Privacy Policy
Privacy Notice as of 04/07/2018
Data Subjects
· Job Applicants
· Current Staff
· Former Staff
· Emergency contacts for staff
· Visitors to Impact Medical’s website
· Customers
· Staff of customers
· Course attendees.
· Personal monitoring, badge wearers.
· Your Rights
Job Applicants
What data does Impact Medical Ltd process?
During the job application process with Impact Medical the following data items may be processed
· Full Name
· Personal Phone Number
· Personal Email Address
· Educational History
· Information on Disability
· Employment History
Any other information submitted that is not required (e.g. DoB, Home Address) will be redacted from the recruitment and selection process and will not be processed any further.
How will this data be used?
Your data may be used as part of the following processing activities
· HR – Recruitment and Selection
Who is the controller of this data?
In this instance Impact Medical Ltd is the controller of your data.
Will the data be shared with anyone?
The data will not be shared with anyone outside of Impact Medical Ltd.
How is this data captured?
This data will have been sent to Impact Medical Ltd by you, most likely in the form of a CV.
Where is the data stored?
The data will be stored on secure company infrastructure within the UK. This will primarily be at the Aintree office, but some may be stored on cloud platforms.
Who has access to the data?
The data will only be accessed by authorised personnel. Systems are in place to monitor access to personal information to make sure nobody is able to see it without proper authorisation.
How long will Impact Medical Ltd retain the data?
Impact Medical will retain this information for a period of no longer than 12 months after it was submitted for unsuccessful applicants. We may contact you to ask for renewed consent to store and process your data in the meantime.
What is Impact Medical’ lawful basis for processing the data?
Impact Medical will have access to and carry out processing on your personal information where you yourself have submitted your information to Impact Medical. By sending this in, we consider this action to construe actively giving us consent to carry out this processing and storage.
Current Staff
What data does Impact Medical Ltd process?
During the course of your employment with Impact Medical Ltd the following data items may be processed
· Full Name
· Date of Birth
· Address
· Personal Phone Numbers
· Personal Email Address
· Sex
· Information on Disability
· Your Ethnicity
· Your Marital Status
· Your Living Arrangements
· Bank Details
· National Insurance Number
· Educational Certificates
· Your Signature (both physical and digital)
· DBS certificates and information.
· Vehicle license information (endorsements)
· Society of Radiographers membership
· HCPC registration details
· Radiation dosimetry reports
How will this data be used?
Your data may be used as part of the following processing activities
· HR
· Employee Benefit Schemes (at your request)
· Payroll
· IT
· Personal Dosimetry
· Survey/RPA
· Professional registration
· Driving suitability
Who is the controller for this data?
In this instance Impact Medical Ltd is the controller of your data.
Will the data be shared with anyone?
The following 3rd parties will be used to process your data on Impact Medical’s behalf
· Impact Medical accountants
· Sage payroll
· You pension provider
· Employee benefit schemes
· PIB Insurance brokers
· DVLA
· DBS
· Any Hospital or clinic who is contracted to Impact medical ltd
How is this data captured?
This data will start to be captured once you have accepted a job offer from Impact Medical ltd. Some of this data may already have been captured as part of the job application process.
Where is the data stored?
The data will be stored on secure company infrastructure within the UK. This will primarily be on a cloud platform , but some may be stored at Impact Medical’s office in Aintree.
Who has access to the data?
The data will only be accessed by authorised personnel. Systems are in place to monitor access to personal information to make sure nobody is able to see it without proper authorisation.
How long will Impact Medical Ltd retain the data?
Impact Medical will retain this information for the period of your employment with the company.
What is Impact Medical’s lawful basis for processing the data?
All items collected and processed are due to contractual or legal obligations, or where processing is in your vital interests, with the exception of the following items which will only be collected and processed with your consent
· Information on Disability
· Ethnicity
· Living Arrangements
Former Staff
What data does IRS process?
After your employment with Impact Medical has ended the following data items may be processed
· Full Name
· Date of Birth
· Address
· Personal Email Address
· Bank Details
· National Insurance Number
· Your Signature (both physical and digital)
How will this data be used?
