What do we need to document under Article 30 of the GDPR?
The name and contact details of your organisation (and where applicable, of other controllers, your representative and your data protection officer).
The purposes of your processing.
A description of the categories of individuals and categories of personal data.
The categories of recipients of personal data.
Details of your transfers to third countries including documenting the transfer mechanism safeguards in place.
A description of your technical and organisational security measures.
including any data you may provide to me face to face, or by completing our website ‘contact us’ form or by sending me an email.
Business name: Jennie Alexander OT
Email address: firstname.lastname@example.org
WHAT INFORMATION /DATA DO WE COLLECT/PROCESS AND WHY
For general customers who require training/workshops/general advice:
Additional information we may collect process for Occupational Therapy assessments/reports/advice when supplied by our clients for this use can contain the following:
GP, treating hospital, Consultants name, medication diagnosis/medical information.
WHO ARE OUR CUSTOMERS
Occupational Therapy clients
Individuals-general customers-non specific
Charitable organisations/care homes/businesses
Clients contacting us via the website, by phone, text or email or by word of mouth.
WHO DO WE SHARE THE INFORMATION WITH AND HOW?
We may share information with third parties only when requested and with customer consent as stated in our contract which is supplied via email/post. Except when the law requires us to do so.
INFORMATION OUT OF THE UK
We do not share customer information outside the UK
Records will be kept in line with GDPR requirements RCOT and HCPC.
TECHNICAL AND ORGANISATIONAL SECURITY MEASURES
Customer paper information is stored in a locked filing cabinet.
Customer electronic information is password protected, has antivirus with firewall protection. The electronic device eg: laptop is not a shared device and the primarily use is for business.