GDPR – policy

Data Protection Policy
 
INTRODUCTION
We may have to collect and use information about people with whom we work.  This personal information must be handled and dealt with properly, however it is collected, recorded and used, 
and whether it be on paper, in computer records or recorded by any other means.
 
We regard the lawful and correct treatment of personal information as very important to our successful operation and to maintaining confidence between us and those with whom we carry out business.
 We will ensure that we treat personal information lawfully and correctly.
 
To this end we fully endorse and adhere to the principles of the General Data Protection Regulation (GDPR).
 
This policy applies to the processing of personal data in manual and electronic records kept by us in connection with our human resources function as described below. 
It also covers our response to any data breach and other rights under the GDPR.
 
This policy applies to the personal data of job applicants, existing and former employees, apprentices, volunteers, placement students, workers and self-employed contractors. 
These are referred to in this policy as relevant individuals.
 
 
 
DEFINITIONS
“Personal data” is information that relates to an identifiable person who can be directly or indirectly identified from that information, for example, a person’s name, 
identification number, location, online identifier. It can also include pseudonymised data.
 
“Special categories of personal data” is data which relates to an individual’s health, sex life, sexual orientation, race, ethnic origin, political opinion, religion, and trade union membership.
It also includes genetic and biometric data (where used for ID purposes).
 
“Criminal offence data” is data which relates to an individual’s criminal convictions and offences.
 
“Data processing” is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, 
such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, 
dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
 
DATA PROTECTION PRINCIPLES
Under GDPR, all personal data obtained and held by us must be processed according to a set of core principles. In accordance with these principles, 
we will ensure that:
 
processing will be fair, lawful and transparent
 
data be collected for specific, explicit, and legitimate purposes
 
data collected will be adequate, relevant and limited to what is necessary for the purposes of processing
 
data will be kept accurate and up to date. Data which is found to be inaccurate will be rectified or erased without delay
 
data is not kept for longer than is necessary for its given purpose
 
data will be processed in a manner that ensures appropriate security of personal data including protection against unauthorised or unlawful processing, 
accidental loss, destruction or damage by using appropriate technical or organisation measures
 
we will comply with the relevant GDPR procedures for international transferring of personal data
 
TYPES OF DATA HELD
We keep several categories of personal data on our employees in order to carry out effective and efficient processes. 
We keep this data in a personnel file relating to each employee and we also hold the data within our computer systems, for example, our holiday booking system.
 
Specifically, we hold the following types of data:
 
personal details such as name, address, phone numbers
information gathered via the recruitment process such as that entered into a CV or included in a CV cover letter, references from former employers, 
details on your education and employment history etc
details relating to pay administration such as National Insurance numbers, bank account details and tax codes
medical or health information
information relating to your employment with us, including:
 
job title and job descriptions
your salary
your wider terms and conditions of employment
details of formal and informal proceedings involving you such as letters of concern, disciplinary and grievance proceedings, your annual leave records, appraisal and performance information
internal and external training modules undertaken
 
All of the above information is required for our processing activities. More information on those processing activities are included in our privacy notice for employees, 
which is available from your manager.
 
 
EMPLOYEE RIGHTS
You have the following rights in relation to the personal data we hold on you:
the right to be informed about the data we hold on you and what we do with it;
the right of access to the data we hold on you. More information on this can be found in the section headed
“Access to Data” below and in our separate policy on Subject Access Requests”;
the right for any inaccuracies in the data we hold on you, however they come to light, to be corrected. This is also known as ‘rectification’;
the right to have data deleted in certain circumstances. This is also known as ‘erasure’;
the right to restrict the processing of the data;
the right to transfer the data we hold on you to another party. This is also known as ‘portability’;
the right to object to the inclusion of any information;
the right to regulate any automated decision-making and profiling of personal data.
More information can be found on each of these rights in our separate policy on employee rights under GDPR.
 
 
RESPONSIBILITIES
In order to protect the personal data of relevant individuals, those within our business who must process data as part of their role have been made 
aware of our policies on data protection.
We have also appointed employees with responsibility for reviewing and auditing our data protection systems.
 
