Occupational Health Privacy Notice
This privacy notice explains how personal information is used when you access services from our occupational health service provider, Healthwork Ltd.
What personal information we collect
Healthwork Ltd will collect information about you when you are referred to the service by your referring manager. They will also collect data about you when you have an assessment with their clinical staff, when you contact them in writing, speak to them by phone, by email or talk to them face to face.
When accessing the service, some of your personal information is collected:
- your name, address, and date of birth
- your employee number
- details about your lifestyle and social circumstances
- employment details
- physical or mental health details
We get most of this information from you, but we may also get some of this data from:
- GP or specialist healthcare provider
- your referring manager
Why we collect information about you
We use your information for one or more of the following reasons:
- advise your manager about how any health conditions you may have could impact on your work and how the manager can make adjustments to protect you
- set up confidential, secure client records within the Occupational Health service provided by Healthwork Ltd
- conduct health surveillance e.g. hearing tests, lung function tests etc) if you are in a job role which requires this
- advise on further treatments e.g. counselling if appropriate
- if you are being considered for ill-health retirement
- assess and monitor your health and wellbeing to enable effective work
- to protect your mental and physical health, safety, and wellbeing
Who we share your information with
Only authorised personnel in the Healthwork Ltd have access to your medical information.
When we have to share your information, we will only do so where it is necessary, if you have provided your explicit consent, or we are required to do so by law.
When we need to share your information, we will share the minimum amount of information in order to respond to the request. The organisations we will share your information with are:
- your referring manager
- Cheshire Pension Fund
- Government agencies (e.g. Department of Health, Department of Work and Pensions)
- support groups for people with disabilities
- substance misuse agencies
We also use data processors to support activities, for example by providing the systems we need or delivering services on our behalf - this includes Healthwork Ltd.
The Data Controller
We are the Data Controller for this processing.
The personal information we have collected from you will be shared with fraud prevention agencies who will use it to prevent fraud and money-laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance, or employment.
The lawful basis for the processing
Most of the personal information we collect is provided to us by you, under Article 6 of the UK GDPR we rely on the following:
- we have a contractual obligation with you (UK GDPR Article 6 (b)
- we have a legal obligation (UK GDPR Article 6 (c)
- we need to protect your vital interests (UK GDPR Article 6 (d)
- we need it to perform a public task (UK GDPR Article 6 (e)
- we have a legitimate interest (UK GDPR Article 6 (f)
When we collect data that is classed as special category data, under Article 9 of the UK GDPR we rely on the following:
- we need it for employment, social security, or social protection (UK GDPR Article 9 (2) (b))
- we are providing you occupational health services (UK GDPR Article 9 (2) (h))
- we need to collect it for public health (UK GDPR Article 9 (2) (i)
- we need to analyse your information (UK GDPR Article 9 (2) (j))
The purpose of collecting information about you is to support you at work and protect your health safety and welfare. This is a requirement of the Health and Safety at Work etc Act 1974 and associated statutes. If you do not provide information about your health this may affect your contract with us, especially if you do not declare a health condition which could affect the health and safety of yourself or others who are affected by your acts or omissions whilst at work. (This is contained in section 7 of the Health and Safety at Work etc Act 1974).
Protecting your information
Your information will be securely stored om servers within the UK.
How long we keep your information for
We will only use your personal information whilst delivering the service to you and to deal with any questions or complaints that we may receive about this unless the law requires us to keep it for a longer period. In practice, this means that your information will be kept for the following:
Health surveillance data will be kept for 40 years from the data of the last entry. This is a requirement under health and safety legislation. Other medical data will be kept for six years after you leave us.
If we need to use your information for research or reports, your information will be anonymised and any information taken from notes (handwritten or typed) during any consultation sessions will be securely destroyed. The information will continue to be used in a summarised and anonymised form in any research reports or papers that are published. The anonymised information in the papers may be of historic interest and may be held in public archives indefinitely
Will my data be transferred abroad?
Under UK GDPR you have a number of rights that are set out on our Data protection for you pages.
If you are not happy about the way your personal data is being used, or you require further information about how we process your personal data, you can contact our Data Protection team online or by post:
- Online: Contact the DPO
- By post: Data Protection Officer, 4 Civic Way, Ellesmere Port, CH65 0BE
You also have the right to complain to the Information Commissioner’s Office using the following details: