Privacy Notice

Last updated: 8 May 2026

1. Who we are and what we do

Who we are

We are Tristel Solutions Limited and the Tristel group (“Tristel”, “us”, “we”, “our”). Tristel Solutions Limited is a limited company registered in England and Wales under registration number 03518312 and we have our registered office at Unit 1b Lynx Business Park, Fordham Road, Snailwell, Newmarket, Cambridgeshire, CB8 7NY. We are registered with the UK supervisory authority, Information Commissioner’s Office (“ICO”), in relation to our processing of Personal Data under registration number ZA346266.

What we do

Tristel is a company specialising in the manufacturing of infection control, contamination control and hygiene products, headquartered in the United Kingdom but with group companies all around the world. Our Services all serve to promote the sale and distribution of our disinfectant products. For more information about Tristel, please see the ‘About’ section of our Website.

Controller

Unless we notify you otherwise, we are the controller of the Personal Data we process about you. This means that we decide what Personal Data to collect and how to process it.

2. Purpose of this privacy notice

The purpose of this privacy notice is to explain what Personal Data we collect about you and how we process it. This privacy notice also explains your rights, so please read it carefully. If you have any questions, you can contact us using the information provided below under the ‘How to contact us’ section.

3. Who this privacy notice applies to

This privacy notice applies to you if:

  • You visit our Tristel website
  • Your organisation purchases any product from us
  • You register for or attend one of our events or surveys
  • You contact us with an enquiry about any of our services
  • If you subscribe to one of our mailing lists

4. What Personal Data is

‘Personal Data’ means any information from which someone can be identified either directly or indirectly. For example, you can be identified by your name or an online identifier.

5. Personal Data we collect

The type of Personal Data we collect about you may include:

  • If you are a customer or customer representative placing an order, your name, work email address, work phone number, and job role.
  • If you participate in an event or post market or end user survey, your name, email address, phone number, and responses to the survey.
  • If you make an enquiry or complaint, your name, work email address, organisation, and any other information you provide.
  • If you subscribe to our mailing list, your name, work email address, and organisation.
  • When you use our website cookies may be collected. Please read our Cookie Policy for more information.

6. How we collect your Personal Data

We collect most of the Personal Data directly from you in person, by telephone, email and/or via our website.

However, we may also collect your Personal Data from third parties such as:

  • Reputable companies who provide lead generation contact lists.
  • Others to whom you have provided consent.
  • Publicly available sources such as social media platforms.

7. Purposes, lawful bases and retention periods

When providing services to you, we may use your personal data for the following purposes and on the following lawful bases:

Purpose of Processing Lawful Basis
To fulfil your order Legal obligation to fulfil a contract
To participate in post market customer or end user survey Consent
To make an enquiry or a complaint Legitimate interest
To subscribe to our mailing lists Consent

We will retain your personal data in accordance with our data retention schedule, which outlines specific timeframes for keeping different categories of personal data. You may request a copy of this schedule at any time to understand how long your information will be stored and when it will be deleted or anonymised.

At the end of the retention period, your personal data will be securely deleted or anonymised, so that you cannot be identified from it.

8. Sharing your Personal Data

We may share your Personal Data, as necessary, with third parties, including:

  • Our group companies who provide processing services to us.
  • Hosting service providers (located in Europe, Australia, New Zealand and Shanghai).
  • Marketing service providers
  • Any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person.
  • An actual or potential buyer (and its agents and advisers) in connection with any actual or proposed purchase, merger or acquisition of any part of our business, provided that we inform the buyer it must use your Personal Data only for the purposes disclosed in this Privacy Notice.

9. International Transfers

Your Personal Data may be processed outside the UK and the European Economic Area (“EEA”). This is because the organisations we use to provide our services to you are located outside of the UK and the EEA.

We have taken appropriate steps to ensure that the Personal Data processed outside the UK and the EEA has an essentially equivalent level of protection to that guaranteed in the UK and the EEA. We do this by ensuring that:

For the UK:

  • Your Personal Data is only processed in a country which the Secretary of State has confirmed has an adequate level of protection (an adequacy regulation), or
  • We enter into an International Data Transfer Agreement (“IDTA”) with the receiving organisation and adopt supplementary measures, where necessary. (A copy of the IDTA can be found here International Data Transfer Agreement (ico.org.uk))

For the EEA:

  • Your Personal Data is only processed in a country which the European Commission has confirmed has an adequate level of protection (an adequacy decision); or
  • We enter into Standard Contractual Clauses (“SCCs”) with the receiving organisations and adopt supplementary measures, where necessary. (A copy of the SCCs can be found here Standard Contractual Clauses (SCCs))

For transfers of Personal Data from the UK and the EEA, to a third country without adequacy status, we rely on the SCCs and the IDT Addendum, together with supplementary measures, where necessary.

