Hello!


Thank you for your interest in Always Best Care.
Unfortunately, we do not yet have an office in your area.
We are always expanding our coverage, though, so please check back with us soon.

Best regards … always!

Michael Newman, Founder & CEO
Always Best Care Senior Services

 

Always Best Care Canada

 

 

For a personalised care plan, call 

0800 046 7469 

 

 

PRIVACY AND PROTECTION OF PERSONAL DATA

At Always Best Care, your private and personal health care data is protected under the Directive on the Protection of Personal Data.  In the United Kingdom the Data Protection Act 1998 (Information Commissioner) implemented the EU Directive on the Protection of Personal Data.  It replaced the Data Protection Act 1984.

 

The Data Protection Directive (officially Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data) is a European Union directive adopted in 1995 which regulates the processing of personal data within the European Union. It is an important component of EU privacy and human rights law. On 25 January 2012, the European Commission unveiled a draft European General Data Protection Regulation that will supersede the Data Protection Directive.

 

Scope

The directive regulates the processing of personal data regardless of whether such processing is automated or not.

 

Personal data are defined as "any information relating to an identified or identifiable natural person ("data subject"); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity;" (art. 2 a)

 

This definition is meant to be very broad. Data are "personal data" when someone is able to link the information to a person, even if the person holding the data cannot make this link. Some examples of "personal data" are: address, credit card number, bank statements, criminal record, etc.

 

The notion processing means "any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction;" (art. 2 b)

 

The responsibility for compliance rests on the shoulders of the "controller", meaning the natural or artificial person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; (art. 2 d)

 

The data protection rules are applicable not only when the controller is established within the EU, but whenever the controller uses equipment situated within the EU in order to process data. (art. 4) Controllers from outside the EU, processing data in the EU, will have to follow data protection regulation. In principle, any online business trading with EU citizens would process some personal data and would be using equipment in the EU to process the data (i.e. the customer's computer). As a consequence, the website operator would have to comply with the European data protection rules. The directive was written before the breakthrough of the Internet, and to date there is little jurisprudence on this subject.

 

The proposed new European Union Data Protection Regulation (a draft for which was unveiled in January 2012) extends the scope of the EU data protection law to all foreign companies processing data of European Union residents.

 

Principles

Personal data should not be processed at all, except when certain conditions are met. These conditions fall into three categories: transparency, legitimate purpose, and proportionality.

 

Transparency

The data subject has the right to be informed when his personal data is being processed. The controller must provide his name and address, the purpose of processing, the recipients of the data and all other information required to ensure the processing is fair. (art. 10 and 11)

 

Data may be processed only under the following circumstances (art. 7):

  • when the data subject has given his consent
  • when the processing is necessary for the performance of or the entering into a contract
  • when processing is necessary for compliance with a legal obligation
  • when processing is necessary in order to protect the vital interests of the data subject
  • processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller or in a third party to whom the data are disclosed
  • processing is necessary for the purposes of the legitimate interests pursued by the controller or by the third party or parties to whom the data are disclosed, except where such interests are overridden by the interests for fundamental rights and freedoms of the data subject. The data subject has the right to access all data processed about him. The data subject even has the right to demand the rectification, deletion or blocking of data that is incomplete, inaccurate or isn't being processed in compliance with the data protection rules. (art. 12)

 

Legitimate purpose

Personal data can only be processed for specified explicit and legitimate purposes and may not be processed further in a way incompatible with those purposes. (art. 6 b)

 

Proportionality

Personal data may be processed only insofar as it is adequate, relevant and not excessive in relation to the purposes for which they are collected and/or further processed. The data must be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that data which are inaccurate or incomplete, having regard to the purposes for which they were collected or for which they are further processed, are erased or rectified; The data shouldn't be kept in a form which permits identification of data subjects for longer than is necessary for the purposes for which the data were collected or for which they are further processed. Member States shall lay down appropriate safeguards for personal data stored for longer periods for historical, statistical or scientific use. (art. 6)

 

When sensitive personal data (can be: religious beliefs, political opinions, health, sexual orientation, race, membership of past organisations) are being processed, extra restrictions apply. (art. 8)

 

The data subject may object at any time to the processing of personal data for the purpose of direct marketing. (art. 14)

 

A decision which produces legal effects or significantly affects the data subject may not be based solely on automated processing of data. (art. 15) A form of appeal should be provided when automatic decision making processes are used.

 

Transfer of personal data to third countries

Third countries is the term used in legislation to designate countries outside the European Union. Personal data may only be transferred to third countries if that country provides an adequate level of protection. Some exceptions to this rule are provided, for instance when the controller himself can guarantee that the recipient will comply with the data protection rules.

 

The Directive's Article 29 created the "Working party on the Protection of Individuals with regard to the Processing of Personal Data," commonly known as the "Article 29 Working Party". The Working Party gives advice about the level of protection in the European Union and third countries.

 

References

Source:  Wikipedia.org, November 2014

 

"New draft European data protection regime". m law group. Retrieved 20 February 2012. 

See The Organization for Economic Co-Operation and Development, Guidelines on the Protection of Privacy and Transborder Flows of Personal Data, available at http://www.oecd.org/document/18/0,2340,en_2649_34255_1815186_1_1_1_1,00.html (last modified January 5, 1999)

 

Anna Shimanek, Note, Do you Want Milk with those Cookies?: Complying with Safe Harbor Privacy Principles, 26 Iowa J. Corp. L. 455, 462–463 (2001)

 

A divided Europe wants to protect its personal data wanted by the US, Rue 89, 4 March 2008 (English)

 

Brussels attacks new US security demands, EUobserver. See also Statewatch newsletter February 2008

Statewatch March 2008

 

 

                                            

 

 

 

   

 





 








 


 

Home|
Contact Us| Sitemap |Privacy Policy