[et_pb_section fb_built=”1″ _builder_version=”4.16″ global_colors_info=”{}”][et_pb_row _builder_version=”4.16″ global_colors_info=”{}”][et_pb_column type=”4_4″ _builder_version=”4.16″ global_colors_info=”{}”][et_pb_text _builder_version=”4.27.5″ global_colors_info=”{}”]<\/p>\n
Last updated: January 2025<\/strong><\/p>\n My Vital Metrics is committed to protecting the privacy, confidentiality, and security of all personal data processed during the provision of diagnostic and health-testing services. This policy outlines our compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We ensure that all personal data is processed lawfully, fairly, transparently, and securely throughout its lifecycle.<\/p>\n The purpose of this policy is to ensure that My Vital Metrics complies with data protection legislation, protects the rights of all individuals whose data we process, and operates transparently in how personal data is collected, used, stored, shared, and disposed of. This policy also ensures that risks associated with data processing are effectively managed and minimised.<\/p>\n This policy applies to all staff, contractors, temporary workers, and any individuals or systems involved in the processing of personal data across My Vital Metrics operations in London and Manchester. It covers all forms of personal data, including client health information, booking details, staff information, and digital data processed through our systems and platforms.<\/p>\n My Vital Metrics adheres to the UK GDPR principles. Personal data must always be processed lawfully, fairly, and transparently; collected for specified and legitimate purposes; adequate and limited to what is necessary; accurate and kept up to date; retained only for as long as necessary; and stored and handled securely at all times.<\/p>\n My Vital Metrics processes personal data only where a lawful basis exists under the UK GDPR. Contract is used when data is required to deliver services that an individual has booked. Consent is used for optional activities such as marketing, and can be withdrawn at any time. Legitimate interests apply when processing supports operational improvement or system security and does not override individual rights. Legal obligation applies where processing is required to meet statutory or regulatory requirements. All lawful bases are reviewed regularly to ensure compliance.<\/p>\n My Vital Metrics may process identification details, clinical and health information, payment information, staff employment details, booking information, and website or digital analytics data. Only the minimum data necessary is collected and processed.<\/p>\n We use appropriate organisational and technical measures to keep data secure. These include encrypted storage, secure transfer, access controls, password protection, mandatory staff training, and regular audits of system access and data-handling practices.<\/p>\n Personal data is retained only for as long as required. Client records are retained for seven years after the last appointment. Financial records are retained for six years for HMRC compliance. Staff records are retained for six years after employment ends. Data is securely deleted when no longer required.<\/p>\n Personal data is shared only when necessary for service delivery or where legally required. This may include accredited laboratories, IT providers, or regulatory bodies. All third parties must comply with UK GDPR and have appropriate data-processing agreements in place. Data is never sold or shared for non-essential purposes.<\/p>\n Individuals have the right to access their data, request corrections, request deletion where appropriate, restrict processing, object to certain processing activities, and request data portability. My Vital Metrics responds to all valid requests within one calendar month.<\/p>\n All suspected data breaches must be reported immediately to the Data Protection Lead. My Vital Metrics investigates all incidents promptly and takes appropriate action. Where required, breaches are reported to the ICO within 72 hours.<\/p>\n All staff must follow secure data-handling procedures, maintain confidentiality, complete data-protection training, and report any concerns or potential breaches without delay.<\/p>\n For all data-protection enquiries, individuals may contact the Data Protection Lead at info@myvitalmetrics.com. All enquiries will be handled in line with UK GDPR requirements.<\/p>\n <\/p>\n [\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":" My Vital Metrics \u2013 Data Protection Policy (UK GDPR) Last updated: January 2025 1. Policy Statement My Vital Metrics is committed to protecting the privacy, confidentiality, and security of all personal data processed during the provision of diagnostic and health-testing services. This policy outlines our compliance with the UK General Data Protection Regulation (UK GDPR) […]<\/p>\n","protected":false},"author":2,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"class_list":["post-807854","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/myvitalmetrics.com\/wp-json\/wp\/v2\/pages\/807854","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/myvitalmetrics.com\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/myvitalmetrics.com\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/myvitalmetrics.com\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/myvitalmetrics.com\/wp-json\/wp\/v2\/comments?post=807854"}],"version-history":[{"count":2,"href":"https:\/\/myvitalmetrics.com\/wp-json\/wp\/v2\/pages\/807854\/revisions"}],"predecessor-version":[{"id":808408,"href":"https:\/\/myvitalmetrics.com\/wp-json\/wp\/v2\/pages\/807854\/revisions\/808408"}],"wp:attachment":[{"href":"https:\/\/myvitalmetrics.com\/wp-json\/wp\/v2\/media?parent=807854"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}1. Policy Statement<\/h3>\n
2. Purpose<\/h3>\n
3. Scope<\/h3>\n
4. Data Protection Principles<\/h3>\n
5. Lawful Basis for Processing<\/h3>\n
6. Data We Process<\/h3>\n
7. Data Security<\/h3>\n
8. Data Retention<\/h3>\n
9. Data Sharing<\/h3>\n
10. Data Subject Rights<\/h3>\n
11. Data Breach Management<\/h3>\n
12. Staff Responsibilities<\/h3>\n
13. Contact Details<\/h3>\n