As your Employer’s occupational health service provider, Salutes Occupational Health Ltd. need to process your personal data, defined as any identifiable information relating to you the Employee, the "data subject". The term "processing" covers virtually everything that can be done with data, including collection, recording, storage, and disclosure by transmission, erasure and destruction.
As both the Data Controller and Data Processor of your data we are committed to protecting your individual rights to privacy. Your data be processed in accordance with the Data Protection Act (DPA) 2018. As your OH records are also classed as a "clinical record" Salutes Occupational Health Ltd. also has a legal and ethical duty (under relevant health professional codes of conduct) not to disclose confidential medical information to third parties, including your Employer, without your informed written consent, unless there is a public need which overrides duty to confidentiality to others or a court order.
What Data will be collected?
The following data maybe collected, held and shared by Salutes Occupational Health Ltd.
- Personal information (e.g. Name, Address, Date of Birth).
- Personal-characteristics e.g. ethnicity, gender etc.; some of this may be classed as "special category data".
- Past and present job roles.
- Health information e.g. this is classed as "special category data".
Who will it be collected from?
- You (the data subject) aka "the Employee".
- Your Employer e.g. Human Resources, Managers etc
- Health specialists/services that we may refer you to as part of our assessment processes.
- Your treating doctors/health professionals (with your consent) e.g. GP, Specialists.
How will it be collected?
- Verbally e.g. telephone calls, face-to-face conversations.
- In writing e.g. forms you and/or your Employer may complete e.g. health assessment forms, management referral forms, from other parties e.g. GP letters etc. These may be sent to us electronically and/or by surface mail.
- PC forms
Who will have access?
- Salutes Occupational Health Ltd. occupational health practitioners (nurses, doctors, technicians) so as to perform assessments and provide advice on fitness for work.
- Administrative support staff on a "need to know basis" e.g. to book appointments, process reports. All administrative staff understands the need for confidentiality and their contractual obligation to preserve it.
- Administrative staffs that do not "need to know" are not allowed access to personal health information.
Why is it collected i.e. what is the "lawful basis
" for processing the data?
Our lawful basis for processing your data is:
- Legal obligation: the processing is necessary for us to comply with the law, namely relevant health and safety legislation and employment legislation, and to support your Employer in complying with the same law as we are acting as their agent and for the assessment of the employee’s working capacity.
- To ensure the health and safety of the employees at work and to allow consideration of any adjustments that may be required to support their ability to work.
- Vital interests: "the processing is necessary to protect someone’s life". Part of our work will be to help protect your health from harm that may potentially arise from work processes e.g. exposure to chemicals.
- We need to process your "special category data" for the "purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health". This processing is also subject-to-subject to conditions and safeguards specified by relevant nursing and medical professional bodies.
- We may also use your data for research, audit or statistical analysis to help us do our work. If this data is to be shared outside Salutes Occupational Health Ltd it will be anonymised so you are not identifiable.
How long will my data be held for?
- Most OH clinical records relating to the employment of an employee will be shredded after the assessment if there are no conditions as it is for the purpose of employment only and two years if a condition was declared unless there are good clinical or legal reasons to keep for longer periods.
- Most other OH records, unless required by or in support of specific legislation e.g. "Control of Asbestos-Regulations "or potential litigation will only be held for 6 years after the individual’s departure from the Employer or at 75 which ever is soonest as per British Medical Association guidelines (BMA).
- Health Surveillance Records and results will be held for 40 years after the individual’s departure from the Employer.
- NB: We depend on your Employer to inform us of your employment status and what hazards you may be exposed to in work.
How will the data be stored?
- Your records will be stored securely and confidentially in locked filing cabinets and on a secure electronic management server held on site at Salutes offices. Every attempt will be made to keep your data secure when we are transmitting it to 3rd parties e.g. reports to you and your employer will be sent via our secure website rather than email.
- Data that is store on our secure website will be held for one month, once data is no longer needed it will be deleted from the secure website. The website server is located within the United Kingdom, in a secure data centre in Leeds.
What are your rights?
- You have statutory right of access to their occupational health records (in full or in part) under the DPA 2018, or to authorise a third party, such as a legal adviser, to exercise that right on their behalf.
- The request should be made in writing clearly outlining to us what records you wish to see. We will endeavour to provide the Information without delay and at the latest within one month of receipt. If the request is complex/numerous we may extend this timeframe by a further two months; if this is the case we will inform you why the extension is necessary within one month of your request.
- This information will normally be provided without charge unless a request is manifestly unfounded or excessive, particularly if it is repetitive.
- We may request additional written consent from you if a third-party request is made under our legal and ethical duty to protect your medical confidentiality.
- You can request that an amendment is attached to their OH record if you believe any of the information held by Salutes Occupational Health Ltd. is inaccurate or misleading.
- You do not have a "right to erasure" of your data if the processing is necessary for the purposes of preventative or occupational medicine (e.g. where the processing is necessary for the working capacity of an employee; for medical diagnosis; for the provision of health or social care; or for the management of health or social care systems or services). This applies as your data is being processed by and under the responsibility of a health professional under the relevant professional codes of conduct.
Failure to Consent
- Salutes will not perform any assessment unless Salutes have your explicit consent verbally or in writing however please understand that your manager and HR will then be responsible for any decision regarding your health safety without medical evidence, which may not be in your best interest.
Withdrawal of Consent
- Salutes do not automatically forward you a copy of your health records, reports however we will discuss the content with you at your assessment. Salutes can change any factual points however are not obliged to change the advice. If you requested to see a copy before it is release then wish to withdraw your consent, following sight of that report, the health record/report will not be forwarded and failure to consent (as detailed above) will apply. If you constitute a risk to others, eg you are unfit to drive or operate, Salutes will have a responsibility to report without consent to the appropriate personnel.
If you should have any questions, then please do not hesitate to email Cathryn Fottles Director of Salutes Occupational Health Ltd - on firstname.lastname@example.org.