The purpose of this document is to provide a concise policy statement regarding the Data Protection obligations of Medpoint. This includes obligations in dealing with personal data, in order to ensure that the organisation complies with the requirements of the relevant Irish legislation, namely the Irish Data Protection Act (1988), and the Irish Data Protection (Amendment) Act (2003).
Medpoint must comply with the Data Protection principles set out in the relevant legislation. This Policy applies to all Personal Data collected, processed and stored by Medpoint in relation to its staff, service providers and clients in the course of its activities. Medpoint makes no distinction between the rights of Data Subjects who are employees, and those who are not. All are treated equally under this Policy.
In the course of its role as Data Controller, Medpoint engages a number of Data Processors to process Personal Data on its behalf. In each case, a formal, written contract is in place with the Processor, outlining their obligations in relation to the Personal Data, the specific purpose or purposes for which they are engaged, and the understanding that they will process the data in compliance with the Irish Data Protection legislation.
These Data Processors include:
• HR Department
• Marketing Department