Pedmore Medical: Data Protection Policy
Pedmore Medical is the trading name of Colin Holburn a medical expert witness and trainer, and is committed to protecting the privacy of all the personal information or data provided by those who use our services. Personal information and data is described as “any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a home address, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer’s IP address”. This policy explains how we collect, use and store the personal information provided to us.
Pedmore Medical commits to abide by the Data Protection Act 1998 (“DPA”) and the General Data Protection Regulation 2017 (“GDPR”) in all areas of its operation. This policy applies to everyone who works on its behalf and they are expected to work within the legislation. This policy sets out in detail the procedures in place to ensure that personal data relating to our users and those that enquire about our services are treated in the appropriate way.
Pedmore Medical acknowledges that individuals have the right to expect that appropriate and reasonable safeguards will be operated by Pedmore Medical and any third parties engaged by them to protect the confidentiality, integrity and security of their personal and sensitive personal data. Where third parties process data on our behalf we will ensure though a legal agreement that the third party also operates in accordance with the DPA and the GDPR.
The DPA and the GDPR require that organisations process personal data in accordance with the eight Data Protection Principles and Pedmore Medical has adopted those principles, which are:
- Fair and lawful
- Specific to purpose
- Adequate, relevant and not excessive
- Accurate and up to date
- Kept for no longer than necessary
- Processed in accordance with data subjects’ rights
- Kept secure
- Not transferred overseas without suitable safeguards.
Pedmore Medical will never share or sell your data to other third party organisations, unless required by law (for example by public bodies in respect of the prevention and detection of crime).
We may allow our employees or others acting on our behalf to access and use your information for the purposes for which it is intended (for example for preparation of expert witness reports, preparation for court appearances or processing payments). We ensure that they are provided with the relevant data and ensure the information is treated with the same level of care we would take ourselves.
Our website has links to websites owned and operated by third parties. These third parties have their own privacy policies, and will control the information you provide them with in accordance with their respective policies.
Policy Statement of Pedmore Medical
The core requirements relate to the collection, storage, processing, records, confidentiality, security, incident management, retention and deletion, management, availability, integrity, and secure disposal of personal and sensitive data which comes to us, either directly from parties instructing us or from lawyers acting on their behalf.
We will only collect and process personal and sensitive data that has been obtained fairly and lawfully and for a specific set of purposes connected with our activities or where we have a legitimate purpose under law to do so. Data will be adequate and relevant and only used for the purposes collected. It will be maintained, kept accurate, and not retained for any longer than is necessary. We will before collecting any information consider:
- What details are necessary for our purposes
- How long we are likely to need this information
- What the information will be used for.
We may use your personal information for a number of reasons. These include:
- In forensic or expert witness assignments – to collate and consider the evidence and information provided, in the compiling of expert reports, holding meetings of experts, giving expert evidence at trial, and all such similar steps in the litigation
- For administrative purposes – to include all internal record keeping and auditing
Your consent to our using this information will be confirmed by you or by your lawyers, and in the event you change your preferences we shall act swiftly to ensure that our contact and information is adjusted as appropriate.
We will take steps to ensure that personal data is kept secure at all times against unauthorised or unlawful loss or disclosure. The following measures will be taken:
- Password protection on personal systems which could be accessed by unauthorised persons
- Daily back up data on computers
- Password protected attachments for sensitive personal information sent by email or stored on computers/laptops/phones
- Laptops taken out of the office or used by home based staff are always secured.
- Access Requirements
We will ensure that anyone whose personal information we process has the right to know:
- What information we hold and process on them
- How to gain access to this information
- How to keep it up to date
- What we are doing to comply with the regulations.
They also have the right to prevent processing of their personal data in some circumstances and the right to correct, rectify, block, or erase information regarded as wrong or if consent is withdrawn.
Individuals have the right under the DPA and the GDPR to access certain personal data being kept about them on computer and certain files. Any person wishing to exercise this right should apply in writing to firstname.lastname@example.org The following information will be required before access is granted:
Full name and contact details of the person making the request:
- Their relationship with CMM
- Any other relevant information eg timescales.
- We may also require proof of identity before access is granted.
Queries about handling personal information will be dealt with swiftly and politely. Pedmore Medical aim to comply with requests for access to personal information as soon as possible, but will ensure it is provided within the month required by the GDPR.
For further current information see https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/