• LinkedIn
  • Twitter
  • Support
  • Careers
  • Contact
  • Log in
CareFlow Medicines Management
  • Home
  • Solutions
    • Pharmacy Systems
    • EPMA System
    • Chemotherapy Software
    • ICU Care Management Software
    • Controlled Drug Manager
    • MAPP Hospital Healthcare App
    • Intelligence BI Business Software
    • EPMA And Pharmacy Medicine Management Training
  • Resources
    • Resources
    • Case Studies
  • News & Events
    • News
    • Events
  • About Us
    • Meet The Team
    • Leadership
    • Partners
    • Carbon Reduction Plan
  • Contact
  • Search
  • Menu Menu
You are here: Home1 / GDPR Statement

GDPR Statement

General Data Protection Regulation GDPR

Data Processing Statement between CareFlow Medicines Management Ltd (CMM) and Healthcare Clients

Section 1: Definitions

Client Systems: Any systems provided by CMM or necessary for the provision of the Support Services provided by CMM

Data Breach: A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to the Personal Data.

Data Controller: The Healthcare Client; the party determining the means and purposes of processing the Personal Data.

Data Processor: CMM the party processing the Personal Data on behalf of the Healthcare Client.

GDPR: The General Data Protection Regulation (EU)(2016/479).

Healthcare Client: The client of CMM for the purposes of this Statement .

Personal Data: Any personal data processed by CMM on behalf of the Healthcare Client as defined in Section 3 of this Statement.

Specified Purpose: A list of purposes for which Personal Data can be processed by CMM, as defined in Section 2 of this Statement.

Support Services: The services agreed between the parties to be provided by CMM.

Section 2: Data Sharing Principles

  1. For the purposes of any data sharing between Healthcare Clients and CMM, CMM will be the Data Processor and the Healthcare Client will be the Data Controller. CMM will also be a Data Processor for any data of Healthcare Clients that it receives on behalf of its Healthcare Clients.
  2. CMM will only process Personal Data strictly on the instructions of the Healthcare Client and as necessary for a Specified Purpose, as agreed with the Healthcare Client.
  3. Any access to Personal Data on the of Healthcare Clients Systems will only be granted to CMM when required as requested by the Healthcare Client for a Specified Purpose, as agreed with the Healthcare Client.
  4. Specified Purposes will include the maintenance of healthcare systems provided to the Healthcare Client by CMM,
  5. The limitations of these purposes will be specified in advance as agreed with the Healthcare Client. CMM will not process any personal data received from Healthcare Clients for any other purposes than those specified between CMM and the Healthcare Client. CMM will not be responsible for any Personal Data other than that specified in this Section 2 that is disclosed by the Healthcare Client to CMM.

    Section 3: Data Processing

  6. CMM will have access to Client Systems via a remote desktop connection, which will include access to personal data stored on the Client Systems, only as requested by the Healthcare Client.
  7. Support Services Requests from the Healthcare Client will only be processed by CMM if received from authorised personnel at the Healthcare Client.
  8. CMM will never request to receive any specific personal data from Healthcare Clients. Any personal data, including the personal data of patients, that CMM receives from its Healthcare Clients will only be received as provided by the Healthcare Client.
  9. CMM will only process the following Personal Data as received from the Healthcare Client:
    1. Patient Data – Limited to hospital ID numbers, patients’ names, patients’ dates of birth, patients’ gender;
    2. Sensitive Patient Data – Limited to patients’ medical conditions, drugs prescribed to patients
  10. The Healthcare Client will only provide CMM with data that is necessary for its specified purposes as outlined in Section 2 above. CMM and the Healthcare Client will agree on the data needed to be provided for these purposes on an ongoing basis.
  11. CMM will inform the Healthcare Client, on request, of any Personal Data it is holding, storing and otherwise processing on behalf of the Healthcare Client.

    Section 4: Data Security Measures

  12. CMM will take all reasonable organisational and technical measures to ensure compliance with obligations under the GDPR to ensure the security of any data it receives from Healthcare Clients.
  13. It will be the responsibility of the Healthcare Client to anonymise any Personal Data before providing this data to CMM for the purposes of IT Support.
  14. Where CMM receives, either from the Healthcare Client any Personal Data, CMM will reject the data and will not accept it until it is returned in an anonymised format.
  15. CMM will grant access only to the minimum number of staff required for carrying out the request from the client.
  16. CMM will notify Healthcare Clients within a reasonable amount of time if any Data Breach is detected or suspected to have occurred in relation to any Personal Data processed by CMM.

    Section 5: Data Deletion

  17. Any Personal Data that CMM receives from Healthcare Clients will only be stored for the duration of the task carried out for the Healthcare Client. Following this, it will be deleted from all electronic databases and any physical storage locations operated by CMM.
  18. CMM will take all reasonable measures to ensure the timely destruction of any Personal Data received which is deemed unnecessary for its functions, as provided for in Section 2 above and as agreed with the Healthcare Client.
  19. The data deletion will include:
    1. Hard copy documents contained Personal Data will be properly shredded and disposed of or returned to the Healthcare Client for destruction.
    2. Electronic files and email containing Sensitive Personal Data will be deleted from email inboxes, computer hard drives, USB/Flash drives, and external hard drives as soon as it is no longer needed for the relevant Support Services.
  20. Personal Data will only be stored by CMM for longer periods if specifically requested by the Healthcare Client.

Solutions

Pharmacy
EPMA
Chemotherapy
Critical Care
CD Manager
MAPP
Business intelligence
Training & consultancy

Navigation

Resources
News
Leadership 
Contact.

Information

Quality statement
Privacy policy
Recruitment Privacy Notice
GDPR Statement
Brexit & Transition Period Statement
Carbon Reduction Plan

Certification

The below certifications apply only to CareFlow Medicines Management Ltd and are in no way affiliated with the System C & Graphnet Care Alliance.

 

Copyright © 2021 CareFlow Medicines Management Ltd. All rights reserved. Website by Studio Zumfelde and Velocity Web
Careflow Medicines Management is part of
Scroll to top

YOUR COOKIE SETTINGS

We're using cookies or similar technologies as specified in our cookie policy to give you the best experience on our website.

 

You can find out more about which cookies we are using, or switch them off by clicking More Information.

Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Strictly Necessary Cookies

Strictly Necessary Cookie will be enabled at all times so that we can save your preferences for cookie settings.

If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.

3rd Party Cookies

This website uses Google Analytics to generate web analytics and for tracking how you use the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. The information generated by the cookie will be forwarded to Google servers in the U.S. for statistical analysis purposes only.

This website also uses a Marketo Munchkin cookie. This allows a website to track visitor behaviour on the sites on which the cookie is installed and to link a visitor to the recipient of an email marketing campaign, to measure campaign effectiveness and to gain information about how they are using a website for communication purposes. Tracking is performed anonymously until a user identifies themselves by submitting a form.

Please enable Strictly Necessary Cookies first so that we can save your preferences!