Privacy Statement
Since the creation General Data Protection Regulations 2018 (GDPR), Role 1 Medical Ltd (the Company) ensures that it only collects data absolutely necessary, for the purpose it is intended and limits the level of data that it shares with external and internal organisations. The company has taken the following steps to ensure this practice continues. The Company policies and processes in place to protect individuals in accordance with the below statement.
The Company will ensure that all collected data will be:
· processed lawfully, fairly and in a transparent manner in relation to individuals;
· collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be incompatible with the initial purposes;
· adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
· accurate and, where necessary, kept up to date; every reasonable step shall be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, is erased or rectified without delay;
· kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data shall be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
· processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
Who we are:
The Company is:
· an independent ambulance service, supplying frontline ambulance, high dependency, patient transport and event medical services to private and public organisation, transporting members of the public.
· a training company for the delivery of first aid, pre-hospital care courses, clinical education in accordance with Qualsafe Awards.
How the Company collects information:
· We may collect information about you from your completion of our on-line forms, from any email you send or from documents that you upload throughout the registration process
· The Company will not use any of your data for marketing e mails, promotional information or information about activities unless we have your express permission to do so.
Storage of Information
· Your information shall be stored on The Companies secure web server and it will keep its own backup copy. We may also store your information on paper at our offices and bases, but this will be limited to compliance, resourcing, training and payroll services and only where necessary. In doing so the information will be stored in a locked draw, room or cabinet when not in use with limited access;
· The Company will keep your information secure by taking appropriate technical and organisational measures against its un-authorised or unlawful processing and against its accidental loss, destruction or damage;
· You have a statutory right to see a copy of the information the Company holds about you, free of charge. To access this information, you will be required to make an application in writing in accordance with our Subject Access Request (SAR) process. For further information please contact our Head Office on 01209 206953 and ask for a member of the Information Governance Team or email info@role1medical.co.uk.
What we use your information for:
· We will use your information to provide you with any further details or information you request, process your application to work with us or engagement on a training course;
· If we provide an online shopping service, we will use your information to fulfil your order only.
Who we will share your information with:
We will not share your information with any other organisation except in the following circumstances:
· We may need to give incidental access to you information for hardware or software maintenance however, we shall endeavour to keep this to a minimum;
· The Company will disclose your information to enforcement authorities if asked to do so, or to a third party in the context of actual or threatened legal proceedings;
· Any third parties associated with an engagement to work on behalf of the Company or any of its subsidiary companies or when engaging on a course, then information will be required by the awarding body to supply your certificate of completion. In such cases we will limit the amount of information released to what is required for the third party to accomplish their requirements;
· If the Company provides you with an online shopping service, any credit or debit card details you supply will be passed to our payment provider and your card issuer and will not be routinely retained after the sale has been completed;
· The EEA comprises certain countries within Europe (including the EU) which have similar laws on data protection. Other countries outside the EEA may not give the same level of protection to your information. Information held for each of the different entities of Jigsaw shall not be shared within the group without prior permission of the individual, i.e. Training Department students information will not be shared within the group;
· Further information about data protection issues including the online Register of Data Controllers can be found at informationcommissioner.gov.uk or request a copy of our Data Protection Policy;
· Should the Company provide clinical or medical services to you, information will be collated for this purpose, in most cases this will be on behalf of a public sector organisation, whereby any data including any sensitive data will be owned by the outsourcing organisation and will not be accessible or retained by the Company. In such circumstances the Company will use paperwork, electronic software owned and managed by the outsourcing organisation, thus will be governed by the organisation’s own privacy and data security processes
· Where the Company must share or access data relating to individuals it will pseudomise all information where possible.
To access any of the Companies policies relating to this privacy statement or GDPR policies, then please contact our Head Office on 01209 206953.