Data Compliance Policy

 

This Data Protection Compliance Policy sets out the steps taken by GP-Plus Limited to ensure that its data processing practices are in accordance with UK data protection law. GP-Plus acknowledges that the personal data it processes is, and shall remain, the property of the Client/Patient. Upon termination of the contractual relationship with the Client/Patient, GP-Plus (or other properly appointed responsible agent) will continue to hold the personal data on behalf of the Client/Patient. The Client/Patient reserves the rights to access their personal data in accordance with this data protection statement at any time. Personal data will not be given to any other third parties for any purpose. GP-Plus has in place appropriate technical and organisational measures against the accidental, unauthorised or unlawful processing, destruction, loss, damage or disclosure of personal data and adequate security programmes and procedures to ensure that unauthorised persons do not have access to personal data or to any equipment used to process personal data. GP-Plus provides individuals (including the Client/Patient HR) with the right of access, rectification, blocking, erasure and/or destruction available to such individuals under the applicable data protection laws in the UK. GP-Plus acknowledges that the personal data it processes is, and shall remain; the property of the Client/Patient and it will return to the Client/Patient all copies of the relevant data upon termination of the contractual relationship with them as and when requested.

Security Policy

 

GP-Plus Limited has in place and undertakes to maintain appropriate technical and organisational measures against the accidental, unauthorised or unlawful processing, destruction, loss, damage or disclosure of data. Likewise, adequate security programs and procedures are in place to ensure that unauthorised persons do not have access to the data or to any equipment used to process the data.