1. MedAid Services
  2. About Us
  3. Legal
  4. Privacy Notice

Privacy Notice

Privacy Notice

This Privacy Notice sets out how MedAid Services Ltd processes (collects, uses, retains, protects and discloses) personal information.

We recognise the rights you have over your data and acknowledge the control you exercise over how it should be used. We respect these rights and are committed to safeguarding your privacy.

The key laws that determine how we use your information are:

  • General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679)
  • Data Protection Act 2018
  • Human Rights Act 1998 (HRA)
  • Common law duty of confidentiality

MedAid Services Ltd is registered as a Data Controller with the Information Commissioner’s Office (Registration Number: ZA170298).

The information we collect and how we use it is explained in more detail in the following sections.

 

Data Protection

The key data protection legislation that sets the rules and determines how we process personal information is the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) and the Data Protection Act 2018 (DPA 2018).

Under the GDPR, all processing of personal information must adhere to the following principles:

  • Processed fairly, lawfully and transparently.
  • Processed only for specified, explicit and legitimate purposes.
  • Adequate, relevant and limited to what is necessary in relation to the purposes of processing
  • Accurate and rectified without delay if inaccurate.
  • Not kept for longer than necessary.
  • Processed securely – to preserve the confidentiality, integrity and availability of the data
 

When You Visit Our Website

Our main website is www.medaidservices.co.uk.

We also operate the following websites:

What kind of personal information do we process?

No personal information is processed when you visit any of our websites. Our website use strictly necessary cookies for technical reasons; those that enable a personalised experience for visitors and registered users. For more details on how we use cookies, go to our Cookies page.

Will my information be shared with anyone else?

No. We do not collect any personal information through the use of our websites. Personal information submitted through contact/booking forms are processed as per the sections below.

 

When You Use Our Event Medical Service

We make first aid and medical support available at events by getting medical help to patients who have illnesses and injuries as quickly as possible. Every time we receive a call, or a patient self-presents for treatment, our staff record the relevant details and use information about the nature of the patient’s illness or injury to ensure they are sent the right medical help.

What kind of personal information do we process?

The following information is taken when a call is made to our event control service;

  • Name of caller (if not the patient)
  • Name of patient
  • Age of patient
  • Gender of patient
  • Contact details of caller
  • Contact details of patient (if not with the caller)
  • Reason why medical help is required/nature of injury or illness
  • Any relevant medical history of the patient
  • The recording of the call

Other information that may be processed includes;

  • Medical treatment provided to the patient
  • Visual images for example CCTV and Still Photography
  • In some cases it may be appropriate to obtain contact details of other individuals present at the scene.

Once a call has been received and our medical teams have arrived at the patient’s location (or the patient has self-presented to a medical centre), we may process the below information on a Patient Report Form:

  • Patient’s GP
  • Patient’s address
  • Patient’s date of birth
  • Presenting medical complaint
  • Treatment carried out and advice given
  • Current medications and allergies
  • Patient signature (if discharged on-scene)

How will the information be used and what is the lawful basis?

The information is processed by our event control staff to determine the most appropriate response for patient’s care. Information is also processed to promote or support the provision of healthcare services to patients. Personal information from calls received is processed on the lawful basis that;

  • It is necessary to protect someone’s life [GDPR Art 6(1)(d)]
  • You have given us your consent [GDPR Art 6(1)(a)]
  • You have given us your explicit consent [GDPR Art 9(2)(a)]

Will my information be shared with anyone else?

It may be appropriate to share your information with other services and third parties. These can include:

  • Other medical providers for whom we have contracted to work alongside us and where care of a patient has been transferred over
  • NHS ambulance service where care of a patient has been transferred over
  • Hospitals for example where a pre alert is necessary for an acutely ill patient on route to Hospital
  • Out of Hours GP services to provide alternative medical services where deemed appropriate
  • Social Services where there is a concern for the welfare of the patient or others involved
  • Mental Health services where the patient has a mental health illness and specific treatment is required
  • Next of Kin, where the patient has requested us to make the person aware of any ongoing incident
  • Police service

How long will you keep this information for?
For information regarding our retention periods please use the link below to access our Record Retention Schedule.
Records Retention Schedule

Further information on how we use patient data can be found in our Patient Data: How we use your Personal Information guide.

 

When You Attend a First Aid Course

We provide first aid training courses to both the general public and organisations and include:

  • General members of the public
  • Club members (such as sports clubs, youth clubs)
  • Employees
  • Volunteers

What kind of personal information do we process?

We capture personal information of delegates attending our courses. The information collected may differ depending on the type of course, and whether it is booked through a corporate department (such as your internal health & safety department)

  • Delegate name
  • Delegate date of birth
  • Delegate home address (for public courses)
  • Delegate unique learner number
  • Contact telephone number
  • Email address

How will the information be used and what is the lawful basis?

The information is used to create a delegate account for you and manage your training course bookings. Personal information from calls received is processed on the lawful basis that;

  • You have given us your consent [GDPR Art 6(1)(a)].
  • You have given us your explicit consent [GDPR Art 9(2)(a)].
  • We are required to process the information as part of a contract with your organisation to provide you with first aid training [GDPR Art 6(1)(b)].

Will my information be shared with anyone else?

It may be appropriate to share your information with the organisation you work for to enable them to record compliance in line with UK legislation, such as the Health and Safety at Work etc. Act 1974. This will include names of delegates who attended/did not attend a course, and original certificates.

How long will you keep this information for?

We will retain the data captured indefinitely for the purposes of:

  • responding to data requests from the Qualification Regulators
  • responding to certificate verification requests from internal and external parties
  • planning and carrying out quality assurance activity

For information regarding our retention periods please use the link below to access our Record Retention Schedule.
Records Retention Schedule

 

How Long Will You Keep My Information For?

Information regarding our retention periods are detailed in our Records Retention Schedule.

 

How Secure Is My Information?

There are appropriate policy, technical and security measures in place to ensure the confidentiality, integrity and availability of our systems and personal information.

We do not share any of the information you provide with third parties for marketing purposes and it will never be sold.

 

Your Data Subject Rights

Every individual has rights in relation to how their data is processed. These rights are detailed below;

  • The right to know how your data is processed; this is explained to you in this privacy notice
  • The right to know what personal information we hold about you; this can be exercised by sending us a subject access request using the contact details below. We will respond within one month.
  • The right to rectification; you can make a request to have any inaccuracies in your data rectified or completed it if it is incomplete
  • The right to erasure; also known as the ‘right to be forgotten’. We will comply with any request for your data to be erased.
  • The right to restrict processing: you the right to limit the way that we use your data.
  • The right to object to processing; all processing will stop if you tell us why you object and we agree with you.
  • The right to data portability; you can ask us to transfer your data to another organisation or give it you.

Your rights are determined by the legal basis upon we process your information, therefore in some circumstances not all rights will be applicable.

 

Contact

If you have any queries, require further information or want to exercise any of your rights please contact:

Data Protection Officer
MedAid Services Ltd
Unit 10A
Whittington Business Park
Oswestry
Shropshire
SY11 4ND

Tel: 01691 700 999
Email: via Contact Form

Subject Access Request Form

 

Complaints

If you have any concerns about how your information has been processed and want to lodge a complaint with the Supervisory Authority in the UK, you can contact:

Information Commissioner’s Office
Wycliffe House
Wilmslow
Cheshire
SK9 5AF

Email: www.ico.org.uk/global/contact-us/email