Privacy Policy

This is the privacy policy notice issued by Aquamarine Medicals Ltd, 1 Emma Place Ope, Stonehouse, Plymouth, PL1 3FD through the website www.aquamarinemedicals.co.uk. This policy describes how your personal data is managed and protected by Aquamarine Medicals Ltd both during use of this website and in business activity.

Data protection of your personal information is key to Aquamarine Medicals Ltd. This privacy policy may change. The current version will be displayed on our website, and becomes effective immediately on publishing. If you do not agree to this policy you may wish to stop accessing this website, and/or not to provide your personal data to us.

We are registered with the ICO under the Data Protection Register. The Data Protection Officer is Dr Christine Penny, who can be contacted via christine@aquamarinemedicals.co.uk – ICORegistration reference ZA787891

Personal data collected – Personal data is any data that could identify you as an individual. Personal data you give to us may include (but is not limited to) your name, contact information, photographic identification, and web usage. Your health records may include both our own records and those on occasion as required, provided by third parties.

How is personal information collected – may be provided by you by telephone, via our website, by email or during a face to face consultation. We may seek your consent to contact your employer or other healthcare professionals – either to gain further information or to seek expert opinion.

Why is personal information collected – To enable Aquamarine Medicals Ltd. provide a medicals service, it is necessary to hold information about you, including but not limited to, your contact details, and your health records. Information may be used to meet legal requirements and also to check your identity for security and anti-fraud purposes or to seek feedback to improve our services.

How is personal information stored and kept secure – paper or electronic form. Procedures are in place to prevent unauthorised access or disclosure of your records. Only those with genuine and demonstrable need will be able to access your personal data. A GDPR compliant medical records software is used with password protection with back-up storage on a secure server at physically separate locations. Paper records are kept in locked cabinets.

Policies and procedures are in place to deal with any suspected data breach so that any loss of data, or consequential damage, is minimised.

Aquamarine Medicals Ltd do not store any bank or credit card details, these are held securely by our nominated payment partner Stripe.

How is personal information used – Processing of data encompasses all activity to do with your personal data which includes but is not limited to, obtaining data, storage, amendment, transfer and deletion of data. Personal data provided forms your medical record held by Aquamarine Medicals Ltd but also may be used for purposes of communication with you, other healthcare professionals if expert advice is needed. On occasion your consent may be sought to liaise with your employer.

Aquamarine Medicals Ltd welcomes feedback to help improve services and you may be contacted for this purpose. We will not sell or distribute your information to third parties, unless we have your permission, or we are under a legal obligation to do so.

If you wish to request details of personal information held on systems and in hard copy stored by Aquamarine Medicals Ltd, please contact the Data Protection Officer using the contact details on this website.

How long we keep personal data – Current legislation requires retention of medical records for a minimum of seven years, or longer in some cases. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. We will not store your information for longer than is reasonably necessary or required by law.

Your information will be kept securely at all times and at the end of the retention period, your files and personal data will be permanently deleted or destroyed.

Individual rights under GDPR – Under the GDPR you have a number of important rights, these can be accessed here