Privacy Policy

          

Introduction

This is the privacy notice for Mobility Centre (Mobility Centre, we, our or us). 

Mobility Centre respects your privacy and is committed to protecting your personal data in line with the requirements of the Data Protection Act 2018 and the UK GDPR (together data protection laws). This privacy notice will inform you on how we collect your personal data, what we collect, how we use it, when and to whom we may disclose it to and for how long we store it (collectively, processing). It also tells you about your privacy rights including how you can access, amend, correct and in some cases delete your information. 

 

Purpose of this Privacy Notice

This privacy notice aims to give you information on how Mobility Centre collects and processes your personal data. This privacy notice applies when you:

  • visit our website;
  • purchase our products or services;
  • subscribe to marketing about us, our products or services; or
  • otherwise contact us.

For the purposes of this privacy notice we act as a controller of personal data, which means we are responsible for deciding how we process your personal data.

It is important that you read this privacy notice together with any other privacy notice or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy notice supplements other notices and privacy policies and is not intended to override them. 

Note that this notice does not cover the processing of personal data of Mobility Centre employees or individuals who are seeking employment with Mobility Centre.  We have a separate privacy notice for employees and job candidates.

Our website is not intended for children, and we do not knowingly collect data relating to children.

 

What personal data do we collect?

In this notice, personal data, means any information about an individual from which that person can be identified, which we have grouped together as follows:

  • Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.
  • Contact Data includes address, email address and telephone numbers.
  • Financial Data includes bank account and payment card details.
  • Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us. This also includes information related to your “Declaration of eligibility for VAT relief (disabled person)” (if applicable).
  • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website. 
  • Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.  
  • Usage Data includes information about how you use our website, products and services. 
  • Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.      

Your personal data does not include personal data where identifiers that associate that data with you have been removed.  We term this anonymous data.

 

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. 

 

We will collect Special Categories of Personal Data about you (this includes information about your health, and disability), if we are required to submit a “Declaration of eligibility for VAT relief (disabled person)” to HMRC.

We do not collect any information about criminal convictions and offences. 

 

How is your personal data collected?

Your personal data will come from you or us.

When you use our website, which is operated through Shopify, personal data may also be collected by Shopify. For information on the personal data collected by Shopify including by its use of cookies please see Shopify's privacy notice.

 

How we use your personal data

The table below sets out our legal grounds and reasons for processing your personal data. Where we rely on legitimate interests for processing, the table below explains the relevant legitimate interest. 

Generally, we do not rely on consent as a legal basis for processing your personal data except where applicable law requires this – for example for some marketing activities. Where you have given consent, this can be withdrawn at any time by contacting us.

 

Purpose/Activity

Type of data

Lawful basis for processing including basis of legitimate interest

To register you as a new customer
  • Identity 
  • Contact

Performance of a contract with you

To process and deliver your order including:

(a) Sending you products to your home

(b) Manage payments, fees and charges

(c) Collect and recover money owed to us
  • Identity 
  • Contact 
  • Financial 
  • Transaction
  • Marketing and Communications

(a) Performance of a contract with you 

(b) Necessary for our legitimate interests (to recover debts due to us)

To manage our relationship with you which will include:

(a) Notifying you about changes to our terms or privacy notice

(b) Asking you to leave a review or take a survey
  • Identity 
  • Contact 
  • Profile 
  • Marketing and Communications

(a) Performance of a contract with you 

(b) Necessary to comply with a legal obligation

(c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)

To administer and protect our business and our website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)  
  • Identity
  • Contact
  • Technical

(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)

(b) Necessary to comply with a legal obligation

To better understand and analyse our customer population, support our operations including inventory and product management, to deliver relevant offers and ads, to improve our products and services including the Services
  • Technical 
  • Usage 

Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)

To send you marketing communications and make suggestions and recommendations to you about goods or services that may be of interest
  • Identity 
  • Contact 
  • Technical 
  • Usage 
  • Marketing and Communications

(a) Necessary for our legitimate interests (to develop our products/services and grow our business)

(b) Consent

 

  • Sharing your personal data with third parties 

    •  

    We may share your personal data with the following third parties if this is required by law; necessary to enter a contract with you; where we have a legitimate interest in doing so; or where it is necessary to protect your vital interests or those of another person:

    • Service Providers: We may share your personal data with third-party service providers who perform services on our behalf or for your benefit, such as for payment processing, accounts management, postal deliveries, marketing and analytics and our IT services.
    • Professional advisors: We may share your personal data with our professional advisors, including our legal and accountancy service providers.
    • Business transfers: Your personal data may be disclosed as part of a corporate business transaction, such as a merger, acquisition, joint venture, or financing or sale of company assets, and could be transferred to a third party as one of the business assets in such a transaction. It may also be disclosed in the event of insolvency, bankruptcy or receivership.
    • Legal process and safety. We may share your personal data with legal or government regulatory authorities as required by applicable law such as the HMRC.
    • Third party mobility businesses: With your permission, we will share your personal information with third party providers of similar mobility/ disability goods and services such as stairlift providers, and specialist seating suppliers.
    • Other third parties as necessary to comply with the law.

    We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

    Third-party links

    Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. This notice does not apply to, and we are not responsible for the content, privacy notices or data practices of third parties that collect your information. We encourage you to review the privacy notices for those third parties to learn about their information practices.

    1. International data transfers We may transfer your personal data to third parties see – Sharing your personal data with third parties – which may involve your personal data being transferred to, stored, or processed in a country other than the one in which it was collected.

    If we do so, we will comply with applicable law regarding such transfers. Where such transfers required appropriate or suitable safeguards, we may rely on them. Typically, these include:

    • Adequacy decision: We may transfer your personal data to countries which the ICO or the UK government has approved as providing adequate protection to personal data (for example, the decisions of adequacy attaching to the EU for transfers from the UK).
    • Approved contracts: We may be entitled to put in place a contract with the recipient of your information which requires them to protect that information to the same standards as if the information were being processed within the UK. 
    • By contract: In respect of certain cross-border transfers, we will transfer your personal data outside the UK if the transfer is necessary to the performance of a contract between you and us, or if the transfer is necessary to the performance of a contract between us and a third party, and the contract was entered into in your interest.
    • With your consent: In respect of certain cross-border transfers, we will obtain your consent to transfer your personal data outside the UK after first informing you about the possible risks of such a transfer.

    The safeguards we use will depend on the location of the recipient, the function they are performing, and the personal data being transferred. You can request more information by contacting us as set forth in the Contact information section below.

     

    Data retention

    We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

    To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

    If you would like more detail on the retention periods for different aspects of your personal data, you can request more information by contacting us as set forth in the Contact Information section below. 

     

    Marketing 

    We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. You will receive marketing communications from us if you have requested information from us or have purchased our products or services from us and you have not opted out of receiving that marketing. You can ask us to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at any time. 

    Where you ask us to stop sending marketing messages, we may still process your personal data for other purposes in accordance with the terms of this notice.

     

    Your legal rights

     

    Under certain circumstances, you have rights under data protection laws in relation to your personal data. These may include: 

    • Receiving certain information about our processing;
    • Requesting access to your personal data that we hold (often known as a data subject access request);
    • Requesting transfer, correction, deletion, restriction of processing;
    • Objecting to processing;
    • Requesting a copy of an agreement transferring personal data outside of the UK;
    • Objecting to decisions based solely on automated processing, including profiling;
    • Being notified of a personal data breach;
    • Complaining to the ICO; or
    • Withdrawing your consent to processing (if we process your personal data on the basis of your consent).

    If you wish to exercise any of the rights set out above, please contact us as set forth in the Contact Information section below. 

    No fee usually required

    You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

    What we may need from you

    We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

    Time limit to respond

    We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated. 

     

    Updates to this Privacy Notice

    We keep our privacy notice under regular review. This version was last updated on 5/6/2023. If we decide to change this notice, we will post the updated notice here.

    It is important that the personal data we hold about you is accurate and current. Please contact us as set forth in the Contact Information section below if your personal data changes during your relationship with us. 

     

    Contact Information

    If you have questions regarding this privacy notice or the personal data we collect, use and share about you, or if you would like to access or update your personal data, please contact us at enquiries@scottishmobility.com or by post at:

    The Mobility Centre

    10 Howard Court

    Nerston

    East Kilbride

    G74 4QZ 

    You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK regulator for data protection issues (https://ico.org.uk/make-a-complaint/). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.