Data Protection Policy
Last updated: June 2026 · Next review: June 2027
Purpose
Kinetic Health Partners Limited is committed to handling all personal data lawfully, fairly and transparently, in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy sets out the principles we apply across our work as a healthcare workforce and delivery partner to the NHS.
Our commitment
- We process personal data lawfully, fairly and transparently.
- We collect data only for specified, explicit and legitimate purposes.
- We collect only the data that is adequate, relevant and necessary.
- We keep data accurate and up to date.
- We keep data no longer than necessary.
- We keep data secure using appropriate technical and organisational measures.
- We remain accountable for, and able to demonstrate, our compliance.
Roles and responsibilities
Kinetic acts as a Data Controller for its own workforce and business data, and as a Data Processor when delivering services on behalf of NHS organisations. All staff and associates are responsible for following this policy, and Kinetic maintains appropriate governance and oversight.
Data security
- Role-based access controls.
- Secure systems and encryption where appropriate.
- Confidentiality agreements and staff training.
- Incident reporting and management.
- Regular review and audit.
Data breaches
We take any personal data breach seriously. Where a breach is likely to result in a risk to people's rights and freedoms, we report it to the ICO without undue delay and, where required, within 72 hours, and we notify affected individuals where the risk is high.
Working with partners
Where we work with NHS organisations and other partners, we put appropriate data-sharing or data-processing agreements in place that set out each party's responsibilities.
Review
This policy is reviewed regularly and updated to reflect changes in law, guidance and our services.
Contact
For questions about this policy, contact hello@kinetichealthpartners.co.uk.
