KAFICO AND YOUR INFORMATION
Kafico Ltd takes your privacy very seriously.
We are registered with the Information Commissioner as a Data Controller and our registration number is ZA422651.
If you have any questions or wish to make a request in relation to your information, please contact the Director on emma.cooper@kafico.co.uk.
Kafico Ltd acts as an independent provider of Data Protection Officer services to various customers. Some of which are healthcare providers such as GP practices.
We do not transfer any personal data outside of the UK.
How Does Kafico Collect My Information?
We will collect information about you, either directly – when you contact us with data protection concerns or queries, or indirectly – when one of our customers passes your details to us so that we can provide you with advice and support.
Where possible we will ask our customers to redact your personal information, where it is not necessary for us to deliver our services.
There may be occasions when we will need to have information about you in order to properly respond to the query.
The information we collect will be stored on computer and electronic systems.
The information includes Personal Data;
Basic details about you, such as name, nature of your query and email address
as well as Sensitive Personal Data, (where it is provided by you directly);
Information that you provide about your health and any disabilities in relation to your data protection queries
Information about your home life such as marital status, sexual life in relation to your data protection queries
Where practices use our Managed Disclosure Service, we will have access to the full health record for patients including any digital records. We will only access these records in relation to a request that has been made to the practice (solicitors, army recruitment, gun licence, for example).
Kafico Ltd are permitted to collect, store, use and share this information, where necessary, under the General Data Protection Regulations 2016 and Data Protection Act 2018;
When our customer provides us with your information processing is necessary for the purposes of the legitimate interests pursued by the controller or third party.
When you contact us directly and provide information, The data subject (you) have provided their explicit consent
How Does Kafico Use My Information?
Kafico Ltd will use your information in the following ways;
The public / patients;
To provide you with support and guidance with respect to data protection law
To respond to your requests to exercise your information rights
To support our customers to give effect to your information rights
To respond to queries via the website
Where practices use our Managed Disclosure Service, we will have access to the full health record for patients including any digital records. We will use these records to authenticate identity for the request, identify and redact any items that need to be withheld, collate and send the records securely to the requestor
Our customers
To provide you with support and guidance with respect to data protection law
To maintain logs such as training figures
To maintain a list of contact information (where you have not objected)
To undertake some of these activities, your information will be shared internally across our teams. We will work to ensure that only the right people have your information and that they are only given the information they need.
Who Does Kafico Share My Information With?
Kafico Ltd works hard to ensure that only the right people have your information and that they are only given the information they need.
Kafico Ltd uses other companies to help us deliver some of our services such as;
Shared Network Drive (Microsoft 365)
Website provider (Wix)
Accounting software (Quickbooks)
Email provider (Microsoft or NHS Mail)
Pension provider (NEST)
Recruitment portal provider (Indeed)
Accountant (Direct Accountants UK)
Telecommunications (Webex)
Personal data will never be made available to organisations not related directly to our identified uses without letting you know and giving you a chance to object.
Where practices use our Managed Disclosure Service, we will share records with the requestor (police, solicitors, army recruitment, firearms licence issuers, DVLA etc) but only insofar as it is lawful and appropriate to do so.
We have contracts in place with these organisations that prevent them from using it in any other way that how we tell them to. These contracts also require them to maintain good standards of security to ensure your confidentiality.
Will Kafico Ever Share My Information Without Asking Me?
Sometimes we will be required by law to share your information and will not always be able to discuss this with you directly.
Examples are;
Sharing with the police or tax authorities for the detection or prevention of crime
Where it is in the wider public interest – to keep the public safe for example
To safeguard children or vulnerable adults
Because the court has told us we must share.
Where practices use our Managed Disclosure Service, we will share records with the requestor (police, solicitors, army recruitment, firearms licence issuers, DVLA etc) but only insofar as it is lawful and appropriate to do so.
What Are My Information Rights?
Data protection law provides you with a number of rights that Kafico Ltd is committed to supporting you with;
Right to Access
You have the right to obtain:
confirmation that your information is being used, stored or shared by Kafico Ltd
a copy of information held about you
If you only require a particular part of your record, tell us and this can reduce the time it takes to provide it
We will respond to your request within one month of receipt or will tell you when it might take longer.
We are required to validate your identity including the identity of someone making a request on your behalf
Right to Object or Withdraw Consent
We collect, use, store and share your information because we are permitted to by law; in order to respond to your queries or provide data protection support to our customers, but you do have a right to object to us doing this.
When we collect, use, store or share your information based on your consent, you have a right to withdraw that consent at any time.
Our Data Protection Officer will be happy to speak with you about any concerns you have.
Right to Correction
If information about you is incorrect, you are entitled to request that we correct it.
There may be occasions, where we are required by law to maintain the original information – our Data Protection Officer will talk to you about this and you may request that the information is not used during this time
We will respond to your request within one month of receipt or will tell you when it might take longer.
Right to Portability
You can ask us to send your information to another organisation on your behalf if you wish.
Complaints
You also have the right to make complaints and request investigations into the way your information is used. Please contact our Data Protection Officer or visit the link below for more information.
For more detailed information on your rights visit https://ico.org.uk/for-the-public/.
Does Kafico Use Profiling or Automated Decision Making?
No; Kafico Ltd does not undertake automatic profiling or automated decision making in relation to your information.
Our Data Protection Officer will be happy to speak to you about this if you have concerns.
How Does Kafico Protect My Information?
Kafico Ltd are committed to ensuring the security and confidentiality of your information. There are a number of ways we do this;
Staff receive regular training about protecting and using personal data
Policies are in place for staff to follow and are regularly reviewed
We check that only the minimum amount of data is shared or accessed
We use controlled access to systems, this helps to ensure that the right people are accessing data – people with a ‘need to know’
We use encrypted emails and storage which would make it difficult for someone to ‘intercept’ your information
We report and manage incidents to make sure we learn from them and improve
We put in place contracts that require providers and suppliers to protect your data as well
How Long Does Kafico Store My Information?
The public / patients
Data Protection Queries made by members of the public are retained for 3 years to allow us to respond to any follow up queries. However, once the initial query or request is resolved, we will make a summary of the outcome, remove identifiers and keep in a de-identified form until it is time to be destroyed.
Where we have downloaded copies of medical records in relation to our Managed Disclosure Service, we will retain the records for 3 months and then they are completely deleted. We will keep emails that relate to the review and processing of the request (but not the health records) for 3 years following the disclosure of the records.
Our customers
Kafico will retain / store your information for the duration of your contact with us and for 3 years following termination of contract. This helps support us should there be any matters arising.
What About Cookies or Information Submitted via This Website?
Kafico only use cookies that support the provision of this website and allow us to see how our site is performing (what you have clicked on for example) and do not share information with any third party for direct marketing purposes.
If you contact us via this website, we will provide you with information about how it will be used, stored and shared once we have identified the nature of your request.
What About Marketing Emails and Blog Updates?
Where we think they would be of interest, we will send you occasional emails about products and services that we offer.
If we email individuals using their personal data, this will only happen if you have signed up for these communications or if we have an existing relationship with you and feel that you would be interested and expect us to keep you updated.
You can unsubscribe to these emails at any time by clicking the link within the emails.
Changes to this Notice
Where we make material changes to our processing activities, we will contact relevant stakeholders as appropriate.
Notice updates
30/07/23 – Updated to include the “Changes to this Notice” section
For any questions, please contact our Data Protection Officer on info@kafico.co.uk
