Individuals from any of the above categories can be assured that the protection of privacy and confidentiality are given the highest priority, with all personal information being collected, held and used in strict compliance with the Data Protection Act 2018 and the General Data Protection Regulations (GDPR) 2018.

Type of data and the legal grounds on which data is processed

As a Healthcare organisation we have a legal duty to collect and process information relating to the creation of medical records (patients), personnel records (staff), shareholder records, as well as receiving enquiries (website) and conducting surveys. As such, we will ensure all personal data is collected, held and transferred (where required) in a lawful manner and in line with GDPR ‘good practice guidelines’.

Who controls the data we hold

Bradford Care Alliance CIC will be the Data Controller for the information we gather from you. We use NHS approved systems to process patient data, the companies that operate these systems are data processors. In all cases we have confirmed that they are compliant with relevant legislation in relation to the management of your data. No data will be transferred outside of UK.

How long will the data we hold be kept for

The length of time we keep your personal data depends on what it is and whether we have an ongoing duty to retain it (for example, to provide you with ongoing care or to comply with legal and regulatory requirements).

We’ll retain your personal data for as long as we have a relationship with you and for a period of time afterwards where we have an ongoing duty to retain it, in accordance with our data retention policies and practices. Following that period, we’ll make sure it’s deleted or anonymised.

Updated 23/3/23