GDPR Policy for Medical Membership Program Ltd
Introduction:
Medical Membership Program Ltd ("the Company") is committed to protecting the privacy and personal data of its members in accordance with the General Data Protection Regulation (GDPR). This policy outlines how the Company collects, processes, stores, and protects personal data in compliance with GDPR requirements. This policy applies to all personal data collected from individuals participating in our global expat medical membership program.
1. Data Collection and Processing:
1.1. Lawfulness, Fairness, and Transparency: The Company will only collect and process personal data that is necessary for the provision of services and in compliance with applicable laws and regulations. Data subjects will be informed of the purpose, lawful basis, and scope of data processing.
1.2. Purpose Limitation: Personal data will be collected for specific and legitimate purposes and will not be further processed in a manner incompatible with those purposes.
1.3. Data Minimization: The Company will ensure that personal data collected is adequate, relevant, and limited to what is necessary for the intended purposes.
1.4. Accuracy: Reasonable steps will be taken to ensure that personal data collected is accurate, up to date, and complete. Data subjects have the right to request rectification of inaccurate or incomplete data.
2. Data Security:
2.1. Confidentiality and Integrity: The Company will implement appropriate technical and organizational measures to safeguard personal data against unauthorized access, loss, destruction, alteration, or disclosure. These measures will be regularly reviewed and updated as needed.
2.2. Data Retention: Personal data will be retained only for as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required or permitted by law.
3. Data Subject Rights:
3.1. Right to Access: Data subjects have the right to request access to their personal data and information about the processing activities.
3.2. Right to Rectification: Data subjects have the right to request the correction of inaccurate or incomplete personal data.
3.3. Right to Erasure: Data subjects have the right to request the erasure of their personal data under certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected or when the data processing is based on consent and the data subject withdraws consent.
3.4. Right to Restriction of Processing: Data subjects have the right to request the restriction of processing of their personal data in certain situations, such as when the accuracy of the data is contested or the processing is unlawful.
3.5. Right to Data Portability: Data subjects have the right to receive their personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller, where technically feasible.
4. Data Transfers:
4.1. Cross-Border Data Transfers: The Company may transfer personal data to countries outside the European Economic Area (EEA) or to international organizations where adequate safeguards are in place to ensure the protection of personal data as required by GDPR.
5. Data Breach Notification:
5.1. In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of data subjects, the Company will notify the relevant supervisory authority and affected individuals as required by GDPR.
6. Data Protection Officer:
6.1. The Company has appointed a Data Protection Officer (DPO) who is responsible for overseeing data protection matters. The DPO can be contacted at DPO@medicalmembershipprogram.com.
7. Compliance and Accountability:
7.1. The Company will regularly review and update its data protection policies and procedures to ensure compliance with GDPR and other applicable data protection laws and regulations.
7.2. The Company will cooperate with supervisory authorities and respond to data subject requests and inquiries
