MenuClose
About Us
Services
Contact Us
Work With Us
Contact Us
Book With Us

MedExpress:

Data Protection and Privacy Policy

1. Introduction

MedExpress needs to collect personal information about people with whom it deals in order to carry out its business and provide its services. Such people include patients, employees (present, past and prospective), suppliers, clients and other business contacts.

The information includes name, address, email address, data of birth, private and confidential information, sensitive information. In addition, we may occasionally be required to collect and use certain types of such personal information to comply with the requirements of the law. No matter how it is collected, recorded and used, this personal information must be dealt with properly to ensure compliance with the Data Protection Act 1998 (the Act) and the General Data Protection Regulation (GDPR).

The lawful and proper treatment of personal information by MedExpress is extremely important to the success of our business and in order to maintain the confidence of our service users and employees. We ensure that our company treats personal information lawfully and correctly. 


2. Data Protection Principles

MedExpress fully supports and complies with the principles of the Act which are summarised below: 

  • personal data shall be processed fairly and lawfully
  • personal data shall be obtained/processed for specific lawful purposes
  • Personal data help must be adequate, relevant and not excessive personal
  • personal data must be accurate and kept up to date
  • personal data shall not be kept any longer than necessary
  • personal data shall be processed in accordance with rights of data subjects, ensuring that the rights of people about whom information is held can be fully exercised under the GDPR (i.e. the right to be informed that processing is being undertaken, to access personal information on request; to prevent processing in certain circumstances, and to correct, rectify, block or erase information that is regarded as wrong information)
  • personal data must be kept secure
  • personal data shall be not transferred outside the European Economic Area unless there is adequate protection.

3.Information Covered by the Data Protection Act

The Act's definition of "personal data" covers any data that can be used to identify a living individual. These are outlined in full in our Confidentiality Policy. 

4.Responsibilities 

MedExpress will:

  • Ensure that there is always one person with overall responsibility for data protection. Currently this person is Richard Ronald Allan, one of the directors.
  • Provide training for all staff members who handle personal information and ensure access to further guidance and support. 

  • Provide clear lines of report and supervision for compliance with data protection. 

  • Carry out regular checks to monitor and assess new legislation. 

  • Provide clear lines of report and supervision for compliance with data protection. 

  • Carry out regular checks to monitor and assess new legislation. 


Employee Responsibilities:

  • Observe all forms of guidance, codes of practice and procedures about the collection and use of personal information. 

  • Understand fully the purposes for which MedExpress uses personal information.

  • Collect and process appropriate information, and only in accordance with the purposes for which it is to be used by MedExpress to meet its service needs or legal requirements. 

  • Ensure the information is destroyed (in accordance with the provisions of the Act) when it is no longer required. 

  • On receipt of a request by or on behalf of an individual for information held about them will immediately notify their line manager. 

  • Not send any personal information outside of the United Kingdom without the authority of the Caldicott Guardian. 

  • Understand that breaches of this Policy may result in disciplinary action, up to and including dismissal. 

5.Auditing

Raymond Allan, a director of the company, will carry out regular audits depending on the legal requirements of each field. Audits will be carried out as follows:

Retrieving and archiving: monthly and/or quarterly audits. Seek assistance from Datix Risk Management System, an NHS body, when necessary.

Retention and disposal schedules: annual audit. Evidence: emails, minutes meetings and destruction certificates.

6.Monitoring

Compliance with the policies and procedures laid down in this document will be monitored by Richard Ronald Allan

7. Training and Awareness

Information Governance training is mandatory and all staff are required to complete annual on-line Information Governance training. 

All staff are required to read the company’s Information Governance policies and procedures as part of their induction.

Privacy Notice

Contact notices 

For patients: Should you have any queries about any of the information listed below, please speak to your health professional or alternatively contact our Data Protection Officer Richard Ronald Allan at: richardallen2@nhs.net 
Should you wish to lodge a complaint about the use of your information, please send this to: richardallen2@nhs.net or the following address:  43 The Grove, Warboys Road, Old Hurst, Cambridgeshire, PE28 3AG

For clients (non-healthcare professionals and healthcare professionals) and suppliers: 

Should you have any queries about any of the information listed below, contact our Data Protection Officer Richard Ronald Allan at: richardallen2@nhs.net 

Should you wish to lodge a complaint about the use of your information, please send this to: richardallen2@nhs.net or the following address:  43 The Grove, Warboys Road, Old Hurst, Cambridgeshire, PE28 3AG

1. Privacy Notice in line with GDPR: Patient Records

We aim to provide patients with the highest quality care. To do this, we must keep records about patients and the care we provide for them.  Health records are held on paper and electronically and we have a legal duty to keep these confidential, accurate and secure at all times in line with Data Protection Laws.  Our staff are trained to handle your information correctly and protect your privacy. We aim to maintain high standards, adopt best practice for our record keeping and regularly check and report on how we are doing. Your information is never collected for direct marketing purposes, and is not sold on to any other third parties. Your information is not processed overseas.  Sometimes a patient’s care may be provided by members of a care team, which might include people from other organisations such as health; social care; education; or other care organisations.  Information is held for specified periods of time as set out in the Records Management Code of Practice for Health and Social Care 2016.  Information collected about you to deliver your health care is also used to assist with: 



  • Making sure your care is of a high standard.
  • Using statistical information to look after the health and wellbeing of the general public and planning
  • services to meet the needs of the population.
  • Assessing your condition against a set of risk criteria to ensure you are receiving the best possible care.
  • Preparing statistics on our performance for the Department of Health and other regulatory bodies.
  • Helping train staff and support research.
  • Supporting the funding of your care.
  • Reporting and investigation of complaints, claims and untoward incidents.
  • Reporting events to the appropriate authorities when we are required to do so by law. 


