The Toxic Shock Syndrome Information Service (TSSIS) is an independent service funded by The Absorbent Hygiene Products Manufacturers Association (AHPMA / we / our / us) and AHPMA runs and administers the website www.toxicshock.com. AHPMA is the trade association which represents the UK manufacturers of disposable nappies, feminine hygiene products and continence care products. The TSSIS has an independent medical panel which oversees all TSSIS activities.

This privacy and cookies policy sets out the basis on which any personal data we collect from you when you interact with us, or that is provided by you through your use of our website, will be processed by us. We take your privacy very seriously and are committed to protecting and respecting your privacy.

If you wish to contact us regarding this privacy and cookies policy, please contact us using the contact details set out here. AHPMA is the data controller. Our registered office is at Brook House, Mint Street, Godalming, Surrey, GU7 1HE.

This privacy and cookies policy does not apply to websites that you may be able to access via links on the website. Please ensure you review any relevant policies on any third party websites before proceeding.

Please read the following carefully to understand our policies and practices regarding your personal data and how we will treat it.

TOPICS COVERED

  • DATA WE COLLECT FROM YOU AND SOURCES OF THAT DATA
  • PURPOSE AND LEGAL BASIS FOR PROCESSING YOUR DATA
  • DISCLOSURE OF YOUR PERSONAL DATA
  • WHERE WE STORE YOUR DATA
  • SECURITY
  • RETAINING PERSONAL DATA
  • YOUR RIGHTS
  • COOKIES
  • CHANGES TO THE PRIVACY AND COOKIES POLICY
  • HOW TO CONTACT US

DATA WE COLLECT FROM YOU OR ABOUT YOU AND OUR SOURCES OF THAT DATA

We will collect the following data about you:

Data you give us. You may give us data about you:

  • when you fill out the contact us form via the website;
  • when you report a problem with the website;
  • when you provide us with feedback, opinions and/or comments regarding the website; and
  • if you contact or correspond with us (for example, by phone, e-mail or otherwise) for any other reason (for example, to request further services from us).

Data we collect about you. We will automatically collect the following:

  • when you use the website, details of your usage (including the date, time, location or duration of the usage);
  • if you visit the website, certain technical information, for example, the type of device (and its unique device identifier) you use to access the website, the Internet protocol (IP) address used to connect your device to the Internet, browser type and version, time zone setting, browser plug-in types and versions, operating system, mobile network information and platform; and
  • information about your visit to the website including the full Uniform Resource Locators (URL), clickstream to, through and from the website (including date and time), pages you viewed, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.

PURPOSE AND LEGAL BASIS FOR PROCESSING YOUR DATA

We will process the personal data held about you for the purposes stated below:


Purpose of processing

Type of personal data

Legal basis for processing

To answer any query you submit using the contact us form via the website

Your name, email address and information about the issue raised (which may, for example, include sensitive information about your health)

Legitimate Interest - to respond to the query you have submitted; or

Consent - if the content contains sensitive personal data (e.g. about your health)

To share your personal data with AHPMA and our medical panel, to respond to any request from you for expert advice

Your name, email address, information about the issue raised any other personal data you may give us when you contact us (which may, for example, include sensitive information about your health)

Legitimate Interest - to respond to the query you have submitted; or

Consent - if the content contains sensitive personal data (e.g. about your health)

To deal with any enquiries, correspondence, concerns or complaints you have raised about our organisation or our website

Your name, email address, information about the issue raised any other personal data you may give us when you contact us (which may, for example, include sensitive information about your health)

Legitimate Interest - to allow us to improve our services and the content on the website

Consent - if the content contains sensitive personal data (e.g. about your health)

To ensure that the website is presented in the most effective manner for you and for your device

The technical information as mentioned above

Legitimate Interest - to allow us to present the website better

For our internal operations, including data analysis, testing, research, statistical purposes and troubleshooting

The technical information as mentioned above

Legitimate Interest - to better understand users of the website and to improve the website

As part of our efforts to keep the website safe and secure

The technical information as mentioned above

Legitimate Interest - to improve and ensure the safety of the website

Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you.

Where we have a legal basis to use your personal data without consent (as we have described above), this policy fulfils our duty to process personal data fairly and lawfully and in a manner that you would expect given the nature of our relationship with you, by giving you appropriate notice and explanation of the way in which your personal data will be used.

  • Where consent is required for our use of your personal data as described above (for example, if you provide sensitive personal data to us), we will request your consent. Typically, we would collect your consent by giving you the ability to perform an action such as ticking the appropriate consent box or otherwise communicating your consent to us (for example, by email or by you providing us with non-mandatory information).
  • You can always change your mind about our processing of your personal data. If you change your mind please contact us using the details set out below.

DISCLOSURE OF YOUR PERSONAL DATA

We may share your personal data with selected third parties in accordance with this policy, including:

  • service providers (for example, IT services), business partners, suppliers and sub-contractors for the performance of any contract we enter into with you, but also when providing you with our communications;
  • AHPMA and our medical panel to fulfil your request for information;
  • government or other law enforcement agencies, in connection with the investigation of unlawful activities or for other legal reasons (this may include your location information);
  • professional advisers including doctors, lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services; and
  • if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce any contract between you and us; or to protect the rights, property or safety of us, our members and others.

