Commencing on 25th May 2018 GDPR is short for General Data Protection Regulation and is the biggest change in UK data protection laws for 20 years. Prometheus Safe & Secure Ltd take this very seriously.
It is a regulation in EU law which has a purpose to give you more control over how organisations like us, use your data.
Who We Are
Prometheus Safe & Secure Ltd are a secure mental health transport provider registered with the CQC (Care Quality Commission).
PSS Lawful Basis for processing
Consent : the individual or organisation has given clear consent for us to process their personal data for a specific purpose
Contract: the process is necessary for a contract we have with a Trust or private organisation or because they have asked us to take specific steps before entering into a contract.
Legal Obligation: the processing is necessary for PSS to comply with the law.
Vital Interests: the processing is necessary to protect someone’s life.
Public Interest: the processing is necessary for PSS to perform a task in the public interest or for out official functions, and the task or function has a clear basis in law.
Legitimate interests: the processing is necessary for PSS’s legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.
What Data Do We Hold?
The data we hold is any data you have shared with us. This will include any forms you’ve filled in to enable us to transfer a mental health patient for your trust or private organisation, information you may have given to our clinical logistic managers on the telephone including any contact you have made with us, such as emails or contact with our finance or compliance department or any other individual legally employed by PSS.
What We Do With Your Data And Why It’s Safe With Us?
We are transparent and only keep physical data in secure environment’s for 12 months before it is shredded using an outsourced data shredding company.
How Can You Update Your Preferences?
As a result of GDPR, we have made it easy for you update your preferences by contacting our Data Protection Officer email@example.com.
You Can Choose How PSS Contacts You.
You can choose who can contact and how they contact you whether it be by phone, email or SMS and also what they contact you regarding.
Can I Ask For My Data To Be Removed?
Yes, Also known as the ‘Right to erasure’ PSS allows for data to be deleted where practicable.
Due to the nature of our business we do need on occasion to liaise with Police, safeguarding or families so this plays a role in what were able to remove from our systems, as we have contractual and legal obligations to retain some data for the purpose of transparency and patient care such as a safeguarding issues for example.
You Can Change Your Mind.
Even if you have given PSS consent to contact you, you can revoke this by contacting us at any time to update your preferences.
You Can Request A Subject Access Request.
Under the GDPR, you do have the right to a Subject Access Request. This means you can ask us for what data we hold on you, and where it has been shared.
PSS will comply with new rules to handle requests within a month instead of 40 days previously but we will charge or refuse requests that are manifestly unfounded or excessive.