Albatross Healthcare Ltd – Data Protection Policy1. IntroductionThis policy sets out Albatross Healthcare Ltd’s responsibilities under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, and outlines how we protect the personal data of our clients, introducers, partners, and staff. Personal data is any information relating to an identified or identifiable natural person.
We are committed to protecting the privacy, rights, and freedoms of individuals. This policy applies to all employees, contractors, and partners of Albatross Healthcare Ltd who process personal data on our behalf.
2. Data Protection PrinciplesWe adhere to the core principles of data protection:
- Lawfulness, fairness, and transparency
- Purpose limitation
- Data minimisation
- Accuracy
- Storage limitation
- Integrity and confidentiality (security)
- Accountability
3. Lawful, Fair, and Transparent ProcessingProcessing is only lawful where one of the following applies:
- The data subject has given clear consent.
- Processing is necessary for a contract.
- There is a legal obligation.
- It protects someone’s vital interests.
- It’s required for public tasks.
- It’s in our legitimate interests unless overridden by the data subject’s rights.
4. Purpose LimitationWe collect data only for specified, explicit, and legitimate purposes, and do not use it in a manner incompatible with those purposes.
5. Data MinimisationWe collect only the personal data necessary for our specified purposes.
6. AccuracyWe take all reasonable steps to ensure personal data is accurate and up to date. Inaccuracies are corrected without delay.
7. Storage LimitationData is retained only for as long as necessary to fulfil the purposes we collected it for, including satisfying legal, regulatory, tax, accounting, or reporting requirements.
8. Security (Integrity and Confidentiality)We use appropriate technical and organisational measures to safeguard personal data. These include:
- Encryption and secure backups
- Access controls
- Staff training
- Secure data transfer protocols
9. AccountabilityWe maintain comprehensive records of data processing activities and regularly audit our practices. Our Data Protection Officer can be reached at:
k.alba@albatrosshealthcare.co.uk10. Data Protection by DesignPrivacy considerations are embedded into new projects, systems, and processes through data protection impact assessments (DPIAs), where appropriate.
11. Data Subject RightsIndividuals have the right to:
- Be informed
- Access their data
- Rectify inaccurate data
- Erase their data
- Restrict processing
- Data portability
- Object to processing
- Challenge automated decisions/profiling
We respond to data subject access requests within one month, free of charge.
12. International TransfersWe only transfer personal data outside the UK/EEA where adequate safeguards are in place in accordance with UK GDPR.
13. Data BreachesWe have procedures to detect, report and investigate personal data breaches. Serious breaches are reported to the Information Commissioner’s Office (ICO) within 72 hours and, where applicable, affected individuals are notified without undue delay.
14. Roles and ResponsibilitiesAll staff and contractors must:
- Handle personal data in line with this policy
- Complete relevant data protection training
- Report suspected breaches to the Data Protection Officer
15. Review and UpdatesThis policy is reviewed annually or in response to significant changes in legislation or business practices. All updates will be communicated appropriately.
Last Updated: [Insert current date]
For more information or to exercise your rights under this policy, contact:
Albatross Healthcare Ltd Email: info@albatrosshealthcare.co.uk Phone: 02045772274
Address: 101 Woodpecker way, Shepshed, LE12 9WF