What information do we collect?
In order to process requests for product information and other services, it may be necessary to collect personally identifiable information about you.
The type of personally identifiable information that may be collected includes, but is not limited to: your name, address, e-mail address, types of product purchased and telephone number. This information is only used to enable us to deliver the specific service requested and will not used for any marketing or other distance selling activities unless you give us specific permission to do so.
Data processing & General Data Protection Regulation (“GDPR”)
- Following the coming into force of the General Data Protection Regulation (“GDPR”) the following provisions apply where “we” means you as a user of the website and data controller and In Focus as the operator of the website and data processor:
we both acknowledge and agree that we both will comply with our obligations under the GDPR;
- We shall:
1. process personal data only on documented instructions from you, including with regard to transfers of personal data to a third country or an international organisation, unless required to do so by Union or Member State law to which we are subject; in such a case, we shall inform you of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest;
2. ensure that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;
3. take all measures required pursuant to Article 32 of the GDPR (Security of processing) including by taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, we shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk;
4. respect the conditions referred to in paragraphs 2 and 4 of Article 28 of the GDPR for engaging another processor including that (i) we shall not engage another processor without prior specific or general written authorisation of you. In the case of general written authorisation, we shall inform you of any intended changes concerning the addition or replacement of other processors, thereby giving you the opportunity to object to such changes and (ii) where we engage another processor for carrying out specific processing activities on behalf of you, the same data protection obligations as set out in this agreement or other legal act between you and us shall be imposed on that other processor by way of a contract or other legal act under Union or Member State law, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the GDPR and where that other processor fails to fulfil its data protection obligations, we shall remain fully liable to you for the performance of that other processor’s obligations;
5. taking into account the nature of the processing, assist you by appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of your obligation to respond to requests for exercising the data subject’s rights laid down in Chapter III of the GDPR;
6. assist you in ensuring compliance with the obligations pursuant to Articles 32 (Security of processing), 33 (Notification of a personal data breach to the supervisory authority), 34 (Communication of a personal data breach to the data subject), 35 (Data protection impact assessment) and 36 (Prior consultation) of the GDPR taking into account the nature of processing and the information available to us;
7. at your choice, delete or return all the personal data to you after the end of the provision of services relating to processing, and delete existing copies unless Union or Member State law requires storage of the personal data;
8. make available to you all information necessary to demonstrate compliance with the obligations laid down in this clause 17.2(b) and allow for and contribute to audits, including inspections, conducted by you or another auditor mandated by you;
9. maintain a record of all categories of processing activities carried out on behalf of you, containing: (a) the name and contact details of the processor or processors and of you on behalf of who we are acting, and, where applicable, of you or our representative, and the data protection officer; (b) the categories of processing carried out on behalf of you; (c) where applicable, transfers of personal data to a third country or an international organisation, including the identification of that third country or international organisation and, in the case of transfers referred to in the second subparagraph of Article 49(1) of the GDPR, the documentation of suitable safeguards; (d) where possible, a general description of the technical and organisational security measures referred to in Article 32(1) (Security of processing).