Digital Products Privacy Policy 

Blatchford Group is a world leading rehabilitation provider with clinical expertise in prosthetics, orthotic, special seating and wheelchairs. This privacy policy explains how we use any personal information we collect about you, when using our digital products and services. 

The Blatchford App and Portal provide secure, centralised management of Blatchford Microprocessor Prosthetic and Orthotic devices.  The Service provides the following functionality:  

  • Connects Clinicians, Wearers (Patients) and Blatchford Operations (Engineers and Support)  
  • Provides a universal mobile app on Android and IOS, that communicates with compatible Blatchford devices.  
  • Provides clinical functionality to program devices and visualise sensor and gait video data (Gait Visualiser).  
  • Provides approved technician functionality to perform device firmware updates, factory calibrate and service devices.  
  • Provides wearer functionality to monitor device data, complete surveys and share data with clinicians.  
  • Provides a portal for visualising device data, administering users, scheduling surveys and activity session requests. 

What information we collect about you and Why 

To provide our Digital Services, Blatchford needs to collect information about you when you register.  We ensure that we only collect data as required to fulfil our service obligations, and that all processing is lawful under the GDPR.  We rely on both Legitimate Interests and Informed Consent when collecting and processing your personal data. 

The type of information we collect: 

  • First Name, Last Name and Email address collected by your Clinician during the registration process 
  • Video recordings and images for fitting support and diagnostics 
  • Device data for diagnostics and usage analysis 

Medical Device Supply 

When Blatchford has been instructed to supply you a medical device the order contains some personal information. Blatchford needs the information to be able to supply the correct device for your treatment. The use of the personal details ensures that the product supplied is fit for purpose, for warranty purposes and for maintenance history. Details include, name, activity level, weight, gender, age, relevant measurements and delivery address. These records are kept confidential within the Company at all times and are only shared with staff when they need it to carry out their job. All staff are required to work to strict professional standards and have signed contractual codes of confidentiality. The minimum amount of personal information is used in order to supply the right medical device to you. If you want more details on how long we will hold your information then contact the company Data Protection Officer. 

How we protect the information about you 

We take your privacy very seriously and have implemented security controls to ensure that your data is protected. 

For the Digital Health Service, we process and store your data in the UK. 

Blatchford has an Information Security Management System and takes a risk-based approach to protecting your data in line with the ISO27001 controls. We have implemented organisations, people, physical and technical controls across the following domains: 

  • Information Security Policies  
  • Organization of Information Security  
  • Human Resource Security  
  • Asset Management  
  • Access Control  
  • Cryptography  
  • Physical and Environmental Security  
  • Operations Security  
  • Communications Security  
  • System Acquisition, Development and Maintenance  
  • Supplier Relationships  
  • Information Security Incident Management  
  • Information Security Aspects of Business Continuity Management  
  • Compliance  

Access to your information and correction 

Blatchford tries to be as open as it can be in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by making a ‘subject access request’ or ‘Right of Access’ under the Data Protection Act and the General Data Protection Regulation. We will then supply to you: 

  • A description of all data we hold about you 
  • Inform you how it was obtained (if not supplied by you) 
  • Inform you why, what purposes, we are holding it 
  • What categories of personal data is concerned 
  • Inform you who it could be disclosed to 
  • Inform you of the retention periods of the data 
  • Inform you around any automated decision making including profiling 
  • Let you have a copy of the information in an intelligible electronic form unless otherwise requested. 

To make a request to Blatchford for any personal information we may hold, you will need to request the information from us, either verbally or in a written format. You have the choice of either completing the Subject Access Request (SAR) form, or via email, or via letter to the address provided below. Please be aware the form is NOT mandatory. However, it can speed up the process. If you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone. We want to make sure that your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate, please address these changes to the Information Security office, by contacting us. 

Your rights 

You have rights around your personal data and how we handle it. If at any point you believe the information we process on you is incorrect and you want it corrected, you request to see this information, you request the data to be transferred, you object to our processing your Personal Information, or you request to have it deleted, please contact Blatchford’s Data Protection Officer 

We are committed to ensuring the following rights under the GDPR are respected and upheld: 

  • The Right to Be Informed:  You have the right to be informed about the collection and use of your personal data. When we collect your data, we will provide a clear and concise privacy notice that explains how and why we intend to process your information. This notice will be available on our website or will accompany any relevant forms you complete. 
  • The Right of Access: You can request access to your personal data. This is commonly known as a subject access request. You may make this request verbally or in writing. We will respond to your request within one month and generally do not charge a fee for processing it. 
  • The Right to Rectification: If you believe any of the information we hold about you is inaccurate or incomplete, you have the right to rectify it. We will update or supplement your personal data accordingly. Even if we determine that the information is correct, we will include a statement from you on the record to reflect your perspective. 
  • The Right to Erasure: You can request the deletion of your personal information if: We no longer need it for the original purpose; You withdraw your consent (where applicable); We are not processing your data lawfully. 
  • The Right to Restrict Processing: You have the right to request restrictions on the processing of your personal data. This might apply if: The information we hold is inaccurate; We no longer need it for the original purpose; You need it to establish, exercise, or defend legal claims. 
  • The Right to Data Portability: If you provided your consent for processing, you have the right to receive your personal data in a portable format. 

Please note that while we strive to uphold these rights, there may be circumstances where exemptions apply. We will always explain this in our response to you. 

Disclosure of personal information 

In many circumstances we will not disclose personal data without consent. However, when we investigate a complaint, we may need to share personal information with other relevant bodies. By contacting the Data Protection Officer, by email and/or using the address below you can also get more details on: 

  • agreements we have with other organisations for sharing information; 
  • circumstances where we can pass on personal data without consent for example, to prevent and detect crime and to produce anonymised statistics; 
  • our instructions to staff on how to collect, use and delete personal data; and 
  • how we check that the information we hold is accurate and up to date. 

Complaints or queries 

Blatchford tries to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.  

If you do have a complaint, contact the Data Protection Officer who will investigate the matter on your behalf. 

If you are not satisfied with the response from Blatchford or believe we are not processing your personal data in accordance with the law, you have the right to raise your complaint with the UK Information Commissioner’s Office (ICO) 

Contact information UK ICO: Website: 
Email: [email protected] 
Telephone: +44 (0) 303 123 1113 

Changes to this privacy notice 

We keep our privacy notice under regular review, and we will place any updates on this web page. This privacy notice was last updated on 1st February 2024 

Who we are and how to contact Us 

Blatchford Group is the company that you are supplying your personal information to. The company HR Director is the Data Protection Officer for Blatchford and can be contacted by: 

Email:[email protected] 

HR Director – Information Security Blatchford GroupUnit D Antura Kingsland Business Park Basingstoke Hampshire RG24 8PZ