Privacy Notice (Stepupcmg Ltd)
we are committed to being GDPR Compliant
We are committed to the principle inherent in the GDPR and particularly to the concept of privacy by design, the right to be forgotten, consent and a risk-based approach. In addition, we aim to ensure:
transparency with regard to the use of data
that any processing is lawful, fair and necessary for a specific purpose
that data is accurate, kept up to data and removed when no longer necessary
that data is kept safely and securely.
Our Data Protection Officer (DPO) is Catherine Gallacher, who works to promote awareness of the GDPR. Our DPO oversees the Group's commitment to best practice and inform and advise the Group and monitor and advise compliance.
Data protection policy is available here on this website and is available to all employees/contractors/suppliers associated with this organisation. It forms a part of the induction training to all new staff and on follow-up sessions should legislation change or with further guidelines made.
Right to be forgotten
We recognise the right to erase, also known as the right to be forgotten, laid down in the GDPR. Individuals should contactus stating intent to be forgotten GDPR to :firstname.lastname@example.org giving the information you wish deleted. This is requesting the deletion or removal of your personal data. These will be acted on provided there is no compelling reason for continued processing and that the exemption set out in the GDPR do not apply. These exemptions include where the personal data is processed for the exercise or defence of legal claims and to comply with a legal obligation for the performance of a public interest task or exercise of official authority.
Clinical practice notes are normally retained for up to 7 years as per the ethical standards procedures and the notes are the property of the clinician.
Subject access requests
we recognise that individualshave the right to access their personal data and supplementary information and will comply with the one month timeframe for responses set down in the GDPR. As a general rule, a copy of the requested information will be provided free of charge although we reserve the right to charge a 'reasonable fee' whenever as and when we so choose, when a request is made and certainly when a request is manifestly unfounded or excessive, particularly if it is repetitive. If this proves necessary, the data subject will be informed of their right to contest our decision with the supervisory authority(Information Commissioner's Office)-our Company registration with ICO is Z7927157.
As set out in the GDPR, any fee will be notified in advance and paid before any submission of any documentation and the cost of any administrative work of providing this information will be included in addition.
''I didn' think it would help but after just a few short day I began to understand what if felt to be really listened to and supported, she didn't judge me . I would recommend Catherine anytime.''
Catherine has worked with Glasgow City Council; Boots PLC; Aviva; WPO; Optum; CareFirst/The Priory;
Diageo; Norbord;Compsych; HealthAssured; Solicitors; Financial and marketing; Rutherglen Health Centre; NES; Windmillhill Medical Practice; Dr Keenan and partners Motherwell Health Centre; these are only a few organisations that have worked with Catherine and found her work of the highest standard.