Privacy Policy

Privacy Policy

Purpose

This Policy serves to outline the aspects of General Data Protection Regulation (GDPR) relevant to CSI’s operation and ensure CSI complies with legislation.

Scope

This Policy applies to all CSI employees at all times when collecting, handling, or processing personal data in any format

Responsibilities

Applies to all CSI employees when handling private data.

Definitions and Abbreviations

GDPR - General Data Protection Regulation:

Personal data – Data that can identify an individual (e.g. name, address, email, National Insurance Number, bank details)

SME - Small and Medium-sized Enterprises, companies with less than 250 employees.

References

General Data Protection Regulation: Click for more info

GDPR rules for businesses and organisations: Click for more info

Policy

With the coming into force of the GDPR law as of 25 May 2018, companies now have certain obligations in relation to collecting, processing, and storing personal information. In the context of its current activities, CSI does not collect or store any data about patients, including patient personal details. However, CSI does collect, process, and store personal data in the form of contact details of suppliers, clients, and other entities for the purpose of carrying out its business and operational activities.

Justification for collecting, processing, and storing

Any personal data collected, processed or stored must be justified (i.e., it must have a justifiable purpose). There are 3 types of justification

For further details of our Policy please contact info@csint.com