UK Independent Medical Services Limited Privacy Notice – Occupational Health
Who We Are
UK Independent Medical Services Limited (UKIM Occupational Health & Wellbeing) (“we”) are a provider of specialist occupational health related services.
We have been asked to contact you by your existing/prospective employer, to carry out one or more of the following services:
- To complete an occupational health assessment to assist in any health related matters in line with your current or future employment.
- Facilitate in the creation of an occupational health report as part of an assessment of working capacity.
- Facilitate in the provision of occupational health related treatment.
The Purpose for Processing
We will need to process your personal data, and in particular special category personal data relating to your health, for the following reasons:
- To facilitate in the fulfilment of the above services, this can include undertaking a medical assessment of your working capacity which will be completed by one of our qualified health professionals.
- We may also be required to identify a suitably qualified third party medical professional to undertake an assessment or provide you with medical treatment
- We may be required to obtain medical records from your existing health care providers.
- To provide you with service updates or important notices that we think may impact on our ability to deliver services to you.
- In order to defend any claim that may be brought against us in respect of the work we undertake as a business.
- To process your personal data in line with any legal obligations we are required to comply with. This will include our obligations to you in relation to the processing of your personal data.
- To seek feedback help us improve our services and product offerings, however we will ask for separate consent prior to this.
- We may need to request GP or other health records.
We can assure you that we will only ever process the minimum personal data required to carry out the services identified above.
Lawful Basis for Processing
We will process your data in line with the following lawful bases:
We have a legitimate interest (covered by Article 6.1.f of the General Data Protection Regulation) to process your personal data as we are operating on your employer’s instructions to provide occupational health related services to you.
We will be processing your data on the basis that you are already actively aware of our involvement by your employer and you fully expect us to provide this service.
We may be required to process your personal data to comply with our legal obligations. This can include complying with a subject access request you have made or supplying personal data to public authorities once we have verified a request.
Special Category Data (Health Data)
Preventative or Occupational Medicine
As part of our processing activity we will be required to process health related personal data. We will be processing this data under Article 9.2.h. of the General Data Protection Regulation which allows us to be able to process special category data where it is required for occupational health, including but not limited to, preventative or occupational medicine, assessing working capacity for an employee and providing associated health or social care treatment.
We will seek your consent for the disclosure of your occupational health report to your existing/prospective employer. The data disclosed will be strictly related to your health in relation to your work and is likely to include advice about your fitness for work, how this might change in the future and any workplace adjustments that might help you.
If you wish to withdraw your consent prior to the release of your occupational health report please contact a member of our team using the contact information provided below. Alternatively if you have asked to receive a copy of the report then you will have the opportunity to select whether you consent to the disclosure.
Categories of Personal Data Collected
We will have received the following information from your existing/prospective employer prior to contacting you:
- Your name, basic personal information (address, date of birth) and contact details.
- We may also be provided with information relating your recent health.
- We may also be provided with specific instructions from your employer on the occupational health services required.
- Information relating to your occupation.
- Additional pre placement info e.g. disabilities
Categories of Recipients
- We will never share your information with any third parties that intend to use your personal data for their own purposes, other than what they are required to by law.
- We may be required to transfer your personal data to a suitably qualified health professional as they will need this to provide occupational health related services to you.
- We will also share your personal data with selected third parties who assist us in our service provision to you.
- All third parties are fully vetted to ensure that your data is only shared and stored with companies that comply with all applicable Data Protection Regulations, including the General Data Protection Regulation and the Data Protection Act 2018.
- Your personal data will not be shared or stored outside the European Economic Area unless we have been specifically instructed to do this by your employer. In these exceptional cases we will ensure that all appropriate safeguards are in place and third parties comply with all applicable Data Protection Regulations, including the General Data Protection Regulation and the Data Protection Act 2018.
We will retain your personal data:
- For the duration of our service provision.
- In line with contractual obligations with your current/prospective employer.
- In line with our legal obligations as a provider of occupational health related services.
The retention period will differ depending on the type of occupational health service you use but as a minimum we will hold personal data for 7 years following the completion of an assessment/treatment or for the duration of your employment, whichever is longer.
Where we are required to provide health surveillance under COSHH we are required to keep a health record for up to 40 years.
Please contact a member of our team if you would like specific information on how long we will be retaining your personal data.
Under the Data Protection Act 2018 you have the following rights in relation to your personal data.
- Right to Access - You have a right to request a copy of your personal data.
- Right to Rectification - You have the right to ask us at any time to make any corrections or remove any personal data that you believe is inaccurate.
- Right to Erasure - You have the right to request the erasure of the personal data. However we may still need to retain personal data to comply with our legal obligations. In the event of a request we will provide you with full details of the personal data that we are required to retain.
- Right to Restriction - You have the right to request a restriction in the processing of your personal data.
- Right to Objection - You have the right to object to the processing of your personal data.
We will aim to respond to any requests relating to your rights without undue delay and in any case within one calendar month of receipt of your request. If we are unable to comply with a request for any reason then we will provide you with a full justification in writing within one calendar month of receipt of your request. We may ask you to confirm your identity so that we can validate a request. If you would like to make a request, please email or write to us using the contact details provided below.
We will also notify your prospective/current employer if we receive a request from you as we are processing your data on their instructions.
If you are unhappy about any aspect of our process and you would like to file a complaint please contact us using the details below.
Alternatively, if you would like to make a complaint or report a concern about the way in which we have processed your personal data then you have the right to contact the Information Commissioner’s Office who will be able to provide further assistance.
If you have any further questions or would like to raise any concerns about the way in which your personal data has been processed, please feel free to contact our Data Protection Officer using the information provided below:
Email: firstname.lastname@example.org - Please indicate in the header of the email that the email is intended for the Data Protection Officer.
Write to us:
Data Protection Officer
Legal and Compliance Dept
Rainton Bridge Business Park,