Privacy and Data Protection Policy Notice
Blood Results Made Easy, Privacy and Data Protection Policy Notice refers to our commitment to treat information of employees, customers, stakeholders and other interested parties with the utmost care and confidentiality.
With this policy, we ensure that we gather, store and handle data fairly, transparently and with respect towards individual rights.
​
​
Scope
​
This policy refers to all parties (employees, job candidates, customers, suppliers etc.) who provide any amount of information to us.
Who is covered under the Data Protection Policy?
Employees of BLOOD RESULTS MADE EASY must follow this policy. Contractors, consultants, partners and any other external entity are also covered. Generally, BLOOD RESULTS MADE EASY policy refers to anyone we collaborate with or acts on our behalf and may need occasional access to data.
​
​
Collection and processing of data
​
As part of BLOOD RESULTS MADE EASY operations, we need to collect and process information. This information includes any offline or online data that makes a person identifiable such as names, addresses, email address, role, area(s) of practice and phone numbers. Data is processed by BLOOD RESULTS MADE EASY for marketing and advertising purposes, as contact information, for HR purposes and for payment services. Further details of processing include:
​
-
Processed for marketing and advertising purposes; email mailshots, brochure mailshots, newsletters.
-
Processed to directly contact the individuals who are attending the courses with pre- or post-course information or material e.g. course packs, and in case of unexpected events e.g. course cancellations.
-
Processed to monitor and record attendance for the distribution of post-course information or material e.g. course completion certificates.
-
Processed to refund payments to clients. Please note, no credit card or bank details are stored by BLOOD RESULTS MADE EASY for clients. All payments made to BLOOD RESULTS MADE EASY by clients are processed by a separate organisation, Eventbrite or Stripe and BLOOD RESULTS MADE EASY does not have access to or process this data. The only payment services data that is processed by BLOOD RESULTS MADE EASY is in the event of a refund to a client. This data is then deleted or shredded after use.
-
Processed to contact potential, current and previous contractors (lecturers) to offer employment opportunities.
-
Processed to directly contact contractors and employees currently employed by BLOOD RESULTS MADE EASY or conducting work on behalf of BLOOD RESULTS MADE EASY.
-
Processed for payment and HR administrative tasks.
​
BLOOD RESULTS MADE EASY will rely on the legal basis of Legitimate Interests under the General Data Protection Regulation (EU) 2016/679 to process personal data. These legitimate interests include the promotion of BLOOD RESULTS MADE EASY’s business, relevant and appropriate relationships, fulfilling commercial obligations, marketing and advertising and use of client and employee data.
BLOOD RESULTS MADE EASY sources this data from the individuals themselves, the employers of the individuals. Once this information is available to us, the following rules apply.
​
Our data will be:
-
Accurate and kept up-to-date
-
Collected fairly and for lawful purposes only
-
Processed by the company within its legal and moral boundaries
-
Protected against any unauthorised or illegal access by internal or external parties
-
Retained until it is no longer required for its intended purpose(s), with a retention period lasting up to 10 years
​
Your data will not be:
-
Communicated informally
-
Transferred to organisations, states or countries that do not have adequate data protection policies
-
We do not sell, distribute or lease your personal information to third parties unless we have your permission, or are required by law to do so.
​
​
Recipients of data
​
Personal data is shared with and processed by a small number of third parties in order for BLOOD RESULTS MADE EASY to achieve their Legitimate Interests. At present the following organisations have processed personal data on behalf of BLOOD RESULTS MADE EASY:
​
-
Eventbrite and Stripe are a company that collects and processes payment details from clients. BLOOD RESULTS MADE EASY does not store, have access to or process any payment details from clients. All data is given by the individual to Eventbrite and Stripe directly.
-
Google Drive (international third party); online cloud service provider where BLOOD RESULTS MADE EASY stores personal data, including name, email address and telephone number.
​
​
Obligations and rights
​
In addition to ways of handling the data the company has direct obligations towards people to whom the data belongs. Specifically, we must:
​
-
Let people know which of their data is collected
-
Inform people about how we’ll process their data
-
Inform people about who has access to their information
-
Have provisions in cases of lost, corrupted or compromised data
-
Allow people to request that we modify, erase, reduce or correct data contained in our databases
Under certain circumstances individuals have the right to:
-
Access confirmation that their data is being processed
-
Access their personal data
-
Access other supplementary information
-
Rectify inaccurate personal data
-
Erase personal data
-
Restrict processing of personal data
-
Withdraw their consent to the processing of their personal data, in particular in regards to a personal legitimate interest and direct marketing
-
Lodge a complaint with a supervisory authority
​
Should an individual wish to exercise any of these rights then please contact bloodresultsmadeeasy@gmail.com with the request. The obligation will be fulfilled free of charge and within one month, unless requests are reasonably considered excessive, considerably burdensome or unfounded. No personal data will be shared without verification of the identity of the individual.
​
​
Actions
To exercise data protection we’re committed to:
​
-
Restrict and monitor access to sensitive data
-
Develop transparent data collection procedures
-
Train employees in online privacy and security measures
-
Build secure networks to protect online data from cyberattacks
-
Establish clear procedures for reporting privacy breaches or data misuse
-
Include contract clauses or communicate statements on how we handle data
-
Establish data protection practices (document shredding, secure locks, data encryption, frequent backups, access authorization etc.)
​
​
Disciplinary Consequences
All principles described in this policy must be strictly followed. A breach of data protection guidelines will invoke disciplinary and possibly legal action.