Client Confidentiality & Privacy Policy
At the MVA Society, we are committed to protecting the privacy and confidentiality of our patients, clients, and their families.
This privacy policy outlines how we collect, use, store, and share personal information in compliance with privacy laws in the United Kingdom, GDPR (General Data Protection Regulation) in Europe, and HIPAA (Health Insurance Portability and Accountability Act) regulations in the United States.
Information We Collect
We collect personal information that may include:
- Name, address, and contact details
- Date of birth and demographic information
- Medical history and current health information
- Treatment plans and progress notes
- Family medical history
- Health insurance information (where relevant and applicable)
This information is collected directly from you, your family members (with your consent), or from other healthcare providers involved in your care.
How We Use Your Information
Your personal information is used to:
- Provide and coordinate your support and (where relevant and applicable) healthcare treatment
- Communicate with you about your support and ongoing treatment
- Manage our organisation’s operations
- Comply with legal and regulatory requirements
- Provide a link to organisations that may be able to support you outwith the NHS1, with your express written consent and permission
- Work with other research and support operations to support their research and analysis (in anonymised form)
We process this data based on your explicit consent, for the performance of a contract, or to fulfil our legitimate interests as a military medical charity.
1 Academic and other research organisations, and clinical trials for novel treatments both within and outwith the UK
Information Sharing
We may share your information with:
- Members of our Board of Trustees, strictly on a need-to-know basis
- Other healthcare providers involved in your care
- Cancer and other research trials, with your explicit consent
- Regulatory bodies, when required by law
All information sharing is conducted in compliance with HIPAA, GDPR, and UK privacy laws.
Data Security
We take the security of your personal and medical information extremely seriously and implement robust security measures to protect your personal information from unauthorised access, alteration, disclosure, or destruction.
These measures include:
- Password protection or encryption of digital records
- Secure storage of physical records
- Regular staff training on data protection
- Data access controls and authentication procedures
Your Rights
Under GDPR and UK data protection laws, you have the right to:
- Access your personal information
- Request corrections to inaccurate data
- Request deletion of your data (where applicable)
- Object to certain processing of your data
- Request data portability
- Withdraw consent for data processing
To exercise these rights, please contact our nominated Chairman / Data Protection Officer.
Data Retention
We retain your personal information for as long as necessary to provide you with healthcare services and to comply with legal, regulatory, and operational requirements.
The specific retention period varies depending on the type of information and applicable regulations.
Changes to This Policy
We may update this privacy policy periodically to reflect changes in our practices or legal requirements. We will notify you of any significant changes through our website or direct communication.
Contact Us
If you have any questions about this privacy policy or our data practices, please contact our Chairman / Data Protection Officer at info@mvasociety.org
This privacy policy was last updated on 12th November 2024.
By using our services, you acknowledge that you have read and understood this privacy policy and consent to the collection, use, and disclosure of your information as described herein.
Charity number: 1210996 Registered in England and Wales