Aviation Medicals Limited provides medical services to individuals and organisations. This privacy notice provides information about the personal information we process about
you as a data controller, in compliance with the General Data Protection Regulation
As an essential part of our business, we collect and manage client and non-client data. In
doing so, we observe the UK data protection legislation, and are committed to protecting
client’s and non-client’s privacy and rights. Specifically, we act as a “Data Contoller” in
respect of the information gathered and processed by us.
So you are reliably informed about how we operate, we have developed this privacy notice, which describes the way in which we collect, mange, process, store and share information about you as a result of you being a client.
The privacy notice also provides you with information about how you can have control over the use of your data.
Please contact Dr. Munashe MUSADAIDZWA firstname.lastname@example.org with any questions or requests about the personal information we process.
What information do we keep about you?
- We process the personal data of individuals who are obtaining medical services.
- The personal data may include:
• Names, contact details and dates of birth;
• Financial information and bank details (usually associated with invoicing or our
duties to comply with financial governance e.g. accounting under companies house.
• Health information – this will be treated as confidential outside the scope of GDPR
e.g. Access to Medical Reports Act 1988.
• Information about race, ethnic origin and sex;
- In many cases, an individual has consented to the transfer of their personal data to us.
This is common practice with regard to medical reports to employers. Where an
individual has consented, he or she may easily withdraw it in accordance with Access to
Medical Reports Act 1988.
Other personal data
- We also process personal data pursuant to our legitimate interests in running our business
• Invoices and receipts;
• Accounts, VAT and tax returns;
• Insurance policies and related documents;
How long do we keep your information for – The Retention Period?
- Personal data with regard to your medical records are retained, where necessary, for six years in compliance with our professional indemnity obligations. Where this is not necessary, it is destroyed on the conclusion of the case. We only hold on to your personal information for as long as We actually need it for the purposes We acquired it for in the first place.
- Administrative data is retained for up to six years as necessary, in the unlikely event
there are queries from HMRC and the VAT commissioner. Where it is not necessary to
retain the data for six years, it is destroyed as soon as possible.
Whom do we share personal data with?
- We share personal data internally strictly on a need to know basis.
- Special category data and personnel files held electronically are held on a security system with restricted access. Hard copy special category and other personal data is stored securely with restricted access in an alarm protected building.
- We do not share personal data with anyone external to the organisation, other than with:
• In legal requests.
• In statutory medical cases, with regulators already compliant with GDPR e.g. CAA,
HSE, OGUK, UKDMC.
• In medical cases, with other healthcare professionals; but only those directly
relating to your care e.g. specialist or your GP, and only with your express consent.
• With employers only with your express written consent under Access to Medical
Reports Act 1988.
• HMRC and the VAT Commissioner as they require
• With others pursuant to a court order
How will we use your personal information?
- Generally your personal information will be used in connection with the management
of your medical records. The legal basis of this is fulfil our professional obligation to you under the GMC regulation
- To process and respond to complaints under our legal obligation to do so.
- We are committed to protecting your rights to privacy. They include:
• Right to be informed about what we do with your personal data. This privacy notice
fulfils our obligation to tell you about the ways in which we use your information;
• Right to Access have a copy of all the personal information we process about you.
You have the right to ask us for a copy of any personal data that we hold about you in
the form of a “Subject Access Request”. You can obtain this information at no cost
and we will send you a copy of the information within 30 days of your request.
• Right to rectification of any inaccurate data we process, and to add to the information
we hold about you if it is incomplete;
• Right to be forgotten and your personal data destroyed. This is subject to legal
Requirements. In many instances although we may have destroyed your data the appropriate regulator may still hold personal data on you.
• Right to restrict the processing of your personal data on the grounds that it is
inaccurate, unlawful or that you want us to retain your data e.g. due to a legal claim,
we will need time to validate this and you should contact us directly to discuss it.
• Right to object to the processing we carry out based on our legitimate interest. You
have the right to withdraw your consent where consent is the lawful basis for
processing your personal data, or object to continued use of your personal data that
has a deemed legitimate purpose.
Information Commissioner’ s Office
- If you have any concerns about the way your personal information has been processed,
please contact Name above. Alternatively, you may contact the Information
Commissioner’ s Office on 0303 123 1113.