WHERE WE STORE YOUR PERSONAL DATA

All information you provide to us or that we collect from you is stored on our secure servers or on the servers of our respective hosting service providers, which we may change from time to time. Where you have submitted a medical enquiry we may share your personal data with doctors located outside the European Economic Area (EEA). Therefore, the information that we collect from you may be transferred to, and stored at, a destination outside the EEA.
Whenever we transfer your personal data out of the EEA, we ensure that a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • We transfer your personal data to countries that have been deemed by the European Commission to provide an adequate level of protection for personal data (known as an adequacy decision). To find out which countries are covered by this, please see here.
  • Where there is no adequacy decision by the European Commission for a country outside the EEA (which means it is not deemed to provide an adequate level of protection for your personal data), we ensure that your personal data receives an adequate level of protection by the persons to whom it is transferred. We do this in one or both of the following ways:
    • use of the EU-US Privacy Shield;
    • securing agreement to the EU standard contractual clauses.

If you would like to find out more about these safeguards, please contact us using the details set out strong>below.

SECURITY

All information you provide to us is stored on secure servers. We will use appropriate technical and organisational measures to safeguard your personal data.

We maintain, and ensure that anyone we share your personal data with maintains, appropriate technical and organisational measures to ensure an appropriate level of security for all personal data we process. Unfortunately the transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted via the website and any such transmission is at your own risk. Once we have received your personal data we will use strict procedures and security features to try to prevent unauthorised access or inadvertent disclosure.

RETAINING PERSONAL DATA

We will retain the personal data we receive or collect about you for the period reasonably required for us to use it in accordance with this privacy and cookies policy or in accordance with our legal rights and obligations. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances we may anonymise your personal data so that it can no longer be associated with you, in which case the anonymised data will no longer be considered personal data and we may use it without further notice to you.

Even if you request that we erase your data, we may still need to keep it (please see below) or may keep it in a form that does not identify you.

YOUR RIGHTS

You have the following rights with regard to your personal data:

  • Access. You have the right of access to data we hold about you. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
  • Rectification or erasure. You have the right to request that we rectify or delete any personal data that we hold about you (unless we have the legal right to retain it). Please note that your rights to request erasure may be limited by applicable law.
  • Restriction. You also have the right to restrict us from processing your personal data if the data is inaccurate, the processing is unlawful or we no longer need your personal data for the purposes for which we hold it.
  • Data portability. You have the right to obtain personal data we hold about you, in a structured, electronic format, and to transmit such data to another data controller if the legal basis for processing such personal data is consent or performance of a contract.
  • Object/change of preferences. You have a right to request that we stop processing your personal data where we are relying on a legitimate interest (or that of a third party).
  • Complaints. If for any reason you are not happy with the way that we have handled your personal data, please contact us. If you are still not happy, you have the right to make a complaint to the Information Commissioner's Office.
  • Automated decision making. We do not currently carry out decisions based solely on automated processing, including profiling. If we change our practices to do this in a way which has significant effects on you, you may have the right to object. If this becomes relevant in the future, we will update this privacy and cookies policy to provide further information.

Please note that if you ask us to stop processing your personal data in a certain way or erase your personal data, and this type of processing or data is needed to facilitate your use of the website or to allow us to respond to your query, you may not be able to use the website or receive responses from us as you did before, or at all.

Please note that the rights mentioned above do not extend to non-personal data.

If you would like to exercise any of the rights mentioned above, please contact us using the details set out below.

COOKIES

We use cookies, which are small files of letters and numbers that we store on your browser or the hard drive of your computer or mobile device if you agree. Cookies contain information that is transferred to your computer's or mobile device's hard drive.

We use the following cookies:

  • Strictly necessary cookies. These are cookies that are required for the operation of the website.
  • Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around the website when they are using it. They also enable us to see how users use the website. This helps us to improve the way the website works, for example, by ensuring that users are finding what they are looking for easily.

You can find more information about the individual cookies we use and the purposes for which we use them in the table below:

First-party cookies (strictly necessary cookies)


Cookie

Purpose

JSESIONID

CFID


CFTOKEN

Used to maintain an anonymous user session by the server

Used in conjunction with cftoken, this cookie helps to uniquely identify a client device (browser) to enable the site to maintain user session variables

Used in conjunction with cfid, this cookie helps to uniquely identify a client device (browser) to enable the site to maintain user session variables

If you register with us or complete our online forms, we will use cookies to remember your details during your current visit, and any future visits provided the cookie was not deleted in the interim

Third-party cookies (analytical/performance cookies)


Cookie

Purpose

ga


_gat

_utma

_utmb

_utmc

_utmt


_utmz


_gid

Used to count how many people visit Toxic Shock site by tracking if which users have visited before

Used to manage the rate at which page view requests are made

Used to distinguish between users and sessions

Used to determine new sessions and visits

Used in combination with the utmb to identify new sessions / visits for returning visitors.

Used to throttle the request rate for the service - limiting the collection of data on high traffic sites.

Used to identify the source of traffic to the site - so Google Analytics can tell site owners where visitors came from when arriving on the site

Used to store and update a unique value for each page visited

By clicking ["accept cookies"] on the cookie consent box when you first access the website and by continuing to access and use the website you accept our use of the cookies

You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of the website.

For more detailed information about cookies and how they can be managed and deleted, please visit www.allaboutcookies.org.

CHANGES TO THE PRIVACY AND COOKIES POLICY

Any changes we make to our privacy and cookies policy in the future will be posted on this page and, where appropriate, notified to you by e-mail.

Please check back frequently to see any updates or changes to our privacy and cookies policy.

Continued use of the website will signify that you agree to such changes.

HOW TO CONTACT US

Questions, comments and requests regarding the privacy and cookies policy are welcomed and should be addressed to the Toxic Shock Syndrome Information Service at tssiscontact@toxicshock.com.

Please also contact us if you would like to know more about our data processing activities, to update or amend any of your personal data which you have provided to us or if you believe our records relating to your personal data are incorrect.

This privacy and cookies policy was last updated on 21 August 2018