Personal data we use at Euromed Services Limited (the company) will hold data relevant to its business activities, this as such includes contact information for companies and individuals for the purposes of contacting them with regards to bookings made by the client.
Clients data will be held in compressed zip files and only accessed by the relevant employees that require the data for the purposes it is intended to be used for.
The data held is given to Euromed Services Limited under consent of the owner at the point of contact., by completing any form requiring personal data either by email or online the owner of the data is consenting to Euromed Ambulance, Euromed Special Operations or Euromed Training & Development and its employees using and storing this data for its relevant and intended purpose.
Due to the nature of Euromed’s Business activities staff will engage in activities as such that during the course of carrying out its duties may involve in depth personal data of individuals including sensitive information relating to medical conditions. This information is required to held for 7 years after the data is supplied. All information is confidential and is held in secure storage at Euromed head office. No personal patient information should be removed from the premises without the consent of the Directors.
Patient information may be shared with other medical professionals such as doctors or other NHS staff for the wellbeing of the patient and in the course of required medical treatment.
This includes, but is not limited to –
Full name including aliases, home address, contact telephone numbers, email address, date of birth, Next of Kin, employment history and enhanced DBS records, bank details for payroll purposes, passport details for security purposes (where required), immunisation status (clinical staff only) and driving licence details.
Full name and address, contact telephone numbers, date of birth, GP details, medical history including current medication and known allergies, Next of Kin, Powers’ of Attorney (where applicable)
Client records (including requests for quotation)
Full name and address, contact telephone numbers, email addresses, event location(s), details of event type and attendee numbers.
Full name and address, contact telephone numbers, email addresses, services/equipment provided, cost information.
In limited cases, names and contact details of relatives may be requested informally to help support the management of a patient.
Data held by Euromed Services Limited is provided by the owner of the data, for example an event organiser provides information relating to an event along with their personal information and contact details for the purpose of Euromed engaging in communication relating to the services offered for reward by Euromed Services.The data supplied is always supplied by the owner with consent with the exception of a patient who lacks capacity to consent.
Data specific to an event will be shared with the relevant staff or contractors that will require the information for them to carry out the task they are employed to do.
Patient data may be shared with medical staff from the NHS or private medical faculties for the intended purpose of patient wellbeing and treatment relevant to the patient.in this instance data will be available from both parties involved via a subject access request.
Data changes and corrections
Any data held by Euromed may be changed for the purpose of corrections by the data owner at any time.
You may be asked to provide proof of ownership of the data in question. Anyone requesting data changes must have a valid reason to do so and proof that the change is genuine.
Client records (including requests for quotation)
Euromed will do what is reasonably practical to ensure that data is collected, handled and stored in accordance with the GDPR.
In order to achieve this it will specifically ensure that where data is collected the data subject is clearly aware of the way in which this data may be used, stored and managed.
The company will ensure that access to data is provided strictly on a ‘need to know’ basis and that staff regularly handling data are aware of their responsibilities under the GDPR to maintain the security of this data.
The company will do what is reasonable to ensure the security of data held electronically by way of appropriate use of IT security methods and systems (e.g., password protection and data encryption where necessary). Euromed will also ensure that paper records are held securely. This includes ensuring documents containing personal and sensitive information is only available to those with legitimate need to access such data.
The company will take reasonable steps to ensure that the data it holds and processes is done fairly and that excessive information is not requested or stored.
The company will periodically take reasonable steps to ensure that the data it holds is up-to-date by reviewing the information on employee, client and supplier records. It will be the responsibility of employees, clients and suppliers, to provide updated information in a timely manner following any such request to do so. This review process is not generally considered necessary for the purpose of patient records.
Data will be stored for a time considered reasonable based on the nature of information held. Due to the variety of records held it is not appropriate to apply a blanket timeframe. The company therefore uses the guidelines published by the NHS Executive in respect of patient records.
Data held in relation to staff will be held in accordance with guidance set by HMRC for the purposes of accounting, tax and NI. This period will be 7 years from the date of last entry onto an employee record.
For all other records failing outside of the above, the company will maintain data for a minimum of 3 years from date of last entry and a maximum of 10 years from date of last entry. After this time, records will be destroyed in accordance with the procedures outlined below.
Data owners have the right to restrict the use of the personal data, for example upon request data held will not be used for the purposes of marketing correspondence unless requested to do so.
Euromed will not contact the data owner without permission.
If the data owner requests personal data to be withheld in medical confidence this restriction can be superseded by the medical personnel in attendance if it related to the patients well being only when shared with medical professionals as part of the patient care pathway.
An individual or business can register objections to their data being held, in doing so data should not be processed or stored and must be permanently deleted. With the exception of patient information relating to treatment of the individual if it affects the wellbeing of the patient in question.
Destruction of Data and Records
Electronically stored – all data will be electronically deleted from any
active and archived records
Paper records – all data will either be shredded on site or securely destroyed by the company engaged by
Euromed to handle confidential waste.
Subject Access Request
A subject access request (SAR) is simply a written request made by or on behalf of an individual for the information which he or she is entitled to ask for under section 7 of the Data Protection Act 1998 (DPA). The request does not have to be in any particular form
Individuals have the right to access their personal data.
This is commonly referred to as subject access.
Individuals can make a subject access request verbally or in writing.