K4Medical

View Categories

Data Protection

Medic logo

Author: Jono Erodotou
Responsibility: All Staff
Effective Date: 01 June 2024
Review Date: 30th May 2025
Approved By:  
Version Number: 01
Amendment / Review History #
Date Author Comments
     
     
     
     
     

General Policy Statement #

K4 Medical Services recognises the legal requirements of the Data Protection Act and is committed to safeguarding personal data.

In particular:

Personal data will be processed fairly and lawfully and, in particular, will not be processed unless – 

  • At least one of the conditions set out in Section 2 below is met, and
  • In the case of sensitive personal data, at least one of the conditions in Section 3 below is also met.

Personal data will be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.

Personal data will be adequate, relevant and not excessive in relation to the purpose(s) for which they are processed.

Personal data shall be accurate and, where necessary, kept up to date.

Personal data processed for any purpose(s) will not be kept for longer than is necessary for that purpose or purposes.

Personal data will be processed in accordance with the rights of data subjects under the Data Protection Act.

Appropriate technical and organisational measures will be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.

Personal data will not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

Conditions for Processing Personal Data #

Unless a relevant exemption applies, at least one of the following conditions must be met whenever we process personal data:

  • The individual who the personal data is about has consented to the processing.
  • The processing is necessary:
    – In relation to a contract which the individual has entered into; or
    -Because the individual has asked for something to be done so they can enter into a contract.
  • The processing is necessary because of a legal obligation that applies to you (except an obligation imposed by a contract).
  • The processing is necessary to protect the individual’s “vital interests”. This condition only applies in cases of life or death, such as where an individual’s medical history is disclosed to a hospital’s A&E department treating them after a serious road accident.
  • The processing is necessary for administering justice, or for exercising statutory, governmental, or other public functions.
  • The processing is in accordance with the “legitimate interests” condition.

Condit #

(As detailed in Schedules 2 to the Data Protection Act).

At least one of the additional conditions listed below must also be met whenever we process sensitive personal data:

  • The individual who the sensitive personal data is about has given explicit consent to the processing.
  • The processing is necessary so that you can comply with employment law.
  • The processing is necessary to protect the vital interests of:
  • The individual (in a case where the individual’s consent cannot be given or reasonably obtained), or Another person (in a case where the individual’s consent has been unreasonably withheld).
  • The processing is carried out by a not-for-profit organisation and does not involve disclosing personal data to a third party, unless the individual consents. Extra limitations apply to this condition.
  • The individual has deliberately made the information public.
  • The processing is necessary in relation to legal proceedings; for obtaining legal advice; or otherwise for establishing, exercising or defending legal rights.
  • The processing is necessary for administering justice, or for exercising statutory or governmental functions.
  • The processing is necessary for medical purposes, and is undertaken by a health professional or by someone who is subject to an equivalent duty of confidentiality.
  • The processing is necessary for monitoring equality of opportunity, and is carried out with appropriate safeguards for the rights of individuals.

In addition to the above conditions – which are all set out in the Data Protection Act itself regulations set out several other conditions for processing sensitive personal data. Their effect is to permit the processing of sensitive personal data for a range of other purposes typically those that are in the substantial public interest, and which must necessarily be carried out without the explicit consent of the individual.  

Examples of such purposes include preventing or detecting crime and protecting the public against malpractice or maladministration. A full list of the additional conditions for processing is set out in the Data Protection (Processing of Sensitive Personal Data) Order 2000 and subsequent orders.

Powered by BetterDocs