We shall collect, hold and process personal data in accordance with the provisions of the Data Protection Act 1998. These provisions apply to personal data held on an employee’s personal file or on any associated or computerised record.
Where data is held under the provisions of the Data Protection Act 1998, we will ensure that personal data is:
- Fairly and lawfully processed;
- Processed for specified purposes;
- Adequate, relevant and not excessive;
- Not kept for longer than is necessary;
- Processed in accordance with individuals rights;
- Not transferred to countries without adequate protection.
- Where consent is required, we will obtain your consent before processing data that relates to you.
- You are entitled, upon request, to be informed whether personal data about you is being processed, and to be provided with a description of the data, any information available as to its source (if known), the purposes for which it is being processed, and details of the recipients to whom it is being disclosed. We will provide this information upon request although we reserve the right to make a charge for providing this information. In certain circumstances and upon request, we will stop processing personal data about you if it is likely to cause substantial damage or distress to you or someone else. Any requests relating to the above should be made in writing to our Data Protection Officer or the Practice manager.
- We will endeavour not to make any decisions that significantly affect you which are based solely on automatic processing of personal data. However, where such a decision is made, you will be informed of the way in which the decision was made and be given an opportunity to make representations to challenge the decision. In such circumstances, we will consider your representations and review the decision with a view to ensuring that a correct and fair decision is made.
- You are required to make yourself familiar with and follow our Data Protection Policy and Code of Practice, which sets out the way in which we require personal data to be treated in order to comply with the law. Our Data Protection Policy and Code of Practice are available on the Intranet and copies can be obtained from our Data Protection Officer.
- Personal data is confidential and is held solely for the purpose of carrying out company business. Breach of our Data Protection Policy or Code of Practice may amount to misconduct and result in disciplinary action. Persistent breaches or a serious breach may result in your dismissal.
We will ensure that appropriate measures are adopted to guard against unauthorised and unlawful processing, or the accidental loss, destruction of or damage to data.
The subject of data protection is a complicated one. If you require guidance or assistance you should contact our Data Protection Officer Bethany Lucas, who will be pleased to help you and answer any queries that you may have.