Aviation Medica is registered with the Civil Aviation Authority (CAA) as an independent AME provider in the United Kingdom. We provide independent healthcare services in the form of the following activities, which form the basis of our services in this privacy notice:
- Diagnostic and screening procedures which includes diagnostic tests and investigations including blood and urine tests.
- Private consultations, physical examinations, pre-employment health assessments, and referrals to other healthcare specialists as clinically indicated.
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel performance of the services but we will notify you if this is the case at the time.
- IMPORTANT INFORMATION AND WHO WE ARE
- Data privacy manager:
Telephone no: 01279 661580
Email address: firstname.lastname@example.org
Postal address: Aviation Medica 150B First Avenue Stansted Business Park Essex CM24 1RY
The data we collect about you and how we collect it
- Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
- >We will be collecting Medical Information from you to allow us to provide our services to you, this is considered to be a Special Category of Personal Data. We will require full details about your medical history and current medical position, this is likely to include:
- Access to your medical records held by your doctor or any other medical practitioner;
- Details of any medications you are taking;
- Results of any medical tests that are carried out;
- Your families medical history;
- Any details related to your current and past medical position;
- Any other information relevant to your fitness to pilot an aircraft or to be an air traffic controller.
- We will collect, use, store and, where appropriate, transfer Medical Information when you register as a patient at Aviation Medica. Initial Medical Information will be requested by way of a questionnaire. We will continue to collect medical Information during any appointments you have and as further required during the course of our provision of services to you.
- With your express consent, we will collect Medical Information from your doctor and/or any other medical practitioner who may have information relevant to our services.
- We may also be provided with information by your employer and/or the Civil Aviation Authority.
Other Personal Data
- We will also collect, use, store and transfer personal data which we have grouped together as Other Personal Data, as follows:
- Identity Data includes first name, maiden name, last name, marital status, title, date of birth and gender.
- Contact Data includes billing address, delivery address, email address, telephone numbers and emergency contact details.
- Employment Data includes your current employee, your employment history which may include details of medical conditions and how any medical conditions have impacted your employment, in the event we do this we will also treat such conditions impact on your employment as a Special Category of Personal Data.
- Financial Data and Transaction Data includes bank account and payment card details and details about payments to and from you and other details of services you have purchased from us.
- We will collect Identity Data and Contact Data when you register as a patient to allow us to enter into a contract to provide you services, including taking payment. We will also collect Employment Data at this time.
- We may also collect Employment Data from your employer and/or the Civil Aviation Authority.
- We will collect Financial Data and Transaction Data from providers of technical, payment and delivery services which we use to allow us to process payments.
- HOW WE USE YOUR PERSONAL DATA
- We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where we need to perform the contract we are about to enter into or have entered into with you.
- Where we need to comply with a legal obligation.
- With your consent.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience.
- In respect of Medical Information, we provide healthcare services and the purpose of collecting you Medical Information is to allow us provide such healthcare services, including assessing your fitness to be a pilot. We request your consent to allow us to process the Medical Information, however, if this consent is not provided we are unable to provide you our services and any contract we have with you will terminate.
- In respect of Employment Data, this will be processed as part of our contractual obligations to perform our contract for services with you.
- At times we may use your Medical Record for the purposes of audit and monitoring the quality of our services. However, all personal information in the audit is made anonymous. It is in our legitimate interest to use your personal information in this way to ensure that we are providing the best possible service.
- In respect of Other Personal Data, we need to process this to allow us to provide you with our services in accordance with our contract with you to do so. This includes administrative matters and managing our relationship with you.
- DISCLOSURES OF YOUR PERSONAL DATA
- Our services may be used to confirm that you are fit to work or operate as a pilot or air traffic controller in the jurisdiction you operate. As such we have an overriding obligation to the Civil Aviation Authority to provide any Medical Information, Employment Data, Identity Data and Contact Data to the Civil Aviation Authority. For the avoidance of doubt, in the event that you have entered into a contract with us, we will have a legal obligation to provide information to the Civil Aviation Authority, you will be informed of this when you entered into a contract with us.
- On occasion our services may be purchased by your employer, if this is the case, we will have asked for your express consent to provide you Medical Information to your employer at that time. If you have agreed we will provide such information to your employer, however, in the event you do not agree we may not be able to provide you with our services.
- It may be necessary to share your medical information with other healthcare specialists. Your consent would be sought if this was the case.
- As part of our regulatory obligations we may be required to give the CAA access to all data we hold which may include your personal data. This is to allow our regulator to inspect our services and ensure our compliance with CAA obligations.
- INTERNATIONAL TRANSFERS
- We may transfer your personal data outside the UK. If it was necessary, for example you are a pilot operating outside of the UK, you may require us to provide your personal data to your employer based in their relevant jurisdiction. If this was the case, we could only make such transfer if we could ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- the transfer of your personal data would only be to countries that have been deemed to provide an adequate level of protection for personal data.
- we have used specific contracts approved for use in the UK which give personal data the same protection it has in the UK.
- Alternatively we would require your express written consent to such a transfer.
- DATA SECURITY
- We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
- We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
- DATA RETENTION
- We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
- To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
- In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
- YOUR LEGAL RIGHTS
- Under certain circumstances, you have rights under data protection laws in relation to your personal data. We have set out these rights below:
- Request access to your personal data (commonly known as a "data subject access request").
- Request correction of the personal data that we hold about you.
- Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
- Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms.
- Request restriction of processing of your personal data.
- Request the transfer of your personal data to you or to a third party. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide our services to you. We will advise you if this is the case at the time you withdraw your consent.
- If you wish to exercise any of the rights set out above, please contact our data privacy manager, whose details can be found at the start of this document.
- You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
- FURTHER INFORMATION
- It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
- You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK regulator for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.