Privacy - MediWales

Data Protection Policy

MediWales collects, stores and uses information about people with whom it communicates. This personal information must be dealt with properly and securely however it is collected, recorded and used – whether on paper, in a computer, or recorded on other material – and there are safeguards to ensure this in the Data Protection Act 1998.

MediWales regards the lawful and correct treatment of information as very important to the successful and efficient performance of its functions, and to maintain confidence between those with whom it deals.

To this end MediWales fully endorses and adheres to the Principles of Data Protection, as set out in the Data Protection Act 1998.

Eight Data Protection Principles

Whenever collecting information about people MediWales applies the Eight Data Protection Principles:

Personal data should be processed fairly and lawfully
Personal data should be obtained only for the purpose specified
Data should be adequate, relevant and not excessive for the purposes required
Accurate and kept up-to-date
Data should not be kept for longer than is necessary for purpose
Data processed in accordance with the rights of data subjects under this act
Security: appropriate technical and organizational measures should be taken unauthorized or unlawful processing of personal data and against accidental loss or destruction or damage to personal data
Personal data shall not be transferred outside the EEA unless that country or territory ensures an adequate level of data protection

Working from home

Home computers should have records removed once project/work records no longer needed at home
Staff agree to try to keep work taken home relatively secure, to return all work related material upon the completion /termination of their contract; and organization should be informed if information have got into wrong hands

Security Statement

MediWales has taken measures to guard against unauthorised or unlawful processing of personal data and against accidental loss, destruction or damage.

This includes:

Adopting an information security policy (this document is our policy)
Taking steps to control physical security (projects and staff records are all kept in a locked filing cabinet)
Putting in place controls on access to information (password protection on files and server access)
Establishing a business continuity/disaster recovery plan (MediWales takes regular back-ups of its computer data files and this is stored away from the office at a safe location)
Training all staff on security systems and procedures

Compliance

Compliance with the Act is the responsibility of all staff, paid or unpaid.

MediWales will regard any unlawful breach of any provision of the Act by any staff, paid or unpaid, as a serious matter which will result in disciplinary action.

Any employee who breaches this policy statement will be dealt with under the disciplinary procedure which may result in dismissal for gross misconduct. Any such breach could also lead to criminal prosecution.

Any questions or concerns about the interpretation or operation of this policy statement should in the first instance be referred to the line manager.

Retention of Data

No documents will be stored for longer than is necessary.

All documents containing personal data will be disposed of securely in accordance with the Data Protection principles.

Cookie Policy

Cookie	Duration	Description
ARRAffinity	session	ARRAffinity cookie is set by Azure app service, and allows the service to choose the right instance established by a user to deliver subsequent requests made by that user.
ARRAffinitySameSite	session	This cookie is set by Windows Azure cloud, and is used for load balancing to make sure the visitor page requests are routed to the same server in any browsing session.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
DYNSRV	session	This cookie is used for load balancing purposes to decide which server to send the visitor.
ep201	30 minutes	This cookie is set by Wufoo for load balancing, site traffic and preventing site abuse.
exp_csrf_token	past	This cookie is used for the purpose of website security that is Cross-Site-Request forgery prevention. It is used to identify the trusted web traffic.
JSESSIONID	session	The JSESSIONID cookie is used by New Relic to store a session identifier so that New Relic can monitor session counts for an application.
PHPSESSID	session	This cookie is native to PHP applications. The cookie is used to store and identify a users' unique session ID for the purpose of managing user session on the website. The cookie is a session cookies and is deleted when all the browser windows are closed.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
exp_last_activity	1 year	This cookie is used by the website Content Management System. This cookie is used to record the time of last page load.
exp_last_visit	1 year	This cookie is used by the website Content Management System. This cookie is used to store the last visit date of the registered users.
exp_stashid	session	This cookie is set by the provider ExpressionEngine. This cookie is used for page caching. The cookie creates a unique ID which is used to determine the current state of the website and actions performed by the visitor.
vuid	2 years	Vimeo installs this cookie to collect tracking information by setting a unique ID to embed videos to the website.

Cookie	Duration	Description
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.

Cookie	Duration	Description
CSPSESSIONID-SP-8443-UP-redirects-	session	No description available.
EMSSESSIONID	session	No description
ep202	3 months	This cookie is set by the provider Surveymonkey. This cookie is used for statistical analysis and website optmization. It gathers information on user's interaction with the SurveyMonkey- Widget on thewebsite.
GS_GROUP	1 month	No description available.
GS_RESTRICT	session	No description available.
GS_REVENUE_LOC	1 month	No description available.
PERSIST-COOKIE-ENC	session	No description available.
ppwp_wp_session	30 minutes	No description
SKTID	1 year	No description
SQ_SYSTEM_SESSION	session	No description available.

Select categories:

Select categories:

Privacy Policy

Data Protection Policy

Eight Data Protection Principles

Working from home

Security Statement

Join the conversation

Helpful information

Subscribe to our Mediwales newsletter