DATA PROTECTION AND PRIVACY POLICY

We recognise that visitors to our site may be concerned about the information they provide to us and how we treat that information. We will hopefully address those concerns. 


We use our best efforts to respect and protect the privacy of our customers and online visitors. We promise you that we will not share your personal or sensitive data with any third parties without your written consent.


Thank you for visiting our site. Please contact us directly should you have any questions about our Data Protection and Privacy Policy.

#SAM247 promise to protect your personal and sensitive data at all times. Find out more.

PRIVACY POLICY

DATA PROTECTION POLICY [MAY 2018]

S.A.M Solutions 24/7 Ltd [#SAM247] is a leading provider of education for healthcare professionals.


S.A.M Solutions 24/7 is a limited company with the registration number: 8715045.


This Policy explains when and why we collect personal information, how we use it, the conditions under which we may disclose it to others and how we keep it secure.


#SAM247 needs to collect and maintain certain information about its employees, students and other users of its services to allow it to monitor, for example, performance, achievements, and health and safety.


It is also necessary to process information so that employees and students can be recruited, employees paid, courses organised, external funding secured and legal obligations to funding bodies and government complied with.


Accordingly, data may be collected not only from and about actual employees, students and service users, but also from and about a wide range of individuals having or contemplating dealings with #SAM247, including employees and students, individuals involved in fund-raising and other individual stakeholders.


In order to ensure that information is collected and used fairly, stored safely and not disclosed to any other person unlawfully and that employees or others who process or use any personal information ensure that they follow the Data Protection Principles set out below, #SAM247 has adopted this Information and Data Protection Policy.


We may change this Policy from time to time so please check this page occasionally to ensure that you’re happy with any changes. By using our website, you’re agreeing to be bound by this Policy.


Any questions regarding this Policy and our privacy practices should be sent by email to info@samsolutions247.com or by writing to: S.A.M Solutions 24/7 Ltd, 16 Tenters Street, Bishop Auckland, DL14 7AD.


#SAM247 has appointed the Operations Director as the Data Protection Controller (DPC) who will endeavour to ensure that all personal data is processed in compliance with this Policy.

image235

2. Privacy Statement

#SAM247 will ensure that information is collected and used fairly, stored safely and not disclosed to any other person unlawfully. Whenever collecting information about people #SAM247 will therefore comply with the Data Protection Principles, which are set out in the General Data Protection Regulation (GDPR) and require that personal data shall be:


  1. Processed lawfully, fairly and in a transparent manner in relation to individuals;
  2. Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
  3. Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
  4. Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
  5. Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
  6. Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

3. Lawful Basis

In ensuring that personal data are processed lawfully, #SAM247 will only process data under one of the six lawful bases for processing set out in Schedule 6 of the GDPR:


  1. Consent: the individual has given clear consent for you to process their personal data for a specific purpose.
  2. Contract: the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract.
  3. Legal obligation: the processing is necessary for you to comply with the law (not including contractual obligations).
  4. Vital interests: the processing is necessary to protect someone’s life.
  5. Public task: the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.
  6. Legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.

4. Individuals Rights

#SAM247 recognises that individuals have the following rights:


  1. The right to be informed of the information #SAM247 holds on them in a concise, transparent, intelligible and easily accessible way. #SAM247 will typically make this information available through a Privacy Notice;
  2. The right of access to their personal data and supplementary information, and to be aware of and verify the lawfulness of the processing;
  3. The right to rectification of their personal data if it is inaccurate or incomplete;
  4. The right to request the deletion or removal of personal data where there is no compelling reason for its continued processing;
  5. The right to ‘block’ or suppress processing of personal data;
  6. The right to data portability: to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability;
  7. The right to object to: processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling); direct marketing (including profiling); and processing for purposes of scientific/historical research and statistics; and
  8. The right not to be subject to a decision when it is based solely on automated processing and produces a legal effect or a similarly significant effect on the individual.


In interpreting the Data Protection Principles and in making judgements on specific matters, #SAM247 will take account of the most recent guidance issued by the Information Commissioner’s Office (ICO).

