Your Privacy Matters

Privacy Policy

Ovidius Solutions Ltd is committed to protecting your privacy. This policy explains what personal information we collect, how we use it, and your rights under UK GDPR and the Data Protection Act 2018.

Who we are
Company Name: Ovidius Solutions Ltd
Company number: 11640816
Registered in England and Wales
Registered office: 45 Queen Street, Deal, Kent, CT14 6EY
Email: info@ovidius-solutions.co.uk

Ovidius Solutions Ltd provides patient-specific medical device solutions and acts as a data processor on behalf of hospitals and healthcare providers.

What information we collect
We may collect personal information when you:
• Contact us by email or through our website forms
• Work with us as a customer, supplier, or partner

This may include your name, email address, phone number, job title, organisation, and any other details you choose to share.
In some cases, we may receive limited patient information from hospitals to support the design and manufacture of patient-specific medical implants. This data is provided securely by the hospital and is not collected via our website.

How we use your information
We use your personal information to:
• Respond to your enquiries
• Provide products and services you request
• Manage logistics and communication with hospitals and suppliers
• Maintain traceability and regulatory compliance for medical devices
• Keep records required for legal or business purposes
• Improve our services

We do not use your personal data for marketing purposes or sell your information to third parties.

Legal basis for processing
We process personal information under one or more of the following legal bases:
• Legitimate interest – where processing is necessary for our business operations or relationship management.
• Contract – where processing is required to fulfil an agreement with you.
• Legal obligation – where processing is necessary to meet legal or regulatory requirements.
• Public interest and healthcare management – where processing involves patient information, it is done under:
 - Article 6(1)(e) – the performance of a task carried out in the public interest.
 - Article 9(2)(h) – processing of special category data for the provision or management of healthcare systems and services.

We do not rely on consent for processing patient information as it forms part of clinical care and medical device traceability.

Analytics
Our website uses basic, non-identifiable analytics to help us understand visitor numbers and performance. This may include information such as your IP address, device type, and pages visited. The data is collected and stored securely and used only to improve our website.

How we store and share information
Your information is stored securely within the UK on Microsoft 365 servers. Access is restricted to authorised personnel and protected by multi-factor authentication.

We may share data only where necessary to deliver our services, including with:
• NHS hospitals and clinicians for patient-specific implants.
• Our manufacturing partner, Xilloc BV (based in the Netherlands), for the design and production of patient-specific devices.
• Trusted IT and service providers (e.g. Microsoft 365, Squarespace) under appropriate data protection agreements.

When data is transferred to the European Union, it is protected under UK GDPR-compliant safeguards ensuring equivalent protection to UK law.

We do not sell or otherwise distribute your data to unauthorised third parties.

International data transfers
Where data is shared with partners outside the UK, such as Xilloc BV in the Netherlands, we ensure appropriate protection through recognised safeguards in line with UK GDPR, such as:
• Adequacy regulations confirming the EU provides an equivalent level of data protection; and
• Contractual clauses ensuring secure handling and restricted use of any shared data.

Further details on international data transfers are available from the ICO:
https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/international-transfers/international-data-transfers-a-guide/

How long we keep your information
We keep personal information only as long as necessary for the purposes described above or as required by law or regulatory obligations.
Emails containing identifiable patient data are deleted automatically after 90 days, and older correspondence is reviewed as part of our ongoing data audit process.

Your rights
Under the UK GDPR, you have the right to:
• Access a copy of your data.
• Request correction of inaccurate information.
• Request deletion where data is no longer required.
• Object to or restrict certain processing activities.

To exercise your rights, please contact us at info@ovidius-solutions.co.uk

If you have concerns about how your information has been handled, you have the right to complain to the Information Commissioner’s Office (ICO) at https://ico.org.uk/make-a-complaint/

Updates
We may update this policy from time to time to reflect changes in law or our operations. The latest version will always be available on our website