Privacy Policy

Website: www.lawmed.co.uk
Last updated: 30 April 2026

Introduction

Lawmed Ltd (“we”, “us”, “our”) is a UK-based medical device distributor.

We are committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and applicable privacy legislation.

This Privacy Policy explains how we collect, use, store, and protect your personal data when you interact with our website or business.

Data Controller

Lawmed Ltd is the data controller responsible for your personal data.

Contact details:

Email: en*******@*******co.uk
Telephone: +44 (0) 1932 260 838
Address: Building 5, The Heights, Wellington Way, Weybridge, KT13 0NY, UK

Scope of This Policy

This Privacy Policy applies to:

  • Website visitors
  • Individuals submitting enquiries
  • Healthcare professionals and NHS contacts
  • Business customers and suppliers
  • Job applicants and individuals submitting CVs for current and future opportunities

Information We Collect

We may collect the following personal data:

  • Name
  • Job title
  • Organisation name
  • Email address
  • Telephone number
  • Enquiry and correspondence details
  • Technical data (IP address, browser type, device information)

We do not intentionally collect special category (sensitive) data.

How We Collect Your Data

We collect personal data through:

  • Website enquiry forms
  • Email and telephone communications
  • Business meetings and events
  • Website interactions

NHS & Healthcare Compliance Context

Where we engage with NHS Trusts, healthcare providers, or public sector organisations, we apply appropriate data protection and governance standards aligned with UK GDPR principles and recognised healthcare procurement expectations, including proportionate alignment with NHS Data Security and Protection Toolkit (DSPT) principles.

We apply data minimisation and only collect personal data that is necessary for:

  • Responding to clinical, procurement, or technical enquiries
  • Managing business communications
  • Fulfilling contractual obligations

Use of monday.com and Data Hosting

We use monday.com to manage and process enquiry submissions.

monday.com operates on AWS infrastructure, and data processed through our systems is stored within the European Union (EU).

monday.com acts as a data processor and processes data on our behalf under appropriate contractual and security safeguards.

We apply additional safeguards including:

  • Role-based access controls
  • Secure authentication mechanisms
  • Access logging and audit trails
  • Restricted internal access on a need-to-know basis

Recruitment Data Processing

If you apply for a role or submit your CV to us, your personal data will be used to assess your suitability for employment opportunities.
Your information may be shared internally with relevant hiring managers and personnel involved in the recruitment process on a strict need-to-know basis.
We may use secure recruitment systems, such as Employment Hero, to manage applications and restrict access to authorised personnel only.

Legal Basis for Processing

We process personal data under the following lawful bases:

  • Legitimate interests– to respond to enquiries, manage relationships, and operate our business
  • Contractual necessity– to take steps prior to entering into or performing a contract
  • Legal obligation– to comply with applicable laws and regulatory requirements
  • Consent– where required for marketing communications

Each processing activity is assessed to ensure an appropriate lawful basis under UK GDPR.

Data Sharing

We may share personal data with:

  • IT and system providers (includingcom)
  • Professional advisers (legal, accounting, compliance)
  • Hosting and technical service providers
  • Regulatory authorities where required by law
  • Internal staff involved in recruitment processes (e.g., hiring managers)

We do not sell personal data.

All third parties are required to process data securely and in accordance with applicable data protection laws.

International Transfers

Where personal data is transferred outside the UK or European Economic Area (EEA), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or equivalent legal protections.

Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected, including to manage ongoing business relationships and meet legal, regulatory, and operational requirements. Business records may be retained for up to 6 years where relevant to contractual or legal obligations.

Recruitment Data Retention: For job applicants and individuals submitting CVs (including speculative applications), we retain personal data for up to 12 months from the date of submission or last interaction, for the purpose of considering candidates for current and future opportunities.
After this period, personal data will be securely deleted unless we have obtained your explicit consent to retain your information for a longer period as part of a talent pool for future roles.
You may withdraw your consent at any time by contacting us.

Data Security

We implement appropriate technical and organisational measures to protect personal data, including:

  • Access controls
  • Secure cloud-based systems
  • Staff confidentiality obligations
  • Controlled and audited data access

Your Data Protection Rights

Under UK GDPR, you have the right to:

  • Access your personal data
  • Request correction of inaccurate data
  • Request deletion of your data
  • Object to processing
  • Restrict processing
  • Request data portability

To exercise your rights, please contact us using the details above.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO.

Cookies

We use cookies and similar technologies to ensure website functionality and improve user experience.

For detailed information about the cookies we use, including how to manage or withdraw consent, please refer to our separate Cookie Policy.

Where required, non-essential cookies are only used with user consent in accordance with PECR.

Changes to This Policy

We may update this Privacy Policy from time to time. The latest version will always be published on our website a revised “Last updated” date.

Scroll to Top

Use our search bar below

Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors