top of page
Occupational Physician Direct Privacy Notice
​

 

Occupational Physician Direct is trading as part of Company Medical Ltd registered in England number 06863665. Company Medical Ltd has been registered with the Information Commissioners Office (ICO) as a Data Controller and Processor since 13th May 2011, registration number Z2671608. We take the privacy and security of your data very seriously and will not, without your consent sell or pass on your personal details to any third party.

​

As the data we keep is also classed as 'clinical records' we also have a legal and ethical duty (under relevant health professional codes of conduct) not to disclose confidential medical information to third parties, including your manager or HR, without your fully informed consent. This duty applies unless there is a significant risk of serious harm to self or others or there is an overriding legal or public interest obligation.

This privacy notice explains how we use your personal information and your rights regarding that information

​

Why are you collecting my data?

​

To enable us perform our legitimate interest in providing occupational health services to employers assisting them with promoting the health and wellbeing of their staff and in helping them with meeting their legal obligations.

​

What information are you collecting?

​

  • Personal Information, e.g. Name, Address, Date of birth.

  • Personal Characteristics e.g. ethnicity, gender etc.

  • Contact details e.g. telephone and email

  • GP and/or specialist contact details

  • Past and present occupational job roles and occupational exposure

  • Medical information on health that would be classed as ‘special category data’

  • Details of past medical investigations and treatment

​

Who are you collecting data from?

​

  • You (the data subject)

  • Your Manager and/or Human Resources

  • With your signed consent, your GP or other specialists from whom you have received treatment

​

How will it be collected?

​

  • Verbally, either via telephone calls or video conversations

  • In writing or electronically via forms that you or your manager complete as part of the management referral process, or via reports sent to us with your signed consent from other parties, e.g. from your GP or Specialist

  • Rarely management will request to provide additional information through e-mail or verbally which will then also form part of your records

​

How will you use this data?

​

We will use this data to:

​

  • Identify you and ensure that your medical information is filed correctly

  • Assess your health and your fitness to work

  • Provide advice and recommendations to the referring manager on your current and future fitness for work and the impact of your health on your work and your work on your health

  • As the basis on which to provide advice to management on any adjustments or modifications that would help support you to do your work

  • Identify any further additional support that would help you to improve your health

  • To advise on the suitability of ill health retirement or give an opinion on this

​

What is the legal basis for processing the data?

​

The information collected by the Occupational Physician Direct is classed as Special Category Data as it is more sensitive than other forms of personal data. In order to process Special Category Data, we must have a Lawful Basis under Category 6 and a separate Condition under Article 9. Occupational Physician Direct uses Article 6(1)(f) and Article 9 (2)(h) as the lawful basis for our processing of your data

​

Article 9 (2) condition (h) states:


“Processing is necessary for the purposes of preventative or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional and subject to the conditions and safeguards referred to in paragraph 3.”

​

If you are sharing my data with others, who are you sharing it with?

​

Information on the impacts of your health on your current and future fitness to work and recommendations on adjustments and modifications is shared with your referring manager, with your consent, in the form of an Occupational Health report. Your personal data will not otherwise be shared with any other 3rd Parties outside of Occupational Physician Direct without your express consent or where we are bound by an overring legal or public interest obligation.

​

How long will you process my data for?

​

In line with current guidance all sensitive medical and occupational health data will need to be retained for the duration of your employment and for 6 years following your leaving date. If contact is made with Occupational Physician Direct regarding accessing services but such contact does not result in a formal referral resulting in an assessment and the generation of an occupational health record then such contact data will be deleted after a six-month period has expired from the contact.

​

Who will be processing my data?

​

The Occupational Physician at Occupational Physician Direct and the administrative staff will have access to your data when required and are responsible for processing in line with internal Data protection protocols and Professional Codes of Conduct. All staff members have signed a confidentiality agreement

​

How will the data be stored?

​

Your records will be stored securely and confidentially on secure digital servers. Whenever data is transferred into our storage provider it is encrypted using HTTPS (end-to-end encryption). Our storage provider uses a 2048-bit SSL certification for encryption in transit. All data is also encrypted at rest and backed up daily, using the industry-standard AES-256 encryption algorithm. Every attempt will be made to keep your data secure when we are transmitting it to 3rd parties.

​

What are my rights?

​

You have statutory right of access to your occupational health records (in full or in part), or to authorise a third party, such as a legal adviser, to exercise that right on your behalf.

​

  • The request should be made in writing clearly outlining to us what records you wish to see. We will endeavour to provide the information without delay and at the latest within one month of receipt. If the request is complex/numerous we may extend this time-frame by a further two months; if this is the case we will inform you why the extension is necessary within one month of your request.

  • This information will be provided without charge

  • We may request additional written consent from you if a third-party request is made under our legal and ethical duty to protect your medical confidentiality.

  • You can request that an amendment is attached to your OH record if you believe any of the information held by us is inaccurate or misleading.

  • You do not have a “right to erasure” of your data as the processing is necessary for the purposes of preventative or occupational medicine (e.g. where the processing is necessary for the working capacity of an employee; for medical diagnosis; for the provision of health or social care; or for the management of health or social care systems or services). This also applies as your data is being processed by and is under the responsibility of a Doctor who is bound by relevant professional codes of ethics and professional conduct.

​

Contact Us

 

Occupational Physician Direct is trading as part of Company Medical Ltd

​

Registered in England. Registration No 6863665

​

 

​Contact e-mail: referrals@occupationalphysician.co.uk

Thank You For Your Interest!

© 2020 by Occupational Physician Direct.

Privacy Notice

bottom of page