Skip to content
Software of Excellence

Privacy Policy

HENRYSCHEIN ONE UK LIMITED

PRIVACY POLICY 

Henry Schein One UK Limited (“we”, “us”, “HS1UK”) is committed to protecting and respecting your personal data. This privacy policy will inform you as to how we look after your personal data and tell you about your privacy rights and how the law protects you.

Personal data means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, generic, mental, economic, cultural or social identity of that natural person.

TOPICS COVERED BY THIS POLICY 
  1. Purpose of this privacy policy.
  2. Information we collect from you.
    o Information you give us.
    o Information we collect about you.
    o Information we receive from other sources.
  3. Cookies.
  4. Uses made of the information.
    o Generally.
    o Specifically.
    o Marketing.
    o Change of purpose.
  5. Disclosure of your information.
  6. International transfers.
    o Where we store your personal data.
    o Where we store patients’ personal data.
    o Protection.
    o Impact of Brexit.
    o EU Standard Contractual Clauses.
  7. Data security.
  8. How long do we keep hold of your information?
  9. Your legal rights.
  10. Links to other websites.
  11. Our policy towards children.
  12. Changes to privacy policy and your duty to inform us of changes.
  13. How to contact us.

 

1. PURPOSE OF THIS PRIVACY POLICY

This policy together with our general terms and conditions (available from https://softwareofexcellence.co.uk/legal-documents) for the supply of products and services and where applicable, any supplementary terms and conditions relating to specific products and/or services (together referred to as the “Terms and Conditions”) apply to:

  • your use of our website http://softwareofexcellence.com (“Website”); 
  • your use of our software application(s), standard link button(s) or other interface(s) developed, owned or operated by us or other third parties (“Applications”); and/or
  • any correspondence with us by phone, e-mail or otherwise. 

This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us via any of the services accessible through our Website and/or Applications (“Services”), unless we expressly state that a separate privacy policy applies to a particular Service, in which case that privacy policy only applies.

We will only process personal data for the specific purposes set out in this policy or for any other purposes specifically permitted by the applicable data protection legislation and will only process such data in accordance with the requirements of the applicable data protection legislation.

Please read the following carefully to understand our views and practices regarding personal data and 
how we will treat it. 


2. INFORMATION WE COLLECT FROM YOU

We will collect and process the following data about you and/or patients (as the case may be):

Information you give us: This is information about you or patients that is given to us when you fill in forms on our Website, utilise our Services or correspond with us by phone, e-mail or otherwise. It includes information you provide when you register to use our Services and when you report a problem with our Services. The information you give us may include your or patients’ name, address, e-mail address and phone number, date of birth, username, password and other registration information, financial, credit card and other payment information and other personal or medical information required to enable us to provide our Services. 
 
We may monitor, record, store and use any telephone, email or other communication with you in order to check any instruction given to us, for training purposes, for crime prevention and to improve the quality of our Services.

Information we collect about you: With regard to each of your visits to our Website and/or your use of our Applications, we will automatically collect the following information:

  • technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information to access HS1UK’s products and/or services, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, the type of device you use;
  • information about your visit and use of any of the Services including, but not limited to the full Uniform Resource Locators (URL), clickstream to, through and from our Website (including date and time), products you viewed or searched for page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call our customer service number.


Information we receive from other sources: This is information we receive or collect about you if you use any of the other websites we operate or the other services we provide or from third party software or sources to demonstrate our products and/or services.

3. COOKIES

We use cookies to distinguish you from other users of our Services. This helps us to provide you with a good experience when you use our Services and also allows us to improve our Services. For detailed information on the cookies we use on our company website and the purposes for which we use them, please see our company website cookie policy (available from https://softwareofexcellence.co.uk/legal-documents).

Where products have a web interface, further product specific cookie policies can apply and are displayed in situ with the product.

You can also set your browser not to accept cookies. However should you choose to block “essential” cookies some Website features may not be fully functional as a result.

4. USES MADE OF THE INFORMATION
Generally

We will only use your or patients’ personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Where we need to perform the contract we are about to enter into or have entered into with you or to take steps at your request before entering into such a contract.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Where we need to comply with a legal or regulatory obligation. 

Generally, we do not rely on consent as a legal basis for processing your personal data other than in relation to sending direct marketing communications to you via email or text message..

You have the right to withdraw consent to marketing at any time by contacting us contactus@soeuk.com. Please note that we need up to 30 working days to update our systems and for your opt-out to take effect.

