Privacy Policy

Privacy Policy


This Policy serves to outline the aspects of General Data Protection Regulation (GDPR) relevant to CSI’s operation and ensure CSI complies with legislation.


This Policy applies to all CSI employees at all times when collecting, handling, or processing personal data in any format


Applies to all CSI employees when handling private data.

Definitions and Abbreviations

GDPR - General Data Protection Regulation:

Personal data – Data that can identify an individual (e.g. name, address, email, National Insurance Number, bank details)

SME - Small and Medium-sized Enterprises, companies with less than 250 employees.


General Data Protection Regulation: Click for more info

GDPR rules for businesses and organisations: Click for more info


With the coming into force of the GDPR law as of 25 May 2018, companies now have certain obligations in relation to collecting, processing, and storing personal information. In the context of its current activities, CSI does not collect or store any data about patients, including patient personal details. However, CSI does collect, process, and store personal data in the form of contact details of suppliers, clients, and other entities for the purpose of carrying out its business and operational activities.

Justification for collecting, processing, and storing

Any personal data collected, processed or stored must be justified (i.e., it must have a justifiable purpose). There are 3 types of justification

For further details of our Policy please contact