GDPR Privacy Statement

We will comply with data protection law and principles, which means that your data will be:

 

  • Used lawfully, fairly and in a transparent way
  • Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes
  • Accurate and kept up to date
  • Kept only as long as necessary for the purposes we have told you about
  • Kept securely

 

How will you collect my information?

 

We collect information about you from different places including:

 

  • directly from you
  • from your employer
  • from a third party, for example your GP or medical specialist

 

We will only collect your information in line with relevant regulations and law.  You are responsible for making sure you give us accurate and up to date information.

 

What information do we require?

 

We will ask you to provide name and date of birth to enable us to effectively check your identity before discussing confidential medical matters with you.

 

You will also be asked to supply telephone numbers and email addresses to allow us to arrange appointments and provide copies of reports to you if required.

 

As part of a consultation or medical assessment we will require you to provide a certain amount of sensitive, personal and medical information. Under GDPR this information is classed as a ‘special category’ as it is more sensitive personal information.

 

How we will use your information

 

We will process the information you provide to create a report for your employer which assesses your capability to perform your role.

 

How will you share my information?

 

We will gather your explicit consent for the purpose of releasing information to:

 

  • your employer
  • your legal or union representative
  • your GP or specialist
  • any other individual or organisation requesting personal or sensitive data belonging to you

 

In some circumstances we may need to gather additional information from your medical practitioners.  We will gain your consent to allow us to do this.  We may also need to share your information with a third party provider of occupational health services working in partnership with WorkFit.

 

Your information will not be retained by the third party provider.  It will only be used for the purpose of the consultation with them.

 

We will not disclose any of your personal information for any other purpose without your explicit consent, unless there is a legal obligation or it is in the public interest.

 

Consent

 

Where consent is provided you have the right to change the level of consent or withdraw consent at any time during the period your data is being processed.

 

How will we store your information?

 

Your information will be stored electronically and/or in paper format.

 

Data security

 

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.

 

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

 

How long will you retain my information?

 

The information we gather will be retained for the duration of your employment plus seven years and possibly longer if the data collected is connected to COSSH or Radiation regulations.  We can provide details of our retention policy on request. Once your data is no longer required it will be deleted and destroyed in such a way that it will not be accessible in the future.

 

Can I ask you to delete my information?

 

As an occupational health provider the medical information we retain comes within the ‘special’ category of GDPR.  This means that we have a legitimate reason to keep certain information.  If you have any questions about this please ask us.

 

 

Any questions?

 

If you have any further questions about how we use your information please contact a member of the WorkFit team.

 

If at any time you are unhappy with how your data has been processed you have the right of complaint via WorkFit’s complaint procedure or directly with the ICO (Information Commissioners Office).

 

May 2018