Medray Imaging Systems Limited and Medray (UK) Limited “we”, “us” “our” or "Medray" is committed to protecting your privacy. The data controller for personal data relating to our Irish operations and our website is Medray Imaging Systems Limited ("Medray Ireland"), and the data controller for other personal data which relates to our operations in the UK is Medray (UK) Limited ("Medray UK"). This Privacy Statement tells you about your privacy rights and sets out how we, as a Data Controller, collect and process personal data about:
- visitors to our websites;
- individuals who apply for jobs via our contact details on our website;
- individuals who we communicate or interact with in the course of the provision of our services;
- individuals whose personal data is provided to us in connection with the provision of our services, whether directly or indirectly;
- individuals who attend events we organise; and
- individuals who are employed or engaged by suppliers of goods or services or parties tendering goods or services.
Information we collect
In carrying out our business, we may also receive personal data directly and indirectly, including from customers and clients, prospective customers and clients and suppliers, and publicly accessible sources. Categories of such personal data includes: contact information such as full name, work email address, work mobile telephone number, the business that you work for, your profession, job title and role, any information provided as part of a credit trade reference, payment data such as banking details (including credit / debit card numbers, security code numbers and other related billing information).
If you do not provide us with personal data we request, we may not be able to provide you with our services or respond to any questions or requests you submit to us via our website, by telephone, email or in writing. We will tell you when we ask for personal data whether it is a contractual requirement or needed to comply with our legal obligations.
How we use personal data we collect
We will only use your personal data for the purposes and legal bases set out in the table below:
Type of Personal Data
Lawful basis of processing
To provide our products and services, and manage our relationship with you, including:
Legitimate interests: managing our business and our customer relationships.
Marketing about our products, services and events, including:
Legitimate interests: promoting and improving our products and / or services; identifying ways to expand our business; receiving feedback from our clients.
To operate our website:
Our strictly necessary cookies collect:
Legitimate interests: collection of strictly necessary cookies, that are required to operate the website efficiently.
To maintain and improve our website, in particular the information we provide about our services and to increase the number of people finding our website:
Other optional cookies process the following personal data:
Consent: we rely on your clicking 'accept' in respect of these types of cookies.
For the purpose of responding to a binding request from a public authority or court
The categories of personal data specified in a court order received by Medray.
Compliance with a legal obligation: based on the specific request, and the legislation under which it is made.
Transferring information to third parties, including to our customers and service providers.
Performance of a contractual obligation: where applicable Medray processes personal data in order to fulfil our contract with you, if our relationship is with an individual.
Legitimate interests: where applicable, Medray processes personal data in order to further and protect Medray's business interests and efficiently carry out our business, if our relationship is with a company.
Recruitment and selection of Candidates
- Reviewing job applications and CVs
- Arranging interviews
- Preparing interview notes
Legitimate interests: conducting a robust employee selection and hiring process protecting Medray assets and employees; to ascertain a candidate’s suitability for a specific role.
Managing the goods and services we receive (including contract management, managing security and access to our systems and premises, payment of invoices and assessment of our suppliers or parties who tender to provide goods or services to us)
Legitimate interests: where applicable, Medray processes personal data in order to further and protect Medray's business interests and efficiently carry out our business.
We will retain your personal data only for as long as necessary for the purposes for which it was collected; as required by law, and for the exercise and defence of legal claims that may be brought by or against us. In particular, If you do not become a customer, we will keep this information for a period of five (5) years after the date we first contact you, if you become a customer, we will keep it for seven (7) years after you place an order, close, or cease activity on your account. Supplier information is kept for six (6) years following the placement of our last order.
We will retain personal data about job applicant candidates for no more than one year. Any health data collected in the context of managing health epidemic or pandemics will only be retained for so long as is necessary and updated from time to time in line with legal requirements and best practice.
