Due to data protection regulations we are required to inform you that we hold your details for the purposes of the normal running the practice. Your details will not be passed onto any third party unless requested by you.
Information Security Policy
DILLIWAY BOSLEY and WALKER LTD 2018. 2019.
Data protection commissioner number ZA 423304 Registration number A 8364274
Legislation the GDPR applies to the processing of personal data:
GDPR information about individuals acting as sole traders, employees, partners and company directors where they are individually identifiable, and the information relates to them as an individual will constitute personal data. Damage or disruption to our activities. This is most likely to be in the form of non-targeted hacking of computer systems that are in use but may also be an attempt to steal financial or personal data that we hold.
This Policy is intended to address concerns, and to render us compliant with Data Protection legislation.
What is Sensitive Data?
the racial or ethnic origin of the client or staff member,
their political opinions,
their religious beliefs or other beliefs of a similar nature,
whether they a member of a trade union (within the meaning of the Trade Union and Labour Relations (Consolidation) Act 1992),
their physical or mental health or condition,
their sexual life,
the commission or alleged commission by them of any offence, or any proceedings for any offence committed or alleged to have been committed by them, the disposal of such proceedings or the sentence of any court in such proceedings.
Data Management and Security Responsibilities
All staff have some responsibility! Specific responsibilities are allocated as follows:
Directors A.C.Walker AW and J. Bosley responsible for staff personal data
Vets Anja Walker Ray Dilliway Alessia Sorrentino
Nurse Heather Greenslade GDPR officer
Office staff Clair Parnham, Jenny Sampson, Lucy Forrest
Accounts clerk Katie Causier
Directors have access to all above,
Nurses and receptionists no HR details, or staff financial details.
Nurses and receptionists all client information and suppliers.
Assistants all client information.
Data Audit –
a. Staff details: Personnel data contact name and address, financial data, HR information, and contracts.
b. Client details: Personnel data contact name and address, financial data, some sensitive data.
Client Bank details.
Each client releasing the information of card details will have the security of the Bank compliance checking system frequently up dated. (Quarterly checks)
All card details are shredded along with the receipt slips and NO details are kept on any clients.
Vetting details are taken in confidence and payment details are held for up to 1 week then as above shredded.
c. Confidential clinical records: incidental personal data within notes
RCVS client confidentiality policy – all covers the above.
d. Contact details for suppliers: Personnel data contact name address, financial data.
e. Third party information passed to Laboratories, Referral hospitals, Insurance companies, all with prior acknowledgment of the owner.
f. Web site logs held by The Design Shepherd – records of visitors to site and any pages visited.
g. Correspondence letters and e mails.
h. Ezo office have access to the client information, and by remote access
i. Microsoft is a sub processor for the e mails which are controlled by EzoOffice.
j. Deep blue Logic Exeter Road Cullompton EX15 1DX viral cleaning service
k. Telephone line is ISDN line including broadband connection.