Skip to content

Limbs & Things Privacy Policy

This Privacy Policy describes how Limbs & Things Limited (“Limbs & Things”) treats personal information and other data.

We are committed to protecting any data that we collect concerning you. By using our services, you agree to the use of the data that we collect in accordance with this Privacy Policy.

Limbs & Things is fully committed to GDPR and would like to make people aware of the following:

1. DATA PROCESSOR AND CONTROLLERS

All personal data is processed and controlled to GDPR standards. Limbs & Things acts as the Data Controller and the following act as Data Processors:

  • Salesforce
  • MailChimp
  • Epicor

2. PURPOSE OF PROCESSING

Limbs & Things will keep a record of the legal basis for processing data. Customers’ personal data will be kept for a period of six years to comply with UK tax regulation as a legitimate interest with minimal privacy impact. Non-customer data will be held for a maximum of one year unless specific and unambiguous consent is granted by the individual.

3. WHAT DATA WILL BE STORED

Limbs & things will store only the essential information to carry out its legitimate interests. This includes: name, email address, title, job title, phone number, fax number, work address, shipping address, billing address, order history, area of specialism and product interests.

4. YOUR RIGHTS

Limbs & Things recognises that new rights are granted to individuals under GDPR and are committed to these. This includes:

  • Individuals may request access to their information at any time
  • Individuals may object to the processing of their data at any time
  • Individuals may request the reason why Limbs & Things holds their data
  • Individuals may make a complaint with a supervisory authority

To make such a request, please email gdpr@limbsandthings.com and we will aim to reply within 10 working days. Alternatively, you can write to:

Limbs & Things Limited
Sussex Street
St Philips
Bristol
BS2 0RA

5. DATA BREACHES 

Limbs & Things LTD will follow the GDPR procedure to report any suspected data breaches to the supervisory authority.

As a visitor to this website, you can engage in many activities without providing any personal information. In connection with certain activities, however, Limbs & Things may ask you to provide certain information about yourself by filling out and submitting an online form. Whether you elect to engage in those activities is entirely your option.

Limbs & Things collects personal information when you register for a service offered by Limbs & Things, respond to a user survey or otherwise voluntarily provide such information. "Personal information" is information that identifies, or can be used to identify, contact or locate the person to whom such information pertains (e.g., your name, address, e-mail address or phone number).

Limbs & Things' server automatically records information that your browser sends when you visit this website. The server log may include such information as your URL, Internet Protocol address, browser type and language, the page that you request, and the date and time of your visit.

Limbs & Things offers online purchasing via www.limbsandthings.com & www.fls-products.com.

This system is designed to be robust and secure. We will only use your data as set out in the GDPR guidelines in relation to the performance of contract.

Our payment gateway is Stripe who provide end-to-end encryption on all payment details. No payment details are stored internally at Limbs & Things for online purchases.

The ‘My Account’ function stores information such as, but not limited to: billing address, shipping address, purchase history, name, title, phone number, email, organisation etc. This is to ensure Limbs & Things LTD can fulfil their contractual obligation for online purchases. Customers have full control of these details via the ‘My Account’ function but can also email gdpr@limbsandthings.com to make changes or request a deletion. Please refer to the GDPR section of this privacy policy for full details on how we use and store data.

Any data breaches are dealt with in line with our Breach Management policy (Point 5, GDPR section of this policy).

Limbs & Things may use personal information to provide the services that you've requested.

Limbs & Things may use personal information and other data for audit, research and analysis intended to improve and operate this website and services provided hereon.

If we intend to use personal information for a purpose other than the purpose for which it was initially provided, we will ask for your consent prior to that use.

By submitting your email address you are consenting to receive the particular piece of information you requested, as well as allowing us to send you appropriate and useful communications. This includes, but is not limited to; products, shows, news, offers and quarterly newsletters. 

If you are a customer of Limbs & Things, you will also receive monthly product updates.

At any time, you can update your preferences by clicking the link in any emails you receive from us. The link will always be in the footer of the email. You can also stop receiving emails from us using that same link.

Limbs & Things only shares personal information with other companies or individuals in the following limited circumstances:

  • We have your affirmative, "opt-in" consent for sharing of your personal information;
  • We engage third parties to assist with the processing of personal information on our behalf. Any such parties will be required to comply with Limbs & Things' Online Privacy Policy.
  • We have a good-faith belief that access, use, preservation or disclosure of such information is reasonably necessary to (a) satisfy any applicable law, regulation, legal process or enforceable government request; (b) enforce the "Web Policies" that govern this site, or investigation of any suspected violations thereof; (c) detect, prevent or otherwise address fraud, security or technical issues; (d) or protect against imminent harm to the rights, property or safety of Limbs & Things, its users or the public as required or permitted by law.

Limbs & Things may share aggregated non-personal information with third parties. Such information does not identify you individually.

We take appropriate security measures to protect against unauthorised access to or unauthorised alteration, disclosure or destruction of data. These include:

  • periodic internal reviews of our data collection, storage and processing practices and security measures; and
  • physical security measures to guard against unauthorised access to systems where we store personal data.

We may also use passwords to help verify your identity before granting access to certain services and functionalities. Should you elect to participate in such a password-protected service, we urge you to take appropriate precautions to protect your privacy (e.g., do not disclose your password to others; periodically change your password).

We restrict access to personal information to Limbs & Things employees, contractors and agents who need to know that information in order to operate, develop or improve services in connection with which your personal information has been collected. These individuals are bound by confidentiality obligations and may be subject to discipline, including termination and criminal prosecution, if they fail to meet these obligations.

Limbs & Things processes personal information only for the purposes for which it was collected and in accordance with this Policy or any applicable service-specific privacy notice. We periodically review our data collection, storage and processing practices to ensure that we only collect, store and process the personal information needed to provide or improve our services. We take reasonable steps to ensure that the personal information we process is accurate, complete and current, but we depend upon our users to update or correct their personal information whenever necessary.

This website contains links to other websites which may collect personal information. Unless expressly provided to the contrary, the collection and use of your personal information will be governed by the privacy policy applicable to that website. That privacy policy should identify the entity that is collecting your personal information.

This site uses cookies to enable certain online functionality. They also allow us to remember what links and pages have been clicked or viewed during a session. If you have provided us with personal data, completing a contact form for example, we may associate this personal data with other information. This will allow us to identify and record what is most relevant to you.

You can change the preferences/settings in your web browser to control cookies. In some cases, you can choose to accept cookies from the primary site, but block them from third parties. In others, you can block cookies from specific advertisers, or clear out all cookies. Deleting or blocking cookies may reduce functionality of the site. For more information on how to manage cookies from different browsers, please visit the links below:


By using your browser controls, you are always in control of the cookies we store and access on your computer. More information on how to control cookies and limit personal data processing can be found at:
www.youronlinechoices.com/uk/five-top-tips

Google Analytics is a website monitoring tool that allows users to see volumes of website visitors, their source, and to analyse how the content of their website is viewed and navigated. This in turn allows optimisation of the content and pages on www.limbsandthings.com and the marketing programs that drive traffic to the website. Google Analytics does not store any personal information about website visitors, but does use persistent cookies to identify repeat visitors. You may universally opt-out of all Google Analytics tracking used by all websites by visiting the following url:
https://tools.google.com/dlpage/gaoptout

These cookies are used to report on the pages of www.limbsandthings.com that have been viewed by visitors to the site who have followed links from our email marketing campaigns. This analysis helps us to understand additional content that is viewed by the contacts in our database and therefore allows us to improve and tailor future campaigns to those contact’s specific areas of interest.

Limbs & Things reserves the right to change this Privacy Policy from time to time in its sole discretion, and will provide notice of material changes on the home page of this website. If, as the result of such changes, you wish to alter the ways in which we use your personal information, you can do so by following the procedure as described under "Accessing and Updating Personal Information."

Any changes to our Privacy Policy will be placed here and will supersede this version of our Policy. We will take reasonable steps to draw your attention to any changes in our Policy. However, to be on the safe side, we suggest that you read this document each time you use the website to ensure that it still meets with your approval.

When you visit our websites we will record your IP address. This address will be matched against public and proprietary IP address databases to provide us with information about your visit. This information may identify the organisation to whom the IP address is registered but not individuals. In some limited cases i.e. single person companies, it may be possible to identify personal data from publicly available ICANN data.

The information you provide when you register a software application with us or send us an error report will be used to keep you informed about updates to the software, or to help you with any issues experienced. This information will not be used for marketing purposes.

In addition to the information you provide, the Applications may collect certain anonymous information automatically, including, but not limited to, an anonymized IP address, the type of device used, the device operating system, language, and information about the way the Application is used.

The SurgTrac Application operates as an assessment tool, as such, it collects additional information that is shared only with Assessors and/or Managers from the Institution of the User, including, but not limited to, username, email, country, name, profile image and performance data. Only data from the video/s selected by the User for grading, will be shared with their Institution.

You can stop all collection of information by uninstalling the Applications. You may use the standard uninstall processes as may be available as part of your mobile device or via the mobile application marketplace or network.

By using the Application, you are consenting to our processing of your information as set forth in this Privacy Policy now and as amended by us. "Processing,” means using cookies on a computer/hand held device or using or touching information in any way, including, but not limited to, collecting, storing, deleting, using, combining and disclosing information.

Any data requests or breaches will be handled in line with our GDPR policy outlined at the top of this document.

Job Applicant Privacy Policy

Please read this privacy notice carefully as it contains important information – however, it is for information only and you do not need to take any action.

This Job Applicant Privacy Notice sets out what personal data we, Limbs & Things, hold about you and how we collect and use it during and after the recruitment process. It applies to anyone who is applying to work for us, whether as an employee, worker, consultant, intern, or director (together referred to as ‘Job Applicant’ or ‘you’).

Please note that we will not necessarily hold, use or share all of the types of personal data described in this Privacy Notice in relation to you. The specific types of data about you that we will hold, use and share will depend on the role for which you are applying, the nature of the recruitment process, how far you progress in the recruitment process and your individual circumstances.

We are required by data protection law to give you the information in this Privacy Notice. It is important that you read the Privacy Notice carefully, together with any other similar or additional information that we might give you from time to time about how we collect and use your personal data. Should your application be successful, when you start work for us, we will provide you with another privacy notice that explains how we deal with your personal data whilst you are working for us.

This Privacy Notice applies from 25 May 2018, when the General Data Protection Regulation comes into force. It does not give you any contractual rights. We may update this Privacy Notice at any time.

Limbs & Things is the “controller” for the purposes of data protection law. This means that we are responsible for deciding how we hold and use personal data about you. 

Our Data Protection Team are responsible for informing and advising us about our data protection law obligations and monitoring our compliance with these obligations. They also act as your first point of contact if you have any questions or concerns about data protection. The main point of contact is Nick Hull, if he is not available you should contact Sue Nelson or Anne Allin.

Personal data means any information relating to a living individual who can be identified (directly or indirectly) in particular by reference to an identifier (e.g. name, NI number, employee number, email address, physical features). It can be factual (e.g. contact details or date of birth), an opinion about an individual’s actions or behaviour, or information that may otherwise impact that individual in a personal or business capacity.

Data protection law divides personal data into two categories: ordinary personal data and special category data. Any personal data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health conditions, sexual life or sexual orientation, or biometric or genetic data that is used to identify an individual is known as special category data. (The rest is ordinary personal data).

At the initial stages of recruitment, we collect, hold and use the following types of ordinary personal data about you:

  • Information contained in your application form/CV/covering letter, including your name, title, contact details, employment history, experience, skills, qualifications/training (including educational, vocational, driving licences where appropriate), referees’ names and contact details, etc.
  • Publicly available information about you, such as your business social media presence
  • Selection information, including correspondence, interview notes, internal notes, the results of any written or online selection tests

If you are shortlisted for a position, or you receive a conditional offer of employment, we may collect, hold and use the following additional types of ordinary personal data about you:

  • Pre-employment check information, including references and verification of qualifications
  • Right to work checks and related documents

We hold and use this personal data so that we can:

  • Process your application and correspond with you about it
  • Assess whether you have the required skills, experience, qualifications and training for a role within the company
  • Make informed recruitment decisions
  • Verify information provided by you
  • Check and demonstrate that you have the legal right to work in the UK
  • Keep appropriate records of our recruitment process and decisions

Data protection law specifies the legal grounds on which we can hold and use personal data.

We rely on one or more of the following legal grounds when we process your ordinary personal data:

  • We need it to take steps at your request in order to enter into a contract with you (entry into a contract), because by applying for a job with us you are effectively asking us to enter into a contract with you, whether this is an employment contract, a contract for services or another type of contract
  • We need it to comply with a legal obligation (legal obligation), e.g. the obligation not to discriminate during our recruitment process, or the obligation not to employ someone who does not have the legal right to work in the UK
  • It is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests (legitimate interest). For example, it is in our legitimate interests to review and consider your personal data (as listed above) so that we can select the most appropriate candidate for the job

We will only collect, hold and use limited types of special category data about you during the recruitment process, as described below.

Since special category data is usually more sensitive than ordinary personal data, we need to have an additional legal ground (as well as the legal grounds set out in the section on ordinary personal data, above) to collect, hold and use it. The additional legal grounds that we rely on to collect, hold and use your special category data are explained below for each type of special category data.

At the initial stages of recruitment, we collect, hold and use the following special category data about you:

Equal opportunities monitoring

Equal opportunities monitoring data which could include information about your race or ethnicity, religious beliefs, sexual orientation or health. We use this information to monitor equality of opportunity and diversity in our recruitment process. Our additional legal ground for using this information is that it is necessary in the public interest for the purposes of equal opportunities monitoring and is in line with our Data Protection Policy.

Adjustments for disability/medical conditions

Information relevant to any request by you for adjustments to the recruitment process as a result of an underlying medical condition or disability. We use this information to enable us to carry out a fair, non-discriminatory recruitment process by considering/making reasonable adjustments to our process as appropriate. Our additional legal ground for using this information is that we need it to comply with a legal obligation/exercise a legal right in relation to employment – namely, the obligations not to discriminate, and to make reasonable adjustments to accommodate a disability – and such use is in line with our Data Protection Policy.

You provide us with most of the personal data about you that we hold and use, for example in your written application, by completing any assessments and during any interviews. 

Some of the personal data we hold and use about you is generated from internal sources during the recruitment process. For example, the person interviewing you may score your suitability for the role and we record the reasons for decisions made about whether or not your application is successful.

Some of the personal data about you that we hold and use may come from external sources.For example, a recruitment agency provides us with a shortlist of candidates. If we offer you a role, we will carry out pre-employment checks, such as taking up references from past employers or education providers and we may check your qualifications by contacting the awarding body. In some circumstances, we may ask the Home Office for information about your immigration status to verify your right to work in the UK.  For some roles, we may also obtain information about you from publicly available sources, such as your LinkedIn profile or other media sources.

Recruitment agencies

We engage recruitment agencies to provide us with the details of suitable candidates for our available vacancies, to communicate with those candidates and to handle administration in connection with the recruitment process. If we have received your initial application details from a recruitment agency, we will share with them any of your personal data that is necessary to enable them to fulfil their functions for us. Our legal grounds for doing so are that: it is necessary for entry into a contract; and it is in our legitimate interest to engage service providers to assist us with the recruitment process.

Medical/occupational health professionals

We may share information relevant to any request by you for adjustments to the recruitment process as a result of an underlying medical condition or disability with medical/occupational health professionals to enable us to identify what, if any, adjustments are needed in the recruitment process and, if you are successful, once you start work. We may also share details of disclosed medical conditions and/or answers to pre-employment health questionnaires with medical/occupational health professionals to seek a medical report about you to enable us to assess your fitness for the job and whether any adjustments are needed once you start work. This information may also be used by the medical/occupational health professionals to carry out assessments required by health and safety legislation. Our legal grounds for sharing this personal data are that: it is necessary for entry into a contract; it is in our legitimate interests to consider adjustments to enable Job Applicants to participate fully in the recruitment process; and it is necessary to comply with our legal obligations/exercise legal rights in the field of employment (obligations not to discriminate, to make reasonable adjustments, to comply with health and safety requirements).

Legal/professional advisers

We share any of your personal data that is relevant, where appropriate, with our legal and other professional advisers, in order to obtain legal or other professional advice about matters related to you or in the course of dealing with legal disputes with you or other Job Applicants. Our legal grounds for sharing this personal data are that: it is in our legitimate interests to seek advice to clarify our rights/obligations and appropriately defend ourselves from potential claims; it is necessary to comply with our legal obligations/exercise legal rights in the field of employment; and it is necessary to establish, exercise or defend legal claims.

Home Office

We may share your right to work documentation with the Home Office, where necessary, to enable us to verify your right to work in the UK. Our legal ground for sharing this personal data is to comply with our legal obligation not to employ someone who does not have the right to work in the UK.

