WHAT IS PERSONAL DATA UNDER THE GDPR?
The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person (‘data subject’) who can be directly or indirectly identified by reference to an identifier. This definition provides for a wide range of personal identifiers to constitute personal data, including name, identification number, location data or online identifier, reflecting changes in technology and the way organisations collect information about people. The GDPR applies to both automated personal data and to manual filing systems where personal data is accessible according to specific criteria.
A Data Controller is an organisation that determines the purposes, conditions, and means of the processing of personal data. The Microsuction Company is a Data Controller, for the purposes of operating its business. It is registered to process personal data with the Information Commissioner’s Office (visit www.ico.org.uk for further details.)
The Data Protection Officer (DPO) for The Microsuction Company is Ian Girling who can be contacted at firstname.lastname@example.org
A Data Processor is an organisation that processes personal data on behalf of the Controller. Third party processors with which The Microsuction Company works includes, but is not limited to, providers of: IT, CRM and accounting systems, appliance purchase finance, file sharing/storage systems, contracted appliance manufacturer/repair services, transport/courier services, marketing/advertising services and HR/payroll.
HOW DO WE USE PERSONAL DATA?
The Microsuction Company uses your data for the following lawful basis and purposes:
- To enable our business to respond to enquiries, referrals and contacts about the quotation/provision of professional hearing services [including microsuction and other treatments for the removal of excess ear wax, auxiliary hearing services and provision of hearing appliances] as advertised in print, signage, online at www.themicrosuctioncompany.co.uk and through associated social media platforms. Enquiries, referrals and contacts include those received through phone calls, emails and post; or in response to e-newsletters/online, print advertising and social media.
- To enable provision of contracted hearing services according to your personal instruction, or the instruction of your nominated representatives (for instance a POA).
- To advise or remind you about your appointments with us and to perform pre-appointment triage.
- To record your clinical data via industry-standard Noah Software System, encrypted and controlled by HIMSA.
- To maintain a client record card detailing your hearing health history/audiology/audiogram test results and details of any appliances purchased. Hearing centre copies are stored securely and a copy of this record is available on request.
- To keep in touch with you during the planning and delivery stages of the hearing treatments and services you have contracted us to provide.
- To instruct third parties, where appropriate, who may be assisting us in the provision of the hearing treatments and services you have contracted. Please note: Client names are encoded when ordering hearing appliances on your behalf via specialist manufacturers.
- We may occasionally contact you by email or letter to follow up about the service(s) you have received or to inform you of similar services we offer that may be relevant to you. You will be invited to opt-in to our mailing list or you can subscribe online at www.themicrosuctioncompany.co.uk. You can unsubscribe at any time and we never share our mailing list contact details with third parties.
We will keep your personal and clinical data on our secure systems indefinitely as a requirement of insurance and to enable the continued provision of your ear care services (unless you request removal or transfer according to your rights under the GDPR).
SECURITY OF EVENT DATA
We operate a ‘safe file’ system in our offices and site locations and our staff are fully trained in data security. This applies to all client files and contacts whether securely stored in physical files or held on desktop/hand-held devices. Non-essential paperwork is routinely shredded and recycled.
When making credit card payments to The Microsuction Company, your details are destroyed after payment has been processed through our payment terminal. If providing us with other financially sensitive company details, for instance for credit references, that data is securely stored according to our ‘safe file’ system.
YOUR RIGHTS UNDER THE GDPR
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:
- The right to request a copy of your personal data which The Microsuction Company holds.
- The right to request that The Microsuction Company corrects any personal data if it is found to be inaccurate or out of date.
- The right to request your personal data is erased where it is no longer necessary for The Microsuction Company to retain such data.
- The right to withdraw your consent to the processing of personal data at any time.
- The right to request that the data controller provides the data subject with his/her personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability).
- The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing.
- The right to object to the processing of personal data.
- The right to lodge a complaint with the Information Commissioner’s Office (ICO).
To exercise all relevant rights, queries or complaints please in the first instance contact our Data Protection Officer: Ian Girling by email at email@example.com
Or write to: The Microsuction Company, 2 Station Road, Maiden Newton, Dorset DT2 0AE
Contact the ICO on t: 0303 123 1113/email: https://ico.org.uk/global/contact-us/email/ or write to: The Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF