When you register as a client of Kent Medical Secretarial Services Ltd we will collect:
- Your personal details, including name and address, email addresses, phone number, gender and possibly an image.
- Details of your NHS practice and contact details.
- The names and address of next of kin.
- Bank and financial details.
- CCTV images of you may be captured on our premises.
Cookies and Embedded Content
Personal data will be retained for the shortest time necessary however, some medical material will require Kent Medical Secretarial Services Ltd to hold your data after a consultation or medical treatment. Under GDPR you have the following rights to request information from the company:
- Right of access to the data (Subject Access Request)
- Right for the rectification of errors
- Right to erasure of personal data
- Right to restrict of processing or to object to processing
- Right to portability
Due to medical notes requiring data to be held for a specific time, the erasure of data may not be possible for legal obligations. Direction will be sought from the representing consultant regarding the erasure of a data subject. Some treatment and hospital notes and results will require data to be held for a specific amount of time.
Lawful Basis for Processing:
The General Data Protection Regulation (GDPR) is legislation explaining your rights over the processing of your personal information. The GDPR requires Kent Medical Secretarial Services Ltd to identify which of the six “lawful reasons” we use when processing your data: we process data on the basis of “consent” when sending newsletters or material relating to Kent Medical Secretarial Services Ltd and we operate on the basis of “legitimate interest” when communicating with you in other ways (e.g. when responding to your enquiry). When processing personal data relating to treatment then we use “Consent” and “Contract” for our lawful basis for processing. This will be dependent upon the consultant that we will be providing our service to being.
How long we retain your data:
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
Individuals’ personal data rights
Subject Access Requests (SAR):
Individuals have the right to make a Subject Access Request. If an individual makes a subject access request, then Kent Medical Secretarial Services Ltd will respond to the request within Thirty (30) days and will produce the request in line with the Information Commissioners Office (ICO) guidelines. The data subject will need to prove themselves by a form of identification which will be deemed adequate by the DPO. An SAR should be submitted to:
Email: The Data Protection Officer (DPO) at DPO@medicalsecserv.co.uk
The organisation will also provide the individual with a copy of the personal data undergoing processing. This will normally be in electronic form if the individual has made a request electronically, unless he/she agrees otherwise. A data subject has the right to the following regarding the processing of their data:
- Whether or not his/her data is processed and if so why, the categories of personal data concerned and the source of the data if it is not collected from the individual;
- To whom his/her data is or may be disclosed, including to recipients located outside the European Economic Area (EEA) and the safeguards that apply to such transfers;
- For how long his/her personal data is stored (or how that period is decided);
- His/her rights to rectification or erasure of data, or to restrict or object to processing;
- His/her right to complain to the Information Commissioner if he/she thinks the organisation has failed to comply with his/her data protection rights; and
- Whether or not the organisation carries out automated decision-making and the logic involved in any such decision-making.
Sharing Personal Information
As an organisation we do not share any information held with third parties unless consent is given by the data subject or is needed to be done so within the conduct of a course. We do not conduct profiling or marketing using an individual’s personal details for the conduct of our business. We will only share information with the following organisations if it is felt that we have a legal obligation or are instructed to do so from an authority requiring specific information on a data subject.
- Police force within the United Kingdom
- A government department or agency
- A local authority
Your data may be transferred to countries outside the European Economic Area (EEA). If any data is transferred outside the EEA it is based on the contractual obligations to third parties and processed in accordance with your data rights.
Please contact us directly with any questions or complaints as we aim to resolve any questions relating to data privacy with the data subject immediately.
Email: The Data Protection Officer (DPO)
All legal rights regarding privacy are the responsibility of the Information Commissioners Office (ICO). More information about their complaints procedure can be found at:
ICO Registration – ZA398427