OPC PRIVACY NOTICE
This Privacy Notice (“Notice”) sets out the basis upon which Optimum Patient Care Limited (“OPC”, “Company”, “we”, “us” or “our”) may collect, use, disclose or otherwise process personal data of employees and candidates in accordance with the retained EU law version of the General Data Protection Regulation ((EU) 2016/679) (“UK GDPR”) and the Data Protection Act 2018 (“DPA 2018”) (collectively “Data Protection Laws”). This Notice applies to personal data in our possession or under our control, including personal data in the possession of organisations which we have engaged to collect, use, disclose or process personal data for our purposes.
APPLICATION OF THIS NOTICE
The steps we take to keep the personal data we collect secure include:
• Regularly assessing the risk of misuse, loss, interference, modification, unauthorised access or disclosure of personal data.
• Putting measures in place to address the above risks including robust information technology security, data encryption, restricted user access, and data security and protection policies.
• Regularly ensuring that our staff and contractors only access personal data when needed.
• Ensuring our staff and contractors are regularly trained on data protection at least annually. This includes compulsory annual certified training provided by NHS Digital, and NIHR certified Good Clinical Practice (GCP) training.
• Conducting regular internal audits to assess compliance with these measures and the GDPR/DPA.
• Undertaking and complying with the NHS Data Security and Protection Toolkit (ref: 8HR85) assessment annually. This assessment ensures we comply with the National Data Guardian’s Data Security Standards.
• ISO 27001 and ISO9001 certification (certificate number 385342022). These accreditations demonstrate that OPC operates in accordance with a global framework of information security and quality assurance and management.
• OPC is a registered data controller with the Information Commissioner’s Office, registration number: ZA197058.
Privacy Notice last updated 1 August 2022