Privacy Information
You have the right to ask us not to process your personal data for any marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing at any time by contacting us using our 'Contact Us' form.
The Site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
The content on the Website and the help sheets and resources that it provides are provided for general information only, and It is not intended to amount to professional medical advice on which you should rely.
The resources and help sheets are for information only and should not be used for the diagnosis or treatment of medical conditions. We have used all reasonable care in compiling the information but make no warranty as to its accuracy. Consult a doctor or other health care professional for diagnosis and treatment of medical conditions.
If you are not a healthcare professional then you should always check with your doctor if you have any concerns about your health condition or treatment and before taking, or refraining from, any action on the basis of the content on our Website. If you are a healthcare professional then this information (including any professional reference material) is intended to support, not replace, your own professional knowledge, experience and clinical judgement.
This policy (together with our terms of use and any other documents referred to on it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by the Company. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. For the purpose of the Data Protection Act 1998 (the “Act”), the data controller is CPDG Limited, registration number Z1809389.
We may collect and process the following data :
The company reserve the right to read any private topics and posts placed on its website. Any form of conversation made through the company website should be considered viewable by staff. All private-posts and posts, whether 'deleted' or not, are stored on the server and may be reviewed if the company feel it has cause for an investigation. If you want to keep something private, do not use our services for transmitting it. Situations involving investigations are at the discretion of the company, for example, to investigate a specific incident of our services being used for racism or harassment.
- Information that you provide by filling in forms on our sites, www.paulblackeracupuncture.com and www.thecpdgroup.com (the Site), this includes information provided at the time of registering to use the Site, subscribing to our emails, newsletter, registering and booking a course, posting material or requesting further services, completing any surveys or reporting any problem with the Site.
- Records of your correspondence (if any) with us including; Details of your visits to our site including, but not limited to, traffic data, location data, weblogs and other communication data and the online resources that you may access.
- We may ask you to complete physical and / or online surveys that we use for research and course development purposes, you do not have to respond to them.
IP addresses and cookies
We may collect information about your computer, including, where available, your IP address, operating system and browser type. This is used for system administration and to report aggregate information. This is statistical data about our users' browsing actions and patterns, and does not identify any individual.
Cookie statement
For the same reason, we may obtain information about your general Internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer's hard drive. They help us to improve the Site and to deliver a better and more personalised service. Some of the cookies we use are essential for the site to operate. They enable us:
- To estimate our audience size and usage pattern.
- To store information about your preferences, and so allow us to customise the Site according to aggregate preferences.
- To speed up your searches.
- To recognise you when you return to the Site.
The main cookies that we use provide us with valuable data about our website. These are from Google Analytics and are completely anonymous, telling us information such as how many people have visited our website and which pages are the most popular. This allows us to ensure that our website is doing its job and make improvements to help you use the site. This information is really useful to us, but if you would like to opt out, you can do so at http://tools.google.com/dlpage/gaoptout.
Our website is also built using technology by Adobe and this also uses cookies that help the site to work better for you, and monitors the pages that you visit. This is completely anonymous and is stored on your computer for a very short period of time.
We link to other websites such as Twitter, Facebook and LinkedIn where we hold some of our blogs. We are sure that they use the same kind of cookies however as these sites are not controlled by us, we can not guarantee the cookies that they are using, and suggest that you read their respective privacy policies to be absolutely sure.
If you are unhappy with cookies being used, the best way around this is to turn it off in your browser settings so that they are not used on any website. To do this, you can go to your privacy settings in either 'Tools' or 'Options' depending on the browser you are using.
You can also clean out all tracking cookies from all your Web sites you have visited, there are a number of online resources available to help you clean out tracking cookies.
Where we store your personal data
The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with our privacy policy.
All information you provide to us is stored on our secure servers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of the Site, you are responsible for keeping all login details and passwords confidential.
The transmission of information via the Internet is not completely secure, and although we will endeavour to protect your personal data, we are not able to guarantee the security of your data transmitted to the Site and any transmission is at your own risk. We will use strict procedures and security features on all information received to try to prevent all unauthorised access.
Uses made of the information
We may use information held about you in the following ways:
- We will not provide your data to third party advertisers or suppliers.
