Procedure for Handling Third Party Requests to Access Data on eportfolio

Size: px
Start display at page:

Download "Procedure for Handling Third Party Requests to Access Data on eportfolio"

Transcription

1 Procedure for Handling Third Party Requests to Access Data on eportfolio IGPRO03-3rd Party access to eportfolio v1.0 DRAFT Information Systems Corporate Services Division March 2016

2 Revision History Version Date Author(s) Comments /03/2016 Adele Picken (Information Governance Manager /03/2016 Adele Picken (Information Governance Manager) Draft by Information Governance Manager Further comments following feedback view date: Biennially Re Approval: SMT, Education and Training Divisional Committee and Finance and Risk Committee To note: Information Governance Group Name Date Version Comments Education and Training Divisional Committee Finance and Risk Committee SMT Information Governance Group Relevant Policies, Templates & Forms

3 The following policies, procedures, and guidance should be used or referred to when necessary alongside this policy. All policies and templates will be made available on the intranet once finalised and approved. Reference Document Name Status IGPOL/01 Information Governance Policy Final-Published IGPOL/03 Data Protection Policy IGPOL/04 Information Sharing Policy IGPOL/05 IGPOL/06 IGPOL/07 Records Management Policy Corporate Retention Schedule Corporate Classification Scheme AUP Acceptable Use Policy IGPRO/01 IGPRO/02 IGPRO/03 IMNOTE/01 IMNOTE/02 IMNOTE/03 IMNOTE/04 Security Incident Procedure Subject Access Request Procedure Freedom of Information Request Procedure SAR guidance- what information to provide SAR guidance- what information to withhold Checklist when handling personal or sensitive data Checklist- How to process a Subject Access Request In draft

4 IMNOTE/05 Naming Convention Guidance IMNOTE/06 Version Control Guidance

5 Table of Contents 1 Introduction Scope What is a valid request? Processing a request Receipt of Request Acknowledging, verifying and clarifying a request Responding to a request Sending a Request Circumstances under which disclosure will be considered Complaints Internal Assurance Training and awareness...10

6 1 Introduction 1.1 This procedure establishes the College s commitment and procedures to ensure adherence to section 35A of the Medical Act 1983 and the Data Protection Act 1998 with regards to disclosure of information stored on eportfolio for trainees. 2 Scope Information is taken to encompass all data held on eportfolio, including reflective notes. This procedure only relates to requests made by organisations to access information on eportfolio based on one of the exemptions set out in Part 4 of, and Schedule 7 to, the Data Protection Act and in relation to section 35A of the General Medical Act This potentially covers: Any request made by the GMC to release information held on eportfolio in a case of fitness to practice Any request to release information held on eportfolio in response to a court or coroners request Any request to release information held on eportfolio from the Police Any request to release patient identifiable data stored on eportfolio as part of a patient subject access request will be undertaken in line with the RCPCH Subject Access Request Procedure and is therefore out of scope of this policy Any subject access request by a doctor or a request by a third party on behalf of a doctor will be undertaken in line with the RCPCH Subject Access Request Procedure and is therefore out of scope of this policy. The data controller of eportfolio is RCPCH 3 What is a valid request? All requests to access information held on eportfolio should be made in writing. A request sent by or fax is as valid as one sent in hard copy. The organisation making the request must provide a copy of proof of identification so that the Information Governance Manager can be satisfied as to the identity of the requesting organisation. Proof of identification may be an official court application; a police section 28/section 29(3) form; a court order; a coroners request or correspondence on headed paper. This information can be sent as a photocopy in the post or as a scanned image.

7 4 Processing a request 4.1 Receipt of Request All requests for access to information stored on eporfolio should be forwarded to the Information Governance Manager as soon as they are received, who will log and acknowledge the request All requests received in hard-copy format should be date stamped. 4.2 Acknowledging, verifying and clarifying a request We can request enough information to judge whether the person making the request is the individual to whom the personal data relates. This is to avoid personal data about one individual being sent to another, accidentally or as a result of deception level of checks will consider the availability of this identification to an individual and any issues that may prevent the individual having access to this identification Once the request has been received, no amendments or deletions must be made to the data that would not have been otherwise made. The data must not be tampered with in order to make it acceptable. 4.3 Responding to a request Each request to access information held on eportfolio will be judged on a case by case basis In all cases, the College will first seek consent from the data subject before releasing the information The Information Governance Manager will discuss any case with the Head of IS, Director of Education and Training and Officer for Speciality Training The College can object to the judge or presiding officer if attempts are made to compel the College to disclose information which appears to be irrelevant, for example information relating to a third party who is not involved in proceedings. In this case, the College should seek legal advice and potentially challenge the request The information will be collated by the Education and Training Support Centre Manager Once collated the information will be forwarded to the Information Governance Manager for checking The Information Governance Manager will then make any necessary redactions, and will ensure that an original copy is retained on file for audit purposes.