The legal basis for the processing of data for these purposes is that the NHS is an official authority with a public duty to care for its patients, as guided by the Department of Health and Data Protection law says it is appropriate to do so for health and social care treatment of patients, and the management of health or social care systems and services. 
If we need to use your personal information for any reason beyond those stated above, we will discuss this with you. You have the right to ask us not to use your information in this way. However, there are exceptions to this which are listed below. 


The public interest is thought to be of greater importance for example: 
  • if a serious crime has been committed;
  • if there are risks to the public or our staff;
  • to protect vulnerable children or adults.
- We have a legal duty, for example, reporting some infectious diseases, and court orders 
- We need to use the information for medical research. We have to ask permission from the Confidentiality Advisory Group (appointed by the NHS Health Research Authority). 

Data Protection laws gives individuals rights in respect of the personal information that we hold about you. These are:

 
  • To be informed why, where and how we use your information. 

  • To ask for access to your information. 

  • To ask for your information to be corrected if it is inaccurate or incomplete. 

  • To ask for your information to be deleted or removed where there is no need for us to continue processing it.
  • To ask us to restrict the use of your information.
  • To ask us to copy or transfer your information from one IT system to another in a safe and secure 
way, without impacting the quality of the information.
  • To object to how your information is used.
  • To challenge any decisions made without human intervention (automated decision making)


Please visit our website for further details on this. 

Should you have any further queries on the uses of your information, please speak to your health professional or alternatively contact our Data Protection Officer Richard Allan at: richardallen2@nhs.net  Should you wish to lodge a complaint about the use of your information, please send this to: richardallen2@nhs.net or the following address:  43 The Grove, Warboys Road, Old Hurst, Cambridgeshire, PE28 3AG

2. Job Application and Employment

If you send us information in connection with a job application, we may keep it for up to three years in case we decide to contact you at a later date.

If we employ you, we collect information about you and your work from time to time throughout the period of your employment. This information will be used only for purposes directly relevant to your employment. After your employment has ended, we will keep your file for six years before destroying or deleting it.

3.Communicating With Us

When you contact us, whether by telephone, through our website or by e-mail, we collect the data you have given to us in order to reply with the information you need.

We record your request and our reply in order to increase the efficiency of our business.

We keep personally identifiable information associated with your message, such as your name and email address so as to be able to track our communications with you to provide a high-quality service.

4. Complaining

When we receive a complaint, we record all the information you have given to us.

We use that information to resolve your complaint.

If your complaint reasonably requires us to contact some other person, we may decide to give to that other person some of the information contained in your complaint. We do this as infrequently as possible, but it is a matter for our sole discretion as to whether we do give information, and if we do, what that information is.

We may also compile statistics showing information obtained from this source to assess the level of service we provide, but not in a way that could identify you or any other person.

5. Cookies

Cookies are small text files that are placed on your computer’s hard drive by your web browser when you visit any website. They allow information gathered on one web page to be stored until it is needed for use on another, allowing a website to provide you with a personalised experience and the website owner with statistics about how you use the website so that it can be improved.

Some cookies may last for a defined period of time, such as one day or until you close your browser. Others last indefinitely.

Your web browser should allow you to delete any you choose. It also should allow you to prevent or limit their use.
Our website uses cookies. They are placed by software that operates on our servers, and by software operated by third parties whose services we use.

When you first visit our website, we ask you whether you wish us to use cookies. If you choose not to accept them, we shall not use them for your visit except to record that you have not consented to their use for any other purpose.

6. Personal identifies from your browsing activity

Requests by your web browser to our servers for web pages and other content on our website are recorded.
We record information such as your geographical location, your Internet service provider and your IP address. We also record information about the software you are using to browse our website, such as the type of computer or device and the screen resolution.

We use this information in aggregate to assess the popularity of the webpages on our website and how we perform in providing content to you.

If combined with other information we know about you from previous visits, the data possibly could be used to identify you personally, even if you are not signed in to our website.        

7. Information we obtain from third parties

Although we do not disclose your personal information to any third party (except as set out in this notice), we sometimes receive data that is indirectly made up from your personal information from third parties whose services we use.

8. Third party advertising on the website

Third parties may advertise on our website. In doing so, those parties, their agents or other companies working for them may use technology that automatically collects information about you when their advertisement is displayed on our website.

They may also use other technology such as cookies or JavaScript to personalise the content of, and to measure the performance of their adverts.
We do not have control over these technologies or the data that these parties obtain. Accordingly, this privacy notice does not cover the information practices of these third parties.

9. If you do not provide information we need

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform that contract. In that case, we may have to stop providing a service to you. If so, we will notify you of this at the time.
 
The basis on which we process information about you

The law requires us to determine under which of six defined bases we process different categories of your personal information, and to notify you of the basis for each category.

If a basis on which we process your personal information is no longer relevant then we shall immediately stop processing your data.

If the basis changes then if required by law we shall notify you of the change and of any new basis under which we have determined that we can continue to process your information.

10. Clients and suppliers: Information we process because we have a contractual obligation with you

When you create an account on our website, buy a product or service from us, or otherwise agree to our terms and conditions, a contract is formed between you and us.

In order to carry out our obligations under that contract we must process the information you give us. Some of this information may be personal information.

We may use it in order to:

  • verify your identity for security purposes
  • sell products to you
  • provide you with our services
  • provide you with suggestions and advice on products, services and how to obtain the most from using our website

We process this information on the basis there is a contract between us, or that you have requested we use the information before we enter into a legal contract.

We shall continue to process this information until the contract between us ends or is terminated by either party under the terms of the contract

Reliable, experienced Ambulance Transport for every journey.

Get in Touch
About Us
Services
Work With Us
Contact Us
Data Protection & Privacy Policy
Complaints Policy