• Follow us
mailphone07944 125 633

Data Protection Policy

This Data Protection Policy explains how Her Health Partnerships Ltd (“we”, “our”, “us”) collects, uses, and protects personal information. By using our services, you agree to the practices described in this policy.

Purpose and Scope

We are committed to protecting all personal information (PI) in our care. This includes ensuring its accuracy, confidentiality, and availability, and allowing individuals to request access or corrections.

This policy applies to all personal and sensitive data we process across HR, Finance, Customer, and other business functions. It covers employees, contractors, subcontractors, and suppliers, ensuring compliance with legal, regulatory, and contractual privacy requirements.

Our Approach to Data Privacy

Privacy by Design and by Default

We follow the principles of privacy by design and default:

  • Limit collection – we only collect the minimum data necessary.

  • Limit processing – data is only processed for legitimate purposes.

  • Maintain accuracy and quality – data is kept accurate, complete, and up to date.

  • Minimise use – we reduce or remove data when it is no longer required.

Data Privacy Principles

We apply the following principles:

  1. Patient data is treated with the highest level of sensitivity.

  2. Personal information must be accurate, relevant, and complete.

  3. Access to sensitive information is strictly controlled.

  4. Data is used only as intended and protected against misuse.

  5. Data Privacy Impact Assessments (DPIAs) are performed for new projects.

  6. Security measures protect data integrity and confidentiality.

  7. Staff are trained to understand and apply data protection practices.

Collecting Personal Information

  • We explain the purpose of data collection at or before the time of collection.

  • Consent is obtained where required.

  • Data is retained only as long as necessary for legal or business purposes.

  • Where third parties process data on our behalf, we ensure appropriate agreements are in place.

Disclosure of Information

  • External requests for personal information are referred to our Data Protection Officer (DPO).

  • Employees requesting access outside of standard processes must go through the Information Officer.

  • Individuals may request corrections to their personal data.

Handling and Storage

  • Data is collected, stored, transmitted, and processed only as needed.

  • Data that is no longer required is securely destroyed.

  • Appropriate security measures are in place when information is moved or transferred.

  • Systems and screens are positioned to protect data from unauthorised viewing.

  • Access is granted only to those with a genuine business need.

Enforcement and Violations

All staff and contractors must comply with this policy.

  • Management is responsible for ensuring compliance within their areas.

  • Breaches may result in disciplinary action or legal consequences, depending on severity.

  • Compliance with this policy is monitored and reviewed regularly.

Commitment

Her Health Partnerships Ltd is committed to continuously improving its data protection measures, in line with evolving regulations and NHS Data Security and Protection Toolkit requirements.