citizenAID.org (cA) (a trading name of citizenAID Limited), All Saints Road, Wolverhampton, WV2 1EL.
citizenAID Limited Data Protection Officer
Mike Robinson, All Saints Road, Wolverhampton, WV2 1EL.
cA offers a range of goods and services relating to first aid and emergency care (e.g. bleed control kits, Pocket Guides and medical equipment). As such, cA has a legitimate business interest in capturing, processing and retaining data from customers who have requested goods and services from the company for a mutually beneficial purpose.
cA undertakes to capture, process and retain all data obtained from individuals and businesses in line with the requirements of all applicable Data Protection Laws, including the UK Data Protection Act (DPA), General Data Protection Regulation (GDPR) requirements, Privacy and Electronic Communications Regulation (PECR) and EU Data Protection Directive 95/46/EC (when managing EU business and personal data).
cA will capture, process, and retain data from the following categories of Data Subjects:
Customers (based in the UK and EEA)
cA will initially capture, process and retain customer data that is obtained through telephone, email or the citizenAID.org website when a customer requests goods, services or information. This data will be used for the purposes of:
• Creating a customer profile on our in-house data systems
• Processing customer orders
• Creating and issuing customer invoices
• Monitoring order and customer account statuses
• Debt chasing
• Marketing activity (data provided may be manually profiled by cA to produce tailored marketing messages and limited customer data will be used when these messages are sent through our secure email management system)*
• Staff training, internal auditing, dealing with complaints and customer queries (all inbound and outbound customer calls are recorded for these purposes)
cA customers have the right to withdraw consent to hold their data at any time. However, if a customer chooses to withdraw consent, then cA will be unable to process any further orders for goods and services.
*cA Customers are provided with an opportunity to opt out of citizenAID Limited marketing messages at the time of submitting their details and when receiving all subsequent marketing communication.
cA has a Customer Complaints Policy and customers have the right to make a complaint when they are unhappy with goods or services that have been provided by cA. When receiving the details of any complaint, cA will use the data provided for the purposes of
• logging and processing the details of the complaint
• carrying out and investigating the scenario outlined in the complaint
• making decisions based on the findings of any investigation
• informing the complainant of the outcome of their complaint
• informing any affected parties of the outcomes and actions required (should there be any)
cA may transfer customer data to third parties/partners in order to fulfil personalised book and key ring orders including production and delivery requirements. This may include third parties operating outside the EEA. cA will carry out all necessary due diligence to ensure that all data transfers to third parties/partners are carried out securely and that all necessary safeguards are in place to ensure data security. cA will also ensure that third parties/partners are fully aware of their responsibilities to ensure compliance with the DPA, GDPR, PECR and EU Data Protection Directive 95/46/EC (where appropriate) when processing customer data transferred to them.
For marketing purposes, cA may also share customer email addresses with secure advertising platforms such as Google and Facebook in order to tailor cA marketing messages for users.
cA will not transfer personal data to any other company or organisation without your prior consent, with the exception of Her Majesty’s Revenue and Customs (HMRC) requests for financial data (relating to customer invoicing).
When a customer makes a purchase, cA will retain the data captured on the citizenAID.org store and on our stock systems indefinitely for the purposes of:
• fulfilling the contract with the customer
• providing an auditable customer trail
• providing historical data for accounting purposes
• responding to HMRC financial information requests
• reviewing and improving services and processes
cA will capture, process and retain personal data in line with DPA and GDPR requirements. Your individual rights in line with these requirements include the:
• right to be informed of how we use and process your personal data
• right of access to any personal data that we retain about you
• right to rectification of any personal data that we retain about you that you believe to be inaccurate
• right to erasure when there is no legal justification or legitimate business interest allowing us to retain your personal data
• right to restrict processing of personal data if , for example, you think that personal data we retain about you is inaccurate or we have no legal justification or legitimate business interest to continue to retain and process your personal data. Rather than request erasure, you can make the request to restrict processing
• right to data portability should you want to move, copy or transfer your personal data from one source to another
• right to object when personal data is processed due to legitimate business interest or performance of a task in the exercise of official authority, direct marketing and research and/or statistical analysis
• rights associated with automated decision making and profiling which allow you to obtain human intervention in any such process, express your points of view on decisions or outcomes made about you and obtain an explanation of any decisions made and subject them to challenge
• right to withdraw consent to hold your personal data at any time
• right to lodge a complaint with a supervisory authority should you be dissatisfied with how we have managed your personal data (the Information Commissioner’s Office (ICO) is the UK’s independent authority set up to uphold information rights in the public interest). Each EU member state has a designated data protection supervisory authority and EU customers should direct any complaints to the relevant authority in their country of origin.
Subject Access Requests
In line with these individual rights, anyone who wishes to make a formal Subject Access Request to cA for the purposes of requesting personal data or taking some action with respect to the personal data that is held about them should submit the request in writing to the citizenAID Limited. Data Protection Officer either in writing by post to citizenAID.org, All Saints Road, Wolverhampton, WV2 1EL or by emailing firstname.lastname@example.org.
Visitors to the cA website should be aware that information and data may be automatically collected by our website through the use of "cookies." These are small text files that a website can use to recognise repeat visitors and facilitate the visitor's ongoing access to, and use of, the site. They allow us to monitor usage behaviour and compile aggregate data that will help us to make improvements to our website.
citizenaid.org does not record customer calls.
Revised April 2021