What this Notice covers
Case Management Services Ltd (CMS) is committed to protecting the privacy and security of our service users personal information.
This Privacy Notice describes how we collect and use personal information about you during and after your working relationship with us. This is in accordance with the General Data Protection Regulation (GDPR) and data protection legislation. It applies to all aspects of our services including case management, treatment and medical legal assessments.
Identity of the data controller
Julie Marshall, Office Manager is a “data controller”. CMS are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this privacy notice.
What personal information we may hold
Categories of personal data we process can include:
- Full name, Date of Birth, Address, Racial or ethnic background
- Next of kin and family details
- Email address, Telephone numbers
- Details of legal, medical and rehabilitation team
- Financial information including Deputyship details
- Court information
- Employment information
- Medical, rehabilitation and social care history and records
- Physical or mental health conditions
- Assessment test material
Sources of personal data
We collect personal information about you through assessment, medical records or liaison with third parties which you have given us permission to speak with, for example your employer.
Our purposes for processing your data
Is to allow us to provide you with services related to rehabilitation and or to enable CMS to advise their clients for the purposes of Court proceedings necessary to pursue a claim for damages for personal injury or medical negligence.
Who has access to your data
We may share your personal information with third parties where required by law, where it is necessary to work together or where we have another legitimate interest in doing so. Consent will be sought prior to your information being sought. Where we do so, we will require third parties to respect the security of your data and to treat it in accordance with the law. The data we share will not be irrelevant or excessive with regard to the Agreed Purpose.
Security of your data
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information. We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
How we decide how long to retain your data?
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Further information can be obtained by requesting our Storage, Retention and Disposal policy.
You have the right to:
- Request access to, and a copy of, your personal information
- Request correction of the personal information that we hold about you
- Request erasure of your personal information.
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
If you believe CMS has not complied with your rights, you can complain to the Information Commissioner.
Changes to this Privacy Notice:
CMS reserves the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates.