Privacy - Medpoint

INTRODUCTION

The purpose of this document is to provide a concise policy statement regarding the Data Protection obligations of Medpoint. This includes obligations in dealing with personal data, in order to ensure that the organisation complies with the requirements of the relevant Irish legislation, namely the Irish Data Protection Act (1988), and the Irish Data Protection (Amendment) Act (2003).

RATIONALE

Medpoint must comply with the Data Protection principles set out in the relevant legislation. This Policy applies to all Personal Data collected, processed and stored by Medpoint in relation to its staff, service providers and clients in the course of its activities. Medpoint makes no distinction between the rights of Data Subjects who are employees, and those who are not. All are treated equally under this Policy.

SCOPE

The policy covers both personal and sensitive personal data held in relation to data subjects by Medpoint. The policy applies equally to personal data held in manual and automated form. All Personal and Sensitive Personal Data will be treated with equal care by Medpoint. Both categories will be equally referred-to as Personal Data in this policy, unless specifically stated otherwise. This policy should be read in conjunction with the associated Subject Access Request procedure, the Data Retention and Destruction Policy, the Data Retention Periods List and the Data Loss Notification procedure.

MEDPOINT AS A DATA CONTROLLER

In the course of its daily organisational activities, Medpoint acquires, processes and stores personal data in relation to: • Employees of Medpoint • Customers of Medpoint • Third party service providers engaged by Medpoint • Consumers engaging with Medpoint Apps In accordance with the Irish Data Protection legislation, this data must be acquired and managed fairly. Not all staff members will be expected to be experts in Data Protection legislation. However, Medpoint is committed to ensuring that its staff have sufficient awareness of the legislation in order to be able to anticipate and identify a Data Protection issue, should one arise. In such circumstances, staff must ensure that the Data Protection Officer is informed, and in order that appropriate corrective action is taken. Due to the nature of the services provided by Medpoint, there is regular and active exchange of personal data between Medpoint and its Data Subjects. In addition, Medpoint exchanges personal data with Data Processors on the Data Subjects’ behalf. This is consistent with Medpoint’s obligations under the terms of its contract with its Data Processors. This policy provides the guidelines for this exchange of information, as well as the procedure to follow in the event that a Medpoint staff member is unsure whether such data can be disclosed. In general terms, the staff member should consult with the Data Protection Officer to seek clarification.

SUBJECT ACCESS REQUESTS

Any formal, written request by a Data Subject for a copy of their personal data (a Subject Access Request) will be referred, as soon as possible, to the Data Protection Officer, and will be processed as soon as possible. It is intended that by complying with these guidelines, Medpoint will adhere to best practice regarding the applicable Data Protection legislation.

THIRD-PARTY PROCESSORS

In the course of its role as Data Controller, Medpoint engages a number of Data Processors to process Personal Data on its behalf. In each case, a formal, written contract is in place with the Processor, outlining their obligations in relation to the Personal Data, the specific purpose or purposes for which they are engaged, and the understanding that they will process the data in compliance with the Irish Data Protection legislation.
These Data Processors include:
• HR Department
• Marketing Department

YOUR CONSENT

By using our site, you consent to this web site privacy policy.