Specifically

We use information held about you in the following ways:

Purpose / activity Type of data Lawful basis for processing including basis of legitimate interest
To register you as a new customer.  Name, postcode, email address and telephone number.  Performance of any contract we enter into with you or for the taking of steps at your request with a view to entering into a contract. 

To carry out our obligations arising from any contracts entered into between you and us or you and a patient (as the case may be) and to provide you with the information, products and services that you request from us including:

(a) allowing you to participate in interactive features of our Services, when you choose to do so;

(b) managing and processing payments, fees and charges; and

(c) collecting and recovering money owed to us. 

Name, postcode, email address and telephone number.

Bank account and payment card details.

Details about payments to and from you and other details of products and services you have purchased from us.

Your preferences in receiving marketing from us and our third parties and your communication preferences.

(a) Performance of any contract we enter into with you or for the taking of steps at your request with a view to entering into a contract.

(b) Necessary for our legitimate interests (to recover debts due to us). 

To manage our relationship with you which will include:

(a) notifying you about changes
to our Terms and Conditions or privacy policy;

(b) asking you to leave a review or take a survey;

(c) notifying you about changes
to our Services;

(d) improving our products and services; and

(e) answering any enquiry you make. 

Name, postcode, email address and telephone number.

Your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.

Your preferences in receiving marketing from us and our third parties and your communication preferences. 

(a) Performance of any contract we enter into with you or for the
taking of steps at your request
with a view to entering into a contract.

(b) Necessary to comply with a legal obligation.

(c) Necessary for our legitimate interests (to keep our records
updated and to study how customers use our products/services). 

(a) To provide you with information about other products and services we offer that are similar to those that you have already purchased or enquired about or to make suggestions and recommendations to you and other users of our Services about products or services that may interest you or them.

(b) To demonstrate our products
and/or services and provide information about products and/or services that we feel may be of interest to you with a view to entering into a contract with you. 

Name, postcode, email address and telephone number.

Internet protocol (IP) address, 
your login data, browser type 
and version, time zone setting 
and location, browser plug-in 
types and versions, operating 
system and platform and other 
technology on the devices you 
use to access the Services. 
Information about how you use 
our Services.

Your username and password, 
purchases or orders made by 
you, your interests, preferences, feedback and survey responses. 

 Necessary for our legitimate 
interests (to develop our 
products/services and grow our 
business). 
To enable third parties to carry 
out technical, logistical or other 
functions on our behalf. 

Name, postcode, email address 
and telephone number.

Your username and password, 
purchases or orders made by 
you, your interests, 
preferences, feedback and 
survey responses.

Your communication 
preferences.

Internet protocol (IP) address, 
your login data, browser type 
and version, time zone setting 
and location, browser plug-in 
types and versions, operating system and platform and other 
technology on the devices you 
use to access the Services 

(a) Performance of any contract 
we enter into with you or for the 
taking of steps at your request 
with a view to entering into a 
contract.

(b) Necessary to comply with a 
legal obligation.

(c) Necessary for our legitimate 
interests (for running our 
business, provision of 
administration and IT services). 

(a) To administer and protect our business, our Services and for internal operations (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data and research, statistical and survey purposes).

(b) To improve our Services to ensure that content is presented in the most effective manner for you and for your computer.

(c) As part of our efforts to keep
our Services safe and secure.

(d) To measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you.


(e) To deliver relevant Website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you. 

Name, postcode, email address and telephone number.

Internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access the Services.

Information about how you use
our Website, products and services.

Your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses. 

(a) Necessary for our legitimate 
interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise and study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy).

(b) Necessary to comply with a legal obligation. 
Marketing

We would like to send you information about products and services we offer and other companies in the Henry Schein Inc. Group which may be of interest to you. You will receive marketing communications from us if you have requested information from us or purchased products or services from us and you have not opted out of receiving that marketing.

If you do not want us to use your data in this way, please tick the relevant box situated on the form on which we collect your data or click here [contactus@soeuk.com].

If you have consented to receive marketing, you may opt out at a later date. You have a right at any time to stop us from contacting you for marketing purposes or giving your information to other members of the Henry Schein Inc. Group. If you no longer wish to be contacted for marketing purposes, please click here [contactus@soeuk.com].We will get your express opt-in consent before we share your personal data with any company outside the Henry Schein Inc. Group of companies for marketing purposes.

Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us at ukdpo@henryscheinone.com.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

5. DISCLOSURE OF YOUR INFORMATION

You agree that we have the right to share your personal information with the recipients referred to below for the purposes set out in the table above (under the heading ‘Uses made of the information’).

