Privacy Policy

Clinisupplies and data privacy

Clinisupplies Limited (which also trades under the name Clinidirect) and its affiliates ("we" or "us" or "our") is committed to protecting and respecting your privacy at all times in accordance with the UK GDPR and Data Protection Act 2018.

We are registered with the Information Commissioners Office (the ICO) under registration number Z7614794

Our Data Protection Officer is:

The DPO Centre Ltd.
50 Liverpool Street


Phone: 0203 797 1289


This privacy policy sets out the basis on which we will process any personal information that we may collect about you, as:

  • a visitor to our websites:
  • a visitor to our premises (1 Blackmoor Lane, Croxley Park, Watford, Hertfordshire, WD18 8GA);
  • one of our customers or other persons receiving any of the healthcare-related services we provide;
  • one of our business partners; or
  • a contact at one of our suppliers.

What legal basis do we rely on for processing?

The legal basis for processing your data is based on:

  • your specific consent
  • performance of a contract
  • compliance with a legal obligation
  • your vital interest
  • our legitimate interest where it does not infringe your rights and freedoms under the UK GDPR and Data Protection Act 2018

Due to the nature of our organisation we may also process (where applicable) health data. We only process health data where necessary for the purposes of carrying out the obligations and exercising specific rights in the field of employment and when necessary for the purposes of preventive or occupational medicine.

We will not store, process or transfer your data unless we have an appropriate lawful reason to do so.

If you have concerns relating to the basis for processing we are relying on, please contact the representative asking for the information, or contact us (see below), with your query.

How we use your information

We may use your information for the following purposes:

  • To process any applications for job vacancies we have advertised on our website
  • to provide and deliver our products and our services;
  • to operate, manage, develop and promote our business; and, in particular, our relationship with you and/or the organisation you represent (if any) and any related transactions;
  • with your consent, to send you emails and other communication containing marketing information which we believe you will find relevant and interesting;
  • to operate, administer and improve our websites and premises;
  • to protect the security of our premises and warehouses;
  • to protect our business from fraud, money-laundering, breaches of confidence, theft of proprietary materials and other financial or business crimes; and
  • to comply with our legal and regulatory obligations, and bring and defend legal claims.

The information that we collect about you

We may collect and process the following information about you:

  • Information that you give us:
    This is information that you give to us by:
    • filling in forms on our websites (or other forms that we ask you to complete);
    • using our mobile apps;
    • giving us a business card (or similar);
    • while corresponding with us by telephone, post, email or fax.

It may include, for example, your name, address, date of birth, NHS number; email address and telephone number; information about your health and medical history; payment details (including credit or debit card details); information about your business relationship with us; information about your professional role, background and interests; responses to surveys; and information relating to your interests and marketing materials you want to receive.

  • Information that someone acting on your behalf gives to us (for example, where you are the recipient of any of our healthcare-related services, information received from the relevant nurse, clinician, surgery, carer or care home).

It may include, for example, your name, address, date of birth, email address and telephone number; information about your health and medical history; information about your prescription status; information about your GP; and payment details (including credit or debit card details).

  • Information that our websites and other systems collect about you:
    • If you visit our websites they will automatically collect some information about you and your visit, including the Internet protocol (IP) address used to connect your device to the Internet and some other information such as your browser type and version and the pages on the sites that you visit.
    • Our websites may also download "cookies" to your device. We also use Google Analytics – these are described in more detail in our separate cookie policy.
    • If you exchange emails, telephone conversations or other electronic communications with our employees and other staff members, our information technology systems will record details of those conversations, sometimes including their content.
    • Some of our premises have Closed Circuit TV systems which may record you if you visit our premises, for security and safety purposes.
  • Other information
    We may also collect some information from other sources. For example:
    • If we have a business relationship with the organisation that you represent, your colleagues or other business contacts may give us information about you such as your contact details or details of your role in the relationship.
    • We sometimes collect information from third party data providers or publicly available sources for anti-money-laundering, background checking and similar purposes, and to protect our business and comply with our legal and regulatory obligations.
    • If you are a health professional working for the NHS, we sometimes collect basic contact details from third party data providers or publicly available sources in order to contact you to tell you about our products and services.


