Privacy Policy – Aeromedicals

AME PARTNERS LTD PRIVACY POLICY

1. Introduction

1.1. AME Partners Ltd. carries out aviation medicals and other occupational health medicals primarily for pilots, cabin crew and drivers.
1.2. When you register as a client with AME Partners Ltd. we gain a legitimate interest in storing and using your information in accordance with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.
1.3. Under GDPR, health information has a higher degree of protection than general personal data. We hold your health information with your explicit consent, and for regulatory purposes only.
1.4. If we carry out an aviation medical for you and your medical records are held by the UK Civil Aviation Authority (CAA), the CAA is the Data Controller for your personal information, and we act as Data Processors.
1.5. If we carry out an aviation medical for you and your medical records are held by an EASA National Aviation Authority (NAA), that NAA is the Data Controller for your personal information, and we act as Data Processors.
1.6. For all other services, AME Partners Ltd. can be considered as the Data Controller and we are registered with the Information Commissioners Office (ICO) reference number ZA780133.

2. What personal information do we hold about you?

2.1. A copy of your initial registration form and medical certificate application form containing your contact information, past medical history, current employment and, where relevant, your flying experience.
2.2. A copy of your photo identification.
2.3. A record of the results of all medical tests and examinations carried out by us.
2.4. A copy of all medical reports and blood tests provided directly or indirectly by you.
2.5. Your previous medical certificates surrendered upon issue of a new certificate.

3. How do we store your personal information?

3.1. Hardcopies of your information are stored in locked metal filing cabinets on our premises.
3.2. Electronic copies of your information are stored on password protected computers using full disk encryption and backed up on Dropbox (the Dropbox service used is GDPR compliant and encrypts all files both in transit and at rest).
3.3. For EASA and CAA medicals, an electronic copy of your information is stored on the medical records database at the CAA or another EASA national aviation authority, if your state of licence issue is not the UK.

4. How we use/share your personal information?

4.1. Your personal information is used for the sole purpose of determining your medical status, issuing medical certificates and maintaining a full and complete medical history as required by the relevant regulating bodies such as EASA, the CAA and the DVLA. We will also use it to contact you on matters pertaining to your medical certification, including advising you when your medical certificate is about to expire.
4.2. All employees of AME Partners Ltd. that require access to your personal information are bound by a duty of confidentiality and have signed confidentiality agreements.
4.3. For aviation medical clients we will also share your information with the CAA (or another EASA national aviation authority if your state of licence issue is not the UK) to be used solely for regulatory purposes.
4.4. Your personal information will not be shared with any other person or official body without your express permission, unless we are required to do so by law.

5. How long do we hold your personal information?

5.1. For all services we will normally retain your personal information at least until such time as you advise us that you no longer wish to be registered with our practice.
5.2. For aviation medical clients, we are required by the CAA to hold your medical records until such time as we cease providing aeromedical services due to retirement or closure of the business.
5.3. When we cease providing aeromedical services all hardcopy and electronic records relating to the CAA will be returned to the CAA and all other hardcopy and electronic records will be destroyed.

6. What right of access and control do you have over your personal information?

6.1. At any time, you can request a copy of your personal information that we store.
6.2. If any of the stored information is factually incorrect or incomplete, you can ask us to remove it or correct it.
6.3. You can request that all personal information we hold about you is erased from our records. In this event we would transfer any data related to your medical certification to the CAA (or other relevant regulatory bodies) and you would be removed from our practice list, as we would no longer be able to carry out our duties as your medical examiner. We would erase or transfer, as appropriate, the data held in your medical files, but we would retain records of our financial transactions with you, and a record that you had been a previous client.
6.4. We are obliged to confirm your identity before providing, amending or deleting any of your personal information at your request. This is done in person with either a current passport or photo driving licence.

You can download this privacy policy in pdf format.