UK Medical Calibration Ltd (Medi-cal) is committed to protecting your privacy and takes this responsibility very seriously. We therefore, take care to safeguard it. This notice outlines what data we collect, how we may use it, how we protect your data and your rights, and how you can exercise those rights.
If you have any questions about this policy, please contact us via email at firstname.lastname@example.org
Why we collect your data
We collect personal data for many reasons, including to provide you with services, communicate with you and send you the information you have requested. Depending on how you interact with us, we may process data for the following reasons:
- To provide you with advice, support or services that you have requested
- To record personal details shared during conversations with our staff.
- To process personal details required for the administration of your booked training course
- To record and contact you regarding bookings made with Medi-cal
- To administer services Medi-cal is providing to you
- To provide you with information about and to administer events and film productions
- For our own internal administrative purposes, and to keep a record of your relationship with us
- To manage your communication preferences
- to process job applications
- to conduct surveys, research and gather feedback
- to obtain information to improve Medi-cal’s services and user experiences
- to comply with applicable laws and regulations, and requests from statutory agencies
Information we collect
We collect the following personal information:
- your full name
- contact details – including your postal address, telephone number(s), and email address
- date of birth
- your bank details
- records of your correspondence and engagement with us
- information you may enter on Medi-cal’s website
- photographs, video or audio recordings
- other information you share with us
This information may be collected via:
- any paper forms you complete
- telephone conversations or face-to-face interactions
- digital forms completed via our website, or online surveys
- third-party companies
- publicly available sources
- communication via social media
We sometimes also collect sensitive, personal data about individuals. This includes information about health, religion, sexuality, ethnicity, political and philosophical beliefs, and criminal records. We will normally only record this data where we have your explicit consent, unless we are permitted to do so in other circumstances under data protection law.
Using your personal data
If you are asking Medi-cal to work with you, we will need to process your data because of your specific relationship with us.
We will keep all your case information – including notes, letters and information given to us about you – in a confidential record that is specific to you. We take information security very seriously. No one is allowed access to our system or files unless they need this to provide the service to you, or one of the other purpose discussed in this notice.
We may use your data for statistical reports. These statistics will not include any information that could be used to identify any individual.
Administrative communications to all those who use Medi-cal’s services
We may communicate with you by post, telephone, and email in relation to administrative and transactional matters. For example, we will call you after you have set up a Direct Debit to confirm your details, and upon cancellation. On occasion, we will also contact you about an event that you have signed up to participate in, to – for example – check that fundraising pages have been set up and to provide any other necessary information.
Applying for an Medi-cal job
When you apply for a job with us, your personal data will be collated to monitor the progression of your application, and the effectiveness of the recruitment process through the statistics collected. Where we need to share your data – such as for gathering references or obtaining a Disclosure and Barring Services check– you will be informed beforehand unless the disclosure is required by law. These checks are only done after a position has been offered only to the successful candidate. On the application form, you are asked to complete the referee details and can tick permission to contact referee. If tick yes, once offered a role, we will automatically send out reference requests. If you tick no, we will contact successful candidates for permission first.
Once you have taken up employment with Medi-cal, we will compile a file relating to your employment. The information contained in this will be kept secure and will only be used for purposes directly relevant to your employment . Once your employment with us has ended, we will retain the file in accordance with the requirements of our retention schedule and then delete it from our files.
We may collect data about professional contacts and partners with whom we work, or to whom we provide professional services. Personal data collected in this way will be processed in accordance with data protection legislation and this policy.
We may send our professional partners information and updates about our work (primarily by email). Such contacts can opt out of receiving this information at any time.
Our legal basis for processing personal data
We need a lawful basis to collect and use your personal data under data protection law. The law allows for six ways to process personal data (and additional ways for sensitive personal data). Three of these are relevant to the types of processing that we carry out. This includes information that is processed on the basis of:
- a person’s consent (for example, to send you direct marketing by email or SMS)
- a contractual relationship (for example, to provide you with goods or services that you have purchased from us)
- Medi-cal’s legitimate interests (please see below for more information)
Personal data may be legally collected and used if it is necessary for a legitimate interest of the organisation using the data if its use is fair and does not adversely impact the rights of the individual concerned.
