Albatross Healthcare Ltd – Data Protection Policy

1. Introduction
This policy sets out Albatross Healthcare Ltd’s responsibilities under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, and outlines how we protect the personal data of our clients, introducers, partners, and staff. Personal data is any information relating to an identified or identifiable natural person.
We are committed to protecting the privacy, rights, and freedoms of individuals. This policy applies to all employees, contractors, and partners of Albatross Healthcare Ltd who process personal data on our behalf.

2. Data Protection Principles
We adhere to the core principles of data protection:

• Lawfulness, fairness, and transparency
• Purpose limitation
• Data minimisation
• Accuracy
• Storage limitation
• Integrity and confidentiality (security)
• Accountability

3. Lawful, Fair, and Transparent Processing
Processing is only lawful where one of the following applies:

• The data subject has given clear consent.
• Processing is necessary for a contract.
• There is a legal obligation.
• It protects someone’s vital interests.
• It’s required for public tasks.
• It’s in our legitimate interests unless overridden by the data subject’s rights.

4. Purpose Limitation
We collect data only for specified, explicit, and legitimate purposes, and do not use it in a manner incompatible with those purposes.

5. Data Minimisation
We collect only the personal data necessary for our specified purposes.

6. Accuracy
We take all reasonable steps to ensure personal data is accurate and up to date. Inaccuracies are corrected without delay.

7. Storage Limitation
Data is retained only for as long as necessary to fulfil the purposes we collected it for, including satisfying legal, regulatory, tax, accounting, or reporting requirements.

8. Security (Integrity and Confidentiality)
We use appropriate technical and organisational measures to safeguard personal data. These include:

• Encryption and secure backups
• Access controls
• Staff training
• Secure data transfer protocols

9. Accountability
We maintain comprehensive records of data processing activities and regularly audit our practices. Our Data Protection Officer can be reached at: k.alba@albatrosshealthcare.co.uk

10. Data Protection by Design
Privacy considerations are embedded into new projects, systems, and processes through data protection impact assessments (DPIAs), where appropriate.

11. Data Subject Rights
Individuals have the right to:

• Be informed
• Access their data
• Rectify inaccurate data
• Erase their data
• Restrict processing
• Data portability
• Object to processing
• Challenge automated decisions/profiling

We respond to data subject access requests within one month, free of charge.

12. International Transfers
We only transfer personal data outside the UK/EEA where adequate safeguards are in place in accordance with UK GDPR.

13. Data Breaches
We have procedures to detect, report and investigate personal data breaches. Serious breaches are reported to the Information Commissioner’s Office (ICO) within 72 hours and, where applicable, affected individuals are notified without undue delay.

14. Roles and Responsibilities
All staff and contractors must:

• Handle personal data in line with this policy
• Complete relevant data protection training
• Report suspected breaches to the Data Protection Officer

15. Review and Updates
This policy is reviewed annually or in response to significant changes in legislation or business practices. All updates will be communicated appropriately.
Last Updated: [Insert current date]

For more information or to exercise your rights under this policy, contact: Albatross Healthcare Ltd Email: info@albatrosshealthcare.co.uk Phone: 02045772274
Address: 101 Woodpecker way, Shepshed, LE12 9WF