Online
Reservation
Integer congue malesuada eros congue varius. Sed malesuada dolor eget velit pretium. Etiam porttitor finibus. Nam suscipit vel ligula at dharetra
GDPR COMPLIANCE STATEMENT:
The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a privacy and data protection regulation in the European Union (EU) and will be enforceable from May 25 2018 and requires no enabling legislation so automatically becomes binding and applicable on that date.
The GDPR imposes new obligations on organisations that control or process relevant personal data and introduces new rights and protections for EU data subjects.
The GDPR applies to data processing carried out by organisations operating within the EU. It also applies to organisations outside the EU that offer goods or services to individuals in the EU.
Community Wellness Services Ltd places a high importance on information security.
Community Wellness Services Ltd are:
- Processors for our hosted client data;
- Controllers of our client and supplier contact information, required to; manage & deliver services under contract; manage customer requests & incidents;
- Controllers for personnel information in relation to Community Wellness Services employees.
Our Approach
During our journey to GDPR compliance Community Wellness Services has been and is continuing to work very closely with an external advisors to ensure we have the expertise required to implement the legislation requirements accurately and comprehensively.
We view GDPR as a constant programme of works that will require continuous monitoring, management and improvement.
Work streams and actions taken
The table below shows the main activities to ensure compliance:
| Requirements | Activity |
| Data Impact Assessments & Data Inventory | We have undertaken a review of the data we store, manage, maintain, collect,process and control. This includes offline storage and paper records. Assessments of the data will review information flow, any data transfers, risk reviews, and structural position in relation to Lawfulness, Purpose, Minimisation, Accuracy, Consent, Limitation, Integrity & Confidentiality, Record Keeping and Accountability. |
| Customer Contracts | All new clients sign a GDPR ready Master Service Agreement and GDPR ready
Variation Agreements are available for all existing contracts. |
| Policy Development | We are reviewing all our existing policies that have a GDPR link in conjunction with ISO work streams. |
| Website Data Collection & Consent, Privacy Notice | The existing Community Wellness Services Ltd privacy notice has been updated to cover the new GDPR requirement. |
| GDPR training and awareness | Internal staff briefings and training have been carried out and senior management are aware of their corporate responsibilities. |
| Supplier & Partner relationships | These are under review to ensure GDPR compliance is satisfactory from our third parties. Where required, GDPR supplier agreements are being completed to ensure that our third party and suppliers are complying with the GDPR. |
| Technology reviews | We are reviewing our technology platforms to analyse their operation, security, compliance in order to ensure that they meet the standards we have laid down and identify any gaps and risks. |
| Privacy by Design | This now forms a compulsory consideration for all technical design alongside ‘security by design’. |
| DPO appointment | A virtual DPO is in situ with the role shared amongst the Directors at Community Wellness Services Ltd |