Privacy Notice for Apolline Ltd
for Clients’ and Members’ Personal Data
Apolline Ltd takes great care to protect the personal data we hold for our Clients and Members in line with the requirements of the Data Protection Act 2018 and the General Data Protection Regulation (GDPR).
As required by law, this privacy notice lays out the following essential information:
- Who we are (our identity)
- The reasons for gathering the data
- The use it will be put to
- Who it will be disclosed to
- If it will be transferred outside the EU
- The legal basis for processing the data
- Retention period (how long we will keep the personal data)
- The right to complain
- Whether the data will be subjected to automated decision making
- Individuals’ privacy rights.
Apolline Ltd, is a company registered at Companies House registration number 07245126 whose registered address is 6 Burnmoor Meadow, Finchampstead, Wokingham, Berkshire RG40 3TX.
Personal Data held for our Clients and Members
The personal data we process (processing includes obtaining the information, using it, storing it, securing it, disclosing it, and destroying it) for our Clients and Members may include:
- Name, address
- Email address
- Phone numbers
- GDC number (if relevant)
- Financial information
- Information relating to invoices sent and payments received
- Information relating to the performance of the contract we hold with our client or member
- Details of their compliance and action plans to help achieve compliance
- Details of all contact we have had with our client or member
- Details of any complaints received and how these have been resolved.
Reasons for Processing Personal Data
The purpose of collecting and storing personal data about our Clients and Members is to ensure we can:
- Provide appropriate support services to ensure we fulfil our contractual obligations to our Clients and Members
- Invoice our Clients and Members correctly for services or support
- Collect fees via direct debit or bank transfer
- Obtain feedback from them about their satisfaction levels
- Obtain feedback following completion of training in line with GDC requirements for verifiable CPD
- Send CPD certificates when verifiable training has been successfully completed
- Respond to complaints.
How we use our Clients’ and Members’ personal data
We use our Clients’ and Members’ personal data to enable us to:
- Administer the contract we have with our client or member
- Provide the service we are contracted to provide
- Administer payments relating to the service we are contracted to provide
- Deal with queries
- Deal with complaints
- Provide continuity of service by recording details of all contact we have with our client or member
- Ensure we comply with our legal obligations
- Update our Clients and Members on any regulatory, legal or statutory requirements.
Some of the above grounds for processing will overlap and there may be several grounds which justify our use of a Client’s or Member’s personal information.
Disclosure to third parties
The information we collect, and store will not be disclosed to anyone who does not need to see it. Our employees and those working with us on a self-employed basis or contractual basis are bound by a duty of confidentiality and will never disclose personal information about a client or member to anyone who does not need to see it.
Transferring personal data outside the EU
We may send Clients and Members personal information outside the EU. If we do that, we will ensure that we have written assurances that the data will be subject to the same level of security as required within the EU.
Legal Basis for processing data held about Apolline Clients and Members
The Data Protection Act 2018 and the GDPR require us to state the legal basis upon which we process all personal data for our Clients and Members and it requires us to inform them of the legal basis on which we process their personal data.
The legal bases on which we process personal information for our Clients and Members is:
- Contract – We provide services and support in line with the contract we hold with our Clients and Members. The contract we hold with them requires us to process their personal data.
- Legitimate interest – We have a legitimate interest in processing our Clients and Members’ personal data to enable us to provide services and support to them and to administer the contract we hold with them.
We only keep our Clients’ and Members’ personal data for as long as we need to in order to fulfil the contract we hold with them or for our legitimate interests or for as long as they give us permission to hold and process it.
Personal Privacy Rights
Under the Data Protection Act 2018 and the GDPR, all individuals who have personal data held about them have the following personal privacy rights in relation to the information held about them.
Our Clients and Members have a right to:
- Access to and copies of their records.
- Have inaccuracies deleted.
- Have information about them erased.
- Object to direct marketing.
- Restrict the processing of their information, including automated decision-making.
- Take their data elsewhere (right to data portability).
It is our Client’s or Member’s responsibility to ensure that any changes to their personal information are notified immediately.
Clients who wish to exercise their rights under GDPR should contact the Operations Director, Samantha Spriggs at email@example.com
Clients or members who wish to have inaccuracies deleted or to have information erased should contact Patricia Langley, Chief Executive who is the Data Controller at firstname.lastname@example.org
Automated decision making
All individuals who have personal data held about them have a right to object to direct marketing and a right to restrict the processing of their information, including automated decision-making.
Automated decision making involves all decisions made automatically i.e. without human intervention. We will always ask our Clients and Members to opt-in to any processes involving automated decision making.
We may send newsletters for direct marketing purposes when we have consent. When new Clients and Members register with us, they are asked to opt-in to receive update information and newsletters. Existing Clients and Members have been asked to refresh their consent to continue hearing from us. Clients and Members who have not given their specific opt-in consent will not be sent anything they have not consented to receive.
As part of the service we are contracted to provide, we send our Clients and Members with whom we have a contract for services and support regular newsletters that update them on any:
- Changes to Apolline’s compliance policies, protocols and templates
- New policies, protocols or templates as they are developed
- Changes to regulatory, legal or statutory requirements.
We do not need consent to send this information because it forms part of our contractual obligations and the legal basis on which we do this is ‘contract’.
Our Clients and Members are always asked for their opt-in consent to receive direct marketing information such as information about new or planned services, support services or training courses.
Withdrawal of Consent
Our Clients and Members may withdraw their consent to receive direct marketing information or to have their data subjected to automated decision making at any time after they have given their opt-in consent. Clients and Members who wish to withdraw their consent should contact Samantha Spriggs, Operations Director at: email@example.com
Security of Personal Data
We take the security of all the personal data we process for our clients and team members very seriously and appropriate security measures are in place to protect it against unauthorised access, loss or destruction. Access to personal information about individual Clients and Members is strictly limited to those people who need to access it. Any contractor or provider who has a legitimate reason for having access to personal data is bound by a duty of confidentiality.
We have clear procedures in place to deal with any data breach and these are described in our Data Protection Policy. Should the breach involve a breach of confidentiality then we will notify the individual involved in addition to the Data Protection Authorities.
Our Clients and Members have a right to complain about how we process their personal data. All complaints concerning processing of personal data should be made to Samantha Spriggs, Operations Director at firstname.lastname@example.org or to Patricia Langley, Chief Executive at email@example.com All complaints will be dealt with promptly and as described in our Data Protection Policy.
This Policy was reviewed and implemented on: 13.11.2018 and will be reviewed annually.
It is due for review on: 13.11.2019 or prior to this date in accordance with new guidance or legislative changes.
We are required under data protection legislation to notify our Clients and Members of the information contained in this Privacy Notice. We do that by placing this Privacy Notice on our website at www.apolline.uk.com
A PDF of our Privacy Notice is also available on request from firstname.lastname@example.org