Standsure Online Privacy Policy Last Updated: 17/03/2025

1. Introduction Standsure Online (“we”, “us”, or “our”) operates https://www.standsureonline.co.uk/. We are committed to protecting your privacy under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy explains how we collect, use, and protect personal data related to our NHS-approved Class I medical device therapeutic products (the StandSure™ Sit-to-Stand Aid).

2. Data Controller Standsure Ltd Email: [email protected] ICO Registration Number: CSN2377423

3. What Data We Collect a) Personal Data: • Name • Contact details (email, phone, address) • Payment information • Professional credentials (for therapist accounts) • Order history

b) Special Category Data (where applicable for product customization): • Health-related information required for product customization (e.g. foot/ankle measurements) • NHS practitioner identification details

We only collect what is necessary.

4. How We Collect Your Data Directly from you when you place an order, create a therapist account, contact us, or provide sizing measurements for the StandSure™ Class I medical device. We may also receive limited referral data from NHS channels for regulatory compliance.

5. Lawful Basis for Processing We only process your data where we have a valid legal reason:

What we do Lawful basis (Art 6) Special category basis (Art 9) – if applicable
Process and fulfil orders & payments Contractual necessity Explicit consent or Art 9(2)(h)
Customise the StandSure™ Class I medical device Contractual necessity Explicit consent (given at time of order)
Customer support & website improvements Legitimate interests N/A
Send service-related communications Contractual necessity N/A
Marketing emails Explicit consent (opt-in) N/A
Comply with tax, accounting, NHS & UK Medical Device Regulations Legal obligation Art 9(2)(h) or explicit consent

6. How We Use Your Data • Process orders/payments • Customise and supply our Class I medical device • Provide customer support • Comply with NHS product regulations and UK Medical Device Regulations (including post-market surveillance where required) • Send service-related communications • Marketing (with opt-in consent) • Improve website functionality

7. Data Sharing We may share data with: • Payment processors (Stripe, PayPal) • NHS authorities (for regulatory compliance) • Shipping providers • IT service providers (under GDPR-compliant contracts) • Legal authorities or the MHRA when required by law or medical device regulations

All third parties have data processing agreements.

8. International Transfers We keep all data inside the UK/EEA wherever possible. If we transfer data outside the UK (e.g. to US-based providers like Stripe or cloud services), we only do so using current approved safeguards: • UK International Data Transfer Agreement (IDTA), or • UK Extension to the EU-US Data Privacy Framework (for certified providers).

9. Data Retention • Order and payment data: 7 years (legal/tax requirement) • Health-related data for product customization: 10 years after last transaction (required for Class I medical device regulatory compliance, product safety, warranties, vigilance and possible NHS/MHRA queries) • Marketing consent records: Until you withdraw consent

We securely delete or anonymise data after these periods.

10. Your Rights Under UK GDPR you have the right to: • Access your data • Request correction/deletion • Restrict processing • Data portability • Withdraw consent • Object to processing

We will respond to any request within one month (free in most cases). Email [email protected] with proof of identity.

11. Security Measures • SSL encryption • PCI-DSS compliance for payments • Regular security audits • Role-based access controls • Secure NHS and medical device data handling protocols

12. Cookies Policy We use essential, analytical and (with consent) marketing cookies. Manage preferences via our cookie banner.

13. Automated Decision Making We do not use automated decision-making or profiling.

14. Breach Notification We will notify the ICO and affected users within 72 hours of discovering any significant breach.

15. Changes to Policy Updates will be posted here with the new “Last Updated” date. Material changes will be notified by email.

16. Complaints Contact us first at [email protected]. You may also contact: Information Commissioner’s Office Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF Helpline: 0303 123 1113

Product was successfully added to your cart!