PRIVACY POLICY

OccHealth Direct is committed to ensuring the privacy and confidentiality of the information we hold of users of our website, clients, and employees being assessed by, or accessing our services.

This privacy statement explains what kind of information is collected by us while visiting our web site or for an employee being referred to our service and how we use that information.

The information we collect, hold and use is compliant with all current UK legislation plus the confidentiality and ethical codes set down by the Nursing and Midwifery Council (NMC) and the Faculty of Occupational Medicine (FOM).

Please click on the headings below to access specific sections:

  1. Data Controller
  2. Collection and processing of personal data on our website
  3. Use and forwarding of personal data on our website
  4. Security
  1. Employee guide to data protection, privacy and your rights
  2. Cookies
  3. Third Parties
  4. Changes to our privacy policy
  5. Making a complaint
  6. Data Controller

For the purpose of the current Data Protection legislation, the data controller is OccHealth Direct Ltd of 3 Rosemary Close, Great Dunmow, Essex. CM6 1DP with registration number ZA528653.

  1. Collection and processing of personal data on our website

For the purpose of system security, when you visit our web site, our secure web server temporarily registers the domain name or the IP address of the requesting computer as well as the date of access, the file request of the client (file name and URL), the HTTP response code and the Web site from which you are visiting us, and the number of bytes transferred during the session. We might also, in some cases, store some information in the form of ‘cookies’ on your PC so that we can optimize our web site according to your preferences. Please see the ‘Cookies’ section for more information.

We will not collect any other personal data such as name, address, telephone number or e-mail address unless you provide this information voluntarily, for example, when completing the ‘Write to us’ section.

If you choose to contact us we will process the information you share to manage your query only. We will not use the information for any other purpose. By contacting us you consent to us processing the information under the data protection legislation in force at that time.

All information you provide to us is stored on our secure servers. Bear in mind that the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

  1. Use and forwarding of personal data on our website

We will use any personal data provided strictly for the technical administration of the web site and to provide you with an appropriate service. We will not disclose any data to third parties or government agencies without your consent, except where required by UK law.

Our employees and business offices are obligated to treat all data as confidential and safeguard it accordingly again in accordance with UK data protection law.

  1. Security

We have taken extensive technical and operational precautions to protect the data retained by us against unauthorised access, unlawful processing, accidental loss or destruction, damage or misuse. Our security procedures are revised regularly.

  1. Individuals who may be referred to our service

We manage both personal and sensitive data, as classified under the current UK data protection law. We have developed safeguarding procedures to ensure the protection of the data we hold. We are also governed by the Faculty of Occupational Medicine and registered with the ICO, all of which have guidelines and ethical codes to which we adhere to ensure confidentiality.

OccHealth Direct Ltd operates within the principles set out in the current data protection legislation and best practice guidance:

  • We will process your information fairly and lawfully for the purposes of providing occupational health and treatment advice.
  • We will always gain your consent before sharing information with your employer.
  • We will only obtain personal and sensitive data to provide occupational health advice, physiotherapy and treatment services.
  • We will ensure we meet all legal requirements when processing this information and will not process the data for any other purposes, such as external marketing.
  • We will ensure all data held is ‘relevant’ and ‘appropriate’ to the purpose for which it has been obtained.
  • We will endeavour to ensure data is accurate and if it is found to not be, we will correct it, if appropriate.
  • We will not keep your data for longer than is ‘necessary’.
  • We will always process data in accordance with your rights under the current data protection legislation.
  • We take all necessary measures to protect your data against unauthorised or unlawful processing, accidental loss or destruction, and damage.
  • We will not transfer your data outside the UK or European Economic Area.
  1. Employee guide to data protection, privacy and your rights

Please see below for Employee Guide: Our commitment to you for all employees who are being referred to the service as this gives you further information about how we process, manage and keep secure your data when referred to us.

  1. Cookies

A cookie is a piece of information that a website sends to your browser (e.g. Microsoft Internet Explorer, Edge or Google Chrome).

We use cookies to determine how many site visitors we’ve received – and whether these are first-time or repeat visitors. Our cookies never store any personal information about you. If you don’t want us to collect any cookies, or control which cookies are collected you can choose to turn them off with your chosen browser.

  1. Third Parties

Our Website may, from time to time, contain links to other websites of interest. Please note, these websites have their own privacy policies and we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such websites. You should exercise caution and look at the privacy statement applicable to the website in question.

  1. Changes to our privacy policy

Any changes we may make to our Privacy Policy in the future will be posted on this page.

  1. Making a complaint

If you’re unhappy with any aspect of our website or this privacy statement please let us know using our ‘Write to us’ section.

Employee Guide: Our commitment to you

We will only collect what is necessary to the provision of our service to our client, your employer, and to you; and we will not process any data shared with us without consent.

From time to time, your medical record may form a part of a clinical audit for reasons of quality and governance but in the internal communication of outcomes of that audit, your record will be fully anonymised.

Furthermore:

  • We will process your data lawfully, fairly and in a transparent manner, ensuring we only collect the data for specific, explicit and legitimate purposes.
  • We will inform you of what information we are processing about you, and will never use it for any other purpose for which it was not originally given i.e. promotionally.
  • We will ensure the data is relevant, adequate and limited to what we need to know to assess your fitness for work or wellbeing.
  • We will endeavour to ensure the data is accurate and, where necessary, kept up to date
  • We will process it in a manner that ensures suitable and sufficient security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
  • We will not hold the data for longer than necessary – Generally occupational health data is kept for a period of 8 years after the last annotation, however for statutory documents (such as health surveillance records) we will need to keep them for up to 40 or 50 years, depending on which type of record they are.
  • The OH Service will not transfer any of your data outside the United Kingdom.
  • For all storing, processing and sharing of data, your consent has to be freely given, specifically, be informed and an unambiguous indication of

your wishes and we will respect this. You have a right to withdraw consent at any time.

  • An individual has the right to have inaccuracies amended. Any factual inaccuracies will be amended promptly and the information noted on the case. This however excludes intentions or efforts on your part to have ‘clinical opinions’ amended as such opinions remain the decision of the clinical author of the document.
  • An individual may request copies of the information we hold on them at any time under the provisions of data protection law with specific reference to Subject Access Requests*.

*Subject Access Requests

Individuals may request copies of their occupational health records or parts thereof, at any time. These requests are known as subject access requests (SARs). An individual may also request that a copy of their occupational health records is sent to a recognised third party, such as a solicitor.

Any request must contain key identifying information of the subject of the request but also the requester so we may, with best endeavours, establish the legitimacy of the request for the protection of the data subject’s rights of privacy and confidentiality.