- To ensure that content from the Site is presented in the most effective manner for you and for your tablet, phone and computer.
- To provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes.
- To carry out our obligations arising from any contracts entered into between you and us.
- To allow you to participate in interactive features of our service, when you choose to do so.
- To notify you about changes to our service.
- To provide you with information about goods and services which may be of interest to you.
- We may use third party service providers to help us operate our business and the Site or administer activities on our behalf, such as sending out emails or surveys, and we may share your information with those third parties for those limited purposes.
If you do not wish us to use your data in this way, please notify us using our “Contact Us” form.
If you have opted in to our mailing list and wish at any time to unsubscribe from receiving future emails, we include detailed unsubscribe instructions at the bottom of each email or you may unsubscribe via our “Contact Us” form.
Disclosure of information about you.
We may disclose your personal information to third parties but only in the following circumstances:
- If the Company or substantially all of its assets are acquired by a third party, in which case personal data held by the company about its customers and users of the Site will be one of the transferred assets.
- if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements.
- To protect the rights, property, or safety of us, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
The Website may contain links to other websites and resources operated by third parties. These links are provided for your reference only. We do not control such websites or resources and are not responsible for their accuracy, availability or content.
Our inclusion of links to such websites does not imply any endorsement of the material on such websites or any association with their operators. Where our website does contain links to other sites and resources provided by third parties, these links are provided for your information only. We have no control over the contents of those sites or resources.
We do not guarantee that our Websites will be secure or free from bugs or viruses or malicious code, and you should always use your own virus protection software.
You must not misuse the Websites by knowingly introducing viruses, trojans, worms, logic bombs or other material which is malicious or technologically harmful. You must not attempt to gain unauthorised access to our Website, the server on which our Website is stored or any server, computer or database connected to our Website.
You must not attack our Website via a denial-of-service attack or a distributed denial-of service attack. By breaching this provision, you may be committing a criminal offence under the Computer Misuse Act 1990. We will report any and all such breaches to the relevant law enforcement authorities and we will co-operate with those authorities by disclosing your identity and all information we hold to them. In the event of such a breach, your right to use our Website will cease immediately.
You may link to the Website, provided you do so in a way that is fair and legal and does not damage our reputation or take advantage of it.
You must not establish a link in such a way as to suggest any form of association, approval or endorsement on our part where none exists. Our Website must not be framed on any other site.
We reserve the right to withdraw linking permission without notice.
Data Protection
Expectations
The Company must ensure that prospective clients, learners, learners and staffs' rights to dignity and privacy are respected. The company shall only record essential information on prospective clients, learners, learners and staff. The company Staff should be aware of their data protection responsibilities. Prospective learners and learners should be aware of their data protection rights. The company will ensure that records are stored in accordance with written procedures. The company staff, where applicable, will aid and enable learners to exercise their right to access their files. The company staff and learners' files are archived and disposed of in line with written procedures.
Background
This Policy must be read in conjunction with other company policies, such as complaints, confidentiality and information sharing, accident, incidents and reportable diseases etc. These policies all place obligations on the company to keep records.
Legal and regulatory requirements
The Data Protection Act 1998 governs the processing and use of records both manual and computer relating to staff, prospective learners and learners. The Act also gives these people the right to access the records kept on their behalf.
Procedure
The company must ensure the keeping of accurate and up-to-date records.
Information relating to staff and learners should not be left on desks, or computer screens left open and visible.
Learners' records should always be locked away.
Only factual information should be used in communications.
The nature and scope of records
The scope and extent of the information to be entered in records should be discussed with the learner both at application and induction stage. The learner must not be mislead as to the purpose the personal information given will be recorded. The learner should also be informed as to who has access to the records what they will be used for, and any other information that relates to the recording of information.
Information can only be recorded if the learner gives their consent; or if it is necessary for the performance of a contract or in the learner's interest. Staff should be aware that unnecessary information should not be recorded. Staff should endeavour to get the learners consent in writing.
With regard to learners' who have communication difficulties or are subject to the Mental Health Act please refer to appropriate policies. If information is collected over the telephone the learner or prospective learners should be advised of the reason the information will be recorded etc and verbal consent should be obtained and noted. The learner in person at the earliest opportunity should verify this consent.
Information regarding the learner's racial and ethnic origin, political opinions, religious beliefs, sex life, and trade union activity, physical or mental health should be treated as sensitive. This information should not be recorded unless the learner has given their explicit consent. If this consent is not forthcoming it can only be recorded if it is for a purpose of performing a legal right or in the necessary to protect the vital interests of the person concerned.
There may be instances where sensitive information can be recorded if it is necessary for legal proceedings medical purposes and for the monitoring of equal opportunities.
Staff should be inducted as to the records necessary for service delivery and what information should be disregarded as needless details.
Records and case notes should be accurate with a clear distinction between fact and opinion.
The company will define what information is kept on file; this may include, but is not restricted to;
Application / referral forms Interview notes Study assessment Learning contract agreement Support care plan Learners notes Medication Financial transactions External agency information, notes, etc
Storage
Recorded information, either on paper or in computer data will be held in secure and private storage, e.g. locked cabinets for paper records and password-protected software for computer data. The obligations of the Data Protection Act will be adhered to. Computer records should be backed up weekly and the discs kept off site in secure approved storage. All back ups of computer records should be password protected.
Movement of confidential information outside of physical areas where it is safeguarded will be kept to a minimum.
Learners can refuse to have the records kept locally and in this instance the records should be arranged to be transferred to the company's main office. The learner's refusal should be noted on the record and their signature must be obtained.
Staff access
All records are to be kept either in a locked file or a password protected computer system. Authorised persons, who are registered as key holders, should hold the keys for the files. The computer system should have a series of passwords enabling the access of sensitive data on a strictly need to know basis.
Archiving and disposal
Ex learners' records will be archived as soon as possible and archive records will be kept in a lockable file, access to which is limited to authorised key holders.
The company will keep records for the appropriate number of years after the last contact with the company by the learner. The records will then be deleted if on computer or incinerated / shredded if paper copies.
Information use for monitoring, planning, research and publicity
Information for monitoring purposes will be presented statistically ensuring individuals are not identifiable. Where information about specific staff or learners is used for publication their consent must be given and their anonymity preserved. Staff and learners will not be the subject of research or included in public information without their explicit consent. The staff at the company will support learners if the media approaches them. Learners will be informed that the company has no control over final material produced by the media or researchers.
Third party requests for records
The company staff should verify the identity of any person requesting information. Staff should ensure that any requests from third parties comply with the confidentiality and information sharing policy. Copies of records disclosed must be kept in the learners file.
Transporting records
The Office Manager should prescribe the instances where files can be removed from the locked filing cabinet or from the computer system. The member of staff taking the records must sign in the logbook recording what information has been taken, where, for what purpose and by whom. The member of staff must sign back in all records returned. Any records lost during transportation must be regarded as a confidentiality breach and the learner affected must be informed. All steps must be taken to retrieve the information and the learner advised of their right to complain. A designated member of staff or the office manager is responsible for transporting and storing the weekly back up computer discs.
Monitoring compliance
The Office manager will perform a quarterly inspection of all files to ensure content, archives are current and data protection has been complied with.
Information
Publicly or commercially available information we define as information that an individual makes or permits to be made available to the public, or is legally available through an independent list broker or other third party, and/or is legally obtained and accessed from, amongst other sources: government records that are available to the public, journalistic reports, or information that is required by law to be available. We may collect publicly available information or purchase commercially available information about you from third parties.
Privacy notice
Paul Blacker
Purpose of privacy notice
The processing of personal data is governed by the General Data Protection Regulation 2016/679 (the GDPR). This legislation will replace current data privacy law, giving more rights to you as an individual and more obligations to organisations holding your personal data.
One of the rights is a right to be informed, which means we have to give you even more information than we do now about the way in which we use, share and store your personal information.
This means that we will be publishing a new privacy notice so you can access this information, along with information about the increased rights you have in relation to the information we hold on you and the legal basis on which we are using it.
This new privacy notice comes into effect and will be published on our website on 25 May 2018.
Who are we?
Paul Blacker (CPDG Limited) is the data controller. This means we decide how your personal data is processed and for what purposes.
Whose information does this privacy notice apply to?
This privacy notice applies to information we collect from:
- patients;
- prospective patients;
- former patients;
- people who subscribe to our newsletters;
- visitors to our website;
- job applicants and our current and former employees.
What is personal data?
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. Examples of personal data we may hold about you include your contact and appointment details.
Special category data is a sub-category of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. Examples of special category data we may hold about you include your patient notes.
How do we process your personal data?
We comply with our obligations under the GDPR by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data. We use your personal data for the purposes set out below.
Sections 1 – 15 apply to our patients, prospective patients, former patients and visitors to our clinic (please delete all sections that do not apply to your practice or amend those that need amending) (Also, please state how you store and transport your records: paper or electronically.)
- We use your name, address, telephone number and email address to make and rearrange appointments. We are unable to send or receive encrypted emails so you should be aware that any emails we send or receive may not be protected in transit. We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send us is within the bounds of the law.
- We use your name, address, telephone number and email address, only if we have your explicit consent, to send you marketing materials. We are unable to send or receive encrypted emails so you should be aware that any emails we send or receive may not be protected in transit. We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send us is within the bounds of the law.
- Some patients and prospective patients return pre- 1st appointment questionnaires or tell us about their medical conditions and medication by email or online enquiry forms. We are unable to send or receive encrypted emails so you should be aware that any emails we send or receive may not be protected in transit. We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send us is within the bounds of the law.
- We keep a permanent attendance register which records all appointments for patients attending our clinic to keep a record of when you were treated for tax purposes and to secure potential evidence in the event of a criminal prosecution, civil litigation, insurance claim or complaint to my regulatory body, the British Acupuncture Council.
- We may use your date of birth to help identify patients with the same name to avoid mistakes being made as to safe and appropriate treatment, for identification purposes if referring a patient to another health practitioner, and for identification purposes if writing to a registered medical practitioner so that they correctly identify the patient.
- We use your presenting complaint and symptoms reported by you for the purposes of making a full traditional diagnosis, formulating treatment strategy and treatment planning.
- We use any relevant medical and family history you have told us for making a full traditional diagnosis, formulating treatment strategy and treatment planning.
- We use your GP’s name and address in the event that we need to contact your GP including in an emergency and because it is a mandatory requirement in the British Acupuncture Code of Professional Conduct.
- We use our clinical findings about your health and wellbeing for making a full traditional diagnosis, and formulating treatment strategy and treatment planning.
- We keep a record of and refer to that record of any treatment given and details of progress of your case, including reviews of treatment planning to enable us to: review the full traditional diagnosis, treatment strategy and planning; and to secure evidence in the event of criminal proceedings, civil litigation, an insurance claim or complaint.
- We record and use any information and advice that we have given, especially when referring patients to any other health professional, to help you to receive the most appropriate treatment and to secure evidence in the event of criminal proceedings, civil litigation, an insurance claim or complaint.
- We record any decisions made in conjunction with you to help you to receive the most appropriate treatment and to secure evidence in the event of criminal proceedings, civil litigation, an insurance claim or complaint.
- We keep accident records for any patients, visitors or staff who are involved in accidents at our clinic in accordance with UK Health and Safety legislation including the Reporting of Injuries, Diseases and Dangerous Occurrences Regulations (RIDDOR) to comply with the law and to secure evidence in the event of criminal proceedings, civil litigation, an insurance claim or complaint.
- In the event of an adverse incident occurring to any of our patients we report the matter to the British Acupuncture Council and the our insurance company to enable the insurance company to deal with any potential claims and to help the British Acupuncture Council to develop its safe practice guidelines, as well as providing research data and information for the BAcC’s insurers and other interested parties.
- Where relevant we maintain records of the patient’s consent to treatment, or the consent of their next-of-kin in order to be able to prove that the patient (and/or parent/guardian/next of kin) has given informed consent to treatment to secure evidence in the event of a civil claim, criminal prosecution, insurance claim or complaint.
Section 16 applies to those who complain about our services (please delete all sections that do not apply to your practice or amend those that need amending)) (Also, please state how you store and transport your records: paper or electronically.)
- When we receive a complaint from a person we make up a file containing the details of the complaint. This normally contains the identity of the complainant and any other individuals involved in the complaint.
We will only use the personal information we collect to process the complaint and to check on the level of service we provide. We usually have to disclose the complainant’s identity to whoever the complaint is about. If a complainant doesn’t want information identifying him or her to be disclosed, we will try to respect that. However, it may not be possible to handle a complaint on an anonymous basis. We may need to provide personal information collected and processed in relation to complaints to the British Acupuncture Council or our insurance company.
We will keep personal information contained in complaint files in line with our retention policy. This means that information relating to a complaint will be retained for two years from closure. It will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.
Similarly, where enquiries are submitted to us we will only use the information supplied to us to deal with the enquiry and any subsequent issues and to check on the level of service we provide.
Sections 17 and 18 apply to subscribers to our newsletters (please delete all sections that do not apply to your practice or amend those that need amending)) (Also, please state how you store and transport your records: paper or electronically.)
- We maintain and use records of subscribers to our newsletters, only with their consent, for marketing purposes.
- We use a third party provider, (insert name of third party provider), to deliver our e-newsletters. We gather statistics around email opening and clicks using industry standard technologies including clear gifs to help us monitor and improve our e-newsletter. For information, please see (insert name of third party provider) privacy notice.
Sections 19 – 23 apply to our website users (please delete all sections that do not apply to your practice or amend those that need amending)) (Also, please state how you store and transport your records: paper or electronically.)
- When someone visits our websitewe use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website. If we do want to collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it.
- We use website cookies to improve user experience of our website by enabling our website to 'remember' users, either for the duration of their visit - using a 'session cookie' - or for repeat visits - using a 'persistent cookie'.
- Our website search is powered by (insert name of website search company). Search queries and results are logged anonymously to help us improve our website and search functionality. No user-specific data is collected by us or any third party.
- We use a third party service (name third party service provider) to help maintain the security and performance of our website. To deliver this service it processes the IP addresses of visitors to our website.
- We use a third party service, (name website host e.g. WordPress.com), to host our website including publishing our blog. This site is hosted at (name of website host), which is run by (name of company running website host). We use a standard (name of website host service) to collect anonymous information about users' activity on the site, for example the number of users viewing pages on the site, to monitor and report on the effectiveness of the site and help us improve it. (Name of website host) requires visitors that want to post a comment to enter a name and email address. For more information about how (name of website host) processes data, please see (link to website host’s privacy notice).
Sections 24 to 28 apply to job applicants, current and former employees (please delete all sections that do not apply to your practice or amend those that need amending) (Also, please state how you store and transport your records: paper or electronically.)
- We are the data controller for the information job applicants provide during the process.
- All of the information you provide during the process will only be used for the purpose of progressing your application, or to fulfil legal or regulatory requirements if necessary.
- We will not share any of the information you provide during the recruitment process with any third parties for marketing purposes or store any of your information outside of the European Economic Area. The information you provide will be held securely by us whether the information is in electronic or physical format.
- We will use the contact details you provide to us to contact you to progress your application. We will use the other information you provide to assess your suitability for the role you have applied for.
- We do not collect more information than we need to fulfil our stated purposes and will not retain it for longer than is necessary.
- The information we ask for is used to assess your suitability for employment. You don’t have to provide what we ask for but it might affect your application if you don’t.
- We ask you for your personal details including name and contact details. We will also ask you about your previous experience, education, referees and for answers to questions relevant to the role you have applied for.
- We shortlist applications for interview.
- If we make a conditional offer of employment we will ask you for information so that we can carry out pre-employment checks. You must successfully complete pre-employment checks to progress to a final offer. We are required to confirm the identity of our staff, their right to work in the United Kingdom and seek assurance as to their trustworthiness, integrity and reliability.
You will therefore be required to provide:
- Proof of your identity – you will be asked to attend our clinic with original documents, we will take copies.
- Proof of your qualifications – you will be asked to attend our clinic with original documents, we will take copies.
- You will be asked to complete a criminal records declaration to declare any unspent convictions.