8 4.3.8 Any decisions to withhold or release information will be documented by the Information Governance Manager on the requesters file The Education and Training Support Centre Manager will inform the data subject of the request. The Education and Training Support Centre Manager will also inform the Officer for Speciality Training and the trainees Head of School or the nominated Deputy In the response, the Information Governance Manager will include the following: The source of the information released The organisations purpose in processing this data If information has been withheld, details of the exemption used Details of any acronyms, special codes or specialist terms used within a document The Information Governance Manager s contact details in the event of further queries.

9 4.4 Sending a Request If information is posted, it must be sent by special delivery. Alternatively, the Information Governance Manager will invite the customer/data subject into the office to collect If information is ed, it must be sent in an encrypted format using 7-zip, and users will be asked to contact RCPCH for the password. 5 Circumstances under which disclosure will be considered 5.1 If the court is aware that there is information relating to a litigation case held in a portfolio and has applied to RCPCH to release the data. 5.2 If the Coroner is aware that there is information relating to an investigation held in a portfolio and has applied to RCPCH to release data. 5.3 If a request is made under section 29 of the Data Protection Act. All requests will be decided on a case by case basis, taking into account likely prejudice. Disclosure is discretionary and not a requirement. If the Police request information, they should submit a section 28/section 29(3) form, unless in an emergency. 5.4 Content of a portfolio may be released on request from the GMC in a case of fitness to practice. 5.5 If there is patient identifiable data in a portfolio and the patient or an individual acting on behalf of a patient (such as a parent/guardian) submits a subject access request, the RCPCH could potentially have to reveal the information. In this case, the request will be dealt with through the RCPCH Subject Access Requests Procedure. 5.6 If the data subject submits a subject access request or a third party on behalf of a data subject. For example, a doctor may request the information to be released in support of their case. In this case, the request will be dealt with through the RCPCH Subject Access Requests Procedure. 5.7 Any decisions will be made with consideration to the exemptions in section 7 of the Data Protection Act: 6 Complaints If the organisation is unhappy with the decision, or feels that the information is incomplete, the RCPCH will initially attempt a local resolution The Information Governance Manager with the Head of IS will in the first instance deal with any complaints, and will subsequently liaise with the Director of Education and Training.

10 6.1.3 If the complaint cannot be resolved satisfactorily, then the RCPCH will escalate to SMT and the Chief Executive as the Accounting Officer. 7 Internal Assurance 7.1 A two yearly review of systems of internal control over handling requests will be conducted by the Information Governance Manager. 7.2 The conclusions of this review will be presented to the Information Governance Group. 8 Training and awareness 8.1 The Director of Education and Training, the Head of IS, the Officer for Speciality Training, Education and Training Support Manager and SMT will be made aware of their responsibilities under the Procedure and updated on any changes.

Procedures for responding to requests for personal data to support Data Protection Policy

Procedures for responding to requests for personal data to support Data Protection Policy Procedures for responding to requests for personal data to support Data Protection Policy Heriot-Watt Procedures for responding to requests for personal data; to support Data Protection Policy HERIOT-WATT

More information

Access Rights and Responsibilities. A guide for Individuals and Organisations

Access Rights and Responsibilities. A guide for Individuals and Organisations Access Rights and Responsibilities A guide for Individuals and Organisations This guide is aimed at both individuals and organisations. It is designed to bring individuals through the process of making

More information

1.7 The Policy sets out the manner by which the University will respond to Subject Access Requests.

1.7 The Policy sets out the manner by which the University will respond to Subject Access Requests. 1 Introduction 1.1 Article 15 of the General Data Protection Regulations (GDPR) provides individuals (Data Subjects) with the right to access personal information so that they are fully informed of the

More information

Data Subject Access Request Form (GDPR)

Data Subject Access Request Form (GDPR) Data Subject Access Request Form (GDPR) Article 15 of the EU General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR) grants you the right to access your personal data held by Marshall ADG,

More information

ERMS Folder Development and Access Process

ERMS Folder Development and Access Process Electronic Records Management System () Process Guide 3 Folder Development and Access Process 1. Purpose The Folder Development and Access Process outlines the actions required to create folders, provide

More information

GDPR SUBJECT ACCESS REQUESTS PROCEDURE

GDPR SUBJECT ACCESS REQUESTS PROCEDURE SIMON BALLE ALL-THROUGH SCHOOL GDPR SUBJECT ACCESS REQUESTS PROCEDURE First Issue: April 2018 Next Review: April 2020 Committee Responsible: Personnel and/or Student SUBJECT ACCESS REQUESTS (SAR) INTRODUCTION

More information

CUSTOMER COMMENTS, SUGGESTIONS AND COMPLAINTS POLICY

CUSTOMER COMMENTS, SUGGESTIONS AND COMPLAINTS POLICY TITLE: Customer Comments, Suggestions and Complaints Policy and Procedure (INTERNAL) REF:CP001 VERSION: 7.1 APPROVAL BODY: Corporation DATE: 09 July 2018 REVIEW DATE: 24 March 2021 LEAD PERSON: Group Director

More information

Data Subject Access Request Form (GDPR)

Data Subject Access Request Form (GDPR) Data Subject Access Request Form (GDPR) Data Subject Access Request Form Article 15 of the EU General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR) grants you the right to access your personal

More information

Data Subject Access Request Form

Data Subject Access Request Form Please read the Guidance Notes which accompany this form before completing the form. Please complete the form in block capitals. Please submit your completed request form as a secure email attachment to

More information

Privacy Breach Policy

Privacy Breach Policy 1. PURPOSE 1.1 The purpose of this policy is to guide NB-IRDT employees and approved users on how to proceed in the event of a privacy breach, and to demonstrate to stakeholders that a systematic procedure

More information

It applies to personal information for individuals that are external to us such as donors, clients and suppliers (you, your).

It applies to personal information for individuals that are external to us such as donors, clients and suppliers (you, your). Our Privacy Policy 1 Purpose Mission Australia is required by law to comply with the Privacy Act 1988 (Cth) (the Act), including the Australian Privacy Principles (APPs). We take our privacy obligations

More information

Barrie Baydogs Triathlon Club Inc (Baydogs) Privacy Policy

Barrie Baydogs Triathlon Club Inc (Baydogs) Privacy Policy Barrie Baydogs Triathlon Club Inc (Baydogs) Privacy Policy Purpose 1. Privacy of personal information is governed by the Personal Information Protection and Electronics Documents Act ( PIPEDA ). Baydogs

More information

Data Breach Incident Management Policy

Data Breach Incident Management Policy Data Breach Incident Management Policy Policy Number FCP2.68 Version Number 1 Status Draft Approval Date: First Version Approved By: First Version Responsible for Policy Responsible for Implementation

More information

ICO Information Request Handling Procedures

ICO Information Request Handling Procedures s 1. Introduction It is important to remember that the Information Commissioners Office (ICO) is subject to all the legislation it regulates. All requests for information to the ICO need to be handled

More information

PATRIOT CAMPERS PTY LTD PRIVACY POLICY

PATRIOT CAMPERS PTY LTD PRIVACY POLICY PATRIOT CAMPERS PTY LTD PRIVACY POLICY Patriot Campers Pty Ltd and its subsidiaries ( Patriot Campers & Patriot Campers TV & Patriot Supply Co ) recognise that your personal information is important to

More information

UWC International Data Protection Policy

UWC International Data Protection Policy UWC International Data Protection Policy 1. Introduction This policy sets out UWC International s organisational approach to data protection. UWC International is committed to protecting the privacy of

More information

SUBJECT ACCESS REQUEST PROCEDURE. Date: 08/10/2018

SUBJECT ACCESS REQUEST PROCEDURE. Date: 08/10/2018 SUBJECT ACCESS REQUEST PROCEDURE Author: Mike Godfrey Date: 08/10/2018 Document Security Level: PUBLIC Document Version: 1.0 Review Date: Q4 2019 Document Control Version Author Position Details Date/Time

More information

Subject Access Request Form

Subject Access Request Form Subject Access Request Form BS 10012:2017 Personal Information Management System Scope All Classification Internal & External Use Issue Date July 2018 Lead Director Data Protection Officer Revision 2.0

More information

Nexus Education Schools Trust. Subject Access Request Procedures

Nexus Education Schools Trust. Subject Access Request Procedures Nexus Education Schools Trust Subject Access Request Procedures Date: September 2018 Review Date: September 2019 1 Subject Access Request Procedures Contents 1. Scope... 2 2. Responsibilities... 2 3. Procedure...

More information

Terms & Conditions. Privacy, Health & Copyright Policy

Terms & Conditions. Privacy, Health & Copyright Policy 1. PRIVACY Introduction Terms & Conditions Privacy, Health & Copyright Policy When you access our internet web site you agree to these terms and conditions. Bupa Wellness Pty Ltd ABN 67 145 612 951 ("Bupa

More information

Freedom of Information and Protection of Privacy (FOIPOP)

Freedom of Information and Protection of Privacy (FOIPOP) Freedom of Information and Protection of Privacy (FOIPOP) No.: 6700 PR1 Policy Reference: 6700 Category: FOIPOP Department Responsible: Records Management and Privacy Current Approved Date: 2008 Sep 30

More information

Nexus Education Schools Trust. Subject Access Request Procedures

Nexus Education Schools Trust. Subject Access Request Procedures Nexus Education Schools Trust Subject Access Request Procedures Date: September 2018 Review Date: September 2019 1 Subject Access Request Procedures Contents 1. Scope... 2 2. Responsibilities... 2 3. Procedure...