5. Policy Objective

To ensure that #SAM247 adopts best practice and compliance with legal requirements in its collection, processing and storage of personal data.

6. Scope of Policy

The policy applies to all employees, students and other users of #SAM247's services. This policy does not form part of the formal contract of employment, but it is a condition of employment that employees will abide by the rules and policies made by #SAM247 from time to time. Any breach of the General Data Protection Regulation or this policy will be considered to be an offence and in that event, #SAM247 disciplinary procedures will apply.


As a matter of good practice, other agencies and individuals working with #SAM247 and who have access to personal information will be expected to have read and to comply with this policy.


Employees who deal with external agencies will take responsibility for ensuring that such agencies sign a declaration agreeing to abide by this policy and detailing for how long it has been agreed that any data should be retained. Details of the declaration must be entered on a register to be held by #SAM247/s Data Protection Controller.


Any employee or student (or former employee or student) or other individual who considers that the policy has not been followed in respect of the personal data held about them, should initially raise the matter with the #SAM247 Data Protection Officer. If the matter is not resolved it should be raised as a formal grievance or complaint.

7. Practical Implementation: Employees and Associates

All employees and associates are responsible for:

  1. Checking that any information that they provide to #SAM247 in connection with their office or employment is accurate and up to date;
  2. Informing #SAM247 of any changes to the information which they have provided e.g. changes of address, next of kin, bank details etc.;
  3. Checking the information that #SAM247 will send out from time to time, giving details of information kept and processed about them;
  4. Informing #SAM247 of any errors or changes; and
  5. Ensuring that they abide by all #SAM247's Policies and Procedures.


#SAM247 cannot be held responsible for any errors unless the individual has informed #SAM247 of them.


If and when, as part of their responsibilities, employees collect information about other people they must comply with #SAM247's Policies and Procedures. In particular they are responsible for ensuring that:


  1. Any personal data that they hold are kept securely;
  2. When personal data need to be transmitted, internally or externally, they are transmitted securely; and 
  3. Personal information is not disclosed either orally or in writing or accidentally or otherwise to any unauthorised third party. Employees and Associates should note that unauthorised disclosure will usually be a disciplinary matter, and may be considered gross misconduct in some cases. This may result in termination of contact.


Personal information must:

  • be kept in a locked filing cabinet; or 
  • be kept in a locked drawer; or 
  • if it is computerised, be password protected; or 
  • be kept only on electronic media which are themselves kept securely.

7. 1 Practical Implementation: Managers

Managers must ensure that:

  1. All personal data processed within or by members of their curriculum or professional service team are processed according to the Data Protection Principles outlined above; 
  2. Privacy notices have been adequately communicated to those whose data are collected, stored or processed; 
  3. Consent has been duly obtained where it forms the lawful basis for processing the data; 
  4. Individuals have been made aware of their rights under the GDPR; 
  5. Any third parties who are commissioned to process personal data on #SAM247’s behalf are engaged under a written contract which includes those terms required under the GDPR as set out in guidance issued by the Information Commissioner’s Office; 
  6. Privacy and data protection is a key consideration in the early stages of any project, and then throughout its lifecycle. In planning projects managers must ensure the principles of “privacy by design” are observed and where required a Data Protection Impact Assessment is undertaken in conjunction with the Data Protection Officer; and 
  7. That any breaches of personal data are immediately notified to the Data Protection Officer who will investigate accordingly and where necessary notify the Information Commissioner’s Office

7. 2 Practical Implementation: Students Responsibilities

Students must ensure that all personal data provided to #SAM247 are accurate and up to date. They must ensure that changes of address, etc. are notified to #SAM247 Adiministration Team.


Students who use #SAM247 computer facilities may, from time to time, process their own personal data. If they do so they must ensure that they comply with #SAM247 IT Systems Acceptable Use Policy.

7. 3 Practical Implementation: Data Subjects Rights

Data Subjects (those individuals about whom #SAM247 has information on its records) have rights regarding data processing, and the data that are recorded about them, as set out above. Employees, students and other persons from or about whom #SAM247 has collected personal data therefore have the right to access any personal data that are being kept about them or to receive notification of the information currently being held about them either on computer or in relevant files.


Any person who wishes to exercise this right should submit their request to the Data Protection Controller.
 #SAM247 aims to comply with requests for access to personal information as quickly as possible, and will ensure that it is provided within one month unless requests are complex or numerous.


If this is the case, #SAM247 will inform the individual within one month of the receipt of the request that it needs to extend the period of compliance by a further two months and will explain why the extension is necessary. #SAM247 reserves the right to charge a reasonable fee, taking into account the administrative costs of providing the information, where requests are manifestly unfounded or excessive, in particular because they are repetitive. In exceptional circumstances #SAM247 may exercise its right to refuse to respond but will explain at the latest within one month why to the individual, informing them of their right to complain to the supervisory authority and to a judicial remedy.

7. 4 Practical Implementation: Disclosure

#SAM247 will ensure that personal data are not disclosed to unauthorised third parties (including family members, friends, government bodies or the Police) except in the circumstances set out in Part 4 of, and Schedule 7 to, the Data Protection Act 1998 and listed below in which personal data may legitimately be disclosed. Personal data may be legitimately disclosed where one of the following conditions applies:


  1. The individual has given their consent (e.g. a student/employee has consented to #SAM247 corresponding with a named third party);
  2. The disclosure is in the legitimate interests of #SAM247 (e.g. personal information can be disclosed to other #SAM247 employees if it is clear that those employees require the information to enable them to perform their jobs);
  3. #SAM247 is legally obliged to disclose the data; or
  4. Disclosure of data is required for the performance of a contract (e.g. informing a student's employer or sponsor of course changes/withdrawal and delivery of services etc). The Act permits certain disclosures without consent so long as the information is requested for one or more of the following purposes:
  5. To safeguard national security; prevention or detection of crime including the apprehension or prosecution of offenders; assessment or collection of tax duty; discharge of regulatory functions (includes health, safety and welfare of persons at work); to prevent serious harm to a third party; to protect the vital interests of the individual (this refers to life and death situations).

7. 5 Practical Implementation: Sensitive Information

Sometimes it is necessary to process information about a person's health, criminal convictions, race, gender or family details. This may be to ensure that #SAM247 is a safe place for everyone, or to operate other #SAM247 policies, such as the Equality and Diversity Policy.


#SAM247 may also ask for information about particular health needs, such as allergies to particular forms of medication, or any conditions such as asthma or diabetes. 


#SAM247 will only use such information in the protection of the health and safety of the individual. 
Because this information is considered sensitive, and it is recognised that the processing of it may cause particular concern or distress. Therefore individuals, employees, associates and students will be asked to give express consent for #SAM247 to do this. 


All prospective employees, associates and students will therefore be asked to provide consent for #SAM247 to process data, regarding particular types of information when an offer of office, employment, work related actives or a course placement is made. A refusal to sign such a form will result in the offer being withdrawn.

7. 6 Practical Implementation: Examination/Assessment Marks

Students or Clients who have no outstanding payment of course or assessment fees will be entitled to information about their certification, marks or grades for both coursework and examinations. This may take longer than other information to provide, but will normally be available within 28 days dependent on when the relevant awarding organisation furnishes #SAM247 with the information. Where students have outstanding course or assessment fee payments due, #SAM247 may withhold certificates, accreditation or references until the full course fees have been paid, or all books and equipment returned to #SAM247.

7. 7 Practical Implementation: Retention and Disposal of Data

#SAM247 will normally keep personal information only for as long as it is required to retain it for legal or other statutory reasons or as required by the funding or examination body or to meet its responsibilities as an employer (e.g. information regarding pensions, taxation, potential or current disputes or litigation regarding the employment) or education provider. A schedule of retention for different categories of personal information will be maintained by the Data Protection Controller.

