Last updated: July 2023
Our privacy notices help you to understand what we do with your personal data, why we use it, who we share it with, how long we keep it and the rights that you have. For more information on your rights and how to exercise them, head straight to the ‘your rights’ section later in the document.
All our privacy notices will tell you the following:
- Why we can process your information
- What our reason (or purpose) is for processing your information
- Whether you must provide us with information
- Whether your information is shared to others and under what circumstances
- How long we store your information
- Whether we will transfer your information to another country
- Whether we complete any automated decision-making or profiling
- How we protect your information
- How you can get in touch
References in this document to your “employer” should be deemed to include your employer, your employer’s representative (being any person who engages us on behalf of your employer) or pension trustees, as the context requires.
When does this privacy notice apply?
This privacy notice is for clients who use our services, any of their employees who are referred to us, for those employees who become users of our services and any of the patients who use our primary care services.
Changes to this privacy notice:
We make sure that we review our privacy notice from time to time and will update it on the website when we do, so that you can check it regularly. The last updated date is shown at the beginning of the document.
Who are we?
We are Medigold Health Consultancy Limited (“we”, “our”, “us”). This includes its group companies, Hampton Knight Limited, Health Management Limited, Matrix Diagnostics and any appointed representatives, including medical practitioners acting on its behalf. We are registered with the ICO under number Z7655289. Hampton Knight is registered with the ICO under number Z9512804. Health Management is registered with the ICO under number Z8503898, and Matrix is registered with the ICO under number ZA008740. Our subsidiaries are separate entities and are therefore separate data controllers or processors of the data that they process. Medigold Health does however, have central services that are provided to all subsidiaries such as advisory services for data protection. Where we do share data in order to provide a service, we have an appropriate data sharing agreement in place to do so.
We will be either the data “Controller” or data “Processor” of the personal data provided to us, depending on the context and service provided. This privacy notice is provided with respect to the services for which we act as a data Controller. For example, for Occupational Health Management Referral services we are a Controller because we determine the means and purposes of processing your data, whereas for Alcohol and Drug Collection services (save for where one of our clinicians interprets the results and provides a report), we process your data as a Processor and your employer is the data Controller.
This is the privacy notice for Health Management Limited.
What is our purpose and lawful basis?
We have contracts with our clients that means that we have a responsibility to look after the occupational health and wellbeing of their workforces and advise them on health matters. Our purpose for processing your information is to ensure that we can let employers know that their employees are fit to do their jobs, are compliant with Health and Safety Law, can make ill-health retirement and pensions decisions, and that they have done everything that they need to do to ensure the wellbeing of their employees. To do this we need to process and record information relating to you. The lawful basis that we rely on is Article 6 (1 (f) (“Legitimate Interests”) and the special category condition is Article 9 (2) (h) (“Health – including occupational medicine”) of the UK GDPR. We have a legitimate interest in processing your personal data because we are required to do so in order to provide our services. The specific condition we meet to process your special category data is processing “necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services”.
If you provide us with any information about reasonable adjustments you require when attending an appointment with us, under the Equality Act 2010, the lawful basis we rely on for processing this information is Article 6 (1) (c) of UK GDPR to comply with our legal obligations under the Act.
The information we collect and how we use it
We collect and use the information that you or your employer provide to us directly. For example, when a referral is made to us from your employer it may include personal information such as your full name, title, date of birth, address, contact telephone numbers, work, or personal email addresses, employment information (such as role and work history) and employee number.
When we use this information
We use this information for the following reasons:
- To arrange and book appointments
- To send you reminders about your appointment
- To contact you if we need to re-arrange an appointment
- To contact you to arrange any reasonable adjustments you may need to attend an appointment
- To contact you for a face-to-face, telephone or video appointment
- To verify that we are speaking to the correct person
- To contact you for feedback about your appointment
- To contact you following any query you may have about your appointment or records
- To send you a short survey so that we can ensure we receive feedback for our clinicians on the service they have provided
We also collect and process sensitive information about you. This includes information about your health and forms part of your occupational health record. This information can relate to both your physical and mental health. It may include past and current medical history, medication that you may be taking or have taken, as well as past and current occupational health records. We may also collect other personal and sensitive data, but only where absolutely necessary. For example, if there is a clinical reason to do so, you may be asked to state your ethnicity, and occupational health records may require information about family history or lifestyle.