 
LAWFUL BASES OF PROCESSING
We acknowledge that processing may be only be carried out where a lawful basis for that processing exists and we have assigned a lawful basis against each processing activity.
Where no other lawful basis applies, we may seek to rely on the employee’s consent in order to process data.
However, we recognise the high standard attached to its use. We understand that consent must be freely given, specific, informed and unambiguous. 
Where consent is to be sought, we will do so on a specific and individual basis where appropriate. Employees will be given clear instructions on the desired processing activity,
informed of the consequences of their consent and of their clear right to withdraw consent at any time.
 
 
ACCESS TO DATA
As stated above, employees have a right to access the personal data that we hold on them. To exercise this right, employees should make a Subject Access Request. 
We will comply with the request without delay, and within one month unless, in accordance with legislation, we decide that an extension is required. 
Those who make a request will be kept fully informed of any decision to extend the time limit.
 
No charge will be made for complying with a request unless the request is manifestly unfounded, excessive or repetitive, or unless a request is made for duplicate copies 
to be provided to parties other than the employee making the request. In these circumstances, a reasonable charge will be applied.
 
Further information on making a subject access request is contained in our Subject Access Request policy.
 
 
DATA DISCLOSURES
The Company may be required to disclose certain data/information to any person. The circumstances leading to such disclosures include:
any employee benefits operated by third parties;
disabled individuals – whether any reasonable adjustments are required to assist them at work;
individuals’ health data – to comply with health and safety or occupational health obligations towards the employee;
for Statutory Sick Pay purposes;
HR management and administration – to consider how an individual’s health affects his or her ability to do their job;
the smooth operation of any employee insurance policies or pension plans;
to assist law enforcement or a relevant authority to prevent or detect crime or prosecute offenders or to assess or collect any tax or duty.
These kinds of disclosures will only be made when strictly necessary for the purpose.
 
 
 
DATA SECURITY
All our employees are aware that hard copy personal information should be kept in a locked filing cabinet, drawer, or safe. 
Employees are aware of their roles and responsibilities when their role involves the processing of data.  All employees are instructed to store 
files or written information of a confidential nature in a secure manner so that are only accessed by people who have a need and a right to access them 
and to ensure that screen locks are implemented on all PCs, laptops etc when unattended. No files or written information of a confidential nature are to be
left where they can be read by unauthorised people.
 
Where data is computerised, it should be coded, encrypted or password protected both on a local hard drive and on a network drive that is regularly backed up.
If a copy is kept on removable storage media, that media must itself be kept in a locked filing cabinet, drawer, or safe.
 
Employees must always use the passwords provided to access the computer system and not abuse them by passing them on to people who should not have them.
 
Personal data relating to employees should not be kept or transported on laptops, USB sticks, or similar devices, unless prior authorisation has been received. 
Where personal data is recorded on any such device it should be protected by:
 
ensuring that data is recorded on such devices only where absolutely necessary.
 
using an encrypted system — a folder should be created to store the files that need extra protection and all files created or 
moved to this folder should be automatically encrypted.
 
ensuring that laptops or USB drives are not left where they can be stolen.
 
Failure to follow the Company’s rules on data security may be dealt with via the Company’s disciplinary procedure. 
Appropriate sanctions include dismissal with or without notice dependent on the severity of the failure.
 
 
 
THIRD PARTY PROCESSING
Where we engage third parties to process data on our behalf, we will ensure, via a data processing agreement with the third party, 
that the third party takes such measures in order to maintain the Company’s commitment to protecting data.
 
 
 
INTERNATIONAL DATA TRANSFERS
The Company does not transfer personal data to any recipients outside of the EEA except in correspondence on our shared office 365 cloud with our sister 
company Selamedical in Israel where the owners are located.
REQUIREMENT TO NOTIFY BREACHES
 
All data breaches will be recorded on our Data Breach Register. Where legally required, we will report a breach to the Information Commissioner within 72 hours of discovery. 
In addition, where legally required, we will inform the individual whose data was subject to breach.
 
More information on breach notification is available in our Breach Notification policy.
 
 
TRAINING
New employees must read and understand the policies on data protection as part of their induction.
All employees receive training covering basic information about confidentiality, data protection and the actions to take upon identifying a potential data breach.
The nominated data controller/auditors/protection officers for the Company are trained appropriately in their roles under the GDPR.
 
All employees who need to use the computer system are trained to protect individuals’ private data, to ensure data security, and to understand the consequences to them as 
individuals and the Company of any potential lapses and breaches of the Company’s policies and procedures.
 
 
RECORDS
The Company keeps records of its processing activities including the purpose for the processing and retention periods in its HR Data Record. 
These records will be kept up to date so that they reflect current processing activities.
 
DATA PROTECTION COMPLIANCE
 
Our Data Protection Officer is:
 
Merav Silverstein______________________________(Name)
 
admin@selamedical.co.uk___M: 07891327124__________________________(Contact details). 
 
Sela Medical UK Ltd | Building 4 | North London Business Park | Oakleigh Road South | New Southgate | London N11 1GN Tel: 020 8458 0075 | Email: admin@selamedical.co.uk  
 
VAT Reg. No: GB 110 8412 61
 
 
TERMS AND CONDITIONS
 
Application and entire agreement
 
These Terms and Conditions will apply to the purchase of the goods detailed in our quotation (Goods) by the buyer (you) from Selamedical UK LTD a company registered 
in England and Wales under number 7416808 whose registered office is at 9-10 Havelock street Ilkeston Derbyshire , DE7 5RJ (we or us).
These Terms and Conditions will be deemed to have been accepted by you when you accept them or the quotation or from the date of any delivery of the Goods
(whichever happens earlier) and will constitute the entire agreement between us and you.
These Terms and Conditions and the quotation (together, the Contract) apply to the purchase and sale of any Goods between us and you, to the exclusion of any other terms that
 you try to impose or incorporate, or which are implied by trade, custom, practice or course of dealing.
 
Interpretation
A “business day” means any day other than a Saturday, Sunday or bank holiday in England and Wales.
The headings in these Terms and Conditions are for convenience only and will not affect their interpretation.
Words imparting the singular number include the plural and vice-versa.
 
7)          Goods
The description of the Goods is set out in our sales documentation, unless expressly changed in our quotation. In accepting the quotation you acknowledge that you 
have not relied upon any statement, promise or other representations about the Goods by us. Descriptions of the Goods set out in our sales documentation are intended as a guide only.
We can make any changes to the specification of the Goods which are required to conform to any applicable safety or other statutory or regulatory requirements.
 
Price
The price (Price) of the Goods is set out in our quotation current at the date of your order or such other price as we may agree in writing.
If the cost of the Goods to us increases due to any factor beyond our control including, but not limited to, material costs, labor costs, alteration of exchange rates or duties, 
or changes to delivery rates, we can increase the Price prior to delivery.
Any increase in the Price under the clause above will only take place after we have told you about it.
You may be entitled to discounts. Any and all discounts will be at our discretion.
The Price is exclusive of fees for packaging and transportation / delivery.
The Price is exclusive of any applicable VAT and other taxes or levies which are imposed or charged by any competent authority.
 
Cancellation and alteration
Details of the Goods as described in the clause above (Goods) and set out in our sales documentation are subject to alteration without notice and are not a contractual 
offer to sell the Goods which is capable of acceptance.
The quotation (including any non-standard price negotiated in accordance with the clause on Price (above) is valid for a period of 30 days only from the date shown in 
it unless expressly withdrawn by us at an earlier time.
Either of us can cancel the order for any reason prior to your acceptance (or rejection) of the quotation.
 
Payment
We will invoice you for the Price either:
on or at any time after delivery of the Goods; or
where the Goods are to be collected by you or where you wrongfully do not take delivery of the Goods, at any time after we have notified you that the
Goods are ready for collection or we have tried to deliver them.
 
You must pay the Price within 30 days of the date of our invoice or otherwise according to any credit terms agreed between us.
You must make payment even if delivery has taken place but the Goods has not passed to you.
If you do not pay within the period set out above, we will suspend any further deliveries to you and without limiting any of our other rights or remedies for statutory interest,
charge you interest at the rate of 5% per annum above the base rate of the Bank of England from time to time on the amount outstanding until you pay in full.
Time for payment will be of the essence of the Contract between us and you.
All payments must be made in British Pounds unless otherwise agreed in writing between us.
Both parties must pay all amounts due under these Terms and Conditions in full without any deduction or withholding except as required by law and neither party is 
entitled to assert any credit, set-off or counterclaim against the other in order to justify withholding payment of any such amount in whole or in part.
 
