Our policy on the data we process
CSST Group Ltd (the “Company“, “we” or “us“) is committed to protecting and respecting your privacy.
For the purpose of the Data Protection Act 2018, the EU General Data Protection Regulation or any other applicable legislation, the data controller is CSST Group Ltd, a company registered in England with company number 11238599 and our registered office at CSST Group, 6 Lawrence Grove, Uxbridge UB10 0FF, London, UK.
Our data protection officer is Alok Shinde, who can be contacted at the address above.
Please note that links from our website may take you to external websites not covered by this policy. We recommend that you check their privacy policies yourself before submitting any personal information. We will not be responsible for the content, function or information collection policies of these external websites.
Information We Collect From You
We will collect and process the following data about you:
Information you give us. This is information about you that you give us by filling in forms on our site, www.csstgroup.co.uk, (“our site“) or by corresponding with us by phone, email or otherwise. It includes information that you provide when you register to use our site, subscribe to our service, search for a product, place an order on our site, participate in discussion boards or other social media functions on our site, or enter a competition, promotion or survey, and when you report a problem with our site. The information you give to us may include your name, address, email address and phone number, financial and credit card information, personal description and/or photograph.
Special category data you give to us.This is sensitive information that you give to us by filling in forms on our site or by corresponding with us by phone, email or otherwise. You will provide us with special category data when making a purchase and completing our screening information as part of your consultation. It may include, but is not limited to, information relating to genetics, ethnic origin, health, biometrics, sex life and/or sexual orientation.
Information we collect about you.With regard to each of your visits to our site, we will automatically collect the following information:
technical information, including the internet protocol (IP) address used to connect your computer to the internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; and information about your visit, including the full Uniform Resource Locators (URL),clickstream to, through and from our site (including date and time),products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs),methods used to browse away from the page, and any phone number used to call our customer service number.
Information we receive from other sources.This is information that we receive about you if you use any of the other websites that we operate or the other services that we provide. In this case, we will have informed you when we collected that data if we intend to share such data internally and combine it with data collected on our site. We will also have told you for what purpose we will share and combine your data. We work closely with selected third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies) and will notify you when we receive information about you from them and the purposes for which we intend to use that information.
This list is not exhaustive and, in specific instances, we may need to collect additional data for the purposes set out in this policy.
A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer, provided you accept them. Cookies contain information that is transferred to your computer’s hard drive.
We use the following cookies:
Strictly necessary cookies: These are required for the operation of our site. They include cookies that enable you to log into secure areas of our site, use the shopping cart, or make use of e-billing services.
Analytical/performance cookies: These allow us to track the number of visitors to our site. This helps us to improve the way our site works, for example by ensuring that users are finding what they are looking for easily.
Functionality cookies: These are used to recognise you when you return to our site, enabling us to personalise our content for you, greet you by name and remember your preferences.
Targeting cookies: These cookies record your visit to our site, the pages you have visited and the links you have followed. We will use this information to make our site and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.
You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies),you may not be able to access all or parts of our site.
We use information held about you in the following ways:
We will use this information:
Special Category Data
We rely upon your explicit consent to allow us to process your special category data, which is necessary for the purpose of preventative or occupational medicine, medical diagnosis and provision of health treatment, which is carried out in accordance with regulatory guidelines.
We will use this information to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us.
Information we collect about you
We will use this information:
We may use automated decision-making and profiling to tailor the information we provide to you to your specific circumstances.
Who do we share your information with?
Details of whom we will share your data with and why is set out in our Data Record. Copies of our Data Record are available from our data protection officer.
Sharing your information within our company and partners
We share the information that you provide to us with our staff so that we can provide our products and services to you.
We may share the information that you provide to us with other partner companies and other websites that we operate. For example, if you place an order online, we may share information with the prescribing doctor to enable you to receive the prescription and also the pharmacy to arrange despatch to you via post.
Sharing your information with third parties
We may share your information with selected third parties including:
There are certain exceptional circumstances in which we may disclose your information to other third parties. This would be where we believe that the disclosure is:
How long do we keep your personal information?
We will only store your personal information for as long as we need it for the purposes for which it was collected. Where we provide you with any service (e.g. subscription service),we will retain any information that you provide to us at least for as long as we continue to provide that service to you.
Where we store your personal data
All information that you provide to us is stored on our secure servers. Any payment transactions will be encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
You have the right to be informed
We have a legal obligation to provide you with concise, transparent, intelligible and easily accessible information about your personal information and our use of it.
We have written this policy to do just that, but if you have any questions or require more specific information, you can get in touch using our details above.
You have the right to access your personal data
You have the right to ask us to confirm whether or not we hold any of your personal information. If we do, you have the right to have a copy of your information and to be informed of the following:
In order to maintain the security of your information, we will have to verify your identity before we provide you with a copy of the information we hold. The first copy of your information that you request from us will be provided free of charge, if you require further copies we may charge an administrative fee to cover our costs.
You have the right to correct any inaccurate or incomplete personal data
Where you have requested a copy of the information we hold about you, you may notice that there are inaccuracies in the records, or that certain parts are incomplete. If this is the case, you can contact us so that we can correct our records.
You have the right to be forgotten
There may be times where it is no longer necessary for us to hold personal information about you. This could be if:
In those situations, you have the right to have your personal data deleted. If you believe one of these situations applies to you, please contact us.
You have the right to have a copy of your data transferred to you or a third party in a compatible format
Also known as data portability, you have the right to obtain a copy of your personal data for your own purposes. This right allows you to move, copy or transfer your personal data more easily from one IT system to another, in a safe and secure way. If you would like us to transfer a copy of your data to you or another organisation in a structured, commonly use and machine-readable format, please contact us. There is no charge for you exercising this right.
You have the right to object to direct marketing
You can tell us at any time that you would prefer that we do not use your information for direct marketing purposes. If you would not like to receive any direct marketing from us, please contact us or use the links provided in any of our marketing communications, and we will stop sending direct marketing immediately.
You have the right to object to us using your information for our own legitimate interests
Sometimes, we use your personal information to achieve goals that will help us as well as you. This includes:
You have the right to restrict how we use your personal data
You have the right to ask us to stop using your personal data in any way other than simply keeping a copy of it. This right is available where:
If you believe any of these situations apply, please contact us.
You have rights related to automated-decision making and profiling
Any automated decision-making or profiling that we undertake is solely for the purpose of tailoring the information which we provide to you. We will not use automated decision-making or profiling to make any decisions which will have a legal effect upon you or otherwise significantly affect you, and you have the right not to be subject to such decisions. If you have any concerns or questions about this right, please contact us.
If you wish to make a complaint about our collection or use of your personal data, please contact us in the first instance so that we may seek to resolve your complaint.
6 Lawrence Grove
You have the right to lodge a complaint with the Information Commissioner’s Office (ICO),the statutory body which oversees data protection law in the UK. Please visit the ICO website if you wish to lodge a complaint with the ICO.