Similarly, where enquiries are submitted to us we will only use the information supplied to us to deal with the enquiry and any subsequent issues and to check on the level of service we provide. Personal data means information about you – for example, your name, date of birth, financial details and phone conversations with us. If you have a question about our services, or would like a free consultation and discussion around your organisation’s needs, challenges and future vision, get in touch by using our Contact Form. Therefore, before we can process your request you will need to provide proof of identification. We will need to see a clear, full colour copy document; one from each of the lists below (unless an original is specified). Although, any information held which does not fall under this definition can be processed as a SAR.

Data Protection Compliance

Initial work indicated that the highest proportion of ambulance calls originating from prisons were made by Health Care Professionals (HCP). However, further details regarding the reason for calls, any treatments provided and the resulting disposition of these patients is unknown. Previous work extracting data from clinical records in four prisons saw that many of the prison population are identified as having long-term conditions (LTCs) and are amongst some of the most vulnerable members of society. 3.5 Compliance with this Policy is compulsory for all staff employed by the University of Glasgow.

Nor does it apply to data that isn’t personal, such as information about limited companies. It’s unlikely that bank account statements and invoices about a limited company include any personal data. Even if they mention directors or employees, the information in these documents is about the company, not about those individuals. For example, data protection doesn’t apply to information relating to people who have died. We are provided with legal experts who are dedicated to our account which gives us full continuity of service. itservice-datenschutz have worked on the ‘other side of the fence’, having come from industry, so they really understand the challenges that businesses face when dealing with the complexities of regulations and legislation.

☐ We anticipate risks and privacy-invasive events before they occur, and take steps to prevent harm to individuals. Individuals also have rights under the Freedom of Information Act (Scotland) 2002 and the Freedom of Information Act (UK) 2000 – more information on our FOISA page. You can ask to see what  information we hold about you by visiting our Subject Access Request page. If we do transfer any information we will adhere to all aspects of the Data Protection law.

Similarly, organisations with ethics and corporate social responsibility policies look for suppliers who meet these standards. DPOaaS provides access to independent DPOs who can offer fast and efficient advice on data protection compliance. Data protection by design also applies in the context of international transfers in cases where you intend to transfer personal data overseas to a third country that does not have an adequacy decision.

If you want your phone number to be added to our internal Do-Not-Call telemarketing register, please contact us by using the information in Section 13 below. Please include your first name, last name, company and the phone number you wish to add to our Do-Not-Call register. Some registered users may update their user settings, profiles, organisation settings and event registrations by logging into their accounts and editing their settings or profiles.

Data Security Support

Our senior managers are accountable for holding and processing customer personal information. If you wish to exercise these rights please complete the Subject Access Request Form carefully, providing as much detail as possible to narrow the search and locate the precise information you require. You will be required to provide proof of identity with the form which should be sent to the address listed below.

A DPIA is a tool that you can use to identify and reduce the data protection risks of your processing activities. They can also help you to design more efficient and effective processes for handling personal data. Read our sections on the data protection principles, individual rights, accountability and governance, documentation, data protection impact assessments, data protection officers and security. 5.1 Data Protection training is an integral aspect of data protection compliance and a requirement for those working with personal data. An online Data Protection training module, accessed via Moodle, is available to all members of staff.

You can request a copy of all, or part of, the personal data we hold about you by submitting a Subject Access Request (SAR). A guide to submitting a Subject Access Request can be found on the Information Commissioner’s website. When directly collecting your personal data, we will explain exactly what will happen to it using a Privacy Notice.

Under the data protection laws, a cloud customer is usually viewed as a data controller if they determine the purposes for which and the manner in which the data is being processed. You are therefore likely to have the responsibility for how the data is handled, even if you don’t have full control over the cloud. The policy applies regardless of where the personal data are held and, in respect of IT systems that process personal data for University purposes, the ownership of the equipment. It applies to all personal data held by the University, regardless of location, which includes personal data held by all Colleges/Schools/Services/Institutes and staff, irrespective of format. Whenever we use information, we always limit this to only the details that are needed and we ensure that it is used safely and securely. We require anyone we share information with, or who uses it on our behalf, to do so too.