We may also request and collect information from your GP, consultant, or other healthcare professionals. These may be sent directly from your employer, if you have shared this information with them, or you may prefer to share these directly with us. We may also request these directly from relevant healthcare professionals. These will be processed as part of your occupational health record.
When we use this information
It will depend on the nature of the service we are providing when we use this health information, but it may include:
- To determine your fitness to work
- To provide information about your fitness to work back to your employer or potential employer
- To assess if you need any reasonable adjustments or support in the workplace due to a health condition
- To assess whether any risks in your workplace may have an adverse impact on your health
- To advise your employer on pensions and ill-health retirement matters
- To administer medications or vaccinations
- To analyse diagnostic results and/or medication and interpret them for your employer or potential employer (for example for alcohol and drug testing services or biological monitoring services)
- To advise your employer for your reason for absence where you are using our absence service
- To refer you to an ancillary service such as physiotherapy or counselling
- To provide you with primary care services
We will only use aggregated, anonymised data to inform our management reporting and improve and develop the service that we provide.
We also provide our clients with data analysis about their workforce so that they can identify key themes and trends. We will only use fully anonymised data which means that it is impossible to identify any individual from the information.
We may also need to verify that you are who you say you are if you request information from us in accordance with your rights. To do this we will ask you to supply two pieces of identity evidence such as a birth certificate and driving licence. This information will only ever be used to verify your identity.
The information we share and why
Under the English common law of confidentiality, we are required to share information with your employer with your consent, but where a report has been generated, we will always ask you if you want to see the report before we send it. (N.B. This is not to be confused with the legal basis under UK GDPR, which is expressly not consent but is legitimate interests (see above).)
Please note that if your role is ‘safety critical’ we will not need your consent to share certain fitness information with your employer (see safety critical section below).
If you decide that you want to see a report first rather than at the same time as your employer, you have the right to do so. If you do choose to see the report before your employer, we will send it to you and then we allow you 48 hours to correct any factual inaccuracies before we share it with your employer. Please note that only factual corrections will be considered. Changes to clinical opinion will only be made where a change to the underlying facts alters the clinical opinion. Amendments may take the form of an addendum to the original report, in line with Faculty of Occupational Medicine guidance.
When we provide the report to your employer it is not your full occupational health record but will include relevant facts and opinion as to whether you are medically fit to do a particular task or job, whether you have a condition which may affect your role and/or whether any adjustments are recommended. If you choose not to allow your employer to see the report, they will have to make a decision based on the information that they have.
Some of our contracts may also require us to transfer information to other specialist clinical services who work in partnership with us, such as laboratory services and therapy services. They may require your personal information to process blood tests or supply treatment to you.
We may be required, in some circumstances, to share information with HSE/DVLA/U.K. HSA or other relevant public bodies. We will only do so where we are required to by law or if it is in the public interest.
Our clinicians may share information provided with their colleagues to ensure a high quality of service is provided. They may also need to share information where serious safeguarding concerns are raised, and we have a strong Safeguarding Policy in place to ensure that the right practices are followed.
We provide some of our services to other members of the Medigold Health Group and share some central functions, such as Legal and Compliance, HR, Marketing and Finance. As such, it is necessary to share personal data with other Medigold Health Group companies. We will always have appropriate data sharing terms and subcontracts in place, and all of our Group entities and staff are bound by the same strict codes of conduct and confidentiality.
We share information with a third party to support and host some of our UK based systems, including our database, website, and telephone system. We also use third party expertise for the electronic scanning of medical records and storage of archived paper records. We have contracts in place with all suppliers that help us to ensure security and privacy of your personal information in accordance with UK GDPR and they may not use your information for any other purpose. All our third parties are bound by the same strict codes of conduct and confidentiality and have restricted access to occupational health information. We are ISO27001 and Cyber Essentials certified.
