The Implant Centre is committed to protecting your privacy. The General Data Protection Regulation (GDPR) is a landmark privacy law affecting the European Union (EU).
The following is an overview of the key points and how The Implant Centre understands its compliance obligations; further information and guidelines on the GDPR may be obtained from the Information Commissioner’s Office website.
Our full Privacy Notice can be found here
What is the GDPR?
The General Data Protection Regulation (GDPR) is a new privacy legislation that replaces the EU Data Protection Directive (Directive 95/46/EC) within the European Union. The GDPR regulates the collection, use, transfer, and sharing of personal data with the key purpose of protecting it.
What constitutes personal data?
Personal data includes any information related to a living resident or citizen of the EU that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, medical information, or even an IP address or cookie.
Who does the GDPR affect?
The GDPR affects companies processing the personal data of individuals residing in the European Union, regardless of a company’s location. It applies not only to organisations located within the EU, but also to organisations located outside of the EU if they offer goods or services to or monitor the behaviour of EU residents and/or citizens.
How will the GDPR affect businesses?
The GDPR requires organisations to be transparent on how personal data is collected, used, and stored. This requires transparency from organisations on what personal data is collected, purposes for which it is collected, and who it is shared with. It also requires companies to enable individuals whose personal data is being processed to exercise their rights in relation to their data. The GDPR also requires companies to ensure appropriate protections when EU personal data is transferred outside the EU.
What new user rights does GDPR regulate?
- Right to Access. EU residents and citizens (or “Data Subjects,” as they are called in the regulation) have the right to obtain confirmation from the organisation that has collected their data as to whether their personal data is being processed, where, and for what purpose. They also currently have (and will continue to have under the GDPR) the right to receive a copy of this personal data.
- Right to Be Forgotten (or Data Erasure). Data Subjects can demand that the organisations erase their personal data and cease further dissemination of the data.
- Data Portability. Data Subjects can receive the personal data concerning them (which they have previously provided) and have the right to transmit that data to another organisation.
The Implant Centre and GDPR for Employees and Subcontractors
The Implant Centre maintains a Privacy Notice on our website that outlines how we will collect and use data in compliance with the GDPR, and also details on the compliance of our third party service providers.
In summary, we collect information from you in the following ways
- When you complete a job application, including submission of a CV
- When you complete a form on the website
- When you phone The Implant Centre
- When you email The Implant Centre
- When you commence working for, or with The Implant Centre
This information may include
- Email address
- First name
- Last name
- Phone number
- Date of Birth
- Employment history
- Medical History
- Criminal Record checks
- Other personal details
This information is stored in our secure Servers and / or on the Servers of our third party service providers (See our Privacy Notice), and is accessible only by the The Implant Centre Staff.
If any information is provided on paper, the paper record is filed securely after transferring to our computer systems.
We collect this information to be able to provide effective HR Management for employees and to ensure subcontractors perform in compliance with our privacy policies, and our own obligations under the GDPR.
These records are kept securely and confidentially and you can request to see the information, have it corrected, or be removed from our database at any time, except where our legal obligations state otherwise.
We keep staff and sub-contractor records for 6 years in order to meet our current legal obligations.
If you have any questions, comments or concerns about our GDPR generally or our Privacy Notice, please email us at [email protected]