OCCUPATIONAL HEALTH PRIVACY NOTICE
The Occupational Health Practitioner is both Data Controller and Data Processor and committed to protecting the rights of the individual, acknowledging that any personal data handled will be processed in accordance with the new General Data Protection Regulation (GDPR) 2018.
This website and its owners take a proactive approach to user privacy and ensure the necessary steps are taken to protect the privacy of its users throughout their visiting experience. This website complies to all UK national laws and requirements for user privacy.
Cookies are small files saved to the user’s computers hard drive that track, save and store information about the user’s interactions and usage of the website. This allows the website, through its server to provide the users with a tailored experience within this website.
Users are advised that if they wish to deny the use and saving of cookies from this website on to their computers hard drive they should take necessary steps within their web browsers security settings to block all cookies from this website and its external serving vendors.
Other cookies may be stored to your computers hard drive by external vendors when this website uses referral programs, sponsored links or adverts. Such cookies are used for conversion and referral tracking and typically expire after 30 days, though some may take longer. No personal information is stored, saved or collected.
Contact & Communication
Users contacting this website and/or its owners do so at their own discretion and provide any such personal details requested at their own risk. Your personal information is kept private and stored securely until a time it is no longer required or has no use, as detailed in the Data Protection Act 1998. Every effort has been made to ensure a safe and secure form to email submission process but advise users using such form to email processes that they do so at their own risk.
This website and its owners use any information submitted to provide you with further information about the products / services they offer or to assist you in answering any questions or queries you may have submitted. This includes using your details to subscribe you to any email newsletter program the website operates but only if this was made clear to you and your express permission was granted when submitting any form to email process. Or whereby you the consumer have previously purchased from or enquired about purchasing from the company a product or service that the email newsletter relates to. This is by no means an entire list of your user rights in regard to receiving email marketing material. Your details are not passed on to any third parties.
Although this website only looks to include quality, safe and relevant external links, users are advised adopt a policy of caution before clicking any external web links mentioned throughout this website. (External links are clickable text / banner / image links to other websites, similar to; travel blog or taxi home.)
The owners of this website cannot guarantee or verify the contents of any externally linked website despite their best efforts. Users should therefore note they click on external links at their own risk and this website and its owners cannot be held liable for any damages or implications caused by visiting any external links mentioned.
Adverts and Sponsored Links
This website may contain sponsored links and adverts. These will typically be served through our advertising partners, to whom may have detailed privacy policies relating directly to the adverts they serve.
Social Media Platforms
Communication, engagement and actions taken through external social media platforms that this website and its owners participate on are custom to the terms and conditions as well as the privacy policies held with each social media platform respectively.
Users are advised to use social media platforms wisely and communicate / engage upon them with due care and caution in regard to their own privacy and personal details. This website nor its owners will ever ask for personal or sensitive information through social media platforms and encourage users wishing to discuss sensitive details to contact them through primary communication channels such as by telephone or email.
This website may use social sharing buttons which help share web content directly from web pages to the social media platform in question. Users are advised before using such social sharing buttons that they do so at their own discretion and note that the social media platform may track and save your request to share a web page respectively through your social media platform account.
Shortened Links in Social Media
This website and its owners through their social media platform accounts may share web links to relevant web pages. By default some social media platforms shorten lengthy urls [web addresses] (this is an example: http://bit.ly/zyVUBo).
Users are advised to take caution and good judgement before clicking any shortened urls published on social media platforms by this website and its owners. Despite the best efforts to ensure only genuine urls are published many social media platforms are prone to spam and hacking and therefore this website and its owners cannot be held liable for any damages or implications caused by visiting any shortened links.
How is any information that you provide protected?
Our website is scanned on a regular basis for security holes and known vulnerabilities in order to make your visit to our site as safe as possible.
We use regular Malware Scanning.
Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology.
We implement a variety of security measures when a user enters, submits, or accesses their information to maintain the safety of your personal information.
All transactions are processed through a gateway provider and are not stored or processed on our servers.
