Privacy Policy

Policy information

Organisation

Evolution Healthcare Systems

Scope of policy

This policy applies to Evolution Healthcare Systems

Data Processor – Janette Clennett

Policy operational date

10th May 2018

Policy prepared by

Janette Clennett

Date approved by Board

10th May 2018

Policy review date

To be reviewed in May 2021

Introduction

Purpose of policy

  • complying with the law
  • following good practice
  • protecting clients, staff and other individuals
  • protecting the organisation

Types of data

Data stored is limited to

  • Client/Users Name
  • Clienet/Users Workplace
  • Client/Users Work Email address
  • Client /Users Work Telephone numbers

Policy statement

Evolution Healthcare Systems are commited to:

  • comply with both the law and good practice
  • respect individuals’ rights
  • be open and honest with individuals whose data is held
  • provide training and support for staff who handle personal data, so that they can act confidently and consistently
  • Notify the Information Commissioner voluntarily, even if this is not required

Key risks

Evolution Healthcare Systems will endeavour to prevent the following risks:

  • information data getting into the wrong hands, through poor security or inappropriate disclosure of information
  • individuals being harmed through data being inaccurate or insufficient

Responsibilities

The Board / Company Directors

They have overall responsibility for ensuring that the organisation complies with its legal obligations.

Data Protection Officer

Janette Clennett will be responsible for:

  • Briefing the Board on Data Protection responsibilities
  • Reviewing Data Protection and related policies
  • Advising other staff on tricky Data Protection issues
  • Ensuring that Data Protection induction and training takes place
  • Notification to the ICO
  • Handling subject access requests
  • Assessing unusual or controversial disclosures of personal data
  • Approving contracts with Data Processors

Enforcement

The penalties for infringing the Data Protection and related policies will lead to dismissal of the staff member.

Training will be provided for all staff.

Any infringement of data protection should be submitted in writing to the directors.

Security

Scope

Data will be stored for Business Continuity and to assist users with any technical or usage issues regarding Evolution Healthcares Systems products

Security measures

Users Contact details only will be stored by Evolution Healthcare Systems.

No User Names or Passwords will be recorded or retained.

User’s details will be deleted upon leaving the employment of our client’s.

Specific risks

We will never solicit personal information such as usernames or passwords from our Clients/Users by phone.

Confidential Information

Evolution Healthcare Systems will never request or hold any Client/Users personal information either by telephone or email.

Evolution Healthcare Systems will never request or hold any patient information either by phone or email.

Any request for this sensitive information must be reported to Evolution Healthcare systems at once.

Data recording and storage

Accuracy

It is important the information we hold is correct and accurate to enable us to assist the user with the correct help or assistance when using Evolution Healthcare Products.

Updating

We update our records when new Users/Clients use our products. Any member of staff leaving the organisations details will be deleted.

Storage

All contact details are stored on a secure spreadsheet only accessible by Evolution Healthcare Systems head office.

Retention periods

Data will only be stored as long as the User/Client is using our products.

Archiving

All data no longer in use will be deleted after the period of 1 month.

Right of Access

Responsibility

Janette Clennett is responsible for ensuring that right of access requests are handled within the legal time limit of one month

Procedure for making request

Right of access requests must be in writing. A standard request form can be found on our website as a standard PDF.

 Website address www.evolutionhealthcaresystems.co.uk.

There is a clear responsibility for all employees to pass on anything which might be a subject access request to the appropriate person without delay.

Provision for verifying identity

When any information is requested by a third party Evolution Healthcare Systems will seek permission from the subject before handing over any information

Charging

We provide the information free of charge. However we may charge a ‘reasonable fee’ when a request is manifestly unfounded or excessive, particularly if it is repetitive.

We may also charge a reasonable fee to comply with requests for further copies of the same information.

The fee will be based on the administrative cost of providing the information

Procedure for granting access

If the request is made electronically, we will provide the information in a commonly used electronic format.

Transparency

Commitment

Evolution Healthcare Systems are committed to safeguarding all information held.

  • Information will only be held to contact clients/users to assist with using our products.
  • We do not hold any confidential information such as gender, political or religious beliefs
  • Access to the data we hold can be gained by email request or filling in a form downloadable from our website.

Responsibility

The Directors of Evolution Healthcare Systems hold the Responsibility for all data held.

Lawful Basis

Underlying principles

We have checked that the holding of personal workplace data is necessary for the relevant purpose, and are satisfied that there is no other reasonable way to achieve that purpose.

Opting out

Evolution Healthcare Systems give the Users/Clients opportunity to opt out of their data being held, and acknowledges assistance cannot be given either by email or telephone once the permission has been withdrawn.

Withdrawing consent

Evolution Healthcare Systems wish to acknowledge that, once given, consent can be withdrawn, but not retrospectively. There may be occasions where our organisation has no choice but to retain data for a certain length of time, even though consent for using it has been withdrawn.

Employee training & Acceptance of responsibilities

Induction

All employees who have access to any kind of personal data will have their responsibilities outlined during their induction procedures

Continuing training

Data Protection issues will be raised during employee training, team meetings, supervisions, etc.

Procedure for staff signifying acceptance of policy

Employees will be expected to sign an acceptance form acknowledging our data protection policy.

Policy review

Responsibility

Janette Clennett will have the responsibility for carrying out the next policy review.

Procedure

The directors of Evolution Healthcare systems will be consulted in the review.

Timing

The review will be started by the first of April 2021, in order to be completed by the required date.

Data Protection Policy Forms

Please print required form, fill in the details and scan or photo the form and send back to us by email to Support@evohelpdesk.co.uk or pop it in the post. Please keep the original for your records.

DataStoringProcess

HandlingRequestForDataProcess

RequestForData

PermissionForDataRequest

CommunicationOptOutForm

BreachOfDataPolicy

TestDataPolicy