This is the privacy notice of GenPra LLP. In this document, “we”, “our”, or “us” refer to GenPra LLP.
Our business address is 19 Burnett Park, Troon KA10 7FT, UK.
For all enquiries regarding data protection, please address your correspondence to our Compliance Officer who will liaise with our Data Protection Officer as needed.
This notice is provided for visitors to our website, potential customers, current customers, suppliers and any other persons whose information is processed by GenPra LLP as a data controller. This notice explains how and why we collect and process your personal data.
The provision of privacy information is primarily the responsibility of data controllers and patients of our customers should refer to the privacy notice on their Practice’s website.
They may also find the information on our Data Processing Agreement page, which details how we comply with data protection requirements when delivering our services to Practices.
Leaving our site
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should be aware that we don’t have any control over the other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting these sites.
What types of information do we have
We currently collect and process the following information:
- Personal identifiers: first name, surname, title, contact address, email address, telephone number
- Transactional data: invoicing information, order forms and other information relating to products/services you have purchased from us and correspondence relevant to the delivery of a contract
- Technical Data: IP address
How we collect the information and why do we have it
All of the information we process is provided to us directly by you for one of the following reasons:
- So that you can make a general enquiry
- So that you can request more information about our products/services
- So that you can enter into a contract with us for our products/services
Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are:
- We have a contractual obligation
- We have a legitimate interest
- To fulfil a legal obligation
What we do with the information we have
We use the information you have given us in order to:
- Respond to a general enquiry that you have made
- Respond to a request for more information about our products/services
- Enter into a contract with you
- Fulfil our contractual and/or legal obligations
We may share your personal data with the following third parties in order to support the performance of a contract or to fulfil a legal obligation:
- Professional advisers acting a sub-processors or controllers e.g. lawyers, accountants
- Government agencies such as HMRC
- Service providers acting as sub-processors that provide IT and admin support e.g. Microsoft OneDrive, Postmark
These third parties are subject to the same data protection requirements as GenPra LLP and as part of duty to you we regularly review our terms and conditions with third parties to ensure ongoing compliance.
How we store your information
Your information is securely stored within our Microsoft OneDrive, Google Suite and Cloudways Server. Customer invoices are securely stored within a system called Xero. Your name, organisation name and email address are securely stored in our MailChimp account for the purpose of keeping you up to date with any changes to our products or services.
We retain personal information only for as long as necessary to fulfil the purposes that we collected it for. Once we have entered into a contract with a customer, we will retain all information relevant to that contract, including invoicing records and identifiable data for a period of six years in line with legal requirements. Once the retention period has expired your information will be deleted from our online systems and any paper records physically destroyed using confidential shredding.
We backup all our data for a period of 90 days. Backup data is encrypted and stored off site in secure UK data centre before being automatically destroyed.
Your data protection rights
Under data protection law, you have rights including:
Your right of access: You have the right to ask for copies of your personal information
Your right to rectification: You have the right to ask to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is complete
Your right to erasure: You have the right to ask us to erase your personal information in certain circumstances
Your right to restriction of processing: You have the right to ask us to restrict the processing of your information in certain circumstances
Your right to object to processing: You have the right to object to the processing of your personal data in certain circumstances
Your right to data portability: You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances
You are not required to pay any charge for exercising your rights. However, we can charge you a “reasonable fee” for the administrative costs of complying with your request if:
- it is manifestly unfounded or excessive; or
- you request further copies of your data following an initial request.
If you make a request, we have within one month to respond to you. If the request is complex or you have submitted a number of requests, we may inform you that we have extended this time period up to a maximum of a further two months.
If you wish to make a request please contact us by email: [email protected]