Data Protection Policy

---

Introduction
At Pride In Health, your privacy is our priority. We are committed to safeguarding your personal data and ensuring that it is handled in a lawful, fair, and transparent manner. This policy outlines how we collect, use, and protect your personal information in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA2018).

What Information We Collect

We may collect and process various types of personal data, including but not limited to:

• Identifiers: Name, address, email address, date of birth.
  
• Contact Information: Phone number, postal address.
  
• Medical Information: Health history, medical records.
  
• Other Data: Information provided through our services, feedback, or inquiries.
  

How We Use Your Information

We use your personal data to:

• Provide and manage our services.
  
• Process and respond to your inquiries and requests.
  
• Comply with legal obligations.
  
• Improve our services based on feedback and analytics.
  
• Conduct necessary administrative tasks.
  

Lawful Basis for Processing

We process your personal data under the following lawful bases:

• Consent: Where you have given clear consent for us to process your personal data for a specific purpose.
  
• Contract: The processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract.
  
• Legal obligation: The processing is necessary for us to comply with the law.
  
• Vital interests: The processing is necessary to protect someone’s life.
  
• Public task: The processing is necessary for us to perform a task in the public interest or exercise official authority.
  
• Legitimate interests: The processing is necessary for our legitimate interests or the legitimate interests of a third party unless there is a good reason to protect your personal data which overrides those legitimate interests.
  

Data Protection Principles

We adhere to the following principles to ensure your personal data is:

• Processed lawfully, fairly, and transparently: We explain how we use your data and obtain your consent where necessary.
  
• Collected for specified, explicit, and legitimate purposes: We only collect data for specific needs and do not use it beyond those purposes.
  
• Adequate, relevant, and limited: We collect only the necessary information to fulfil our services and legal requirements.
  
• Accurate and up-to-date: We make efforts to keep your data accurate and allow you to update it as needed.
  
• Kept for no longer than necessary: We retain your data only as long as required for our services or legal obligations.
  
• Secure: We implement technical and organisational measures to protect your data from unauthorised access, loss, or damage.
  

Your Rights

You have the following rights regarding your personal data:

• Right to be informed: You have the right to be informed about the collection and use of your personal data.

• Right of access: You have the right to access your personal data and supplementary information.
  
• Right to rectification: You have the right to have inaccurate personal data rectified or completed if it is incomplete.
  
• Right to erasure: You have the right to have your personal data erased in certain circumstances.
  
• Right to restrict processing: You have the right to request the restriction or suppression of your personal data in certain circumstances.
  
• Right to data portability: You have the right to obtain and reuse your personal data for your own purposes across different services.
  
• Right to object: You have the right to object to the processing of your personal data in certain circumstances.
  
• Rights in relation to automated decision making and profiling: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
  

To exercise any of these rights, please contact our Data Protection Officer.

Sharing Your Information

We do not share your personal data with third parties unless:

• We have your explicit consent.
  
• It is necessary for our service delivery.
  
• We are required by law to do so.
  
• It is necessary for the performance of a task carried out in the public interest.
  
• The information is anonymized and does not identify you.
  

Data Retention

We will retain your personal data only as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. We regularly review our retention periods for personal data to ensure they are adequate and lawful.

Security Measures

We take appropriate technical and organisational measures to protect your personal data, including:

• Secure storage of physical and digital records.
  
• Access controls to restrict who can access your data.
  
• Regular training for our staff on data protection practices.
  
• Encryption and anonymization where applicable.
  
• Regular audits and assessments of our data protection practices and security measures.
  

Breach Notification

In the unlikely event of a data breach, we will:

• Notify the Information Commissioner’s Office (ICO) within 72 hours if the breach is likely to result in a risk to the rights and freedoms of individuals.
  
• Inform affected individuals without undue delay if the breach is likely to result in a high risk to their rights and freedoms.
  

Third-Party Processors

We may employ third-party companies and individuals to facilitate our services. These third parties have access to your personal data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose. We ensure that all third-party processors comply with data protection laws and our standards.

International Data Transfers

Your personal data may be transferred to and processed in countries outside of the United Kingdom. Where such transfers occur, we will ensure that there are adequate safeguards in place to protect your data, such as Standard Contractual Clauses or an adequacy decision by the UK government.

Contact Us

If you have any questions or concerns about our data protection practices, please contact our Data Protection Officer.

Changes to This Policy

We may update this policy from time to time to reflect changes in our practices or legal requirements. Any changes will be posted on this page, and we encourage you to review our policy periodically.

Thank you for trusting Pride In Health with your personal information. We are committed to protecting your privacy and providing transparent, secure services.

Contact Information:

For any queries or further information, please contact our Data Protection Officer at data@prideinhealth.co.uk.

This policy will be reviewed annually to ensure it remains relevant and compliant with applicable data protection laws.
Last Updated: 16/07/2024