Privacy and Data Protection Policy Notice
Belmatt Healthcare Training Limited Privacy and Data Protection Policy Notice refers to our commitment to treat information of employees, customers, stakeholders and other interested parties with the utmost care and confidentiality.
With this policy, we ensure that we gather, store and handle data fairly, transparently and with respect towards individual rights.
Scope
This policy refers to all parties (employees, job candidates, customers, suppliers etc.) who provide any amount of information to us.
Who is covered under the Data Protection Policy?
Employees of Belmatt Healthcare Training Limited must follow this policy. Contractors, consultants, partners and any other external entity are also covered. Generally, Belmatt Healthcare Training Limited policy refers to anyone we collaborate with or acts on our behalf and may need occasional access to data.
Collection and processing of data
As part of Belmatt Healthcare Training Limited operations, we need to collect and process information. This information includes any offline or online data that makes a person identifiable such as names, addresses, email address, role, area(s) of practice and phone numbers. Additional data including CV with work and education history, nurse registration number and bank details are collected and processed for contractors and Belmatt Healthcare Training Limited employees.
Data is processed by Belmatt Healthcare Training Limited for marketing and advertising purposes, as contact information, for HR purposes and for payment services. Further details of processing include:
- Processed for marketing and advertising purposes, email mailshots, brochure mailshots, newsletters.
- Processed to directly contact the individuals who are attending the courses with pre- or post-course information or material e.g. course packs, and in case of unexpected events e.g. course cancellations.
- Processed to monitor and record attendance for the distribution of post-course information or material e.g. course completion certificates.
- Processed to refund payments to clients. Please note, no credit card or bank details are stored by Belmatt Healthcare Training Limited for clients. All payments made to Belmatt Healthcare Training Limited by clients are processed by a separate organisation, PayPal UK and Belmatt Healthcare Training Limited does not have access to or process this data. The only payment services data that is processed by Belmatt Healthcare Training Limited is in the event of a refund to a client. This data is then deleted or shredded after use.
- Processed to contact potential, current and previous contractors (lecturers) to offer employment opportunities.
- Processed to directly contact contractors and employees currently employed by Belmatt Healthcare Training Limited or conducting work on behalf of Belmatt Healthcare Training Limited.
- Processed for payment and HR administrative tasks.
Belmatt Healthcare Training Limited will rely on the legal basis of Legitimate Interests under the General Data Protection Regulation (EU) 2016/679 to process personal data. These legitimate interests include the promotion of Belmatt Healthcare Training Limited’s business, relevant and appropriate relationships, fulfilling commercial obligations, marketing and advertising and use of client and employee data.
Belmatt Healthcare Training Limited sources this data from the individuals themselves, the employers of the individuals and on occasion from databases purchased from third party organisations. Once this information is available to us, the following rules apply.
Our data will be:
- Accurate and kept up to date
- Collected fairly and for lawful purposes only
- Processed by the company within its legal and moral boundaries
- Protected against any unauthorized or illegal access by internal or external parties
- Retained until it is no longer required for its intended purpose(s), with a retention period lasting up to 10 years
Our data will not be:
- Communicated informally
- Transferred to organisations, states or countries that do not have adequate data protection policies
Recipients of data
Personal data is shared with and processed by a small number of third parties in order for Belmatt Healthcare Training Limited to achieve their Legitimate Interests. At present the following organisations have processed personal data on behalf of Belmatt Healthcare Training Limited:
- WordPress and associated plugins (international third party); an online company that produce Belmatt Healthcare Training Limited’s email shots, host the website. Client names and email addresses are provided and processed.
- PayPal UK; a company that collects and processes payment details from clients. Belmatt Healthcare Training does not store, have access to or process any payment details from clients. All data is given by the individual to PayPal UK directly.
- Microsoft OneDrive (international third party); online cloud service provider where Belmatt Healthcare Training Limited stores personal data. Lecturer and employee data including name, home address, email, telephone number, CV with work and education history, nurse registration number and personal bank details are processed.
- CPDUK; an academic institution that provides accreditation for Belmatt Healthcare Training Limited. Client names and addresses are provided and processed.
Obligations and rights
In addition to ways of handling the data the company has direct obligations towards people to whom the data belongs. Specifically, we must:
- Let people know which of their data is collected
- Inform people about how we’ll process their data
- Inform people about who has access to their information
- Have provisions in cases of lost, corrupted or compromised data
- Allow people to request that we modify, erase, reduce or correct data contained in our databases
Under certain circumstances individuals have the right to:
- Access confirmation that their data is being processed
- Access their personal data
- Access other supplementary information
- Rectify inaccurate personal data
- Erase personal data
- Restrict processing of personal data
- Withdraw their consent to the processing of their personal data, in particular in regard to a personal legitimate interest and direct marketing
- Lodge a complaint with a supervisory authority
Should an individual wish to exercise any of these rights then please contact [email protected] with the request. The obligation will be fulfilled free of charge and within one month, unless requests are reasonably considered excessive, considerably burdensome or unfounded. No personal data will be shared without verification of the identity of the individual.
Actions
To exercise data protection we are committed to:
- Restrict and monitor access to sensitive data
- Develop transparent data collection procedures
- Train employees in online privacy and security measures
- Build secure networks to protect online data from cyberattacks
- Establish clear procedures for reporting privacy breaches or data misuse
- Include contract clauses or communicate statements on how we handle data
- Establish data protection practices (document shredding, secure locks, data encryption, frequent backups, access authorisation etc).
Disciplinary Consequences
All principles described in this policy must be strictly followed. A breach of data protection guidelines will invoke disciplinary and possibly legal action.
Belmatt Healthcare Training Limited
suite 570
405 Kings Road
London SW10 0BB
www.belmatt.co.uk
[email protected]
Phone: 0207 692 8709