We advertise roles on our website and encourage suitable applicants to apply. We will process basic details such as full names and email addresses along with your CV details. Some roles may involve a background/DBS check but more information on how we process personal data for job vacancies can be found in our Recruitment Privacy Policy.

Mobile Apps

From time to time we may create our own mobile apps or with other healthcare companies (e.g. NHS hospitals) to help you with you healthcare journey. We may create apps in order to help you monitor and record your appliance usage, provide advice where needed or to help address any concerns you may have to name a few examples. Where we do create such apps we will carry out Data Protection Impact Assessments (DPIAs) with our Data Protection Officer to address any personal data and security concerns that may be highlighted. For more information you can contact us or our Data Protection Officers using the details listed below and above.

Home Delivery

We offer a home delivery service for patients registered with our Clinidirect Home Delivery service. We use a third party delivery company to deliver patient orders. We will share your full name, home address and email address with the third party delivery company for the purposes of enabling them to make home deliveries, update you regarding your delivery status and they may also contact you to carry out an optional short survey regarding their delivery service. We will not share any other personal data with them, and they have entered into the appropriate data processor agreement with us to ensure the safety and security of your personal data at all times.

Clinical Nursing Service

We have a a team of qualified, experienced and trusted Clinical Nurse Specialists that work with NHS professionals to deliver drop-in clinics and home visits, advice and guidance on products via appliance use reviews (AURs), clinical education and training, and management of community spending. The Nurses will process personal data such as your name, address, contact details, GP details and product details. In order to make a full assessment they may also process your health information.

Childrens Data

We may collect personal data of children for home delivery only. Where we do collect children’s personal data we will treat this very carefully to ensure the safety of their information at all times. If you have any questions or concerns please contact us at our details below.

Security Credentials

Clinisupplies takes security very seriously. We have certifications with Cyber Essentials and Payment Card Security (PCI-DSS) which we review annually. Copies of our certifications are available if requested.

Disclosure and international transfer of your information

We may disclose personal information about you, where reasonably necessary for the various purposes set out above:

  • to the relevant business partner or healthcare professional who has referred us to you;
  • where applicable, to pharmacies, doctors’ surgeries, or other similar third parties to the extent such disclosure is necessary for us to provide our services or deliver our products to you;
  • to service providers who process your information on our behalf under strict conditions of confidentiality and security;
  • to the other members of the Clinisupplies group of companies;
  • where you are a business contact, to your colleagues within the organisation that you represent;
  • to a person who takes over our business and assets, or relevant parts of them; or
  • to our professional advisers;
  • in exceptional circumstances:
    • to competent regulatory, prosecuting and other governmental agencies, or litigation counterparties, in any country or territory; or
    • where we are required by law to disclose.

These disclosures may involve transferring your personal information overseas. If you are dealing with us within the UK or European Economic Area, you should be aware that this may include transfers to countries such as India, which do not have strict or moderate data privacy laws. In those cases, where we transfer personal data to our service providers based outside the European Economic Area / UK, we will ensure that our arrangements with them are governed by the appropriate data transfer agreement, to ensure that your personal information is protected,. Please contact us (see below) if you would like to know whether any such agreements are in place or, if so, to see a copy.

Retention and deletion of your information

We will delete the information that we hold about you when we no longer need it. Specific information about our record retention policies is available on request. Please contact us (see below).

Your rights

You may have a right of access to the personal information that we hold about you, and to some related information, under data protection law. You can also require any inaccurate personal information to be corrected or deleted. You can object to our use of your personal information for direct marketing purposes at any time and you may have the right to object to our processing of some or all of your personal information (and require them to be deleted) in some other circumstances.

If you wish to exercise any of these rights, please contact us as set out below. You can also lodge a complaint about our processing of your personal information with the UK data protection supervisory authority, the Information Commissioners Office (the ICO) ( If you are based any where else within the European Union (or European Economic Area) a list of supervisory authorities can be found here

Contact us

We welcome questions, comments and requests regarding this privacy policy and our processing of personal information. Please send them to the Compliance Manager, Clinisupplies Ltd, 1 Blackmoor Lane, Croxley park, Watford WD18 8GA or email us on You can also contact our Data Protection Officer by email:

Changes to this policy

Any changes we make to this privacy policy in the future will be posted to our websites at:

Please check back frequently to see any changes.

Version: 8.0

Revision date: 25/06/2021