Personal data will be disposed of in a way that protects the rights and privacy of data subjects (e.g. shredding, disposal as confidential waste, secure electronic deletion).

7. 8 Practical Implementation: Data Security

In order to ensure the protection of personal data held electronically, staff and students are required to adhere to #SAM247 IT Systems Acceptable Use Policies. Breaches of those policies where they concern misuse of personal data will be treated as disciplinary matters.


#SAM247’s Management Team are responsible for ensuring that there are appropriate and adequate security measures in place including, as part of #SAM247’s Business Continuity arrangements, an IT Recovery Plan.


Should there be a breach of security #SAM247 will notify any individuals whose personal data may have been disclosed to a third party as a result of the breach and will consider whether the breach warrants reporting to the Information Commissioner’s office under the ICO’s Guidance on Notification of Data Security Breaches.

8. Communication and Training

The policy will be communicated to staff, students and clients through #SAM247’s website and internal communication services.

9. Review and Monitoring of Policy

The Information and Data Protection Policy will be reviewed biennially. The Senior Management Team is responsible for monitoring the implementation of the Policy via reports from the Data Protection Controller and relevant members of the Management Team.

Employee and Associates Guidance for Data Protection

Please contact us directly if you have any questions:

Many employees and associates will process data about students on a regular basis, when marking registers or #SAM247 work, writing reports or references, or as part of a pastoral or academic supervisory role. Other employees and associates may need to process data about fellow members of staff or other individuals. #SAM247 will ensure through registration and recruitment procedures, that all employees, associates and students give their consent to such processing, and are notified of the categories of processing, as required by the 1998 Act. The information that employees deal with on a day-to-day basis will be 'standard' and will cover categories such as:


  1. General personal details such as name, address DOB and contact details;
  2. Details about attendance, or about course work marks, grades and associated comments or performance at work; and
  3. Notes of personal supervision, including matters about behaviour and discipline.


Information about an individual’s physical or mental health; sexual orientation; political or religious views; trade union membership or ethnicity or race is sensitive and can only be collected and processed with the student’s consent. If employees need to record this information where agreed #SAM247's policies and practices require or encourage the sharing of this information, they should use #SAM247's standard forms and templates. 


All employees have a duty to make sure that they comply with the Data Protection Principles, which are set out in the #SAM247 Information and Data Protection Policy. In particular, employees must ensure that records are: 


(a) accurate; 

(b) up-to-date;

(c) fair; and

(d) kept and disposed of safely, and in accordance with #SAM247 policy.


Employees and associates must not disclose personal data relating to any individual or client to any student, unless for normal academic, education or pastoral purposes, without authorisation or agreement from the Data Protection Controller, in line with #SAM247 policies.


Employees and associates must not disclose personal data relating to any individual to any other employee except with the authorisation or agreement of the Data Protection Controller, or in line with #SAM247 privacy policy. 


Before processing any personal data, all employees and associates should consider the following checklist:


  1. Do you really need to record the information? 
  2. Is the information 'standard' or is it 'sensitive'? 
  3. If it is sensitive, do you have the data subject's express consent? 
  4. Has the data subject been told that this type of data will be processed?
  5. Are you authorised to collect/store/process the data? 
  6. If yes, have you checked with the data subject that the data are accurate? 
  7. Are you sure that the data are secure? 
  8. If you do not have the data subject's consent to process, are you satisfied that it is in the best interests of the student or the employee to collect and retain the data? Have you reported the fact of data collection to the authorised person within the required time?

image236

PRIVACY POLICY [MAY 2018]

Privacy Notification [GDPR Compliant]

S.A.M Solutions 24/7 Ltd [#SAM247] is a leading provider of education for healthcare professionals. #SAM247 is a limited company with the registration number 8715045. #SAM247 is committed to protecting your privacy.


The General Data Protection Regulation (GDPR) is a new EU legal framework for data protection. The GDPR will apply to all member states from the 25th May 2018.