When we use your personal information, we will always consider if it is fair and balanced to do so and if it is within your reasonable expectations. We will balance your rights and our legitimate interests to ensure that we use your personal information in ways that are not unduly intrusive or unfair. Our legitimate interests include:
- Administration and operational management: including responding to solicited enquires, providing information and services, the administration of employment, and recruitment requirements
If you would like more information on our uses of legitimate interests, or to change our use of your personal data in this manner, please get in touch with us using the details in the ‘Contact us’ section below.
Disclosure of your personal data
We will not share any of your personal data to any third party – except where:
- we are required to do so by law, for example to law enforcement or regulatory bodies where this is required or allowed under the relevant legislation
- it is necessary to protect the vital interests of an individual
- we have obtained your consent
We will never share or sell your personal data to a third-party organisation for marketing, fundraising, or campaigning purposes.
Security of your personal data
We use appropriate technical and organisational measures and precautions to protect your personal data and to prevent the loss, misuse or alteration of your personal data.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Retention of your data
Whatever your relationship with us, we will only store your information for a specified amount of time, as set out in our records management policy.
The length of time that data will be kept may depend on the reasons for which we are processing the data and on the law or regulations that the information falls under, such as financial regulations, Limitations Act, Health and Safety regulation etc., or any contractual obligation we might have – such as with government contracts or if we have a business case, such as with research data. For business case data, we will anonymise the data so no individual is identifiable.
Once the retention period has expired, the information will be confidentially disposed or permanently deleted.
If you request to receive no further contact from us, we will keep some basic information about you on our suppression list to avoid sending you unwanted materials in the future.
You have many rights under data protection legislation. These include:
- Right of Access
- You have the right know what information we hold about you and to ask, in writing, to see your records.
- We will supply any information you ask for that we hold about you as soon as possible, but this may take up to 30 days. We will not charge you for this other than in exceptional circumstances. You will be asked for proof of identity as the person dealing with your request may not be the staff member you have met before. We need to be sure we are only releasing your personal data to you. This is called a data subject access, and can be done by emailing email@example.com
- Right to be informed- You have the right to be informed how your personal data will be used. This policy, as well as any additional information or notice that is provided to you either at the time you provided your details, or otherwise, is intended to provide you with this information.
- Right to withdraw consent – Where we process your data based on your consent (for example, to send you marketing texts or emails), you can withdraw that consent at any time. To do this, or to discuss this right further with us, please contact us using the details in the ‘Contact us’ section below.
- Right to object- You also have a right to object to us processing data where we are relying on it being within our legitimate interests to do so (for example, to send you direct marketing by post). To do this, or to discuss this right further with us, please contact us using the details in the ‘Contact us’ section below.
- Right to restrict processing- In certain situations, you have the right to ask for processing of your personal data to be restricted because there is some disagreement about its accuracy or legitimate usage.
- Right of erasure- In some cases, you have the right to be forgotten (i.e. to have your personal data deleted from our database). Where you have requested that we do not send you marketing materials, we will need to keep some limited information to ensure that you are not contacted in the future.
- Right of rectification- If you believe our records are inaccurate, you have the right to ask for those records concerning you to be updated. To update your records, please get in touch with us using the details in the ‘Contact us’ section below.
- Right to data portability- Where we are processing your personal data because you have given us your consent to do so, you have the right to request that the data is transferred from one service provider to another.
If you have any complaints about the way in which we have used your data, please get in touch with us. We would be happy to help and discuss your concerns.
If you have any questions about this policy, would like more information, or want to exercise any of the rights set out above, you can get in touch with us in the following ways
Email – firstname.lastname@example.org
Telephone – 0333 772 1899
Visit our website www.medi-cal.co.uk