Since the inception of the General Data Protection Regulations 2018 (GDPR), Spark Medical (the Company) has taken the following steps to ensure that it only collects data absolutely necessary for the purpose it is intended and limits the level of data that it shares with external and internal organisations.
The Company can confirm that it has updated its policies and processes to protect individuals in all cases in accordance with the below statement.
The Company will ensure that all collected data will be:
- processed lawfully, fairly and in a transparent manner in relation to individuals;
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be incompatible with the initial purposes
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- accurate and, where necessary, kept up to date; every reasonable step shall be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, is erased or rectified without delay;
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data shall be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
Who we are
- a private ambulance service, supplying frontline ambulance, patient transport and event medical services to private and public organisation, transporting members of the public
- a training company for the delivery of first aid courses, clinical education in accordance with several awarding bodies
- an online shop for medical equipment and consumables
How the Company collects information
- We may collect information about you from your completion of our on-line forms, from any email you send or from documents that you upload throughout the registration process
- The Company will collect information about you when you register to use the website or make any purchases from the Companies online shop
- The Company will not use any of your data for marketing e mails, promotional information or information about activities unless we have your express permission to do so
Storage of Information
- Your information shall be stored on The Companies secure web server and it will keep its own backup copy. We may also store your information on paper at our offices and bases, but this will be limited to compliance, resourcing, training and payroll services and only where necessary. In doing so the information will be stored in a locked draw, room or cabinet when not in use with limited access
- The Company will keep your information secure by taking appropriate technical and organisational measures against its un-authorised or unlawful processing and against its accidental loss, destruction or damage
- You have a statutory right to see a copy of the information the Company holds about you, free of charge. To access this information, you will be required to make an application in writing in accordance with our Subject Access Request (SAR) process. For further information please contact our Head Office on 0151 808 0770 and ask for a member of the Information Governance Team.
What we use your information for
- We will use your information to provide you with any further details or information you request, process your application to work with us or engagement on a training course
- If we provide an online shopping service, we will use your information to fulfil your order only.
Who we will share your information with:
- We will not share your information with any other organisation except in the following circumstances.
- We may need to give incidental access to you information for hardware or software maintenance however, we shall endeavour to keep this to a minimum
- The Company will disclose your information to enforcement authorities if asked to do so, or to a third party in the context of actual or threatened legal proceedings
- Any third parties associated with an engagement to work on behalf of the Company or any of its subsidiary companies or when engaging on a course, then information will be required by the awarding body to supply your certificate of completion. In such cases we will limit the amount of information released to what is required for the third party to accomplish their requirements
- If the Company provides you with an online shopping service, any credit or debit card details you supply will be passed to our payment provider and your card issuer and will not be routinely retained after the sale has been completed
The EEA comprises certain countries within Europe (including the EU) which have similar laws on data protection. Other countries outside the EEA may not give the same level of protection to your information. Information held for each of the different entities of Spark Medical shall not be shared within the group without prior permission of the individual, i.e. Training Department students information will not be shared within the group
Further information about data protection issues including the online Register of Data Controllers can be found at informationcommissioner.gov.uk or request a copy of our Data Protection Policy
Should the Company provide clinical or medical services to you, information will be collated for this purpose, in most cases this will be on behalf of a public sector organisation, whereby any data including any sensitive data will be owned by the outsourcing organisation and will not be accessible or retained by the Company. In such circumstances the Company will use paperwork, electronic software owned and managed by the outsourcing organisation, thus will be governed by the organisation’s own privacy and data security processes
Where the Company must share or access data relating to individuals it will pseudomise all information where possible.
To access any of the Companies policies relating to this privacy statement or GDPR policies, then please contact our Head Office on 0151 808 0770