Who we are
For details about who Topak Care Supplies Ltd is, please see our about us page.
Our website address is: https://www.topak.co.uk.
Nikki Cookie of Topak Care Supplies Ltd is the "Data Controller" of personal information submitted to us. This means Topak Care Supplies Ltd is responsible for deciding how and why your submitted data is processed.
How to contact us
It is always important that we keep our records up to date, so please inform us of any changes to your contact details (name, address, email address or phone number). We are more than happy to help answer any queries you may have.
If you are unhappy with anything we’ve done, please rest assured that you can contact us online or by giving us a call. We will do our very best to resolve your complaint or query as quick a possible.
If you have any questions, please email email@example.com or call 01903 783000. We would be happy to help!
What personal data we collect and why we collect it
Online store customer information
We retain transaction records both online and offline, for the purpose of servicing orders and to pursue the legitimate interests of our organisation. Servicing orders may include delivery of goods; extension of termination of hired goods; identification of VAT exemption.
These records are retained for the time and in the manner described in the sections below. You may request details of the information we hold about you at any time. You may also request that it is amended if inaccurate. And, you can ask that we permanently delete your information. To make such requests, please email firstname.lastname@example.org.
- Personal data (Name, Address, Email, Phone Numbers, Payment details)
- Special categories of data (Health Information)
Website contact forms and order forms
When you use our website forms to contact us or place an order, the information you provide will only be used for the purpose for which it was submitted (for example, to respond to an enquiry or to service an order). Your data will be stored so long as is necessary for the purpose for which it was submitted.
The data submitted through the website forms may be stored privately on our website for a period of time deemed necessary to respond to your enquiry. You have the right to request details of this type of data that we hold about you, and to request it's amendment and/or deletion. To make such a request, please email email@example.com.
Data submitted through website forms may also be stored in daily backup images of our web servers, which typically lasts for 6 months. Please see below for details of our website data backup policy.
If you leave a comment on our site, you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select "Remember Me", your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
For details about the other types of cookies that may be set on this website, please see the website terms & conditions.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
We do not currently collect personal information for statistical analytics purposes.
When you use this website, the IP address of your internet connection (usually provided by your ISP) will be logged. This is deemed necessary in order to maintain the security of the website and services we offer. IP addresses may be retained in backup images of the server for a period of 6 months subsequent to the time they were recorded.
Who has access to your data
Which third parties we share your data with & where we send it
Your data may be shared with third parties when necessary to perform a service that you have requested from us. For example, if you purchase an item from our shop and choose to pay online, your payment data is shared with the payment gateway companies we use.
Organisations with whom we share your personal data may include:
- Manufacturers, to register Warranty entitlements
- Referrals to external companies, on request only
- Suppliers, for customer direct delivery arrangements
- Couriers, for goods deliveries
- Payment gateways, for processing of card payments
Your data may be sometimes be viewed by trusted contractors, consultants or IT service providers, who are providing service or working on our website or IT systems. These third-parties are registered with Information Commissioner's Office as Data Controllers, and have undertaken to treat personal information encountered during the course of service provision in accordance with their obligations as registered data controllers. In these cases, your personal data would only be processed by the third-parties for purposes directly related to providing service to us that is in the legitimate interests of our organisation (such as website maintenance, for example).
If your personal data is sent outside the UK for storage or processing, we will seek to ensure that it is only sent to organisations that have agreed to provide equivalent data protections as are required in UK and EU. For example, if sent to the USA, the controller and/or processor of that data would need to demonstrate compliance with the EU-US Privacy Shield arrangement. We do not currently transfer any personal data outside of the European Economic Area (EEA).
Currently, external companies and organisations with whom we share your data, or who may have access to your personal data as contractors, consultants or service providers, include:
How long we retain your data
We retain transaction and donation history for as long as is required for accounting and auditing purposes (typically 7 years), and for as long as considered to be in the legitimate interests of the organisation. Website backup data is stored as per our data backup retention policy (please see below).
How we store your data
- Online (live, public facing website): Data stored on secure UK based servers, on infrastructure of PCI compliant standard.
- Online (non-live, non-public-facing backup): Data stored on secure servers at a standards compliant UK based datacenter.