Your data may be used as part of the following processing activities
· HR
· Payroll
This data will not be actively processed but rather placed in storage for the purpose of record keeping where required by law.
Who is the controller for this data?
In this instance Impact Medical Ltd is the controller of your data.
Will the data be shared with anyone?
The following 3rd parties will be used to process your data on Impact Medical Ltd behalf
· Impact Medical Ltd accountants
· Sage payroll
How is this data captured?
This data will start to be captured once you have accepted a job offer from Impact Medical Ltd. Some of this data may already have been captured as part of the job application process.
Where is the data stored?
The data will be stored on secure company infrastructure within the UK. This will primarily be on a cloud platform , but some may be stored at Impact Medical’s office in Aintree.
Who has access to the data?
The data will only be accessed by authorised personnel. Systems are in place to monitor access to personal information to make sure nobody is able to see it without proper authorisation.
How long will Impact Medical Ltd retain the data?
Impact Medical Ltd will retain this information for the period of six years after your employment with the company ends.
What is Impact Medical lawful basis for processing the data?
All items collected and processed are due to contractual or legal obligations, or where processing is in your vital interests.
Emergency Contacts for Staff
What data does Impact Medical Ltd process?
The following data items may be processed by Impact Medical Ltd
· Full Name
· Phone Number
How will this data be used?
Your data may be used to contact you in an emergency situation involving the Impact Medical Ltd employee who nominated you as their emergency contact.
Who is the controller for this data?
In this instance Impact Medical Ltd is the controller of your data.
Will the data be shared with anyone?
Impact Medical Ltd will not share your information with any third parties.
How is this data captured?
This data was given to Impact Medical Ltd by the employee who nominated you as their emergency contact.
Where is the data stored?
The data will be stored on secure company infrastructure within the UK. This will primarily be on a cloud platform , but some may be stored at Impact Medical’s office in Aintree.
Who has access to the data?
The data will only be accessed by authorised personnel. Systems are in place to monitor access to personal information to make sure nobody is able to see it without proper authorisation.
How long will Impact Medical Ltd retain the data?
Impact Medical Ltd will retain the data during the employment of the employee who nominated you, unless in the meantime the employee chooses to nominate someone else.
Upon termination of the employment of the employee who nominated you, the data will be removed from the system.
What is Impact Medical’s lawful basis for processing the data?
Our lawful basis for processing your information is that it is in the vital interests of the employee and yourself.
Visitors to Impact Medical’s Website
What data does Impact Medical Ltd process?
When you visit the Impact Medical Ltd website the following information may be collected by Impact Medical when you use the contact form on the website.
· Full Name
· Email Address
Cookies from the following providers may be placed on your device when visiting the Impact website
· LinkedIn – Privacy Policy
· Twitter – Privacy Policy
· Google – Privacy Policy
Their individual privacy policies can be found in the links above.
How will this data be used?
The data submitted to Impact Medical Ltd via the contact form will only be used to reply to query itself.
Data stored in cookies from 3rd parties will be used by Impact Medical to monitor website activity. These cookies may be used by other 3rd parties outside of the Impact Medical website to display targeted advertisements to you. The mechanisms for creating these cookies are built into the plugins provided by the 3rd parties that allow richer content on the Impact Medical website.
Who is the controller for this data?
For cookies stored on your device
Will the data be shared with anyone?
The 3rd parties listed previously are the only 3rd parties Impact Medical will share your data with. Please consult the 3rd parties’ individual privacy policies for more information on if they may share your data.
How is this data captured?
Regarding contact forms, your data will be entered and submitted by yourself.
With cookies, your data is captured automatically upon visiting the Impact Medical website at www.impactmedical.co.uk.
Where is the data stored?
The data submitted through the contact form and processed directly by Impact Medical Ltd will be stored on secure company infrastructure within the UK. This will primarily be on a cloud platform , but some may be stored at Impact Medical’s office in Aintree.
More information on how and where 3rd parties store your data can be found in their individual privacy policies.
Who has access to the data?
The data will only be accessed by authorised personnel. Systems are in place to monitor access to personal information to make sure nobody is able to see it without proper authorisation.
More information on how and where 3rd parties store your data can be found in their individual privacy policies.
