Privacy Policy

Key Points

  • We recognise data protection as a fundamental right and embrace the principles of data protection by design and by default. This policy includes in its scope all data which we process either in hardcopy or digital copy; this includes special categories of data.

  • We will establish and maintain policies to ensure compliance with the Data Protection Act 2018, Human Rights Act 1998, the common law duty of confidentiality, the General Data Protection Regulation and all other relevant legislation.

  • All staff are required to read and comply with this policy, and any breach of the policy may be deemed as gross misconduct and be managed under the organisations disciplinary policies.
     

Policy Statement

This Data Protection Policy is the overarching policy for data security and protection for insert organisation name here (hereafter referred to as "us", "we", or "our").
 

Principles

  • We will be open and transparent with service users and those who lawfully act on their behalf in relation to their care and treatment. We will adhere to our duty of candour responsibilities as outlined in the Health and Social Care Act 2012.

  • We will establish and maintain policies to ensure compliance with the Data Protection Act 2018, Human Rights Act 1998, the common law duty of confidentiality, the General Data Protection Regulation and all other relevant legislation.

  • We will establish and maintain policies for the controlled and appropriate sharing of service user and staff information with other agencies, taking account all relevant legislation and citizen consent.

  • Where consent is required for the processing of personal data we will ensure that informed and explicit consent will be obtained and documented in clear, accessible language and in an appropriate format. The individual can withdraw consent at any time through processes which have been explained to them and which are outlined in our Record Keeping Policy: Withdrawal of Consent procedures. We ensure that it is as easy to withdraw as to give consent.

  • We will undertake / commission delete as appropriate annual audits of our compliance with legal requirements.
     

We acknowledge our accountability in ensuring that personal data shall be:

  • Processed lawfully, fairly and in a transparent manner.

  • Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.

  • Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’).

  • Accurate and kept up to date.

  • Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed (‘storage limitation’).

  • Processed in a manner that ensures appropriate security of the personal data.
     

We uphold the personal data rights outlined in the GDPR:

  • The right to be informed

  • The right of access

  • The right to rectification

  • The right to erasure

  • The right to restrict processing

  • The right to data portability

  • The right to object

  • Rights in relation to automated decision making and profiling.