Adept OH Ltd Privacy Notice
As both the Data Controller and Data Processor of your data, Adept OH Ltd are committed to protecting your individual rights to privacy. Your data will be processed in accordance with the Data Protection Act (DPA) 2018.
What Data will be collected?
The following data maybe collected, held and shared by Adept OH Ltd
- Personal information such as name, address, date of birth
- Past and present job roles
- Health information in the form of clinical records and management reports
Who will it be collected from?
- You (the data subject)
- Human Resources, Managers, Supervisors
- Health specialists/services
- Your treating doctors/health professionals (with your consent)
How will it be collected?
- Verbally e.g. telephone calls, face to face conversations, video consultations
- In writing e.g. forms you and/or your Employer may complete. These may be sent to us electronically and/or by mail
Who will have access?
- Occupational health practitioners (nurses, doctors, technicians) working on behalf of Adept OH Ltd so as to perform assessments and provide advice on fitness for work
- Administrative support staff on a “need to know basis” e.g. to book appointments, process reports etc.
Why is it collected i.e. what is the “lawful basis” for processing the data?
- Article 9 of GDPR states that processing is necessary for the purpose of preventative or occupational medicine, for the assessment of working capacity of the employee, medical diagnosis, the provision of health and social care or treatment, or the management of health and social care systems.
How long will data be held for?
- Most OH clinical records, unless required by or in support of specific legislation e.g. “Control of Asbestos Regulations” or potential litigation will only be held for six years after the individual’s last contact with Adept OH Ltd. For records that relate to the Control of Substances Hazardous to Health (COSHH), this may extend to 40 years.
How will the data be stored?
- Your records will be stored securely and confidentially on a 3rd party server. Every attempt will be made to keep your data secure when we are transmitting it to 3rd parties e.g. reports to you and your employer will be password protected.
What are your rights
- You have a statutory right of access to your occupational health records (in full or in part) under the DPA 2018, or to authorise a third party, such as a legal adviser, to exercise that right on your behalf.
- The request should be made in writing clearly outlining to us what records you wish to see. We will endeavour to provide the Information without delay and at the latest within one month of receipt.
- You can request that an amendment is attached to your OH record if you believe any of the information held by Adept OH Ltd. is inaccurate or misleading.
- You do not have a “right to erasure” of your data if the processing is necessary for the purposes of preventative or occupational medicine. This applies as your data is being processed by and under the responsibility of a health professional under the relevant professional codes of conduct.