Where this is necessary, you will need to ensure that you have all necessary appropriate consents and notices in place as required by the data protection legislation to enable the lawful transfer of personal data (including special categories of personal data) to us and third parties that we work with to provide our Services for the duration and purposes of the contract between us, so that we and the third parties we work with may lawfully use, process, store and transfer the personal data and special categories of personal data in accordance with the contract on your behalf.

Where it is necessary for us to share your or patients’ personal information:

  • we shall enter or (as the case may be) will enter into a written agreement with the third–party recipient which is consistent with this policy and satisfies the requirements of the applicable data protection legislation; and 
  • we require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

The recipients of your personal information include:

  • any member of the Henry Schein Inc. Group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006. This is necessary for our legitimate interests for running our business, to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy;
  • selected third parties including: 
Recipient Category of data Purpose
Banking services Name, postcode, email address, banking details  Processing of payments in the performance of our contract with you 
Business partners, suppliers or sub-contractors  Business entity information Performance of any contract we enter into with you or for the taking of steps at your request with a view to entering into a contract 
Credit reference agencies Name, address, date of birth, business entity information  Assessing your credit score which may be a condition of us entering into a contract with you, for fraud prevention and/or to pursue debtors which is necessary for our legitimate interests 
Analytics and search engine providers  Aggregate anonymised information about users of our Services 

Improvement and optimisation of our Services which is necessary:

(a) for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business 
reorganisation or group restructuring exercise and study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy);

(b) to comply with a legal obligation. 
Legal counsel Name, address, business entity 

Supporting HS1UK investigations which are necessary for:

(a) any contract we enter into with you or for the taking of steps at your request with a view to entering into a contract;

(b) to comply with a legal obligation;

(c) our legitimate interests (for running our business, provision of administration and IT services). 

 

The recipients of patient personal data include : 
 

Legal counsel

(i) Patient’s name and address

(ii) Any information relating to the 
patient including clinical or medical data where anonymisation and aggregation is not appropriate. 

Supporting HS1UK investigations which are necessary for:

(a) any contract we enter into with you or for the taking of steps at your request with a view to entering into a contract;

(b) to comply with a legal obligation;

(c) our legitimate interests (for running our business, provision of administration and IT services); and

(d) exercising or defending legal claims. 

 

We will also disclose your or patients’ personal information to third parties:

  • in the event we undertake a business transfer or corporate reorganisation, in which case your or patients’ personal data may form part of that transfer or reorganisation;
  • if either Henry Schein Inc. or Henry Schein One UK Limited or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets;
  • if we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation or request;
  • in order to:
    • enforce or apply the Terms and Conditions and other agreements or to investigate potential breaches; or
    • protect the rights, property or safety of the Henry Schein Inc. Group including Henry Schein One UK Limited, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction. 

6. INTERNATIONAL TRANSFERS
Where we store your personal data

Some or all of the data that we collect from you may be transferred to, processed and stored at, a destination outside the UK / European Economic Area (“EEA”). This may be necessary in order for you to use the Products and/or Services in accordance with the contract between us and/or to enable HS1UK to discharge its obligations under the contract. Such data may also be processed by staff operating outside the UK/EEA who work for us or for one of our business partners, suppliers or subcontractors. These staff may be engaged in the fulfilment of the Services, booking of appointments, the processing of your payment details and the provision of support services. By submitting personal data, you agree to this transfer, storing or processing.

Where we store patients’ personal data

The majority of the patient data that we collect will be processed and stored at, a destination inside the EEA, the UK or countries, such as New Zealand, who are recognised by the European Commission as having equivalent data protection standards.

Occasionally we may introduce optional products where we cannot ensure that patient data remains inside the UK/EEA area. In these circumstances, we will ensure that the amount of personal information exposed is minimised. It may also be processed by staff operating outside the EEA including the UK who work for us or for one of our business partners, suppliers or sub-contractors. 


These staff are engaged in the fulfilment of the Services, booking, the processing of your payment details and the provision of support services.

By submitting patients’ personal data, you shall ensure that you are entitled to transfer any patients’ personal data to us and third parties that we or the third party may lawfully use, process and transfer the personal data in accordance with this policy on your behalf. You shall also ensure that all patients have been informed of, and have given their consent to such use, processing and transfer as required by the applicable data protection legislation.

Protection

We will take all steps reasonably necessary to ensure that your and patients’ data is treated securely and in accordance with this privacy policy and the applicable data protection legislation.

Whenever we transfer your and patients’ personal data out of the UK/EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • we will only transfer personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission; 
  • we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.

Please contact us at ukdpo@henryscheinone.com, if you want further information on the specific mechanism used by us when transferring your personal data out of the UK/EEA.

