1. Purpose

The purpose of this Security Policy is to safeguard information belonging to Checkups Medical, its holding, parent, sister, or subsidiary companies (collectively referred to as “the Company”) within a secure environment. This Policy informs the Company’s staff and other individuals entitled to use the Company’s facilities of the principles governing the holding, use, and disposal of information.

2. Goals

The Company aims to:

– Protect information against unauthorized access or misuse.

– Secure the confidentiality of information.

– Maintain the integrity of information.

– Ensure the availability of information and information systems for service delivery.

– Maintain business continuity planning processes.

– Comply with regulatory, contractual, and legal requirements, including GDPR, CCPA, CPRA, and CalOPPA.

– Maintain physical, logical, environmental, and communications security.

3. Consequences of Policy Infringement

Infringement of this Policy may result in disciplinary action or criminal prosecution. When information is no longer of use, it is disposed of in a suitable manner.

4. Scope of Information

This Policy relates to:

– Electronic information systems (software, computers, and peripherals) owned by the Company, whether deployed or accessed on or off site.

– The Company’s computer network used either directly or indirectly.

– Hardware, software, and data owned by the Company.

– Paper-based materials.

– Electronic recording devices (video, audio, CCTV systems).

5. User Responsibilities

The Company requires all users to exercise a duty of care in relation to the operation and use of its information systems. Authorized users must be formally authorized by appointment as a member of staff or contractor. Authorized users will pay due care and attention to protect the Company’s information in their personal possession.

6. Acceptable Use of Information Systems

Use of the Company’s information systems by authorized users will be lawful, honest, and decent, and shall have regard to the rights and sensitivities of other people.

7. Responsibilities of Information System Directors

Information System Directors are responsible for ensuring that:

– Systems are adequately protected from unauthorized access.

– Systems are secured against theft and damage to a level that is cost-effective.

– Adequate steps are taken to ensure the availability of the information system.

– Electronic data can be recovered in the event of loss of the primary source.

– Data is maintained with a high degree of accuracy.

– Systems are used for their intended purpose and procedures are in place to rectify discovered or notified misuse.

– Electronic access logs are only retained for a justifiable period.

– Third parties entrusted with the Company’s data understand their responsibilities.

8. Personal Information and Privacy

Authorized users of information systems are not given rights of privacy in relation to their use of the Company’s information systems. Duly authorized officers of the Company may access or monitor personal data contained in any Company information system. The Company will take legal action to ensure that its information systems are not used by unauthorized persons.

9. Compliance with Privacy Laws and Regulations

The Company is committed to complying with applicable privacy laws and regulations, including GDPR, CCPA, CPRA, and CalOPPA. Personal information collected, used, or disclosed by the Company will be handled in accordance with the provisions of these laws. Data subjects have the right to request access to, rectification, or erasure of their personal data, and may object to or restrict certain types of processing, as provided by applicable laws.

10. Contact Information

If you have any questions or concerns about this Security Policy, please contact us:

By email: info@checkupsmed.com

On our page: www.checkupsmed.com/contactUs