The Regulation will replace our current UK Data Protection Act 1998, introduce greater protections for personal data and bring data protection law into the digital age. The GDPR introduces some new obligations for organisations that collect, use, share and store personal data.


This Policy explains when and why we collect personal information, how we use it, the conditions under which we may disclose it to others and how we keep it secure.


We may change this Policy from time to time so please check this page occasionally to ensure that you’re happy with any changes. By using our website, you’re agreeing to be bound by this Policy.


Any questions regarding this Policy and our privacy practices should be sent by email to: info@samsolutions247.com or by writing to: S.A.M Solutions 24/7 Ltd, 16 Tenters Street, Bishop Auckland, DL14 7AD.


2. Lawful basis for processing

Under EU data protection law, there must be a lawful basis for all processing of personal data (unless an exemption or derogation applies):


  1. Legitimate Interests
  2. Consent
  3. Legal
  4. Contractual necessity
  5. Compliance with legal obligations


3. What Personal Data Do We Collect

We collect information about you when you register with us or place an order for products or services. We also collect information when you voluntarily complete customer surveys, provide feedback and participate in competitions. Website usage information is collected using cookies.


We may collect information from you, such as;


  • Name
  • Address
  • Telephone Number
  • Email address
  • Date of Birth
  • Marital Status
  • Gender
  • Nationality
  • Work Experience
  • Professional registration number (if relevant)
  • Proof of identification (if relevant)
  • Proof of qualifications (if relevant)
  • Feedback and testimonials of our courses
  • Photographs at events
  • Criminal convictions
  • IP address
  • Payment details (if relevant)
  • Ethnicity (if relevant)
  • Special needs (if relevant)
  • Immigration status (if relevant)
  • Medical details (if relevant)


4. How will we use the information

We collect information about you to process your order, provide our services and, if you agree, to email you about other services we think may be of interest to you. We use your information collected from the website to personalise your repeat visits to our website. #SAM247 will not share your information for marketing purposes with other companies. We may process your information as follows;


  • Send you details about our products and services
  • Process orders you have made
  • Register you on a course or service
  • Send you information about the course or service you have signed up for
  • Seek views or comments about the services we provide
  • Send communications you have requested and that may be of interest
  • Process a grant or job application
  • Use your feedback and photos taken at events for marketing purposes


5. Who will the information be shared with

In order to provide certain services, we will be obliged to share your information with third-parties in the following circumstances;


  • University or awarding-bodies
  • With third-party education, distribution and accounting services


In each of these circumstances we have contacted the organisations and obtained a copy of their GDPR compliant policies. For more detailed information please contact us.


6. Marketing

We would like to send you information about our products and services and other companies in our group, which may be of interest to you. If you have consented to receive marketing, you may opt out at a later date. We also may ask to share your information with relevant third-party organisations such as sponsors of a learning event. We will always ask your permission before doing this and give you the option to opt out at a later time. You have a right at any time to stop us from contacting you for marketing purposes. If you no longer wish to be contacted for marketing purposes, please let us know by emailing us here admin@samsolutions247.com or by writing to: S.A.M Solutions 24/7 Ltd, 16 Tenters Street, Bishop Auckland, DL14 7AD.


7. Access to your information and correction

You have the right to request a copy of the information that we hold about you. If you would like a copy of some or all of your personal information, please let us know by emailing us here admin@samsolutions 247.com or by writing to: S.A.M Solutions 24/7 Ltd, 16 Tenters Street, Bishop Auckland, DL14 7AD.


We want to make sure that your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate.


8. Cookies

Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports on website activity. For further information visit www.aboutcookies.org or www.allaboutcookies.org. You can set your browser not to accept cookies and the above websites tell you how to remove cookies from your browser. However in a few cases some of our website features may not function as a result.


9. External Websites

Our website contains links to other websites which are outside our control and are not covered by this privacy policy. If you access other sites using the links provided, the operators of these sites may collect information from you which will be used by them in accordance with their privacy policy. We accept no responsibility for third-party sites linked to this our site. By using our website you are accepting our full terms and conditions of use.

image237