1. Introduction

Glarm Health Care Services is dedicated to safeguarding the privacy and security of personal data. This GDPR Compliance Policy outlines our approach to collecting, processing, and storing personal data in accordance with the General Data Protection Regulation (GDPR).

2. Data Controller and Data Protection Officer

a. Data Controller:

• Glarm Health Care Services

b. Data Protection Officer (DPO):

• Mr. Armah Joseph

3. Lawful Basis for Processing Personal Data

Glarm Health Care Services will ensure that personal data is processed lawfully, fairly, and transparently. We will identify and document the lawful basis for processing personal data before initiating the processing activities.

4. Data Minimization

We will only collect and process personal data that is necessary for the intended purpose. Unnecessary or excessive data collection will be avoided.

5. Consent

a. Obtaining Consent:

• Consent will be obtained from data subjects before processing their personal data, and it will be clearly communicated how their data will be used.

b. Withdrawal of Consent:

• Data subjects will be informed of their right to withdraw consent at any time.

6. Data Subject Rights

a. Access and Rectification:

• Data subjects have the right to access and rectify their personal data.

b. Erasure (Right to be Forgotten):

• Data subjects have the right to request the deletion of their personal data.

c. Data Portability:

• Data subjects have the right to receive their personal data in a structured, commonly used, and machine-readable format.

7. Data Security

a. Security Measures:

• Glarm Health Care Services will implement appropriate technical and organizational measures to ensure the security of personal data.

b. Data Breach Response:

• In the event of a data breach, Glarm Health Care Services will promptly assess the situation, take necessary steps to mitigate the impact, and notify the relevant authorities and affected individuals as required by GDPR.

8. Data Processing Records

Glarm Health Care Services will maintain records of data processing activities, including purposes, categories of data, recipients, and retention periods.

9. Data Protection Impact Assessments (DPIA)

DPIAs will be conducted for high-risk processing activities, and appropriate measures will be implemented to mitigate risks.

10. International Data Transfers

Any transfer of personal data outside the European Economic Area (EEA) will comply with GDPR requirements, including the use of standard contractual clauses or other appropriate safeguards.

11. Employee Training

All employees who handle personal data will receive training on GDPR compliance and data protection best practices.

12. Policy Review and Updates

This policy will be reviewed regularly to ensure ongoing compliance with GDPR regulations. Updates will be made as necessary to reflect changes in processes, legal requirements, or organizational needs.

Date of Last Update: 20 December, 2023