top of page

GDPR Policy 

1. Introduction


• Aeroclinique Ltd provides specialised medical services, including aviation and occupational health assessments.
• This policy outlines how we handle personal data in compliance with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.
• Aeroclinique Ltd is committed to protecting the rights of individuals and ensuring that their personal data is processed lawfully, fairly, and   transparently.

​​

2. Data Controller and Data Processor


• Aeroclinique Ltd acts as both a Data Controller and a Data Processor. As a Data Controller, we determine the purposes and means of            processing personal data. As a Data Processor, we process personal data on behalf of another controller.
• Our ICO (Information Commissioner's Office) registration reference is ZB717084.

​​

3. Personal Data We Collect


3.1 The personal data we collect may include:


• Personal information such as name, date of birth, address, and contact details.
• Personal characteristics such as gender or ethnicity.
• Health information, including medical records, test results, and reports.
• Employment details, including current and past job roles.
• Other relevant information required for the provision of our services.

4. Collection and Use of Personal Data


4.1 We collect personal data through various means, including:


• Directly from the individual during consultations, telephone calls, or written
correspondence.
• From employers, human resources, pension departments, or other relevant third parties.
• From healthcare providers with the individual's consent.

4.2 We use personal data for the following purposes:


• To provide medical assessments and treatment.
• To ensure the health and safety of individuals in their work environment.
• To assess eligibility for certain benefits, such as ill health retirement.
• To comply with regulatory requirements.

5. Lawful Basis for Processing


5.1 We process personal data based on the following lawful bases:


• Consent: The individual has given clear consent for us to process their personal data for
a specific purpose.
• Contract: The processing is necessary for a contract we have with the individual.
• Legal obligation: The processing is necessary for us to comply with the law.
• Legitimate interests: The processing is necessary for our legitimate interests or the
legitimate interests of a third party, unless overridden by the individual's rights and
interests.

6. Data Storage and Security


6.1 We store personal data securely in both paper and electronic formats. Our security
measures include:


• Locked filing cabinets for paper records.
• Secure servers and encryption for electronic records.
• Access controls to ensure only authorized personnel can access personal data.

6.2 We maintain personal data accurately and ensure it is kept up-to-date.

7. Data Retention

7.1 We retain personal data for as long as necessary to fulfill the purposes for which it was
collected and to comply with legal and regulatory requirements.

7.2 Specific retention periods include:


• Occupational health and pensions records: 6 years after the last entry.
• Health surveillance records: 30 or 40 years as required by relevant health and safety
legislation.
• Aviation medical records: Retained until we cease providing aeromedical services, after
which records will be transferred to the relevant authority.

8. Data Sharing and Transfers


8.1 We share personal data with third parties only with the individual's consent, or as
required by law. Third parties may include:


• Employers, managers, human resources, and pension departments.
• Other healthcare professionals involved in the individual's care.
• Regulatory bodies such as the Civil Aviation Authority (CAA) or EASA aviation authorities.
• Service providers who assist us in our operations and are bound by confidentiality
agreements

8.2 We do not transfer personal data outside the European Economic Area (EEA) unless it is
adequately protected.


9. Individual Rights


9.1 Individuals have the following rights regarding their personal data:

​• The right to be informed about how their data is collected and used.
• The right of access to their personal data.
• The right to rectification of inaccurate or incomplete data.
• The right to erasure of their personal data in certain circumstances.
• The right to restrict processing of their data.
• The right to data portability.
• The right to object to the processing of their data.
• The right to complain to the Information Commissioner's Office (ICO) if they believe their
rights have been violated.

10. Access and Control


10.1 Individuals can request access to their personal data at any time by contacting us at
aeroclinique@icloud.com


10.2 If any personal data is found to be inaccurate or incomplete, individuals can request
correction or deletion of the data.


10.3 Requests for data access, correction, or deletion will be processed within one month of
receipt.


10.4 Applicants requesting access, changes, or deletion of Aviation Medical records in Cellma
should be directed to the Civil Aviation Authority (CAA) as the Data Controller.


11. Policy Review


11.1 This GDPR policy will be reviewed regularly to ensure it remains up-to-date and
compliant with relevant legislation.


11.2 Changes to this policy will be communicated to all employees and contractors of
Aeroclinique Ltd.


For further information or to make a request regarding your personal data, please contact us at
aeroclinique@icloud.com

​​​​​​​

Aeroclinique

All rights reserved. Created for Aeroclinique by Wix created by Wixdoctors Limited

bottom of page