This Policy is intended to explain how your personal data is processed and used by Anchorage Barn Equine Clinic Ltd following General Data Protection Regulation (GDPR) guidelines.
What information do we collect?
We may request: Full name, address, contact phone numbers, email address and directions to premises.
What do we do with the information we collect?
The personal data we hold will be used for the provision of care (both emergency and preventative) to your animals and for legitimate interests. These legitimate interests can include practice updates, practice news, processing insurance claims and requesting the processing of laboratory samples.
How to access your personal data
If you require to access the data we hold of you (this does not include that of your animals), we request you write to us and include a signature on your request. We will provide this information within one month of receiving the written request.
How to withdraw consent
If you would like to withdraw consent please write to us and include your signature and we will amend your records on receipt of the letter.
How long is data held for?
Data is held whilst a client is actively using Anchorage Barn Equine Clinic’s services. When no longer an active client, the data is made inactive and anonymised.
Can consent be refused?
Individuals can refuse to consent without detriment and it is not a precondition of service.
Anchorage Barn Equine Clinic Ltd will only disclose your personal information when required by law.
The individuals whose data is kept on our system are given the following rights by GDPR concerning the data and its use:
- The right to be informed about how the data is used
- The right of access to the personal data held
- The right to rectification if the data is inaccurate or incomplete
- The right to erase data where there is no compelling reason for its continued processing
- The right to restrict processing of personal data
- The right to data portability for their own purposes across different services
- The right to object to processing
- Rights in relation to automated decision making and profiling.
Each member of staff has a specific login and privilege level for appropriate access to certain areas of the data system. All backup devices are locked away and alphanumeric passwords are in use. Computer security/antivirus is regularly updated and access to Wi-Fi is password protected. When computerised records are deleted, anonymisation is used. All unused and outdated software is removed. A regular off-site backup takes place and we have the ability to restore the availability and access to personal data if required.
We have a ‘clear desk’ policy and access to data is limited to ‘need to know’ individuals. Paperwork and files are locked away when not in use.
Staff are made aware and are required to be vigilant against cyber-security threats and phishing emails, security software warnings and the risk of posting practice information to social networks. A mobile phone policy is also in place for those individuals with access to a work mobile phone.