How long will Impact medical retain the data?
Contact form data will be retained the period required to process the query. After this, the data may be transferred to another process e.g. if you have requested a quote.
What is Impact Medical’s lawful basis for processing the data?
For all information gathered via the website we rely on your consent as our lawful basis for processing. By submitting your data via a contact form you consent to us using your data in the manner stated above.
Customers
What data does Impact Medical process?
During the course of your employment with Impact Medical Ltd the following data items may be processed
· Full Name
· Address
· Business Phone Numbers
· Business Email Address
How will this data be used?
Your data will be used to deliver the products and services you have bought from Impact Medical Ltd. This will include processing for billing, etc.
We may also use this data to market additional products and services that Impact Medical offer that we think may be of interest to you.
We may on occasion send customer satisfaction surveys to you to make sure we are providing a level of service you are happy with.
Who is the controller for this data?
In this instance Impact Medical is the controller of your data.
Will the data be shared with anyone?
The data will not be shared with any 3rd parties.
How is this data captured?
This data may be sent by
· Physical Order Form
· Telephone
Where is the data stored?
The data will be stored on secure company infrastructure within the UK. This will primarily be at the Aintree office, but some may be stored in cloud platforms.
Who has access to the data?
The data will only be accessed by authorised personnel. Systems are in place to monitor access to personal information to make sure nobody is able to see it without proper authorisation.
How long will Impact Medical retain the data?
Impact Medical will retain financial data for as long as legally necessary mandated by our financial obligations.
As a courtesy, we will keep your data for a period of 2 years after the expiration of the most recent contract you have with Impact Medical ltd. After this period you will be contacted to ask if you wish to renew consent to be contacted for another 2 years. If you choose not to renew this consent, the data will be deleted and you will need to sign up with a new account.
What is Impact medical’s lawful basis for processing the data?
All items collected and processed are due to contractual or legal obligations, or where processing is in your vital interests.
Where we use your information for marketing purposes, will we ask for your consent.
Staff of Customers
What data does Impact Medical process?
During the course of your employment with IRS the following data items may be processed
· Full Name
· Phone Number
· Email Address
How will this data be used?
Your data will be used to deliver the products and services your employer has bought from Impact Medical. This may include processing for billing, etc.
We may also use this data to market additional products and services that Impact Medical offer that we think may be of interest to you.
We may on occasion send customer satisfaction surveys to you to fill in on your employer’s behalf to make sure we are providing a level of service you are happy with.
Who is the controller for this data?
In this instance your employer is the controller of your data.
Will the data be shared with anyone?
The data will not be shared with any 3rd parties.
How is this data captured?
This data may be sent to Impact Medical via various means. It will only be captured if it is required in the provision of the contracted services with your employer e.g. if you are the person who needs to receive a specific report.
Where is the data stored?
The data will be stored on secure company infrastructure within the UK. This will primarily be at the Aintree office, but some may be stored in other Impact medical cloud platforms.
Who has access to the data?
The data will only be accessed by authorised personnel. Systems are in place to monitor access to personal information to make sure nobody is able to see it without proper authorisation.
How long will Impact Medical retain the data?
Impact Medical will retain this data during the period of your employment or a period of 2 years after the expiration of the most recent contract your employer has with Impact Medical. After this period you will be contacted to ask if you wish to renew consent to be contacted for another 2 years. If you choose not to renew this consent, the data will be deleted.
What is Impact Medical’s lawful basis for processing the data?
All items collected and processed are due to contractual or legal obligations, or where processing is in your vital interests.
Where we use your information for marketing purposes, will we ask for your consent.
Course Attendees
As a course attendee the following data items may be processed
· Full Name
· Address
· Business Phone Numbers
· Business Email Address
How will this data be used?
This data will be used to book you on the course selected.
Who is the controller for this data?
In this instance the controller of your data is either yourself or your employer.
Will the data be shared with anyone?
This data will not be shared with any 3rd parties.
How is this data captured?
This data may be sent by
· Physical Order Form
· Telephone
· Website Course Booking Form
Where is the data stored?
The data will be stored on secure company infrastructure within the UK. This will primarily be at the Aintree office, but some may be stored in other Impact Medical cloud platforms.
