GENERAL DATA PROTECTION REGULATION
The General Data Protection Regulation (GDPR) came in to force on 25 May 2018, superseding the current Data Protection Act (1998).
Under the terms of the new GDPR, a privacy notice is required to explain to clients what personal data is held about them and how it is collected and processed.
2 How we obtain your personal data
2.1 Information provided by you
You provide us with personal data on your health enquiry form when you are employed by the company, undertake a health assessment or are referred by your manager. This includes name, address, and date of birth, landline phone number, mobile phone number and email address.
We may also keep information contained in any correspondence or conversations you may have with us.
2.2 Information collected from other sources
We may obtain information with your consent from other clinical practitioner to whom you will already have submitted your personal data.
3 How we use your personal data
The admin team use your information to make appointments for you, to electronically file clinical and health surveillance records. The admin team will only access your medical information on a “need to know” basis in order to perform their duties.
If you have provided your email address, we may communicate with you in this way to offer appointments or provide copies of health status reports
The clinical team use your information to provide you with advice and support within the working environment.
We undertake at all times to protect your personal data in a manner which is consistent with the occupational health team’s duty of confidentiality and the requirements of the General Data Protection Regulation. We will also take all reasonable measures to protect your personal data stored in paper files and on our electronic system.
4 Sharing information
We will keep all information about you confidential and will only disclose any information with third parties with your informed consent if it is deemed to be in your interest to do so.
5 How long do we keep this information about you?
We will keep your paper and electronic records as long as you are a client employee of Torridge Occupational Medical Services Ltd.
If you leave the client company employment we will ensure transfer of notes are undertaken following the FOM guidelines or they will be archived for a period of 5 years.
Exception to this practice is the retention of all health screening records undertaken within COSHH Regulations; Asbestos Regulations; Lead Regulations; Ionising Radiation Regulations; MCA (Marine Coastguard Agency) ENG1 Medicals; which will be retained for 40 years.
6 Patient (Data Subject) Rights
6.1 Right to be informed
This privacy notice informs you of your rights.
6.2 Right of access
The General Data Protection Regulation (GDPR) grants you the right to access particular personal data which we hold about you. This is referred to as a subject access request. We will respond promptly and at least within one calendar month from the date of receiving the request and all necessary information in writing from you.
6.3 Right to rectification
If considered appropriate, a retrospective entry can be made by a clinician if you have concerns regarding the accuracy of your clinical record. You will also have the right to have incomplete personal data completed, if necessary by providing a signed and dated supplementary statement. We will respond to the request for rectification at least within one calendar month.
6.4 Right to erasure
You have the right to request erasure of personal information concerning you if this is no longer relevant.
6.5 Right to restrict processing
Subject to exemptions, you will have the right to obtain from us restriction of processing if:
(a) The accuracy of the personal information is contested by you.
(b) We no longer need the personal information for the purpose of delivering Occupational Health Services
6.6 Right to object
You have the right to object to processing of your data .
6.7 Right of data portability
We can respond to a request from you for the supply of your personal information in an electronic format, which you then have the right to transmit elsewhere.
6.8 Rights in relation to automated decision
Clients have the right not to be subject to a decision based on automated processing. Clients have the right to (a) obtain human intervention, (b) express their point of view, and (c) obtain an explanation of the decision and challenge it.
7 Invoking your rights
If you would like to invoke any of the above data subject rights with Torridge Occupational Medical Services Ltd please write to the Business Manager, Torridge Occupational Medical Services Ltd, Team House, Riverside Road, Pottington Business Park, Barnstaple, Devon, EX31 1QN
8 Important Information
8.1 Questions and queries
If you have a complaint regarding the use of your personal information, please write to the Business Manager, Torridge Occupational Medical Services Ltd, Team House, Riverside Road, Pottington Business Park, Barnstaple, Devon, EX31 1QN