Consequences of not providing personal data

We only ask you to provide personal data that we need to enable us to make a decision about whether or not to offer you a role. If you do not provide particular information to us, then we will have to make a decision on whether or not to offer you a role without that information, which in some cases could result in us deciding not to recruit you. For example, if we ask you to provide a certificate verifying a qualification and you do not, we will have to decide whether to recruit you without that information.  If you do not provide us with names of referees or a reference when asked, we will not usually be able to offer you the role. In addition, some of the personal data you provide to us is required by law. For example, if you do not provide us with the documentation we need to check your right to work in the UK, then we cannot by law employ you.

If you choose not to provide us with personal data requested, we will tell you about the implications of any such decision at the relevant time.

We will keep your personal data throughout the recruitment process.

If your application is successful, when you start work for us you will be issued with an Employee Privacy Notice which will include information about what personal data we keep from the recruitment process and how long we keep your personal data whilst you are working for us and after you have left.

If your application is unsuccessful, we will keep your personal data for up to 6 months from the date we notify you of our decision. Note, we may keep your personal data for longer than 6 months if you have asked us to consider you for future vacancies – see ‘Will we keep your application on file?’ below). There may, however, be circumstances in which it is appropriate for us to keep particular items of your personal data for longer. We will base these decisions on relevant circumstances, taking into account the following criteria:

  • the amount, nature, and sensitivity of the personal data
  • the risk of harm from unauthorised use or disclosure
  • the purposes for which we process your personal data and how long we need the particular data to achieve these purposes
  • how long the personal data is likely to remain accurate and up to date
  • for how long the personal data might be relevant to possible future legal claims
  • any applicable legal, accounting, reporting or regulatory requirements that specify how long certain records must be kept

In all cases, we will not keep your personal data for longer than we need it for our legitimate purposes.

If you are unsuccessful for the role for which you have applied, or you sent us a speculative application, then, if you have consented to us doing so, we will keep your personal data on file to identify if you might be suitable for any other vacancies that may arise in the next 12 months and will contact you if we believe this is the case. We will not keep your personal data for this purpose for longer than 12 months.

If during the period that we have your personal data on file, you wish to apply for any particular vacancy that we have open, please do contact us to make us aware of this – particularly if it is not a close match with your previous experience or is in a different area of our business from a vacancy you applied for previously, as we may not otherwise realise that the vacancy would be of interest to you.

When applying for a particular role, there is no obligation for you to consent to us keeping your personal data on file for consideration for other roles if you do not want to. Your application for the particular role you are putting yourself forward for will not be affected.

If you change your mind about us keeping your personal data on file, you have the right to withdraw your consent at any time – see ‘Your Rights’, below.

If you give us details of referees, we require you to inform them what personal data of theirs you are giving to us. You must also give them our contact details and let them know that they should contact us if they have any queries about how we will use their personal data.

You have a number of legal rights relating to your personal data, which are outlined here:

  • The right to make a subject access request. This enables you to receive certain information about how we use your data, as well as to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
  • The right to request that we correct incomplete or inaccurate personal data that we hold about you.
  • The right to request that we delete or remove personal data that we hold about you where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
  • The right to object to our processing your personal data where we are relying on our legitimate interest (or those of a third party), where we cannot show a compelling reason to continue the processing
  • The right to request that we restrict our processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
  • The right to withdraw your consent to us using your personal data. As described above, we do not normally rely on your consent as the legal ground for using your personal data. However, if we are relying on your consent as the legal ground for using any of your personal data and you withdraw your consent, you also have the right to request that we delete or remove that data, if we do not have another good reason to continue using it.
  • The right to request that we transfer your personal data to another party, in respect of data that you have provided where our legal ground for using the data is that it is necessary for the performance of a contract or that you have consented to us using it (this is known as the right to “data portability”).

If you would like to exercise any of the above rights, please contact Nick Hull, Managing Director by email to nick.hull@limbsandthings.com or in writing to Limbs & Things, Sussex Street, Bristol BS2 0RA. Note that these rights are not absolute and in some circumstances we may be entitled to refuse some or all of your request.

If you have any questions or concerns about how your personal data is being used by us, you can contact Sue Nelson, HR Manager at sue.nelson@limbsandthings.com or by calling her on 0117 3110527.

Note too that you have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. Details of how to contact the ICO can be found on their website.