Shopping Cart

0 item(s) - £0.00
Your shopping cart is empty!
Welcome visitor you can login or create an account.

Privacy Policy

Fittleworth Data Policy

Fittleworth takes the protection of all personal data extremely seriously and is committed to a policy of protecting the rights and freedoms of all individuals in relation to the processing of their personal data in compliance with Data Protection legislation.

Fittleworth has a nominated  Data Protection Officer who is responsible for notifying the Information Commissioner, responding to individual requests for access to personal data and framing guidelines and procedures with the aim of ensuring that all personal data processing by the Company complies with the Data Protection Act.

About your information and data protection

This privacy policy summarises how Fittleworth Medical Ltd (Fittleworth), use your information. For the purposes of the General Data Protection Regulations (GDPR), we are a data controller.

Why do you collect information about me?

As a supplier of NHS Services. Fittleworth has an obligation to process Sensitive Personal Data. We collect this information to ensure that we continue to meet your service expectations as well as remaining compliant with national legislative and NHS guidance.

The collection, retention and transfer of Sensitive Personal Data is necessary in order for us to dispense your NHS Prescriptions. This contractual requirement, coupled with our obligations in the provision of healthcare and treatment form the legal basis under which we hold and share your data.

We hold identifiable information as a means of safeguarding access to your records. We may also collect contact information relating to carers and/or family member so that we can contact them about your appliances.

What sort of information do you hold about me?

We collect and retain information about your account including the appliances dispensed and any products purchased, payments you make including prescription fees and your prescription payment exemption status.

We will collect information regarding your medical condition that enables us to provide you with advice about your condition and to ensure we are dispensing appropriately.

How do you collect it?

We collect and retain information when you access our website, complete a registration or provide us with physical or digital information, either personally or someone acting on your behalf.

We monitor and record calls to and from our customer service centres to improve our service. If you contact us electronically (e.g. by email or using our website), we may collect your electronic identifier such as your internet protocol address.

Where we record consultation notes and clinical records we use recognised clinical management systems. Paper based referrals and appliance user reviews are subject to stringent NHS Information Governance controls which are reviewed annually.

When will you share my information and with whom?

We will only share your information:

  • where we have your permission;
  • where it is necessary in order to dispense your prescriptions;
  • in order to facilitate the delivery of your order;
  • where we have to do so or where we’re allowed to do so by law;
  • for aggregated market research purposes where you will not be identifiable;
  • with regulatory bodies and authorities;

How will you use my information to contact me?

We may contact you by phone or post and, if you provide us with an email address or mobile phone number, we may send you emails or text messages with operational messages about your account or the dispensing of your prescription. We will need to confirm with you that the goods to be dispensed are required and that you understand how to use and dispose of them.

As texts and emails can be intercepted, we will keep confidential information to a minimum and you should never send us any confidential information via text or email.

Will you send me marketing information?

We will send you tailored marketing information by post, telephone, text and email, but only if you have requested marketing information via these channels.

The medical appliance field is constantly evolving. In order to ensure that you remain fully informed of the development of products and services that may help you to better manage your condition, we may send you information about those products and services that we think you would like to hear about. We respect that you may not wish to receive product updates and have ensured that this is not a default option.

Will you send my information to other countries?

Your data is primarily held on our servers based in the UK. We may however also use cloud based services where the data is stored within the EU we only do this where we can be sure your information will be adequately protected.

Fittleworth is the exclusive UK member of the World Assist Alliance; a network dedicated to helping stoma and continence customers with emergency goods when abroad on holiday or business. In order to deliver this service, we will need to share your information with a trusted international partner. You will always be advised of this prior to the disclosure of your private data.

How long will you keep my information?

We keep your information for as long as we need to for legitimate business purposes and for legal and regulatory reasons. We will retain your information after your account has closed for these purposes. Your records are subject to a formal retention and disposal policy which conforms with NHS Information Governance requirements.

Can I see the information you hold about me or find out more about how you use my information?

We take our responsibilities for safeguarding patient data very seriously and have elected a designated Data Protection Officer (DPO) to oversee information management. If you have any questions or concerns relating to the way your personal data is managed, or would simply like to see the information that we hold, please address any enquiries to:

The Data Protection Officer
Governance & Compliance Department
Fittleworth Medical Limited
2 Henry Lock Way
West Sussex, BN17 7FB

Security Statement from Realex Payments

Inherent to our operations and business approach is the need to provide a secure, robust and reliable payment processing service. Information security is our top business priority. To this end we have invested in extensive security controls and infrastructure.Realex Payments are certified and approved by several leading financial institutions. Our systems and security controls are based on current industry standards. There are several layers of technology in place to ensure the confidentiality, authentication and integrity of information.

  • Realex Payments have been accredited with the AIS (Account Information Security) certification by VISA and is one of the few companies in Europe to achieve this. This shows our commitment to above industry standard in every aspect of payment processing.
  • Realex is fully PCI compliant to the highest level of PCI, and was one of the first PSP’s in Europe to deliver this with Level 1 certification achieved in October 2003. We appeared on the VISA website as a case study on implementing the PCI DSS.
  • Information is sent to us from businesses via the internet and we connect to financial institutions with whom we are fully certified and approved.
  • All information when in transit via the internet is encrypted (128bit SSL) to ensure confidentiality of sensitive data.
  • All messages sent to us and the responses from us are authenticated using digitally signed digests.
  • All requests are verified against a legal list of IP address and referring URLs.
  • Our technical infrastructure is located in secure co-location facilities that have 24×7 manned security and advanced building management systems along with environmental controls.
  • Critical servers and applications are monitored constantly to threshold levels and Realex Payments staff is instantly alerted via our real time monitoring and alerting service.
  • All connections to the financial institutions are over private dedicated leased circuits, backed up with ISDN lines and in certain cases VPN connections over the internet.
  • The network is designed to be highly resilient with duplicate and triplicate systems in place depending on the critical nature of each component.
  • Realex Payments are registered with the data protection commissioner as a “Data Processor”. Cardholder information is encrypted and not displayed in our reporting systems – realcontrol.

Product Categories


Sign up for our regular newsletter to keep update with our products and special offers.