GDPR Data Protection Policy<">

Treatments and Therapies

GDPR

GDPR Data Protection Policy

Document Reference: Centre for Health

Revision date:                 10th April 2018

Revision Number:            001

Classification:                  Restricted

 

1. Introduction

The Centre for Health is committed to conducting its business in accordance with all applicable Data Protection laws and regulations in line with the highest standards of ethical conduct. This policy sets forth the expected behaviours of Centre for Health employees and third parties in relation to the collection, use, retention, transfer, disclosure and destruction of any Personal data belonging to a Centre for Health contact (i.e. the Data Subject).

Personal Data is any information (including opinions and intentions) which relates to an identified or identifiable natural person. Personal Data is subject to certain legal safeguards and other regulations which impose restrictions on how organistations may process personal data. An organisation that handles Personal Data and makes decisions about its use is known as Data Controller. Centre for Health, as a Data Controller, is responsible for ensuring compliance with Data Protection requirements outlined in this policy. Non-compliance may expose thje Centre for Health to complaints, regulatory action, fines and /or reputational damage.

Centre for Health's leadership is fully commited to ensuring continued and effective implementation of this policy, and expects all Centre for Health's employees and third parties to share in this commitment.

Any breach of this policy will be taken seriously and may result in disciplinary action or a business sanction. This policy has been approved by Centre for Health's Practice Manager, Joanne Keyte.

2. Scope

This policy applies to all Centre for Health Entities where a Data Subject's Personal Data is Processed;

In the context of the business activities of the Centre for Health Entity.

For the provision or offer of goods or services to individuals (including those provided or offered free-of-charge) by a Centre for Health Entity

To actively monitor the behaviour of individuals.

Monitoring the behaviour of individuals includes using data processing techniques such as persistent web browser cookies or dynamic IP address tracking to profile an individual with a view to;

Taking a decision about them.

Analysing or predicting their personal preferences, behaviours and attitudes.

This policy applies to all processing of Personal Data in electronic form (including electronic mail and documents created with word processing software) or where it is held in manual files that are structured in a way that allows ready access to information about individuals.

This policy has been designed to establish a worldwide baseline standard for the processing and protection of Personal Data by all Centre for Health Entities. Where national law imposes a requirement which is stricter than imposed by this policy, the relevant national law must be adhered to. If there are conflicting requirements in this policy and national law, please consult with the Officer for Data Protection for guidance.

The protection of Personal Data belonging to the Centre for Health employees is not within the scope of this policy.

3. Definitions

Third Country

Any country not recognised as having adequate level of legal protection for the rights and freedoms of Data Subjects in relation to the processing of Personal Data.

Profiling

Any form of automated processing of Personal Data where Personal Data is used to evaluate specific or general characteristics relating to an identifiable natural person. In particular to analyse or predict certain aspects concerning that natural person's performance at work, economic situations, health, personal preferences, interests, reliability, behaviour, location or movement.

Binding Corporate Rules

The Personal Data protection policies used for the transfer of Personal data to one or more Third Countries within a group of undertakings or group of enterprises engaged in a joint economic activity.

Personal Data Breach

A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access to Personal Data transmitted, stored or otherwise processed.

Encryption

The process of converting information or data into a code to prevent unauthorised access.

Pseudonymisation

Data amended in such a way that no individuals can be identified from the data (whether directly or indirectly) without a 'key' that allows the data to be re-identified.

Anonymisation

Data amended in such a way that no individuals can be identified from the data (whether directly or indirectly) by any means or by any person.

4. Policy

To demonstrate our commitment to Data Protection and to enhance the effectiveness of our compliance efforts the Centre for Health has established an Officer for Data Protection. The Officer operates with independence and has been granted all necessary authority. The Officer for Data Protection reports to the Centre for Health board of Directors and the role includes;

Informing and advising the Centre for Health and its employees who carry out processing pursuant to Data Protection regulations, national law or union based Data Protection provisions;

Ensuring the alignment of this policy with Data Protection regulations, national law or union based Data Protection provisions;

Providing guidance with regards to carrying out Data Protection Impact Assessments (DPIAs);

Acting as a point of contact for and cooperationg with Data Protection Authorities (DPAs);

Determining the need for notifications to one or more DPAs as a result of the Centre for Health's current or intended Personal Data processing activities;

Making and keeping current notifications to one or more DPAs as a result of the Centre for Health's current or intended Personal Data processing activities;

The establishment and operation of a system providing prompt and appropriate responses to Data Subject requests;

The ongoing administration and management of customer services.

 

 

 

 



We Use the CPR Computer Disposal Service. Part of CPR Computer Recycling to do our bit for the environment!