More information

Subject access policy and template response letters

Subject access policy and template response letters Barham Parish Council. Subject Access Requests ( SAR ) Checklist Inform data subjects of their right to access data and provide an easily accessible mechanism through which such a request can be submitted

More information

INFORMATION SECURITY AND RISK POLICY

INFORMATION SECURITY AND RISK POLICY INFORMATION SECURITY AND RISK POLICY 1 of 12 POLICY REFERENCE INFORMATION SHEET Document Title Document Reference Number Information Security and Risk Policy P/096/CO/03/11 Version Number V02.00 Status:

More information

3 Complaints against the Organisation

3 Complaints against the Organisation 1 Introduction Complaints Procedure MY COMMUNICATIONS is committed to providing the highest standards of services to its customers. Complaints play a role in maintaining and improving standards and the

More information

FIRESOFT CONSULTING Privacy Policy

FIRESOFT CONSULTING Privacy Policy FIRESOFT CONSULTING Privacy Policy FIRESOFT CONSULTING abides by the Australian Privacy Principles ( APPs ), which provides relative information to businesses in relation to the collection, disclosure,

More information

A Homeopath Registered Homeopath

A Homeopath Registered Homeopath A Homeopath Registered Homeopath DATA PROTECTION POLICY Scope of the policy This policy applies to the work of homeopath A Homeopath (hereafter referred to as AH ). The policy sets out the requirements

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Addressing the General Data Protection Regulation (GDPR) 2018 [EU] and the Data Protection Act (DPA) 2018 [UK] For information on this Policy or to request Subject Access please

More information

General Legal Requirements under the Act and Relevant Subsidiary Legislations. Personal data shall only be processed for purpose of the followings:

General Legal Requirements under the Act and Relevant Subsidiary Legislations. Personal data shall only be processed for purpose of the followings: General Legal Requirements regarding the Personal Data Protection ( PDP ) Principles under the PDP Act 2010 ( Act ) and the relevant Subsidiary Legislations PDP Principles General Principle Data users

More information

LOUGHBOROUGH UNIVERSITY RESEARCH OFFICE STANDARD OPERATING PROCEDURE. Loughborough University (LU) Research Office SOP 1027 LU

LOUGHBOROUGH UNIVERSITY RESEARCH OFFICE STANDARD OPERATING PROCEDURE. Loughborough University (LU) Research Office SOP 1027 LU LOUGHBOROUGH UNIVERSITY RESEARCH OFFICE STANDARD OPERATING PROCEDURE Loughborough University (LU) Research Office SOP 1027 LU Process for Writing Study Protocols for NHS Research Sponsored by Loughborough

More information

Rowing Canada Aviron. Online Registration System - Protection of Personal Privacy. Policy Statement

Rowing Canada Aviron. Online Registration System - Protection of Personal Privacy. Policy Statement Rowing Canada Aviron Online Registration System - Protection of Personal Privacy Policy Statement Rowing Canada Aviron (RCA) has developed this Privacy Policy to describe the way that RCA collects, uses,

More information

SOUTHFIELD SCHOOL PROCEDURE FOR RECEIVING AND RESPONDING TO SUBJECT ACCESS REQUESTS

SOUTHFIELD SCHOOL PROCEDURE FOR RECEIVING AND RESPONDING TO SUBJECT ACCESS REQUESTS PROCEDURE FOR RECEIVING AND RESPONDING TO SUBJECT ACCESS REQUESTS 1. Policy Statement 1.1. All Data Subjects have rights of access to their personal data. This document sets out the procedure to be followed

More information

HIPAA Security and Privacy Policies & Procedures

HIPAA Security and Privacy Policies & Procedures Component of HIPAA Security Policy and Procedures Templates (Updated for HITECH) Total Cost: $495 Our HIPAA Security policy and procedures template suite have 71 policies and will save you at least 400

More information

Adopter s Site Support Guide

Adopter s Site Support Guide Adopter s Site Support Guide Provincial Client Registry Services Version: 1.0 Copyright Notice Copyright 2016, ehealth Ontario All rights reserved No part of this document may be reproduced in any form,

More information

Building a Privacy Management Program

Building a Privacy Management Program Building a Privacy Management Program February 26, 2013 Office of the Information and Privacy Commissioner of Alberta Session Overview Reasons for having a PMP Strategies to deal with current and future

More information

DCU Guide to Subject Access Requests. Under Irish Data Protection Legislation

DCU Guide to Subject Access Requests. Under Irish Data Protection Legislation DCU Guide to Subject Access Requests Under Irish Data Protection Legislation Context Under section 4 of the Irish Data Protection Acts 1988 & 2003 an individual, on making a written request to DCU, may

More information

Cardiff University Security & Portering Services (SECTY) CCTV Code of Practice

Cardiff University Security & Portering Services (SECTY) CCTV Code of Practice Cardiff University Security & Portering Services (SECTY) CCTV Code of Practice Document history Author(s) Date S Gamlin 23/05/2018 Revision / Number Date Amendment Name Approved by BI annual revision Date

More information

Subject Access Request Policy

Subject Access Request Policy Subject Access Request Policy Effective Date: 25 th May 2018 Procedure for Access to Personal Information A. Rights of Access to Information There are two distinct rights of access to information held

More information

Part B of this Policy sets out the rights that all individuals have in relation to the collection and use of your personal information

Part B of this Policy sets out the rights that all individuals have in relation to the collection and use of your personal information Date: 15 Feb 2018 Issue No: 1 Page: 1 of 15 Site: UK Kingspan Insulation Limited ("Kingspan") has issued this Data Protection Policy for its customers. The term customer refers to those that receive a

More information

Information Governance and Code of Conduct

Information Governance and Code of Conduct This document is also available in other languages and formats upon request Information Governance and Code of Conduct For further information and guidance contact the Information Governance team: Tel:

More information

Data Subject Access Request Form

Data Subject Access Request Form Data Subject Access Request Form Article 15 of the EU General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR) grants you the right to access your personal data held by the relevant Sanlam

More information

FOUNDRY COLLEGE. General Data Protection Regulation (GDPR) Policy Incorporating Freedom of Information

FOUNDRY COLLEGE. General Data Protection Regulation (GDPR) Policy Incorporating Freedom of Information FOUNDRY COLLEGE General Data Protection Regulation (GDPR) Policy Incorporating Freedom of Information Document Control Information Version DATE DESCRIPTION 1 01/02/2012 Adopted for Foundry College 2 27/01/2013

More information

ma recycle GDPR Privacy Policy .com Rely and Comply... Policy Date: 24 May 2018

ma recycle GDPR Privacy Policy .com Rely and Comply... Policy Date: 24 May 2018 ma recycle.com Rely and Comply... GDPR Privacy Policy Policy Date: 24 May 2018 Max Recycle Hawthorne House Blackthorn Way Sedgeletch Industrial Estate Fencehouses Tyne & Wear DH4 6JN T: 0845 026 0026 F:

More information

Policy & Procedure Privacy Policy

Policy & Procedure Privacy Policy NUMBER POL 050 PAGES 12 VERSION V3.8 CREATED: LAST MODIFIED: REVISION: 05/11/2009 06/06/2018 06/06/2019 DOCUMENTS: Authority to Exchange Information Media Authority Student Staff Privacy Agreement REFERENCES:

More information

This Policy has been prepared with due regard to the General Data Protection Regulation (EU Regulation 2016/679) ( GDPR ).

This Policy has been prepared with due regard to the General Data Protection Regulation (EU Regulation 2016/679) ( GDPR ). PRIVACY POLICY Data Protection Policy 1. Introduction This Data Protection Policy (this Policy ) sets out how Brital Foods Limited ( we, us, our ) handle the Personal Data we Process in the course of our

More information

Shaw Privacy Policy. 1- Our commitment to you

Shaw Privacy Policy. 1- Our commitment to you Privacy Policy last revised on: Sept 16, 2016 Shaw Privacy Policy If you have any questions regarding Shaw s Privacy Policy please contact: privacy@shaw.ca or use the contact information shown on any of

More information

Made In Hackney Data Protection Policy Last Updated:

Made In Hackney Data Protection Policy Last Updated: Made In Hackney Data Protection Policy Last Updated: 16.05.2018 Definitions Charity GDPR Responsible Person Register of Systems Made In Hackney (MIH), a registered charity. means the General Data Protection

More information

PRIVACY STATEMENT +41 (0) Rue du Rhone , Martigny, Switzerland.

PRIVACY STATEMENT +41 (0) Rue du Rhone , Martigny, Switzerland. PRIVACY STATEMENT +41 (0) 225349799 www.energymarketprice.com Rue du Rhone 5 1921, Martigny, Switzerland dpo@energymarketprice.com Introduction Your privacy and trust are important to us and this Privacy

More information

Data Loss Assessment and Reporting Procedure

Data Loss Assessment and Reporting Procedure Data Loss Assessment and Reporting Procedure Governance and Legal Services Strategy, Planning and Assurance Directorate Approved by: Data Governance & Strategy Group Approval Date: July 2016 Review Date:

More information

Privacy Policy on the Responsibilities of Third Party Service Providers

Privacy Policy on the Responsibilities of Third Party Service Providers Privacy Policy on the Responsibilities of Third Party Service Providers Privacy Office Document ID: 2489 Version: 3.2 Owner: Chief Privacy Officer Sensitivity Level: Low Copyright Notice Copyright 2016,

More information

Fritztile is a brand of The Stonhard Group THE STONHARD GROUP Privacy Notice The Stonhard Group" Notice Whose Personal Data do we collect?

Fritztile is a brand of The Stonhard Group THE STONHARD GROUP Privacy Notice The Stonhard Group Notice Whose Personal Data do we collect? Fritztile is a brand of The Stonhard Group THE STONHARD GROUP Privacy Notice For the purposes of applicable data protection and privacy laws, The Stonhard Group, a division of Stoncor Group, Inc. ( The

More information

Polemic is a business involved in the collection of personal data in the course of its business activities and on behalf of its clients.

Polemic is a business involved in the collection of personal data in the course of its business activities and on behalf of its clients. Privacy policy 1 Background This document sets out the policy of Polemic Forensic ABN 60 392 752 759 ( Polemic ) relating to the protection of the privacy of personal information. Polemic is a business

More information

Aneurin Bevan Health Board

Aneurin Bevan Health Board Aneurin Bevan Health Board Information Governance Committee Minutes of the meeting held on 10 February 2010, 2pm, in the Small Boardroom, Mamhilad House Present: Prof Janet Wademan - Independent Member

More information

Data Protection. Policy

Data Protection. Policy Data Protection Policy Policy adopted: April 2016 Policy review date: April 2018 OAT Model Policy 1 Contents 1. Policy statement and principles... 3 1.1 Policy aims and principles... 3 1.2 Data protection

More information

Privacy Statement. Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information

Privacy Statement. Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information Privacy Statement Introduction Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information about how IT Support (UK) Ltd handle personal information.