- Offline (locally at Topak Care Supplies Ltd offices): Data stored digitally on password protected systems with limited, controlled access. Paper records stored in a locked offices with limited, controlled access.
Data backup retention policy
Personal data stored on this website is also stored in our daily backup images of our web servers, which typically last for 6 months.
This data is kept in a "non-live" state and stored securely. If we need to restore our backups, we will undertake to ensure that any restored personal information is treated in accordance with the storage and retention policies as laid out in this document. Essentially, this means that if your data has been amended or erased from the 'live' website, then we would seek to ensure that data is also deleted from a backup in the unlikely event in which that backup had to be restored to a 'live' state.
What rights you have over your data
You are under no statutory or contractual requirement or obligation to provide us with your personal data. But failure to do so may result in us being unable to offer the following services:
- Any and all exemption to products available for VAT exemption
- Goods to be delivered to an address
- A history of goods purchased
- Registration of product warranties
You can request to receive an exported file of the personal data we hold about you on this website, including any data you have provided to us. You may also request a copy of any personal data we hold about you offline. You can also request that we erase any personal data we hold about you, both on this website and offline. This does not include any data we are obliged or entitled to keep for administrative, legal, financial, or security purposes, or for other legitimate interests of Topak Care Supplies Ltd.
To request access to and/or deletion of information we hold about you, please either write to us at Topak Care Supplies Ltd, Unit 1-2 Brookside Avenue, Rustington, West Sussex, BN16 3LF, or send an email to firstname.lastname@example.org.
After you have given your consent for us to use your personal information in a particular way, or to set non-necessary cookies on your device, you have the right to withdraw that consent at any time. To withdraw your consent to use non-necessary cookies, simply remove all cookies set by topak.co.uk from your devices. To withdraw your consent to use personal information, please contact email@example.com.
Your contact information
We may store your contact information on this website for the purpose for which it was provided.
For example, we store the names, email addresses and postal addresses of form submissions, in order to answer enquires, or service orders.
You have the right to request amendment or deletion of your contact information at any time. To do so, please email firstname.lastname@example.org
How we protect your data
Our secure UK based web servers are kept patched and up-to-date and the infrastructure is rated as PCI compliant standard.
Website backups are stored securely, in a UK based datacenter.
What data breach procedures we have in place
In the event of becoming aware of a data breach, we would seek to establish what data has been exfiltrated and to inform the subjects of that data as soon as reasonably possible. We would also try to inform the Data Commissioner's Office with 72 hours of becoming aware of a data breach. We would then take measures as are deemed appropriate to determine what happened and to make the required technical, process and policy changes as are considered necessary to minimise the likelihood of the same thing happening again.
Anyone with any information about a possible data breach, or a security vulnerability in our systems, should contact email@example.com.
What third parties we receive data from
We are occasionally passed your personal data from Healthcare Professional across West Sussex in both the public and private sector, where the individual has been recommended our services.
What automated decision making and/or profiling we do with user data
We do not currently use any automated decision making.
Industry regulatory disclosure requirements
We may disclose any and all personal information that we store if required to do so under UK law.
- Data controller - A controller determines the purposes and means of processing personal data.
- Data processor - A processor is responsible for processing personal data on behalf of a controller.
- Data subject – Natural person
- Personal data - The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier (as explained in Article 6 of GDPR). For example name, passport number, home address or private email address. Online identifiers include IP addresses and cookies.
- Special categories personal data - The GDPR refers to sensitive personal data as ‘special categories of personal data’ (as explained in Article 9 of GDPR). The special categories specifically include genetic data, and biometric data where processed to uniquely identify an individual. Other examples include racial and ethnic origin, sexual orientation, health data, trade union membership, political opinions, religious or philosophical beliefs.
- Processing - means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- Third party - means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Terms & Conditions
For terms and conditions for the usage of this website and it's services, please tap here.
How to make a complaint
To make a complaint, in the first instance please contact Gary Cooke of Topak Care Supplies Ltd, Unit 1-2 Brookside Avenue, Rustington, West Sussex, BN16 3LF, 01903 783000, or email firstname.lastname@example.org
If this does not resolve your complaint to your satisfaction, you have the right to lodge a complaint with the Information Commissioners Office on 03031231113 or via email https://ico.org.uk/global/contact-us/email/ , or by writing to: The Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, England.