Impact of Brexit 

The UK formally left the EU on the 31st January 2020.

Data Adequacy between EU states and the UK was established on the 28th June 2021, this means that data can freely flow between entities based in the EU and the UK.

For further details please see https://ec.europa.eu/commission/presscorner/detail/ro/ip_21_3183

7. DATA SECURITY

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place policies and procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

8. HOW LONG DO WE KEEP HOLD OF YOUR INFORMATION?

We will not hold onto your or patients’ personal data for longer than is necessary for the purpose for which it was collected including for the purposes of satisfying any legal, accounting, reporting, and support or conversion requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

By law we have to keep basic information about our customers (including contact, identity and financial information and transaction data) for six years after they cease being customers for tax purposes.

In some circumstances you can ask us to delete your data: see [Request Erasure] below for further information.

In some circumstances we may anonymise the personal data of you and/or your patients (so that it can no longer be associated with you or your patients) for market research or statistical purposes. We do this to better understand your usage of our products. In such cases we may use this information indefinitely without further notice to you or your patients. We refer to this data as “Operational Data”.

We will take all reasonable steps to destroy or erase from our system, all data which is no longer 
required.

9. YOUR LEGAL RIGHTS

You have certain rights under data protection legislation including the following:

  • Request access: to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
  • Request correction: of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
  • Request erasure: of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
  • Object to processing: of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
  • Request restriction of processing: of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data's accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
  • Request the transfer: of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
  • Withdraw consent at any time: where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you.

We will advise you if this is the case at the time you withdraw your consent. If you wish to exercise any of the rights set out above, please contact us at ukdpo@henryscheinone.com

  • Right to lodge a complaint with a supervisory authority: You have the right to make a complaint at any time to an appropriate supervisory authority, such as the Information Commissioner's Office (“ICO”), the UK supervisory authority for data protection issues (www.ico.org.uk)
  • We would, however, appreciate the chance to deal with your concerns before you approach the supervisory authority, so please contact us in the first instance.
No fee usually required

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Time limit to respond

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than 
a month if your request is particularly complex or you have made a number of requests. In this case, 
we will notify you and keep you updated.

10. LINKS TO OTHER WEBSITES

Our Services may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates (including, but not limited to, websites on which our Services are advertised). If you follow a link to any of these websites, please note that these websites and any services that may be accessible through them have their own privacy policies and that we do not accept any responsibility or liability for these policies or for any personal data that may be collected through these websites or services, such as contact and location data. Please check these policies before you submit any personal data to these websites or use these services.

11. OUR POLICY TOWARDS CHILDREN

Our Services are not directed to children. We do not knowingly collect personal data from children. If a parent or guardian becomes aware that his or her child has provided us with personal data without their consent, please contact us. If we become aware that a child has registered for a service and has provided us with personal data, we will delete such information from our files.

Whilst this policy excludes children from registering for the supply of one of our Services it does not restrict use of children’s data in the context of a child being a data subject of an Henry Schein One UK Ltd service (i.e. in the context of the child being a patient at a customers practice).

12. CHANGES TO PRIVACY POLICY AND YOUR DUTY TO INFORM US OF CHANGES

Any changes we may make to our privacy policy in the future will be posted on this page or, where appropriate, when you next start the Application or log onto the Website. The new terms may be displayed on-screen and you may be required to read and accept them to continue your use of the applicable Service. This privacy policy was last updated on the date shown in the document footer. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

13. HOW TO CONTACT US

Henry Schein One UK Ltd is a company incorporated in England and Wales with company number 02940919 whose registered office is at Medcare South Bailey Drive, Gillingham Business Park, Gillingham, Kent, ME8 0PZ, England.

We have appointed a data protection officer (“DPO”) who is responsible for overseeing questions in relation to this privacy policy. If you have any questions about this privacy policy, including any requests to exercise your legal rights, please contact the DPO using the details set out below. If you have any concerns or questions about how your personal data is used, please contact us:

By post: by writing to The Data Protection Officer at Henry Schein One UK Ltd, Medcare South Bailey Drive, Gillingham Business Park, Gillingham, Kent, ME8 0PZ, England;

or

By email: by emailing us at ukdpo@henryscheinone.com.

If you are based in the EU you may in addition, or instead, wish to contact our appointed EU Representative ( see General Data Protection Regulation, Art 27 )

By post: by writing to Henry Schein Services GmbH, Monzastraße 2a, 63225 Langen, Germany; (FAO : Director Data Protection Europe)

By email: by emailing EU-Representative@henryschein.com

Document Version: 1.5
Release Date: 01/04/2024