General Data Protection Regulation – Policy
The EU General Data Protection Regulation (GDPR) has the aim of harmonising data protection and processing laws across the European Union and giving individuals stronger rights of access and control of their personal data.
Tier One Health Ltd (the Company) will continue to ensure the security and protection of personal data that is held within the Company. Accordingly, it will comply with the provisions of GDPR where it applies to the Company in a manner, which is appropriate and proportionate to the size, type and geography of its business, and in particular, it will process and protect personal data in accordance with the responsibilities and principles set out in GDPR.
Tier One Health Ltd are registered in accordance with the Information Commissioners Office; our registration number is ZA787521.
GDPR will apply to the Company, as in the course of its business the Company will process data relating to individuals, which is personal to those individuals. GDPR describes such data as Personal Data and such individuals as Data Subjects.
In compliance with the provisions of GDPR, the Company will accordingly adhere to the following data protection principles:
- Process Personal Data lawfully, fairly and in a transparent manner;
- Collect personal Data for specified, explicit and legitimate purposes and will not process it in a manner that is incompatible with those purposes;
- Only process Personal Data that is adequate, relevant and limited to what is necessary in relation to the purposes for which the Data has been processed;
- Ensure that Personal Data is accurate and, where necessary, kept up to date;
- Keep Personal Data in a form which permits identification of the Data Subject for no longer than is necessary for the purposes for which the Data has been processed; and
- Retain Personal Data in an appropriately secure manner which will include its protection against unauthorised or unlawful processing and against accidental loss, destruction or damage.
- The Company is also committed to ensuring that the rights of the Data Subject about whom Personal Data is held will be fully upheld, including in particular the rights to:
- Know that Data is being processed;
- Access the Data;
- Object to or restrict processing of the Data; and
- Correct, rectify, block or erase any Data, which is wrong.
The Company recognises that Personal Data can only be processed on a lawful basis and accordingly its policy will be to determine such lawful basis before it does so and will document this.
GDPR sets out examples of lawful bases for processing Personal Data and these include in particular where processing:
- Has been consented to by the Data Subject;
- Is necessary for the performance of a contract with the Data Subject or for taking steps to enter into a contract;
- Is necessary for compliance with a legal obligation;
- Is necessary for the purposes of legitimate interests pursued by the controller or a relevant third party, except where the law requires such interests to be overridden by the interests, rights or freedoms of the Data Subject.
The Company will consider how long it intends to store information containing Personal Data and determine the criteria for doing so. After expiry of the retention period, unless there is a sound business reason to retain them beyond this period, the records containing Personal Data will be disposed of securely and destroyed effectively.
The Company’s employees are required to adhere to this policy and other policies of confidentiality of the Company, together with any instructions which may be given from time to time, so that the integrity, confidentiality and security of the Personal Data which the Company processes and to which its employees may have access is protected. Employees are also required to take particular care with regard to protecting special categories of Personal Data.
The Company and its employees must:
- Only access Personal Data that they are permitted to access and only for authorised purposes;
- Not allow any other person (including other Company staff) to access Personal Data unless the employee knows that they have the appropriate permissions;
- Keep Personal Data secure (for example by complying with rules on access to premises), computer access, password protection, encryption and secure file storage and destruction)
- Not remove Personal Data (including Personal Data in files), or devices containing Personal Data (or which can be used to access it), from the Company’s premises unless appropriate security measures are in place (such as encryption or password protection) to secure the information and the device;
- Not store Personal Data on local drives or on personal devices that are used for work purposes.
The Company may be legally required to share Personal Data with other bodies or agencies, such as government or other official bodies, in some of the circumstances set out above and where prior consent may not have been given beforehand by the Data Subject.
Subject to such exceptions and any other relevant provisions of GDPR, the Company will not disclose Personal Data to any unauthorised persons or third parties.
8. OTHER MATTERS
Use of Site by Children
We do not sell products or provide services for purchase by children, nor do we market to children. If you are under 18, you may use our website only with consent from a parent or guardian.
Encryption of Data Sent Between Us
We use Secure Sockets Layer (SSL) certificates to verify our identity to your browser and to encrypt any data you give us. Whenever information is transferred between us, you can check that it is done so using SSL by looking for a closed padlock symbol or other trust mark in your browser’s URL bar or toolbar.
How You Can Complain
Retention Period for Personal Data
Except as otherwise mentioned in this privacy notice, we keep your personal information only for as long as required by us: to provide you with the services you have requested to comply with other law, including for the period demanded by our tax authorities to support a claim or defence in court.
Compliance With The Law