Our Policies
GDPR (General Data Protection Regulations)
As controllers under the GDPR, organisations such as MEDI-HR® Ltd, that process personal data, must establish and publish the lawful basis that they are relying on for processing personal data. The GDPR sets out conditions for lawful processing of personal data (Article 6), and further conditions for processing special categories of personal data (Article 9).
Being transparent and providing accessible information to clients about how we will use their personal information is a key element of the GDPR Regulations.
The following notice reminds you of your rights in respect of the above legislation and how MEDI-HR® Ltd, will use your information for lawful purposes in order to deliver clients needs and the effective management of the services delivered.
GDPR sets a high standard for consent. Consent means offering people genuine choice and control over how their data is used. When consent is used properly, it helps you build trust and leads to enhanced reputation.
MEDI-HR® Ltd, assumes will endeavour to seek consent from clients for data used and stored, at the point of establishing contact and building rapport.
SAR (Subject Access Request)
Under Article 15 of the GDPR all clients have the right to a Subject Access Request (SAR):
This gives clients the right to obtain a copy of their personal data as well as other supplementary information. It helps them to understand how and why MEDI-HR® Ltd are using their data, and check you we are doing so lawfully.
Clients have the right to obtain the following from you:
confirmation that you are processing their personal data;
a copy of their personal data; and
other supplementary information – this largely corresponds to the information that you should provide in a privacy notice.
Recital 59 of the GDPR recommends that organisations ‘provide means for requests to be made electronically, especially where personal data are processed by electronic means’. You should therefore consider designing a subject access form that individuals can complete and submit to you electronically.
If a client makes a request, MEDI-HR® Ltd will provide the information in a commonly used electronic format, unless the individual requests otherwise.
MEDI-HR Ltd will respond to all Subject Access Requests in full within 30 days.
MEDI-HR Ltd Compliance
MEDI-HR® Ltd collects the following personal data from the following categories of data subjects:
-
Clients
-
Customers
-
Suppliers
-
Sub-contractors
-
Employee applications
Retention of data:
Except as otherwise permitted or required by applicable law or regulation, MEDI-HR Ltd retains personal data for a maximum duration of 10 years. MEDI-HR® Ltd undertakes an annual review which considers the volume, the nature, and the sensitivity of personal data being held, and the potential risk of harm from unauthorised access or disclosure of personal data.
What are clients entitled to know about how MEDI-HR® Ltd handles their data:
-
Informed if personal data is being processed.
-
Given a description of the personal data, the reasons it is being processed, and whether it will be given to any other organisations or people.
-
Given a copy of the personal data.
-
Given details of the source of the data (where this is available).
MEDI-HR® Ltd is registered with the ICO. Ref No. ZA494415
MEDI-HR® Ltd successfully achieved compliance certification for Cyber Essentials on 03/12/24
Certification No. ca41854c-d3c3-411e-a79e-2537d265d7b4