GDPR Commitment to Patients and Staff
In accordance with the GDPR, we observe the legal requirements that your personal data must be:
- Processed lawfully, fairly and in a transparent manner.
- Collected for specified, explicit and legitimate purposes.
- Adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed.
- Accurate and kept up to date: inaccurate personal data must be erased or rectified without delay.
- Kept in a form which permits identification of data subjects for no longer than is necessary.
- Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage.
Under GDPR, all individuals who have personal data held about them have the following personal privacy rights:
- The right to know how your data is processed and with whom it is shared.
- The right of access.
- The right to rectification, i.e. to have inaccuracies corrected.
- The right to erasure.
- The right to restrict the processing of their information.
- The right to data portability.
- The right to object to direct marketing.