Who has access to the data?
The data will only be accessed by authorised personnel. Systems are in place to monitor access to personal information to make sure nobody is able to see it without proper authorisation.
How long will Impact Medical Ltd retain the data?
Please view the section Customer or Staff of Customer for more information regarding data retention periods.
What is Impact Medical’s lawful basis for processing the data?
All items collected and processed are due to contractual or legal obligations, or where processing is in your vital interests.
Personal Monitoring Badge Wearers
What data does Impact Medical process?
If you are wearer on our Personal Dosimetry System, the following information will be processed
· Full Name
· Dose Information
Additionally, for classified workers the following information will be processed
· Date of Birth
· National Insurance Number
How will this data be used?
Your data will be processed in the course of Impact Medical Ltd running our Personal Dosimetry service. This includes your name and dose information being entered onto our suppliers’ systems for viewing dose reports. Your information will be used in the creation of badge reports that will be sent to your employer to assist in their legal obligation to make sure staff doses are as low as reasonably practicable. Your information may be used to create an alert if our suppliers’ systems are showing you have a dose rate above an acceptable tolerance.
Any alerts will be forwarded to your employer.
Who is the controller for this data?
In this instance your employer is the controller of your data.
Will the data be shared with anyone?
The following 3rd party sub-processors may be used to process your data on Impact medical’s’ behalf
· IRS
How is this data captured?
You name will be sent to us by your employer. Your dose information will be read from badges.
Where is the data stored?
The data processed directly by IRS will be stored on secure company infrastructure within the UK. This will primarily be at the Liverpool office, but some may be stored in other IRS offices and cloud platforms.
Who has access to the data?
The data will only be accessed by authorised personnel. Systems are in place to monitor access to personal information to make sure nobody is able to see it without proper authorisation.
How long will IRS retain the data?
IRS will retain the data for a period of 2 years. After this they will be deleted.
For classified workers whose information dates back to pre-2000, IRS may still have your data stored as the company was an approved dosimetry service up until this point and have a legal obligation to hold onto this data for 50 years.
What is Impact Medical’s lawful basis for processing the data?
In certain circumstances, your employer is legal obliged to monitor doses to staff. Beyond that this processing is in your best interests.
How can I manage/withdraw consent?
If you wish to withdraw consent for Impact medical ltd and sub-processors to process your data, please email office@impactmedical.co.uk with details of your request. We may ask you to provide additional information as proof of your identity before releasing the information. This is a security precaution to ensure your data is not accessed maliciously.
This procedure is granular so you may withdraw consent for specific processing, but keep it for others.
How can I find out what data Impact Medical Ltd has? Right to Access/Right to data portability?
You can request a copy of any information we hold about you be emailing office@impactmedical.co.uk. We may ask you to provide additional information as proof of your identity before releasing the information. This is a security precaution to ensure your data is not accessed maliciously.
The data will be provided in a secure electronic format in a standard format such as CSV.
There is no charge for this service and we will provide the data within 30 days of the request. We may charge a small fee if we feel the request is unfounded or excessive (in the case of repetitious requests, for example).
How can I update the data Impact Medical Ltd has? Right to Rectification
You have the right to update your information at any point if you feel the information we hold about you may be incorrect. This can be done by contacting office@impactmedical.co.uk. We may ask you to provide additional information as proof of your identity before changing the information. This is a security precaution to ensure your data is not accessed maliciously.
How can I request removal of data Impact Medical Ltd has? Right to Erasure
If you are unwilling for Impact Medical Ltd to store this information, you have the right to be forgotten and request that we delete any of your data that we hold on our systems.
This can be done by contacting office@impactmedical.co.uk. We may ask you to provide additional information as proof of your identity before deleting the information. This is a security precaution to ensure your data is not accessed maliciously. We may also keep an identifier related to your information. This is so that if we ever need to restore data from a backup, we can check and remove any previously deleted information.
This only applies to data where Impact Medical Ltd has gained your consent in order to process your data. Impact medical will be unable to delete your data if there is a contractual or lawful obligation to keep it, or if keeping the data is in the public interest or the best interest of individuals.