UK General Data Protection Regulation and Management (2022)
UK GDPR came into force on 31st December 2020 with an Act of Parliament. This means that in the UK we now have UK GDPR. Therefore, Priderm LLP as a healthcare provider organisation, has considered making changes to reflect this in their policies.
Priderm does not trade outside of the UK.
The Board of Priderm recognises the significance of data protection. The purpose of this policy is to protect all personal information controlled or processed by the organisation and ensure an adequate level of awareness to ensure data protection principles are applied across all areas of operation within Priderm.
Personal data is identified and managed in accordance with the data protection risk assessment methodology that endorses the acceptable risk levels.
Our Data Protection Policy is achieved by a stringent set of controls, including policies, processes, procedures and software and hardware functions. These controls are monitored, reviewed, and improved by the Board to ensure that specific data protection, security and business objectives are met. This is operated in conjunction with other business management processes, and incorporates the applicable statutory, regulatory, and contractual requirements.
Priderm is committed to comply with data protection and the general data protection regulation requirements and good practice. These include:
- Processing personal information only where this is strictly necessary for legal and regulatory purposes, or for legitimate organisational purposes.
- Processing only the minimum personal information required for these purposes.
- Providing clear information to natural persons (including children) about how their personal information can be used and by whom.
- Only processing relevant and adequate personal information.
- Processing personal information fairly and lawfully.
- Maintaining a documented inventory of the categories of personal information processed by the organisation.
- Keeping personal information accurate and, where necessary, up-to-date.
- Retaining personal information only for as long as is necessary for legal or regulatory reasons or for legitimate organisational purposes and ensuring timely and appropriate disposal.
- Respecting natural persons’ rights in relation to their personal information.
- Keeping all personal information secure.
- Only transferring personal information outside the UK in circumstances where it can be adequately protected.
- Where appropriate, identifying internal and external interested parties and the degree to which they are involved in the governance of the organisation.
- Identify workers with specific responsibility and accountability for compliance.
- Maintain records of processing of personal information.
- The organisation may also utilise automated decision-making document screening processes, subject to manual interpretation, as part of the safer recruitment process.
Our Data Protection Policy and Data Awareness Program is incorporated in our staff induction and training program. The Data Protection policy is readily accessible internally and presented to existing and prospective clients upon request. In addition to employees, suppliers, contractors, and sub-contractors of Priderm LLP are expected to adhere to our Data Protection Policy.
Priderm is committed to continual improvement and all employees are empowered to take responsibility for data protection, with a robust process for identifying and reporting data breaches in place and subject to regular review.
Through compliance of applicable statutory, regulatory, and contractual requirements, and the requirements of the General Data Protection Regulations (GDPR) for the Protection of Personal Information, Priderm will demonstrate confidence, integrity, and credibility both internally and externally.
Please read this Privacy Notice Policy carefully to understand our views and practices regarding your Personal Data and how we will treat it.
The Data Controller is Priderm LLP, a company whose address is:
1 St. Peters Square
Our ICO registration number is ZA040739
As a data controller, we fully comply with the Data Protection Act 2018, the Privacy and Electronic Communications Regulations 2003 and the UK General Data Protection Regulations (UKGDPR). We will also comply with all applicable clinical confidentiality guidelines.
Any questions relating to Data Privacy with Priderm LLP or this Policy should be sent by email to firstname.lastname@example.org , or by writing to Priderm Llp, 1 St. Peters Square, Manchester, M2 3DE.
Alternatively, you can call our Data Protection Officer on 01274 864638.
What personal information is held?
We may collect and process the following data from you:
- Information you provide Priderm LLP that is required to carry out our obligations arising from any interaction, contact or contracts entered between you and us, or potential interaction that may be in liaison between you and us.
- Information that you provide by filling in forms on our website, or as part of any direct marketing or sales activities. This includes and is not limited to personal information about you such as your name, telephone contact number, geographical address/location, email address and interests.
- If you contact us by telephone or in writing, we may keep a copy of your correspondence or communication for record purposes.
If you have provided us with the personal data of another person, there is a clear requirement imposed by Priderm LLP for you to confirm that he/she consents to the processing of his/her personal data and that you have informed him/her of our identity as a Data Controller and the nature of the processing taking place.
Records will be retained as evidence of this consent.
How will we use the information we hold about you?