We do not sell, trade, or otherwise transfer to outside parties your Personally Identifiable Information unless we provide users with advance notice. This does not include website hosting partners and other parties who assist us in operating our website, conducting our business, or serving our users, so long as those parties agree to keep this information confidential. We may also release information when it’s release is appropriate to comply with the law, enforce our site policies, or protect ours or others’ rights, property or safety.
However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.
What Data Will Be Collected
The following data may be collected, held and shared by Occupational Health:
- Personal information (e.g. Name, Address, Date of Birth)
- Characteristics (ethnicity, gender)
- Past and present job roles
- Health information.
Who It Will Be Collected From
- Human Resources
- Other health professionals (e.g. GP, specialist, physio).
How It Will Be Collected
- E mail
- Verbal (Either by telephone or face to face)
- Health Questionnaires
- Health Assessment (e.g. skin or vision assessment).
Why It Is Collected
- For the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee.
- To ensure the health and safety of employees at work and to allow consideration of any adjustments that may be required to support their ability to work.
- Data may also be used for research, audit or statistics but will be anonymised if this is the case.
Lawful Basis For Processing (from the General Data Protection Regulation)
1. Article 6(1) (f)
(f) Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
- Additional condition for the processing of Special Category Data
Article 9(2) (h)
(h) Processing is necessary for the purposes of Occupational Medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health and social care or treatment, or the management of health or social care systems and services on the basis of EU or Member State law or pursuant to contract with a health professional and subject to the conditions and safeguards referred to in in para 3 (below).
Personal data may be processed for the purposes referred to in (2)(h) when those data are processed by or under the responsibility of a professional subject to the obligation of professional secrecy under EU or Member State law or rules established by national competent bodies or by another person also subject to an obligation of secrecy under EU or Member State law or rules established by national competent bodies.
How Long Your Data Will Be Held For
- Information will be held for 6 years after the date of last contact with the data subject unless there is a recognised clinical need or statutory requirement to retain it for longer.
- New employee assessments (Work Health Assessment Questionnaires) will be discarded after 12 months.
How Your Data Will Be Stored
- Records are kept mainly in a digital format as part of a structured filing system and are stored in accordance with the BMA’s medical records storage policy and in compliance with GDPR. They are accessible only to Occupational Health.
- All medical reports sent out following an Occupational Health Consultation will be password protected.
Who Your Information Will Be Shared With
- Information about you will not be shared with third parties without your consent unless the law allows this, or there is a serious risk to life.
- Results of Health Surveillance will be passed on to the employer under Reg. 11 COSHH Regulations 2002 and ACOP 2103 for retention as required by the Health and Safety Executive (HSE).
- You have the right to see any information held about you in your Occupational Health Clinical Record. The request should be made in writing and will be responded to within 4 weeks, without charge.
- You can also request that an amendment is attached to it if you believe any of the information held by Occupational Health is inaccurate or misleading.
- You have the right to withdraw consent at any time, for any reason. Please ensure Occupational Health has received this information.
- In the case of request for erasure, retention may be lawful (e.g. if required for legal compliance).
- Where there is the legitimate interest of the employer e.g. for the OH Practitioner to advise on fitness to work for the efficient and safe running of its business, to comply with its legal obligations under health and safety Law and employment law in particular the Equality Act, or with respect to its legal duties for sick pay.
- Article 9(3) e.g. by a regulated health professional. This incorporates common law and GMC/NMC) duty of confidentiality into the GDPR.
- The NMC Code of Conduct – Clause 5, Privacy and confidentiality; Clause 7, Communicate clearly; Clause 10, Clear, accurate, relevant records; Clause 14, Be open and candid including mistakes; Clause 16, Act without delay if risk to patient safety or public protection.
Jeremy RF Smith
RGN BSC Hons (OHN) SCPHN
Specialist Practitioner, Occupational Health
Occupational Health Services (South East) Limited
01 May 2018
Source Acknowledgement: FCC, OH Medical, @work Partnership, ICO, Prof D. Kloss
Mon-Fri: 9 am - 5 pm