10. Your rights and how to complain

You have certain rights in relation to the processing of your Personal Data, including to:

Right to be informed
You have the right to know what personal data we collect about you, how we use it, for what purpose and in accordance with which lawful basis, who we share it with and how long we keep it. We use our privacy notice to explain this.

Right of access (commonly known as a “Subject Access Request”)
You have the right to receive a copy of the Personal Data we hold about you. If we hold ePHI (electronic protected health information), you have a right to see and receive a copy of your medical and billing records. You will be provided with these records within 30 days of receipt of your request.

Right to rectification
You have the right to have any incomplete or inaccurate information we hold about you corrected.

Right to erasure (commonly known as the right to be forgotten)
You have the right to ask us to delete your Personal Data.

Right to object to processing
You have the right to object to us processing your Personal Data. If you object to us using your Personal Data for marketing purposes, we will stop sending you marketing material.

Right to restrict processing
You have the right to restrict our use of your Personal Data.

Right to portability
You have the right to ask us to transfer your Personal Data to another party.

Automated decision-making
You have the right not to be subject to a decision based solely on automated processing which will significantly affect you. We do not use automated decision-making.

Right to withdraw consent
If you have provided your consent for us to process your Personal Data for a specific purpose, you have the right to withdraw your consent at any time. If you do withdraw your consent, we will no longer process your information for the purpose(s) you originally agreed to, unless we are permitted by law to do so.

Right to an accounting of disclosures
You can request a report of everyone that your ePHI has been shared with over the last six years.

Right to communication preferences
For any ePHI that we process, you can ask to be contacted in a specific way e.g., via phone during certain times, via email only etc.

Right to lodge a complaint
You have the right to lodge a complaint with the relevant supervisory authority, if you are concerned about the way in which we are handling your Personal Data. The supervisory authority in the UK is the Information Commissioner’s Office who can be contacted online at:

Contact us | ICO

Or by telephone on 0303 123 1113

For supervisory authorities in other countries within the EU see the link below:

https://edpb.europa.eu/about-edpb/about-edpb/members_en

If you feel that your ePHI (electronic protected health information) has been compromised, you may file a formal complaint with our HIPAA Privacy Officer using the contact information below:

Bryn Clark
GRC@tristel.com

You may also submit a complaint to the Secretary to the US Department of Health and Human Services (HHS) via the Office for Civil Rights (OCR) by emailing OCRComplaint@hhs.gov.

We will not retaliate against you or change the quality of your care in any way for exercising your right to file a complaint.

How to exercise your rights
You will not usually need to pay a fee to exercise any of the above rights. However, we may charge a reasonable fee if your request is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

If you wish to exercise your rights, you may contact us using the details set out below within the section called ‘How to contact us and our Data Protection Officer’. We may need to request specific information from you to confirm your identity before we can process your request. Once in receipt of this, we will process your request without undue delay and within one month. In some cases, such as with complex requests, it may take us longer than this and, if so, we will keep you updated.

11. How to contact us and our Data Protection Officer

If you wish to contact us in relation to this privacy notice or if you wish to exercise any of your rights outlined above, please contact us as follows:

Tristel Solutions Limited UK Headquarters
Unit 1B
Lynx Business Park
Snailwell
Cambs CB8 7NY

Tel: 01638 721500
Email: dataprotection@tristel.com

We have also appointed a Data protection Officer (“DPO”). Our DPO is Evalian Limited and can be contacted as follows:

Evalian Limited
West Lodge
Leylands Business Park
Colden Common
Hampshire
SO21 1TH

Tel: 03330 500 111
Email: dpo@evalian.co.uk

Please mark your communications FAO the ‘Data Protection Officer’.

12. Updates to this Privacy Notice

We may update this notice (and any supplemental privacy notice), from time to time. We will notify of the changes where required by applicable law to do so.