Last Updated: 17/03/2025

1. Introduction
Standsure Online (“we”, “us”, or “our”) operates https://www.standsureonline.co.uk/. We are committed to protecting your privacy under GDPR (UK General Data Protection Regulation) and Data Protection Act 2018. This policy explains how we collect, use, and protect personal data related to our NHS-approved therapeutic products.

2. Data Controller
Standsure Ltd
Email: info@standsureonline.co.uk
ICO Registration Number: CSN2377423

3. What Data We Collect
a) Personal Data:

• Name

• Contact details (email, phone, address)

• Payment information

• Professional credentials (for therapist accounts)

• Order history

b) Special Category Data (where applicable):

• Health-related information required for product customization

• NHS practitioner identification details

4. Lawful Basis for Processing
We process data based on:

• Contractual necessity (order fulfillment)

• Legal obligations (tax records)

• Legitimate interests (customer service improvements)

• Explicit consent (for marketing communications)

5. How We Use Your Data

• Process orders/payments

• Provide customer support

• Comply with NHS product regulations

• Send service-related communications

• Marketing (with opt-in consent)

• Improve website functionality

6. Data Sharing
We may share data with:

• Payment processors (Stripe, PayPal)

• NHS authorities (for regulatory compliance)

• Shipping providers

• IT service providers (under GDPR-compliant contracts)

• Legal authorities when required

7. International Transfers
All data remains within UK/EEA unless using EU-approved providers (e.g., US companies under Privacy Shield framework).

8. Data Retention

• Order data: 7 years (legal requirement)

• Health-related data: 3 years post last transaction

• Marketing consent: Until withdrawal

9. Your Rights
Under GDPR, you have rights to:

• Access your data

• Request correction/deletion

• Restrict processing

• Data portability

• Withdraw consent

• Object to processing

To exercise rights, contact info@standsureonline.co.uk with proof of identity.

10. Security Measures

• SSL encryption

• PCI-DSS compliance for payments

• Regular security audits

• Role-based access controls

• Secure NHS data handling protocols

11. Cookies Policy
We use essential, analytical and (with consent) marketing cookies. Manage preferences via our cookie banner.

12. Breach Notification
We will notify ICO and affected users within 72 hours of discovering any significant breach.

13. Changes to Policy
Updates will be posted here with effective dates. Material changes will be notified via email.

14. Complaints
Contact us first at info@standsureonline.co.uk. You may also contact:
Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Helpline: 0303 123 1113