FusionCPL Data Privacy Statement

Introduction

The FusionCPL Privacy Statement sets out the standards that an individual can expect from FusionCPL when FusionCPL request or hold information about an individual. This Statement covers both ordinary personal data (any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name , an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person) and special categories of personal data (Racial or ethnic origin, political opinions, Religious or other beliefs of a similar nature, trade union membership, physical or mental health details, sexual life, genetic data or biometric data).

The FusionCPL Privacy Statement informs individuals how to get access to their personal data and what individuals can do if they think standards are not being met by FusionCPL or third parties processing the data on  behalf of FusionCPL. The Statement also explains how personal data is safeguarded and the circumstances in which data may be disclosed. The FusionCPL Privacy Statement will be reviewed annually and updated to take account of any changes in legislation or policy.

Responsibilities

The Chief Executive Officer – is responsible for:

1. The Data Privacy Statement implementation.

2. FusionCPL’s risk appetite statement and advising the Risk Committee/Board of any Data Privacy risks and mitigating controls.

3. Ensuring that Data security policies and procedures are reviewed and implemented across FusionCPL and ensuring continuous improvement. These policies/procedures aim to ensure that the requirements of confidentiality, integrity and availability are maintained from data collection through to secure deletion of data.

4. The development and dissemination of data protection training and ensuring that FusionCPL’s release of data is fair, lawful and appropriate.

5. Ensuring that staff are compliant with all relevant policies and procedures and that specific data assets are managed and protected appropriately.

Types of Data

FusionCPL holds both personal and non-personal data in a variety of databases and data information stores. Many of these data stores are critical to FusionCPL’s operational delivery and compliance enforcement but there are also key systems which support FusionCPL’s operational functions such as human resources, facilities management and finance.

How Data is managed

FusionCPL manage, maintain and protect all data according to legislation and FusionCPL policies and procedures and best practice guidance. FusionCPL have appropriate security measures in place to maintain and safeguard the confidentiality, integrity and availability of our systems and the data we hold. All information is stored, processed and communicated and destroyed in a secure manner and access to all data is limited to authorised users.

FusionCPL is also committed to making the data it holds available to authorised individuals.

Personal information

FusionCPL is aware how important it is to protect individuals’ data privacy and to comply with the General Data Protection Regulation (GDPR). FusionCPL take appropriate technical and organisational measures to protect the personal data we hold against unauthorised or unlawful processing, accidental loss, destruction or damage.

When FusionCPL collect personal data, we will be transparent and:

  1. Explain why we need the personal data and if we are going to share the personal data with other organisations.
  2. Only ask for what personal data FusionCPL needs, and not request excessive or irrelevant information.
  3. Make sure that only authorised users can access the data supplied.
  4. Only keep the data for as long as is necessary for the purpose that it was collected.

In return, FusionCPL, in order to keep data accurate and up to date, would request that individual’s:

  1. Provide FusionCPL with accurate information.
  2. Tell FusionCPL promptly about any changes in personal data, such as a change of name or address.

Access to personal information

Individuals can find out if FusionCPL hold any personal data about them by making a ‘subject access request’ (SAR) under the GDPR.  If FusionCPL holds personal data, FusionCPL will provide the following information:

(a)    The purpose for processing the data.

(b)   The categories of personal data concerned.

(c)    To whom the data has been or will be disclosed.

(d)    Whether the data has been or will be transferred outside of the EU.

(e)   The period for which the data will be stored, or the criteria to be used to determine retention periods.

(f)     The right to make a complaint to the Data Protection Commissioner.

(g)    The right to request rectification or deletion of the data.

(h)    Whether the individual has been subject to automated decision making.

 

FusionCPL handles all data in a manner that respects the rights of individuals and complies with the GDPR. If an individual would like to make a subject access request, they are requested to write or email FusionCPL providing their full name and postal address:

info@fusioncpl.com

FusionCPL, Cherry Orchard health Centre, Cherry Orchard Grove, Dublin 10.

FusionCPL will process subject access requests as quickly as possible, and will not take longer than one 1 month. There is scope under GDPR to increase this time frame by a further two months in some cases, where the request is particularly complex, or where many requests have been received at the same time.