We are registered with the ICO under the Data Protection Register. The Data Protection Officer is Dr James Little, who can be contacted via firstname.lastname@example.org – ICO registration reference A8946183.
Personal data is any data that could identify you as an individual. Personal data you give to us may include (but is not limited to) your name, contact information, photographic identification, information held on occupational certificates, and internet usage. Your health records may include information given by yourself and findings from clinical examination. Occasionally further information may be provided by third parties (for example other healthcare providers and employers).
Information may be provided by you via telephone, website, email or during a face-to-face consultation. We may request your consent to contact your employer or other healthcare professionals (either to gain further information or to seek specialist opinions).
It is necessary to hold information about you, including but not limited to, your contact details, and your health records. Information may be used to meet legal requirements and also to check your identity for security and anti-fraud purposes or to seek feedback to improve our services. Your information may be used by North Yorkshire Medicals Ltd to contact you in the future for necessary queries regarding to your occupational health needs or for marketing purposes of North Yorkshire Medicals.
Information is stored in paper and/or electronic format. Procedures are in place to prevent unauthorised access or disclosure of your records without your consent. Only those with genuine and demonstrable need will be able to access your personal data.
Policies and procedures are in place to deal with any suspected data breach so that any loss of data, or consequential damage, is minimised.
North Yorkshire Medicals Ltd does not store any bank or credit card details. Such details are held securely by our nominated payment partner PayPal.
Processing of data encompasses all activity to do with your personal data which includes but is not limited to, obtaining data, storage, amendment, transfer and deletion of data. Personal data forms your medical record held by North Yorkshire Medicals Ltd but also may be used for purposes of communication with yourself or other healthcare professionals if expert advice is needed. On occasion your consent may be sought to liaise with your employer.
North Yorkshire Medicals Ltd welcomes feedback to help improve services and you may be contacted for this purpose. We will not sell or distribute your information to third parties, unless we have your permission, or we are under a legal obligation to do so.
If you wish to request details of personal information held on systems and in hard copy stored by North Yorkshire Medicals Ltd, please contact the Data Protection Officer using the contact details above.
Current legislation requires retention of medical records for a minimum of ten years, or longer in some cases. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. We will not store your information for longer than is reasonably necessary or required by law.
Your information will be kept securely at all times and at the end of the retention period, your files and personal data will be permanently deleted or destroyed.
Under the GDPR you have a number of important rights, these can be accessed here.