured including on your vehicle, driving behaviour and location information.
We’ll do this where it is necessary for entering into or performing the relevant contract, is authorised by laws that apply to us, or is based on your explicit consent.
15. For how long is your personal information retained by us?
Unless we explain otherwise to you, we’ll hold your personal information based on the following criteria:
- For as long as we have reasonable business needs, such as managing our relationship with you and managing our operations
- For as long as we provide goods and/or services to you and then for as long as someone could bring a claim against us; and/or
- Retention periods in line with legal and regulatory requirements or guidance.
16. What are your rights under data protection laws?
Here is a list of the rights that all individuals have under data protection laws. They don’t apply in all circumstances. If you wish to use any of them, we’ll explain at that time if they are engaged or not. The right of data portability is only relevant from May 2018.
- The rightto be informedabout the processing of your personal information
- The right to have your personal information corrected if it is inaccurateand to haveincomplete personal information completed
- The rightto objectto processing of your personal information
- The right to restrict processingof your personal information
- The right to have your personal information erased(the “right to be forgotten”)
- The right to request accessto your personal information and to obtain information about how we process it
- The right to move, copy or transfer your personal information(“data portability”)
- Rights in relation to automated decision making which has a legal effect or otherwise significantly affects you
You have the right to complain to the Information Commissioner’s Office which enforces data protection laws: https://ico.org.uk/. You can contact us using the details below.
17. Your right to object
You have the right to object to certain purposes for processing, in particular to data processed for direct marketing purposes and to data processed for certain reasons based on our legitimate interests. You can contact us by going to the Contact Us section of our website to exercise these rights.
18. What are your marketing preferences and what do they mean?
We may use your business address, phone numbers, email to contact you according to your marketing preferences.
You can opt out of any email or text marketing by following the unsubscribe links. If you receive a marketing call from us, you can ask the person who called you to opt you out. You can also write to us at Norton Medical Industries, 6265 Sepulveda Blvd, Van Nuys, CA 91411. Or send us an email on our Contact page – choose ‘Using our services’ and then ‘I want to opt out of marketing messaging’.
If you have any questions about this privacy notice, or if you wish to exercise your rights or contact the admin@NortonMedical.com, you can contact us by going to the Contact Us section of our website. Alternatively, you can write to Norton Medical Industries, 6265 Sepullveda Blvd, Van Nuys, CA 91411, marking it for the attention of the Administration.