Our Services

Data Protection Policy

GDPR Data Protection Policy

Document Reference: Centre for Health

Revision Date:           10th April 2018

Revision Number:      001

Classification:            Restricted

 

 

1. Introduction

The Centre for Health is committed to conducting

its business in accordance with all applicable Data Protection laws and

regulations and in line with the highest standards of ethical conduct.

This policy sets forth the expected behaviours of Centre for Health Employees and Third Parties in relation to the collection, use, retention, transfer, disclosure and destruction of any Personal Data belonging to a  Centre for Health Contact (i.e. the Data Subject).

Personal Data is any information (including opinions and intentions)

which relates to an identified or Identifiable Natural Person.

Personal Data is subject to certain legal safeguards and other regulations, which impose restrictions on how organisations may process Personal Data.

An organisation that handles Personal Data and makes decisions

about its use is known as a Data Controller. Centre for Health, as a Data

Controller, is responsible for ensuring compliance with the Data

Protection requirements outlined in this policy.

Non-compliance may expose Centre for Health to complaints, regulatory action, fines and/or reputational damage.

Centre for Health’s leadership is fully committed to ensuring continued and

effective implementation of this policy, and expects all Centre for Health

Employees and Third Parties to share in this commitment.

Any breach of this policy will be taken seriously and may result in disciplinary action or business sanction.

This policy has been approved by Centre for Health’s Practice Manager,

Joanne Keyte.

.

 

2. Scope

This policy applies to all Centre for Health Entities where a Data Subject’s Personal Data is processed:

• In the context of the business activities of the Centre for Health Entity.

• For the provision or offer of goods or services to individuals (including

those provided or offered free-of-charge) by a Centre for Health Entity.

• To actively monitor the behaviour of individuals.

• Monitoring the behavior of individuals includes using data

processing techniques such as persistent web browser cookies or

dynamic IP address tracking to profile an individual with a view to:

• Taking a decision about them.

• Analysing or predicting their personal preferences , behaviours

and attitudes.

 

This policy applies to all Processing of Personal Data in electronic form

(including electronic mail and documents created with word processing

software) or where it is held in manual files that are structured in a way

that allows ready access to information about individuals.


This policy has been designed to establish a worldwide baseline

standard for the Processing and protection of Personal Data by all

Centre for Health Entities. Where national law imposes a requirement which is

stricter than imposed by this policy, the requirements in national law must be followed. Furthermore, where national law imposes a requirement  that is not addressed in this policy, the relevant national law must be adhered to.

If there are conflicting requirements in this policy and national law, please consult with the Officer for Data Protection for guidance.

The protection of Personal Data belonging to Centre for Health Employees is not within the scope of this policy.

 

3. Definitions

Third Country

Any country not recognised as having an adequate level of legal protection for the rights and freedoms of Data Subjects in relation to the Processing of Personal Data.

Profiling

Any form of automated processing of Personal Data where Personal Data is used to evaluate specific or general characteristics relating to an Identifiable Natural Person. In particular to analyse or predict certain aspects concerning that natural person’s performance at work, economic situations, health, personal preferences, interests, reliability, behavior, location or movement.

Binding Corporate Rules

The Personal Data protection policies used for the transfer of Personal Data to one or more Third Countries within a group of undertakings, or group of enterprises engaged in a joint economic activity.

Personal Data Breach

A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored or otherwise Processed.

Encryption

The process of converting information or data into code, to prevent unauthorised access.

Pseudonymisation

Data amended in such a way that no individuals can be identified from the data (whether directly or indirectly) without a “key” that allows the data to be re-identified.

Anonymisation

Data amended in such a way that no individuals can be identified from the data (whether directly or indirectly) by any means or by any person.

 

4. Policy

To demonstrate our commitment to Data Protection, and to enhance the

effectiveness of our compliance efforts, The Centre for Health has established an Officer for Data Protection. The Officer operates with independence and has been granted all necessary authority. The Officer for Data Protection reports to the Centre for Health Board of Directors. The Officer for Data Protections role includes:

• Informing and advising The Centre for Health and its Employees who carry out

Processing pursuant to Data Protection regulations, national law or Union based Data Protection provisions;

• Ensuring the alignment of this policy with Data Protection regulations,

national law or Union based Data Protection provisions;

• Providing guidance with regards to carrying out Data Protection Impact

Assessments (DPIAs);

• Acting as a point of contact for and cooperating with Data Protection

Authorities (DPAs);

• Determining the need for notifications to one or more DPAs as a result of The Centre for Health’s current or intended Personal Data processing activities;

• Making and keeping current notifications to one or more DPAs as a result of The Centre for Health’s current or intended Personal Data processing activities;

• The establishment and operation of a system providing prompt and

appropriate responses to Data Subject requests;

 

• The ongoing administration and management of customer services.

 

 

Site Hosting By Web Connections

We Use the CPR Computer Disposal Service. Part of CPR Computer Recycling to do our bit for the environment!