Delivery
We will arrange for the delivery of the Goods to the address specified in the quotation, or your order or to another location we agree in writing.
Subject to the specific terms of any special delivery service, delivery can take place at any time of the day and must be accepted at any time between 08.00 to 16:00.
If you do not take delivery of the Goods we may, at our discretion and without prejudice to any other rights:
 
store or arrange for the storage of the Goods and will charge you for all associated costs and expenses including, but not limited to, transportation, storage and insurance; and / or
 
Make arrangements for the redelivery of the Goods and will charge you for the costs of such redelivery.
 
Any dates quoted for delivery are approximate only, and the time of delivery is not of the essence. We will not be liable for any delay in delivery of the Goods 
that is caused by a circumstance beyond our control or your failure to provide us with adequate delivery instructions or any other instructions that are relevant to the supply of the Goods.
We can deliver the Goods by installments, which will be invoiced and paid for separately. Each installment is a separate contract. Any delay in delivery 
or defect in an installment will not entitle you to cancel any other installment.
 
Inspection and acceptance of Goods
You must inspect the Goods on delivery.
If you identify any damages or shortages, you must inform us in writing within 1 day of delivery, providing details.
Other than by agreement, we will only accept returned Goods if we are satisfied that those Goods are defective and if required, have carried out an inspection.
Subject to your compliance with this clause and/or our agreement, you may return the Goods and we will, as appropriate, replace, or refund the Goods.
We will be under no liability or further obligation in relation to the Goods if:
 
you fail to provide notice as set above; and/or
 
you make any further use of such Goods after giving notice under the clause above relating to damages and shortages; and/or
 
the defect arises because you did not follow our oral or written instructions about the storage, commissioning, installation, use and maintenance of the Goods; and/or
 
the defect arises from normal wear and tear of the Goods; and/or
 
the defect arises from misuse or alteration of the Goods, negligence, willful damage or any other act by you, your employees or agents or any third parties.
 
You bear the risk and cost of returning the Goods.
Acceptance of the Goods will be deemed to be upon inspection of them by you and in any event within 4 days after delivery.
 
Risk and Title
Title to the Goods would not passes to you until we have received payment in full for the Goods that we have supplied to you in respect of which payment has become due.
The risk in the Goods (including consignment goods) will pass to you on completion of delivery.
 
Consignment
Consignment goods used shall be replaced forth with by the consignee placing an order with Selamedical UK Ltd which will be invoiced at the then current price.
Items supplied pre-packaged and sterile will be considered used if the packaging has been opened, damaged or marked in any way.
The consignee agrees to return the goods to Selamedical UK Ltd within seven days of receiving a
 
written request for their return. If the good are not returned, the consignee will accept and pay an invoice that will be raised at the then current price.
 
Staff will rotate the Consigned stock, to use the oldest items first, but this is ultimately the responsibility of Selamedical UK Ltd, who will check on a quarterly basis to
ensure that no item has less than a 6 month shelf life.
Consigned products that pass their expiry date will be removed by Selamedical UK Ltd.
Selamedical UK Ltd reserve the right to inspect the consignment stock at the time agreed with the hospital personnel. 
Products that are found to be missing, shall be deemed used and will be invoiced at the then current price.
Goods on consignment must be kept in satisfactory condition and kept insured against all risks for their full price from the date of delivery.
 
Termination
We can terminate the sale of Goods under the Contract where:
you commit a material breach of your obligations under these Terms and Conditions;
you are or become or, in our reasonable opinion, are about to become the subject of a bankruptcy order or take advantage of any other statutory provision for the relief of insolvent debtors;
you enter into a voluntary arrangement under Part 1 of the Insolvency Act 1986, or any other scheme or arrangement is made with your creditors; or
you convene any meeting of your creditors, enter into voluntary or compulsory liquidation, have a receiver, manager, administrator or administrative receiver
appointed in respect of your assets or undertakings or any part thereof, any documents are filed with the court for the appointment of an administrator, notice of 
intention to appoint an administrator is given by you or any of your directors or by a qualifying floating charge holder (as defined in para. 14 of Schedule B1 of the Insolvency Act 1986), 
a resolution is passed or petition presented to any court for the winding up of your affairs or for the granting of an administration order, 
or any proceedings are commenced relating to your insolvency or possible insolvency.
 
