Medray Imaging Systems Limited and Medray (UK) Limited “we”, “us” “our” or "Medray" is committed to protecting your privacy. The data controller for personal data relating to our Irish operations and our website is Medray Imaging Systems Limited ("Medray Ireland"), and the data controller for other personal data which relates to our operations in the UK is Medray (UK) Limited ("Medray UK"). This Privacy Statement tells you about your privacy rights and sets out how we, as a Data Controller, collect and process personal data about:
This Privacy Statement should be read in conjunction with our Cookie Policy.
“Personal data” means any information about an individual from which that person can be identified. We do not collect any personal data about you on our website, apart from information which you volunteer (for example by emailing us), and as set out in our Cookie Policy.
In carrying out our business, we may also receive personal data directly and indirectly, including from customers and clients, prospective customers and clients and suppliers, and publicly accessible sources. Categories of such personal data includes: contact information such as full name, work email address, work mobile telephone number, the business that you work for, your profession, job title and role, any information provided as part of a credit trade reference, payment data such as banking details (including credit / debit card numbers, security code numbers and other related billing information).
If you do not provide us with personal data we request, we may not be able to provide you with our services or respond to any questions or requests you submit to us via our website, by telephone, email or in writing. We will tell you when we ask for personal data whether it is a contractual requirement or needed to comply with our legal obligations.
We will only use your personal data for the purposes and legal bases set out in the table below:
Purpose/Activity |
Type of Personal Data |
Lawful basis of processing |
To provide our products and services, and manage our relationship with you, including:
|
|
Legitimate interests: managing our business and our customer relationships. |
Marketing about our products, services and events, including:
|
|
Legitimate interests: promoting and improving our products and / or services; identifying ways to expand our business; receiving feedback from our clients. |
To operate our website:
|
Our strictly necessary cookies collect:
|
Legitimate interests: collection of strictly necessary cookies, that are required to operate the website efficiently. |
To maintain and improve our website, in particular the information we provide about our services and to increase the number of people finding our website:
|
Other optional cookies process the following personal data:
|
Consent: we rely on your clicking 'accept' in respect of these types of cookies.
|
For the purpose of responding to a binding request from a public authority or court
|
The categories of personal data specified in a court order received by Medray.
|
Compliance with a legal obligation: based on the specific request, and the legislation under which it is made.
|
Transferring information to third parties, including to our customers and service providers.
|
|
Performance of a contractual obligation: where applicable Medray processes personal data in order to fulfil our contract with you, if our relationship is with an individual.
Legitimate interests: where applicable, Medray processes personal data in order to further and protect Medray's business interests and efficiently carry out our business, if our relationship is with a company.
|
Recruitment and selection of Candidates
- Reviewing job applications and CVs - Arranging interviews - Preparing interview notes
|
|
Legitimate interests: conducting a robust employee selection and hiring process protecting Medray assets and employees; to ascertain a candidate’s suitability for a specific role. |
Managing the goods and services we receive (including contract management, managing security and access to our systems and premises, payment of invoices and assessment of our suppliers or parties who tender to provide goods or services to us)
|
|
Legitimate interests: where applicable, Medray processes personal data in order to further and protect Medray's business interests and efficiently carry out our business.
|
We will retain your personal data only for as long as necessary for the purposes for which it was collected; as required by law, and for the exercise and defence of legal claims that may be brought by or against us. In particular, If you do not become a customer, we will keep this information for a period of five (5) years after the date we first contact you, if you become a customer, we will keep it for seven (7) years after you place an order, close, or cease activity on your account. Supplier information is kept for six (6) years following the placement of our last order.
We will retain personal data about job applicant candidates for no more than one year. Any health data collected in the context of managing health epidemic or pandemics will only be retained for so long as is necessary and updated from time to time in line with legal requirements and best practice.
We may disclose your personal data to:
To the limited extent that it is necessary to transfer personal data outside of the EEA, we will ensure appropriate safeguards are in place to protect the privacy and integrity of such personal data, including standard contractual clauses under Article 46.2 of the GDPR or an adequacy decision under Article 45 for the GDPR. Please contact us if you wish to obtain information concerning such safeguards (see Contact Us below).
Our website may, from time to time, contain links to and from other websites. If you follow a link to any of those websites, please note that those websites have their own privacy policies, and we do not accept any responsibility or liability for those policies. Please check those policies before you submit any personal data to those websites.
You have the right to request access to, rectification, or erasure of your personal data, or restriction of processing or object to processing of your personal data, as well as the right to data portability. In each case, these rights are subject to restrictions as laid down by law. The following is a summary of your rights:
You have the right to lodge a complaint with the Data Protection Authority, in particular in the Member State of your residence, place of work or place of an alleged infringement, if you consider that the processing of your personal data infringes the GDPR. In Ireland, this is the Data Protection Commission. If you are based in the UK, or you would prefer to complain to the Information Commissioners Office, this can be done through their website available here. We have appointed Medray Ireland as the EU Representative on behalf of Medray UK.
You also have the right to withdraw your consent to our processing of your personal data at any time (without affecting the lawfulness of processing based on consent before its withdrawal), in circumstances where we rely on this legal basis to process your data.
If you wish to exercise any of these rights, please contact us (see Contact Us below). We will respond to your request within one month. That period may be extended by two further months where necessary, taking into account the complexity and number of requests. We will inform you of any such extension within one month of receipt of your request. We may require proof of identification to verify your request. We have the right to refuse your request where there is a basis to do so in law, or if it is manifestly unfounded or excessive.
In limited circumstances (such as our use of social media), we may act as a joint controller with another party. In such circumstances, upon your request to exercise any of the above rights we will advise you if there is another controller who you should contact. Please note that any other joint controller will also have its own privacy policy.
We are committed protecting the security of your personal data. We use a variety of technologies and procedures to help protect your personal data from unauthorised access and use. As effective as modern security practices are, no physical or electronic security system is entirely secure. We cannot guarantee the complete security of our database, nor can we guarantee that information you supply will not be intercepted while being transmitted to us over the internet. Any transmission of personal data is at your own risk. We have implemented strict internal guidelines to ensure that your privacy is safeguarded at every level of our organisation. We will continue to revise policies and implement additional security features as new technologies become available.
We reserve the right to change this Privacy Statement from time to time at our sole discretion. If we make any changes, we will post those changes here and update the “Last Updated” date at the bottom of this Privacy Statement. However, if we make material changes to this Privacy Statement, we will notify you by means of a prominent notice on the website prior to the change becoming effective. Please review this Privacy Statement periodically for updates.
Questions, comments, requests and complaints regarding this Privacy Statement and the personal data we hold are welcome, and should be addressed to privacy@medray.ie or sent in writing to:
For Medray Ireland: Unit 2B, South West Business Park, Cheeverstown, Dublin 24, D24 NC8Y, Ireland.
For Medray UK: Unit 1, Chalfont House Boundary Way, Hemel Hempstead Industrial Estate, Hemel Hempstead, England, HP2 7SJ, United Kingdom.
All requests will be dealt with promptly and efficiently.
Last Updated: 26th November 2023