- We will contact your referees, using the details you provide in your application, directly to obtain references.
- If we make a final offer, we will also ask you for the following:
- Bank details – to process salary payments
- Emergency contact details – so we know who to contact in case you have an emergency at work.
- If you are successful, the information you provide during the application process will be retained by us as part of your employee file for the duration of your employment plus 6 years following the end of your employment. This includes your criminal records declaration, fitness to work, records of any references.
If you are unsuccessful at any stage of the process, the information you have provided until that point will be retained for 6 months from the closure of the recruitment process.
Information generated throughout the assessment process, for example interview notes, is retained by us for 6 months following the closure of the recruitment process.
- All of the information gathered during the application process is taken into account to make final recruitment decisions.
- You are able to ask about decisions made about your application by speaking to (insert name) or by emailing (insert email address).
Sharing your personal data
Your personal data will be treated as strictly confidential, and will be shared:
- with named third parties with your explicit consent;
- with the relevant authority such as the police or a court, if necessary for compliance with a legal obligation to which we are subject e.g. a court order;
- with your doctor or the police if necessary to protect yours or another person’s life;
- with the police or a local authority for the purpose of safeguarding a children or vulnerable adults; or
- with my regulatory body, the British Acupuncture Council, or my insurance company in the event of a complaint or insurance claim being brought against me; or
- my solicitor in the event of any investigation or legal proceedings being brought against me.
For further details about the situations when information about you might be shared please see the Information Commissioner’s website at https://ico.org.uk/for-the-public/personal-information/sharing-my-info/
How long do we keep your personal data?
We keep your personal data for no longer than reasonably necessary.
We keep patient records for a period of 7 years in accordance with the British Acupuncture Code of Professional Conduct https://www.acupuncture.org.uk/public-content/effective-practice/bacc-professional-codes.html
We keep employee records for a period of (insert your retention period and rationale for that retention period for each different type of employee record). Include sufficient reason for retaining personal data – (“just in case” it might come in useful one day, will not be a sufficient reason)]. Examples could be: - in case of any legal claims/complaints; for safeguarding purposes etc.]]. OR [If you cannot state a specific period, you will need to set out the criteria that you use in order to determine a retention period].
Set out all other retention periods and rationale for those retention periods for each different type of personal data and special category data. Include sufficient reason for retaining personal data – (“just in case” it might come in useful one day, will not be a sufficient reason)]. Examples could be: - in case of any legal claims/complaints; for safeguarding purposes etc.]]. OR [If you cannot state a specific period, you will need to set out the criteria that you use in order to determine a retention period].
Explain how you will keep data up-to-date, store and destroy personal data. Also, explain what will happen if you are ill or die.
At any time you may request that changes are made to your contact details.
Your rights and your personal data
Unless subject to an exemption under the GDPR, you have certain rights with respect to your personal data as set out below.
- The right to request a copy of your personal data which we hold about you.
- The right to request that we correct any personal data if it is found to be inaccurate or out of date.
- The right to request your personal data is erased where it is no longer necessary for us to retain such data.
- The right to withdraw your consent to the processing at any time. This right does not apply where we are processing information using a lawful purpose other than consent.
- The right to request that we provide you with your personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability), (where applicable) [This right only applies where the processing is based on consent or is necessary for the performance of a contract with you and in either case the we are processing the data by automated means].
- The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing.
- The right to object to the processing of personal data, (where applicable) [This right only applies where processing is based on legitimate interests (or the performance of a task in the public interest/exercise of official authority); direct marketing and processing for the purposes of scientific/historical research and statistics].
- The right to be informed if your data is lost. We shall also inform the Information Commissioner’s Office in accordance with the time limits in the GDPR.
- The right to lodge a complaint with the Information Commissioner’s Office.
For further details about these rights please see the Information Commissioner’s website at https://ico.org.uk/for-the-public/is-my-information-being-handled-correctly/
Further processing
If we wish to use your personal data for a new purpose, not covered by this Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
Contact Details
To exercise all relevant rights, queries of complaints please in the first instance contact us at [insert contact details].
You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.
END OF PRIVACY NOTICE