Limitation of liability
Our liability under the Contract, and in breach of statutory duty, and in tort, misrepresentation or otherwise will be limited to this clause.
Subject to the clauses above on Inspection and Acceptance and Risk and Consignment all warranties, conditions or other terms implied by statute or common law 
(save for those implied by Section 12 of the Sale of Goods Act 1979) are excluded to the fullest extent permitted by law.
If we do not deliver the Goods, our liability is limited, subject to the clause below, to the costs and expenses incurred by you in obtaining replacement goods 
of similar description and quality in the cheapest market available, less the price of the Goods.
Our total liability will not, in any circumstances, exceed the total amount of the Price payable by you.
We will not be liable (whether caused by our employees, agents or otherwise) in connection with the Goods, for:
 
any indirect, special or consequential loss, damage, costs, or expenses; and/or
any loss of profits; loss of anticipated profits; loss of business; loss of data; loss of reputation or goodwill; business interruption; or, other third party claims; and/or
any failure to perform any of our obligations if such delay or failure is due to any cause beyond our reasonable control; and/or
any losses caused directly or indirectly by any failure or breach by you in relation to your obligations; and/or
any loss relating to the choice of the Goods and how they will meet your purpose or the use by you of the Goods supplied.
The exclusions of liability contained within this clause will not exclude or limit our liability for death or personal injury caused by our negligence; or for any matter for which it
would be illegal for us to exclude or limit our liability; and for fraud or fraudulent misrepresentation.
 
Communications
All notices under these Terms and Conditions must be in writing and signed by, or on behalf of, the party giving notice (or a duly authorised officer of that party).
Notices will be deemed to have been duly given:
 
when delivered, if delivered by courier or other messenger (including registered mail) during the normal business hours of the recipient;
when sent, if transmitted by fax or email and a successful transmission report or return receipt is generated;
on the fifth business day following mailing, if mailed by national ordinary mail; or
on the tenth business day following mailing, if mailed by airmail.
All notices under these Terms and Conditions must be addressed to the most recent address, email address or fax number notified to the other party.
 
Data protection
When providing the Goods to the Buyer, the Seller may gain access to and/or acquire the ability to transfer, store or process personal data of employees of the Buyer.
The parties agree that where such processing of personal data takes place, the Buyer shall be ‘data controller’ and the Seller shall be the ‘data processor’ as defined in
 the General Data Protection Regulation (GDPR) as may be amended, extended and/or re-enacted from time to time.
For the avoidance of doubt, ‘Personal Data’, ‘Processing’, ‘Data Controller’, ‘Data Processor’ and ‘Data Subject’ shall have the same meaning as in the GDPR.
The Seller shall only Process Personal Data to the extent reasonably required to enable it to provide the Goods as mentioned in these terms and conditions or as requested by 
and agreed with the Buyer, shall not retain any Personal Data longer than necessary for the Processing and refrain from Processing any Personal Data for its own or for any third party’s purposes.
The Seller shall not disclose Personal Data to any third parties other than employees, directors, agents, subcontractors or advisors on a strict “need-to-know” 
basis and only under the same (or more extensive) conditions as set out in these terms and conditions or to the extent required by applicable legislation and/or regulations.
The Seller shall implement and maintain technical and organisational security measures as are required to protect Personal Data Processed by the Seller on behalf of the Buyer. 
Further information about the Seller’s approach to data protection are specified in its Data Protection Policy, which can be sent on request to; admin@selamedical.co.uk. 
For any enquiries or complaints regarding data privacy, you can contact our Data Protection Officer at the following e-mail address: admin@selamedical.co.uk.
 
Circumstances beyond the control of either party
Neither party shall be liable for any failure or delay in performing their obligations where such failure or delay results from any cause that is beyond the
reasonable control of that party. Such causes include, but are not limited to: power failure, internet service provider failure, industrial action, civil unrest, 
fire, flood, storms, earthquakes, acts of terrorism, acts of war, governmental action or any other event that is beyond the control of the party in question.
 
No Waiver
No waiver by us of any breach of these Terms and Conditions by you shall be considered as a waiver of any subsequent breach of the same or any other provision.
 
Severance
If one or more of these Terms and Conditions is found to be unlawful, invalid or otherwise unenforceable, that / those provisions shall be deemed severed
from the remainder of these Terms and Conditions (which will remain valid and enforceable).
 
Law and jurisdiction
This Agreement shall be governed by and interpreted according to the law of England and Wales and all disputes arising under the Agreement 
(including non-contractual disputes or claims) shall be subject to the exclusive jurisdiction of the English and Welsh courts.