Surround Care Ltd respect your privacy.

Accordingly, we, the above named companies have instigated policies and practices to ensure that they meet the legislation introduced within the European Economic Area (EEA), which includes the European Union (EU), in line with the EU Data Protection Directive (95/46/EC) and the EU Telecommunications Data Protection Directive (97/66EC) (“the Directives”) and will continue to ensure that its policies and practices comply in all respects with any future laws and regulations in relation to your privacy. The purpose of this document is to inform you of the policies that have been put in place to protect your interests in this respect.

1. Fair and lawful information-handling
Any data our companies collect and hold on you or your company will be administered fairly and in accordance with applicable law. As further explained in this policy statement, we will ensure the quality and security of your data (even if the data is transferred to other companies in Europe or elsewhere); and we will fully respect your rights, interests and fundamental freedoms with regard to your data.

2. Legitimate purposes
We will only collect, record, process and store data which is needed to fulfil our contractual obligations towards our companies, customers, partners, directors, clients and/or service users.
We may disclose to any other company or companies within our Group and to third parties authorised by us, such information as may be necessary to provide you with products and services you have requested or for the purpose of verification of details relating to your data held by us for legitimate purposes.

3. Data quality
We will employ effective procedures and safeguards to ensure that the data we hold on you or your company are adequate, relevant and not excessive in relation to the purposes for which they were obtained, as well as being accurate and up-to-date. Where we become aware of any inaccuracies in the data we hold, we will correct and, where appropriate, delete incorrect data. Retention periods are in place to ensure that data is only stored whilst they are required for the purposes in question or to meet legal and regulatory requirements. Where data is no longer required, we will ensure that it is disposed off in a secure manner.

4. Information to you
When we collect data from you, we will identify ourselves and inform you of the purpose(s) for which we are collecting the data. If we are collecting data from you on behalf of one of our sister companies or partners, we will identify that sister company or partner (the “controller” in terms of the European data protection regime) and explain that we are acting as the agent (or “processor”) for that other company. If our partner is a non-European company which has an appointed a representative in Europe in accordance with the Directives, we will also inform you of the identity of that representative (which may be BSS Recruitment, DWM Technical Solutions Ltd., Orchid National Nursing Supply Ltd, Esari Solutions Ltd or Surround Care Ltd). If we have obtained data on you other than directly from you, we will inform you of this as soon as practicable after we have entered the data in our files or computers (unless you were already aware of the fact). We may also record or monitor telephone calls to and from any of our named companies, without notification, for staff training and quality control purposes.

5. Special restrictions on the use of sensitive data
We will not normally seek data on your racial or ethnic origins, political opinions, religious or other beliefs, trade-union membership, physical or mental health, sex life or criminal convictions. When we do collect such data, it will be limited to data which are:
• required to be kept by law
• needed for legal proceedings or to establish, exercise or defend legal rights (including protection against fraud)
• clearly and strictly necessary to fulfil a contract between you and us (or between you and a company we represent) or
• needed to protect your vital interests or the vital interests of another person (for instance, if medical data are urgently required after an accident and you cannot give your consent).

6. Your rights
You have the right to require any of our business partners to cease the communication of advertising or marketing material to you, and we will ensure that your request is complied with.
This includes the right to withdraw your consent to third-party direct-marketing or use of your data, at any time.
You have the right to see all the data we hold on you. Should you wish to have access to all or a particular part of your data, please contact the Data Protection Co-ordinator, Philip Saint-James at Victoria House 70a Tavistock Street Bedford MK40 2RP United Kingdom.
Such access will be granted in accordance with the requirements of national legislation and subject to any discretionary allowance for any of the above named companies to make a charge which will be payable by you to cover administration costs incurred in providing you with such data. Such payment is to be made on application for access to your data and is to be no more than the maximum stipulated by national legislation.
The information will be forwarded to you within an appropriate period of time in accordance with national legislation, but in any event no more than 40 days from the date of such request for access.
Where any discrepancies are discovered following your enquiry, we will take immediate steps to validate and, where appropriate, correct our records.
We will confirm the actions taken in writing to you within an appropriate period of time in accordance with national legislation, but in any event no more than 40 days after receiving your request to amend our records.

7. Security of information
We will only provide access to data on you to those of our employees who need such access in order to carry out any necessary processing. We have taken appropriate steps to ensure the security of data, whether it is stored in computer systems, paper files or other storage media. We expect the same high standards of security and confidentiality of any agents or sub-contractors we employ to process data for us.

8. Transfer of information outside the EEA
Data on you may, on occasion, be transferred to any other company or companies within the named companies, data processing agencies (“processors”) or third parties, outside the EU or the EEA for analysis, technical processing or other legitimate purposes. The countries where such other facilities or companies are situated may have no data protection legislation, or laws which are less rigorous than the legislation introduced by the Member States of the EU and the EEA. In such cases, we will ensure that your rights with regards to any such processing and your data will still be adequately protected.
Within the Group of Companies as named we have agreed world-wide acceptance of the European standards with regard to the processing of personal data from all our European companies. If we transfer your data to agencies or third parties outside the EEA, we require similar, binding contractual undertakings, and we monitor compliance. Our partners have agreed to adopt equivalent measures.

9. Direct marketing
We, or any other company or companies or third parties authorised by us, may market to you directly through any media to keep you informed. We also agree that any company or companies as named above may market their services, through transfer of information, if it is considered the service offer may be of interest to you (unless you write to us asking us to exclude you from marketing material, or update information, in this respect you or your company should telephone, fax or e-mail us to this effect. (If you use more than one e-mail address to communicate with us, please notify us of each e-mail account you use.) We, or any other company, companies or third parties authorised by us, will always act according to your wishes and preferences.

10. Internet
When you use any of our associated companies web sites we are committed to protecting your privacy in the following ways:
• When you use a Web site, we may monitor customer traffic patterns and site usage to help us develop its design and layout.
• When you use a Web site, we may also use the data we collect occasionally to notify you about important functionality changes to it, and to notify you of new products or services, and special offers we think you’ll find valuable and of interest.
• When you use one of our Web sites, we may provide aggregate statistics about customers entering into transactions on-line, sales, traffic patterns and related Web-site information to reputable third parties, but these statistics will include no personally identifying data.

11. Records
• We may maintain records relating to your use of any of our companies or partners Web sites for information and transactional purposes on-line (including information about you provided by yourself or by third parties). We shall be entitled to process this data for the purpose of providing your requirements and requests and also to keep you informed; (unless you write to us asking us to exclude you, by letter, fax, email or alternatively telephone.
• We will always seek your consent before disclosing data relating to you for the making of offers by third parties by informing you of an intention to process your data for such purposes, and offering you a possibility to opt out of such use of your data, in a form or document returned to us.
If at any time you feel that any associated company has not adhered to these principles, please either notify us in writing or by telephone, fax or e-mail and we will use all commercially reasonable efforts to determine and correct the problem promptly.