Privacy Policy

Data Protection & Confidentiality Policy

 

Data Protection & Confidentiality Policy (GDPR Compliance)

 

Purpose

This policy outlines how Fast D4 Medicals collects, processes, and secures personal and medical data in compliance with the UK GDPR and the Data Protection Act 2018.

 

Scope

This policy applies to all staff handling patient information.

 

Data Collection and Use

- Personal data will be collected for medical assessments and stored securely.

- Data will not be shared with third parties without explicit consent, except where legally required (e.g., TfL, DVLA).

- Medical records will be retained for **7 years** from the last appointment date.

 

Patient Rights

- Patients have the right to access their records upon written request.

- Patients can request corrections to inaccurate data.

- Data will be deleted upon request, unless required for legal reasons.

 

Data Security

- Medical records will be stored on secure, encrypted systems.

- Only authorized personnel will have access to medical data.

- Breaches will be reported within 72 hours to the ICO (Information Commissioner’s Office).