Privacy Policy (UK GDPR Compliant)
Last updated: 8th December 2025
1
1. Introduction
We at Andesco Medical Ltd (“we”, “us”) are committed to protecting your privacy. This policy explains how we handle your personal data under the UK GDPR and the Data Protection Act 2018.
2
Data Controller
3
Data We Collect
• Information you provide (name, email, contact details, payment information via secure third parties).
• Automatically collected data (IP address, device info, usage data, cookies).
4
How We Use Data
We use your data to:
​
• Operate and improve our website.
• Provide services and respond to enquiries.
• Process orders and payments.
• Comply with legal obligations.
5
Legal Bases
We process data under:
​
• Consent
• Contract necessity
• Legitimate interests
• Legal obligations
6
Data Sharing
We share data with trusted service providers (hosting, payment, analytics). We do not sell personal data.
7
Data Security & Retention
We use appropriate security measures and retain data only as long as necessary or legally required.
8
International Transfers
Where data is transferred outside the UK, appropriate safeguards (e.g., SCCs/UK Addendum) are used.
9
Your Rights
You may request:
​
• Access, correction, deletion, restriction
• Objection to processing
• Data portability
• Withdrawal of consent
You may contact the ICO to lodge a complaint (ico.org.uk).
10
Updates
We may update this policy; changes will be posted on our website.