We use information held about you in the following ways:
- Performance of a contract – We use information held about you to carry out our obligations arising from any contracts entered between you and us; and to notify you about changes to our services.
- Public interest Task – we will process your personal information when carrying out the performance of a task in the public interest which includes the provision of direct health care or social care. This also includes processing personal information for medical research, trials and to train and educate health care professionals.
- Necessary for the purpose of preventative or occupational medicine – to assess whether you are able to work, the provision to you of health or social care, a medical diagnosis, or the management of health and social care systems.
- Necessary to defend legal claims or a court action.
- Vital interests – where it is necessary to protect your vital interests or those of another person.
- Profiling – we may make use of profiling and screening methods to provide a better service to patients. Profiling helps us target resources more effectively through gaining an insight into the background of patients and helping us build relationships that are appropriate to their needs.
Who will see the information?
Your information will only be accessible to our staff and only where it is appropriate in respect of the role they are carrying out. We will never sell your information or let other organisations use it for their own purposes.
We will only share your personal information:
- If consent is necessary, we will have taken your consent to us doing so and will provide information for the specific reason your consent was given. You will have the opportunity to withhold consent when you complete the form on which we collect the data or you can do so by contacting us at the address shown in the paragraph above at any time.
- Doctors, clinicians, hospitals, clinics, diagnostic and treatment centres and other health care providers to provide our services and continuity of health care. This also includes processing personal information to enable organisations to carry out research and medical trials and processing personal information to train and educate health care professionals.
- Your GP – where clinically necessary we may share your information with your GP. You can ask us not to do so and we will respect this unless legally required to provide the information. You should be aware it may be detrimental to your health if your GP does not have your full medical history.
- First responders, ambulance service, safeguarding agencies, undertakers, coroner and care homes.
- Where it is necessary to protect your vital interest (i.e., your life or health).
- Other organisations you belong to confirm your entitlement to our services.
- Organisations or people who by law or regulations we must share your personal information with. This can be national data bases, screening registers government authorities and NHS organisations.
- The police or other law enforcement agencies to assist them perform their duties if we must do this by law or under a court order.
- To organisations who you have requested us to supply information so that they can provide services or products you have requested.
- To any organisation requesting a reference when you have applied for a position with the organisation or to join the organisation in some capacity.
- Organisations providing IT systems, IT support and hosting in relation to IT systems on which information is stored.
- When using auditors and professional advisors.
- When we are legally required to, or because of a lawful request by a governmental or law enforcement authority.
Where a third-party data processor is used, we ensure they operate under a contract which includes confidentiality and security of personal data and their obligations under the Data Protection legislation.
Your rights relating to Personal Data and GDPR
You have the following rights:
- Transparency over how we use your personal information (right to be informed).
- To request a copy of the personal information we hold about you, which will be provided to you within one month (right of access).
- An update or amendment of the personal information we hold about you (right of rectification).
- To ask us to stop using personal information (right to restrict processing).
- Ask us to remove your personal information from our records (right to be forgotten).
- To obtain and reuse your personal data for your own purposes (right to portability).
- Not to be subject to a decision based on automated processing.
If you are not satisfied with the way in which we deal with your request, you can contact the Information Commissioners Office on 0303 123 1113 or at their website www.ico.org.uk .
Retention of your information
We take appropriate measures to ensure that any information collected from you is kept secure.
Priderm LLP operates a clear Records Management and Retention policy and associated Retention Schedule to ensure personal data is kept only for so long as is necessary for the purpose for which such information is used.
We retain your records in accordance with UK legislation for the specific service provided.
If any of your personal data changes, or if you have any questions about how we use data which relates to you, please contact us by email at email@example.com We normally update your personal data within seven (7) working days of any new or updated personal data being provided to us, to ensure that the personal data we hold about you is as accurate and up to date as possible.
National Data Opt-Out programme
The national data opt-out is a service that allows patients to opt out of their confidential patient information being used for research and planning.
The national data opt-out was introduced to enable patients to opt out from the use of their data for research or planning purposes, in line with the recommendations of the National Data Guardian. By 2020 all health and care organisations are required to be compliant with the national data opt-out policy, where confidential patient information is used for research and planning purposes.
Priderm LLP is not currently engaged in routine activities that involve processing of patients’ data for purposes not involved in their direct care. This statement therefore acts as a backstop in the event that should such processing occur in the future, a mechanism exists to ensure that those patients who wish to opt out will have their wishes respected where this is not already anonymised.