More information

Policy Objectives (the Association) Privacy Act APPs Policy Application ACTU The Police Association Website

Policy Objectives (the Association) Privacy Act APPs Policy Application ACTU The Police Association Website Privacy Policy 1. Policy Objectives 1.1 The Police Association Victoria (the Association) is the organisation representing sworn police officers at all ranks, protective services officers, police reservists

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Data Protection Policy Version 3.00 May 2018 For more information, please contact: Technical Team T: 01903 228100 / 01903 550242 E: info@24x.com Page 1 The Data Protection Law...

More information

1.3 Please follow the links below for further information. Where relevant, we have made a distinction between different categories of data subjects:

1.3 Please follow the links below for further information. Where relevant, we have made a distinction between different categories of data subjects: PRIVACY STATEMENT Last date of revision: 18-05-2018 1. WHO DOES THIS GDPR PRIVACY STATEMENT APPLY TO? 1.1 Claeys & Engels cvba ( We or Claeys & Engels ) is a specialist law firm offering a full range of

More information

Data Subject Access Request

Data Subject Access Request Data Subject Access Request DATA PROTECTION ACT 1998 Version: 10.0 Approval Status: Approved Document Owner: Graham Feek Classification: Internal Review Date: 03/07/2017 Effective from: 1 July 2015 Table

More information

Privacy Notice. General Information Protection Regulation ( GDPR )

Privacy Notice. General Information Protection Regulation ( GDPR ) Privacy Notice General Information Protection Regulation ( GDPR ) Please read the following information carefully. This privacy notice contains information about the information collected, stored and otherwise

More information

USER CORPORATE RULES. These User Corporate Rules are available to Users at any time via a link accessible in the applicable Service Privacy Policy.

USER CORPORATE RULES. These User Corporate Rules are available to Users at any time via a link accessible in the applicable Service Privacy Policy. These User Corporate Rules are available to Users at any time via a link accessible in the applicable Service Privacy Policy. I. OBJECTIVE ebay s goal is to apply uniform, adequate and global data protection

More information

Greater Toronto Hockey League (GTHL) PRIVACY POLICY

Greater Toronto Hockey League (GTHL) PRIVACY POLICY Greater Toronto Hockey League (GTHL) PRIVACY POLICY BACKGROUND The Greater Toronto Hockey League ( GTHL ) is the governing body for amateur hockey in a specific geographical jurisdiction of Ontario. In

More information

Community Development and Recreation Committee

Community Development and Recreation Committee STAFF REPORT ACTION REQUIRED CD13.8 Toronto Paramedic Services Open Data Date: June 3, 2016 To: From: Wards: Reference Number: Community Development and Recreation Committee Chief, Toronto Paramedic Services

More information

Complaints and Compliments Policy. Date Approved: 28 September Approved By: Governing Body. Ownership: Corporate Development

Complaints and Compliments Policy. Date Approved: 28 September Approved By: Governing Body. Ownership: Corporate Development Complaints and Compliments Policy Date Approved: 28 September 2016 Approved By: Ownership: Governing Body Corporate Development Date of Issue: August 2017 Proposed Date of Review: August 2019 Date of Equality

More information

This procedure sets out the usage of mobile CCTV units within Arhag.

This procedure sets out the usage of mobile CCTV units within Arhag. CCTV PROCEDURE Statement This procedure sets out the usage of mobile CCTV units within Arhag. Arhag is a registered charitable housing association and is not considered an appropriate authority with regards

More information

Complaints Management

Complaints Management Complaints Management DOCUMENT INFORMATION Responsible officer Document type Principal Consultant Policy and Planning Policy Last review date October 2016 Next review date October 2018 Trim number 2015/102423v5

More information

CHASE GRAMMAR SCHOOL PRIVACY STATEMENT General Data Protection Regulations (GDPR)

CHASE GRAMMAR SCHOOL PRIVACY STATEMENT General Data Protection Regulations (GDPR) CHASE GRAMMAR SCHOOL PRIVACY STATEMENT General Data Protection Regulations (GDPR) The GDPR is the biggest change to data privacy laws in the last 20 years and comes into effect on 25 May 2018. The new

More information

The University of British Columbia Board of Governors

The University of British Columbia Board of Governors The University of British Columbia Board of Governors Policy No.: 118 Approval Date: February 15, 2016 Responsible Executive: University Counsel Title: Safety and Security Cameras Background and Purposes:

More information

Virginia State University Policies Manual. Title: Information Security Program Policy: 6110

Virginia State University Policies Manual. Title: Information Security Program Policy: 6110 Purpose Virginia State University (VSU) uses information to perform the business services and functions necessary to fulfill its mission. VSU information is contained in many different mediums including

More information

Stopsley Community Primary School. Data Breach Policy

Stopsley Community Primary School. Data Breach Policy Stopsley Community Primary School Data Breach Policy Contents Page 1 Introduction... 3 2 Aims and objectives... 3 3 Policy Statement... 4 4 Definitions... 4 5 Training... 5 6 Identification... 5 7 Risk