Disclosure of your information
We may disclose your personal data to:
- A third party who provides a service to us, such as information technology, payment technology and information service providers (Online payment services are provided by Pay and Shop Limited, trading as Global Payments using their hosted payment solution. Global Payments will process your personal information as a data controller. Their privacy statement can be found within their payment applications)
- A third party where we are under a duty to disclose or share your personal data in order to comply with any legal obligation or court order
- A prospective seller or buyer of any of our assets or business
- A third party where it is necessary to protect the vital interests of the data subject or another natural person
- A third party who tenders to us or provides services or goods to us that you purchase from us
- Delivery service providers who deliver products on our behalf
- Professional and other third-party advisers
To the limited extent that it is necessary to transfer personal data outside of the EEA, we will ensure appropriate safeguards are in place to protect the privacy and integrity of such personal data, including standard contractual clauses under Article 46.2 of the GDPR or an adequacy decision under Article 45 for the GDPR. Please contact us if you wish to obtain information concerning such safeguards (see Contact Us below).
Links to other websites
Our website may, from time to time, contain links to and from other websites. If you follow a link to any of those websites, please note that those websites have their own privacy policies, and we do not accept any responsibility or liability for those policies. Please check those policies before you submit any personal data to those websites.
You have the right to request access to, rectification, or erasure of your personal data, or restriction of processing or object to processing of your personal data, as well as the right to data portability. In each case, these rights are subject to restrictions as laid down by law. The following is a summary of your rights:
- The right of access enables you to receive a copy of your personal data
- The right to rectification enables you to correct any inaccurate or incomplete personal data we hold about you
- The right to erasure enables you to ask us to delete your personal data in certain circumstances
- The right to restrict processing enables you to ask us to halt the processing of your personal data in certain circumstances
- The right to object enables you to object to us processing your personal data on the basis of our legitimate interests (or those of a third party)
- The right to data portability enables you to request us to transmit personal data that you have provided to us, to a third party without hindrance, or to give you a copy of it so that you can transmit it to a third party, where technically feasible.
You have the right to lodge a complaint with the Data Protection Authority, in particular in the Member State of your residence, place of work or place of an alleged infringement, if you consider that the processing of your personal data infringes the GDPR. In Ireland, this is the Data Protection Commission. If you are based in the UK, or you would prefer to complain to the Information Commissioners Office, this can be done through their website available here. We have appointed Medray Ireland as the EU Representative on behalf of Medray UK.
You also have the right to withdraw your consent to our processing of your personal data at any time (without affecting the lawfulness of processing based on consent before its withdrawal), in circumstances where we rely on this legal basis to process your data.
If you wish to exercise any of these rights, please contact us (see Contact Us below). We will respond to your request within one month. That period may be extended by two further months where necessary, taking into account the complexity and number of requests. We will inform you of any such extension within one month of receipt of your request. We may require proof of identification to verify your request. We have the right to refuse your request where there is a basis to do so in law, or if it is manifestly unfounded or excessive.
Security and where we store your personal data
We are committed protecting the security of your personal data. We use a variety of technologies and procedures to help protect your personal data from unauthorised access and use. As effective as modern security practices are, no physical or electronic security system is entirely secure. We cannot guarantee the complete security of our database, nor can we guarantee that information you supply will not be intercepted while being transmitted to us over the internet. Any transmission of personal data is at your own risk. We have implemented strict internal guidelines to ensure that your privacy is safeguarded at every level of our organisation. We will continue to revise policies and implement additional security features as new technologies become available.
Changes to this Privacy Statement
We reserve the right to change this Privacy Statement from time to time at our sole discretion. If we make any changes, we will post those changes here and update the “Last Updated” date at the bottom of this Privacy Statement. However, if we make material changes to this Privacy Statement, we will notify you by means of a prominent notice on the website prior to the change becoming effective. Please review this Privacy Statement periodically for updates.
Questions, comments, requests and complaints regarding this Privacy Statement and the personal data we hold are welcome, and should be addressed to firstname.lastname@example.org or sent in writing to:
For Medray Ireland: Unit 2B, South West Business Park, Cheeverstown, Dublin 24, D24 NC8Y, Ireland.
For Medray UK: Unit 1, Chalfont House Boundary Way, Hemel Hempstead Industrial Estate, Hemel Hempstead, England, HP2 7SJ, United Kingdom.
All requests will be dealt with promptly and efficiently.
Last Updated: 26th November 2023