Clarity Occupational Health Ltd is an Occupational Health (OH) provider who have been requested by your employer to process data relating to yourself, the data subject, for Occupational Health purposes. The term “process” or “processing” covers how the data is obtained and stored and includes collection, recording, storage, disclosure by transmission, erasure and destruction.
Clarity Occupational Health Ltd will be what’s known as a ‘controller in common’ of the personal data you provide to us, along with your employer, and is committed to protecting the rights of data subjects in line with the new General Data Protection Regulations (GDPR), otherwise known as the Data Protection Act 2018.
Our services are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are under 13, please do not provide any information to us.
Lawful basis for processing
In accordance with GDPR Article 6(1), Clarity Occupational Health’s lawful basis for processing is for occupational health purposes. The aim of occupational health is to prevent work-related illness and injury by encouraging safe working practices.
Under Article 9(2)(H) of GDPR (special category data), processing of occupational health records is necessary for the purpose of preventative or occupational medicine, for the assessment of working capacity of the employee, medical diagnosis, the provision of health and social care or treatment, or the management of health and social care systems.
As a result, the occupational health records obtained by Clarity Occupational Health Ltd are processed under “legal obligation”: a declaration is required to be signed by the data subject which does not fall under consent, meaning consent cannot be withdrawn and the records will be retained for a specific period. Details of this can be found under the section “how long we keep your data”.
All data held under “consent” will be retained for a specific period unless the data subject chooses to withdraw consent and exercises their right to be forgotten. If any such request arises, the individual should contact the Clarity Occupational Health Ltd Data Protection Officer.
The categories of information that we collect, hold and share include:
- Personal Information e.g. Name, Address, Date of Birth, NI number, Job Role
- Personal Characteristics e.g. Gender
- Special category data e.g. records relating to occupational health, biometric data, wellbeing data, sickness absence records
Why we need your data
We need to know your personal and special category data in accordance with the relevant occupational health legislation to prevent work-related illness and injury by encouraging safe working practices, in line with this overall contract.
How we collect your data
Your data is collected electronically using our occupational health management system called “Cohort”. This is an extremely secure system which has the appropriate encryption levels and technical security measures. The data is uploaded to our Head Office in real-time for assessment of job role suitability.
Some past records are held in paper or electronically scanned format and are stored securely at our Head Office with restricted access based on a “need to know” basis.
What we do with your data
All data obtained is held on our secure system to jointly (along with your employer) manage any reasonable adjustments or recommendations for all data subjects within the workplace. This data is also used for recall purposes, to enable all data subject’s to be reviewed in a timeframe agreed with their employer to ensure no occupational health related issues have arisen since the last medical was completed.
All the personal data we process is maintained by our employed staff and stored in the UK however there may be some occasions where a third-party supplier is used, in the instances of counselling, physicians, physiotherapy, noise and dust assessments, ergonomic assessments and infrequent sickness absence consultations. In any instance where a third-party supplier is used, we will obtain written authorisation from yourself prior to releasing your records.
We have various data protection and confidentiality policies in place to oversee the effective and secure processing of your personal and special category data. More information on this can be made available by our Data Protection Officer on request.
How long we keep your data
Sometimes there are legal reasons to retain the information we have obtained for the duration of your employment or longer. In other cases, this is not necessary. If there is no longer a reason to keep your information, it will be destroyed.
Any medicals required under specific legislation, such as COSHH, may mean your records are stored for 40-50 years. Further guidance on this can be found on the HSE website.
We depend on your employer to inform us of a change in your employment status and what hazards you may be exposed to in work.
What we would also like to do with your data
In addition to maintaining occupational health records and using this to determine your suitability for a job role, there will be some occasions where your personal and special category data is used to create trend reports which are then used to report future occupational health client requirements or for research and analysis purposes. In these instances, all personal and special category data will be pseudonymised.
What are your rights?
You have a statutory right of access to your occupational health records, or to authorise a third party (such as a legal advisor) to exercise that right on your behalf. The request should be made in writing clearly outlining which records you wish to see.
We will ensure any requested information is provided to you without delay and at the latest within one calendar month of receipt. If the request is complex, we may extend this timeframe by a further two calendar months and will endeavor to inform you of this and why the extension is necessary.
All subject access requests or requests for information will be processed free of charge, unless the request is manifestly unfounded, excessive and/or repetitive. In these instances, an administration fee may be applicable.
You can request an amendment is attached to your occupational health records if you believe any of the information is inaccurate or misleading. The original data will be stored along with a comment to confirm the amendments.
You do not have a “right to erasure” if the information is necessary for the purposes of preventative or occupational medicine e.g. where the processing is necessary for the working capacity of an employee, for medical diagnosis, or for the provision of or management of health or social care.
Where “right to erasure” is applicable, the records will be destroyed and a summary log will be held confirming your details and the records which have been erased.
You have a “right to restrict processing” in certain circumstances and all requests should be sent to the Data Protection Officer to consider. Where records are required for further processing, such as comparing previous audio results to current audio results, it will be necessary to complete this exercise under GDPR Article 9(2)(H).
We have a mailing communications list which you can opt into. The mailing communications list will store your name, email address and company you work for and this data will be used to send occupational health related communications by email. We do not sell, loan, swap or rent this data to anyone else. If you no longer wish to receive these emails, you can opt out at any time.
We use technology on our website to collect information that helps us enhance your experiences and our products and services.
Changes to this Privacy Notice
We may update this Privacy Notice as necessary to reflect changes we make and to satisfy legal requirements.
If you wish to raise a complaint on how we have handled your personal data, you can contact us to have the matter investigated.
||Clarity Occupational Health Ltd, The Key Group, 15-16 The Embankment, River View, Heaton Mersey, Stockport, SK4 3GN
|Landline Telephone Number:
||0161 443 0062
If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law, you can complain to the Information Commissioner’s Office https://ico.org.uk/