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY DATA PROTECTION POLICY Introduction The purpose of this document is to provide a concise policy regarding the data protection obligations of Youth Work Ireland. Youth Work Ireland is a data controller

More information

Emsi Privacy Shield Policy

Emsi Privacy Shield Policy Emsi Privacy Shield Policy Scope The Emsi Privacy Shield Policy ( Policy ) applies to the collection and processing of Personal Data that Emsi obtains from Data Subjects located in the European Union (

More information

Information Security Controls Policy

Information Security Controls Policy Information Security Controls Policy Classification: Policy Version Number: 1-00 Status: Published Approved by (Board): University Leadership Team Approval Date: 30 January 2018 Effective from: 30 January

More information

ehealth Ontario Site Support Guide

ehealth Ontario Site Support Guide ehealth Ontario Site Support Guide Diagnostic Imaging Common Service Reference Guide & Privacy and Security Procedures and Obligations Version: 1.0 Document Owner: Diagnostic Imaging Common Service All-inclusive

More information

Privacy Policy... 1 EU-U.S. Privacy Shield Policy... 2

Privacy Policy... 1 EU-U.S. Privacy Shield Policy... 2 Privacy Policy... 1 EU-U.S. Privacy Shield Policy... 2 Privacy Policy knows that your privacy is important to you. Below is our privacy policy for collecting, using, securing, protecting and sharing your

More information

Castle View Primary School Data Protection Policy

Castle View Primary School Data Protection Policy Castle View Primary School Data Protection Policy Aims The Headteacher and Governors of the school intend to comply fully with the requirements and principles of the Data Protection Act 1998. All staff

More information

Data Subject Access Request (SAR) Policy, Guidance and Template

Data Subject Access Request (SAR) Policy, Guidance and Template James Hutton Group Data Subject Access Request (SAR) Policy, Guidance and Template Prepared By: DPO Date: 30 September 2018 Approved By: DPO Date: 30 September 2018 Summary of Changes Since Previous Version:

More information

Secure Messaging Mobile App Privacy Policy. Privacy Policy Highlights

Secure Messaging Mobile App Privacy Policy. Privacy Policy Highlights Secure Messaging Mobile App Privacy Policy Privacy Policy Highlights For ease of review, Everbridge provides these Privacy Policy highlights, which cover certain aspects of our Privacy Policy. Please review

More information

DATA PROTECTION POLICY THE HOLST GROUP

DATA PROTECTION POLICY THE HOLST GROUP DATA PROTECTION POLICY THE HOLST GROUP INTRODUCTION The purpose of this document is to provide a concise policy regarding the data protection obligations of The Holst Group. The Holst Group is a data controller

More information

Seven West Media Privacy Policy (Updated)

Seven West Media Privacy Policy (Updated) Seven West Media Privacy Policy (Updated) About this Privacy Policy This Privacy Policy has been published to provide a clear and concise outline of how and when personal information is collected, disclosed,

More information

DATA PROTECTION ISACA MALTA CHAPTER BIENNIAL CONFERENCE Saviour Cachia Commissioner for Information and Data Protection

DATA PROTECTION ISACA MALTA CHAPTER BIENNIAL CONFERENCE Saviour Cachia Commissioner for Information and Data Protection DATA PROTECTION ISACA MALTA CHAPTER BIENNIAL CONFERENCE 2016 Saviour Cachia Commissioner for Information and Data Protection Conception of DPA Council of Europe ETS 108 Convention on the protection of

More information

Cognizant Careers Portal Privacy Policy ( Policy )

Cognizant Careers Portal Privacy Policy ( Policy ) Cognizant Careers Portal Privacy Policy ( Policy ) Date: 22 March 2017 Introduction This Careers Portal Privacy Policy ("Policy") applies to the Careers portal on the Cognizant website accessed via www.cognizant.com/careers

More information

BCS, The Chartered Institute for IT. Group Operations Complaints Policy

BCS, The Chartered Institute for IT. Group Operations Complaints Policy BCS, The Chartered Institute for IT Group Operations Complaints Policy March 2018 Introduction This document sets out our complaints policy and procedure and is aimed at our training providers, learners

More information

About Us. Privacy Policy v1.3 Released 11/08/2017

About Us. Privacy Policy v1.3 Released 11/08/2017 Privacy Policy v1.3 Released 11/08/2017 About Us THIS PRIVACY POLICY, OUR VIEWER TERMS (hellopupil.com/viewerterms) AND HEALTH & SAFETY GUIDANCE (hellopupil.com/advice) COLLECTIVELY FORM THE TERMS GOVERNING

More information

Information Security Strategy

Information Security Strategy Security Strategy Document Owner : Chief Officer Version : 1.1 Date : May 2011 We will on request produce this Strategy, or particular parts of it, in other languages and formats, in order that everyone

More information

ACTION: Notice of modification to existing systems of records. General and Customer Privacy Act Systems of Records. These modifications are

ACTION: Notice of modification to existing systems of records. General and Customer Privacy Act Systems of Records. These modifications are This document is scheduled to be published in the Federal Register on 09/13/2012 and available online at http://federalregister.gov/a/2012-22511, and on FDsys.gov 7710-12 POSTAL SERVICE Privacy Act of

More information

Guidance Request for Record Deletion, Rectification, Restriction and Processing

Guidance Request for Record Deletion, Rectification, Restriction and Processing Form A91 - Guidance Guidance Request for Record Deletion, Rectification, Restriction and Processing Data Protection Act 2018 Guidance and information on request for information relating to record deletion,

More information

CHANCERY EDUCATION TRUST PICKHURST ACADEMY SUBJECT ACCESS REQUEST (SAR) POLICY OCTOBER 2018

CHANCERY EDUCATION TRUST PICKHURST ACADEMY SUBJECT ACCESS REQUEST (SAR) POLICY OCTOBER 2018 CHANCERY EDUCATION TRUST PICKHURST ACADEMY SUBJECT ACCESS REQUEST (SAR) POLICY OCTOBER 2018 Next Review Date: October 2020 CHANCERY EDUCATION TRUST PICKHURST ACADEMY SUBJECT ACCESS REQUEST (SAR) POLICY

More information

Policy and Procedure: SDM Guidance for HIPAA Business Associates

Policy and Procedure: SDM Guidance for HIPAA Business Associates Policy and Procedure: SDM Guidance for HIPAA Business (Adapted from UPMC s Guidance for Business at http://www.upmc.com/aboutupmc/supplychainmanagement/documents/guidanceforbusinessassociates.pdf) Effective:

More information

DATA PROTECTION SELF-ASSESSMENT TOOL. Protecture:

DATA PROTECTION SELF-ASSESSMENT TOOL. Protecture: DATA PROTECTION SELF-ASSESSMENT TOOL Protecture: 0203 691 5731 Instructions for use touches many varied aspects of an organisation. Across six key areas, the self-assessment notes where a decision should

More information

Requirements for a Managed System

Requirements for a Managed System GDPR Essentials Requirements for a Managed System QG Publication 6 th July 17 Document No. QG 0201/4.3 Requirements for a Managed GDPR System The General Data Protection Regulation GDPR will apply in the

More information

Privacy Policy Identity Games

Privacy Policy Identity Games Document Name: Privacy Policy Reference: GDPR 1.0 This privacy policy was last modified on 26 July, 2018. Privacy Policy Identity Games In this policy, "we", "us" and "our" refer to Identity Games International

More information

In this policy, whenever you see the words we, us, our, it refers to Ashby Concert Band Registered Charity Number

In this policy, whenever you see the words we, us, our, it refers to Ashby Concert Band Registered Charity Number ASHBY CONCERT BAND PRIVACY POLICY The privacy and security of your personal information is extremely important to us. This privacy policy explains how and why we use your personal data. We will keep this

More information

DATA PROTECTION IN RESEARCH

DATA PROTECTION IN RESEARCH DATA PROTECTION IN RESEARCH Document control Applicable to: All employees and research students Date first approved February 2006 Date first amended May 2015 Date last amended May 2015 Approved by Approval

More information

Data Encryption Policy

Data Encryption Policy Data Encryption Policy Document Control Sheet Q Pulse Reference Number Version Number Document Author Lead Executive Director Sponsor Ratifying Committee POL-F-IMT-2 V02 Information Governance Manager

More information

Privacy Policy Effective May 25 th 2018

Privacy Policy Effective May 25 th 2018 Privacy Policy Effective May 25 th 2018 1. General Information 1.1 This policy ( Privacy Policy ) explains what information Safety Management Systems, 2. Scope Inc. and its subsidiaries ( SMS ), it s brand

More information

SYDNEY FESTIVAL PRIVACY POLICY

SYDNEY FESTIVAL PRIVACY POLICY 1. Level 5, 10 Hickson Road The Rocks Sydney NSW 2000 Australia Phone 61 2 8248 6500 Fax 61 2 8248 6599 sydneyfestival.org.au ABN 60 070 285 344 SYDNEY FESTIVAL PRIVACY POLICY Our Commitment to your Privacy

More information

Exams policy 2017/18. This policy is reviewed annually to ensure compliance with current regulations. Approved/reviewed by

Exams policy 2017/18. This policy is reviewed annually to ensure compliance with current regulations. Approved/reviewed by Exams policy 2017/18 This policy is reviewed annually to ensure compliance with current regulations Approved/reviewed by Rachel Fawcett (Exams Officer) and Wendy Randall (School Business Manager) Approved

More information

Outgoing Ltd Official Ticketing Agent Terms and Conditions

Outgoing Ltd Official Ticketing Agent Terms and Conditions Outgoing Ltd Official Ticketing Agent Terms and Conditions In these terms and conditions "Outgoing" refers to Outgoing Ltd. Outgoing sells all tickets as an agent on behalf of the organisers and Outgoing

More information

Privacy and Data Protection Policy

Privacy and Data Protection Policy Privacy and Data Protection Policy Introduction 1. The Ripple Pond is committed to ensuring the secure and safe management of personal data held by the Charity in relation to Beneficiaries, Staff, Trustees,

More information