We will never use personal data that you have shared with us for occupational health purposes for marketing purposes.
In circumstances where your employer changes provider, we may share your records with the incoming provider. In such circumstances we will ask your employer to inform you that this is going to happen. Once the records are transferred, they will become the responsibility of the incoming provider as data Controller.
Sharing fitness information in safety critical roles
Where you work in a safety critical role, we will need to inform your employer where we are required to by law or if it is in the public interest.
A written statement about your current fitness status to undertake your role will be automatically provided to your employer following the consultation. This statement will indicate fitness and details of any adjustments or restrictions. If your job role involves the need for a personal track safety card, the (PTS) competency level will also be provided as appropriate.
If you are required to undertake a sentinel medical assessment and drug and alcohol test, the results will be recorded on the Sentinel database immediately whether you pass or fail. This will include any relevant restrictions if applicable.
Following a consultation, you may be advised to inform a licensing authority or statutory organisation (such as the DVLA) of the outcome of a medical, examination or consultation, and it is your responsibility to do so. However, if requested by a licensing authority, DVLA or statutory organisation we will provide a copy of the outcome report.
Exceptionally, in the public interest, we may have a duty to inform a statutory body or licencing organisation where you cannot or will not do so.
We may also share information by directly contacting your employer, or being contacted directly by your employer, about your statement of fitness for your safety critical role. We will not share any details other than those relating to your statement of fitness outcome report.
How long do we store your information?
How long we store your information will depend on the type of record that we have been processing.
Your occupational health records are processed for the duration of our contract with your employer and for a further six years after you have left their employment. After this time your occupational health record will be securely deleted.
Under Health and Safety law, there is a requirement for employers to keep Health Surveillance records for forty years (“health records”) or longer in some cases. These are separate to the clinical records that will be stored on our system (“medical records”), and these will be kept for a further six years after you have left the relevant employment. Where records have been transferred from a previous provider and it is not possible to tell whether the records, we hold are Occupational Health records, Health Surveillance medical records, or fitness outcome reports for Health Surveillance health records that your employer should hold, we may decide that the longer retention period of forty years should be applied to avoid premature destruction.
If our contract with your employer terminates, subject to any run-off provisions or similar obligations, we will stop processing your information and your Occupational Health records including any Health Surveillance records will be transferred to your employer’s next Occupational Health provider (please see above). Following the transfer, we will keep your records for a further 90 days following successful receipt of transfer before securely destroying them. If these records are not requested to be transferred, we will store them for six years following the end of the contract before they are securely destroyed.
Recordings that have not formed part of an Occupational Health record and are used for quality, training, and monitoring purposes, are stored on a restricted network, and retained for 120 days before they are securely deleted. Any phone calls that are not made via Medigold Health Group telephony are not recorded.
Information that is processed about you, but that does not form part of your Occupational Health record, such as internal email communications may be securely deleted as part of our in-house ‘housekeeping’ procedure to ensure that we do not retain your data unnecessarily.
Where do we process your information?
We process your health information within the UK and EEA, we do not send or store any personal data outside of the UK or EEA (unless your employer is based in or has an office outside of the UK or EEA and we are required to send information to them in order to fulfil our contract – in such circumstances we will only do so in accordance with UK GDPR and the Data Protection Act 2018).
How do we protect your information?
We design our systems with your security and privacy in mind. We have an ‘in-house’ IT department who are responsible for the security of the systems which hold your information. All information is held on our secure system which is compliant with ISO 27001 and Cyber Essentials standards for security and subject to annual penetration testing. We work to protect the security of your personal information during any communications with you using secure communication methods and secure software procedures. All data is encrypted at rest, and we maintain physical, electronic, and procedural safeguards in connection with storage and disclosure of your personal information. Our security procedures mean that we may ask you to verify your identity before we disclose personal information to you.
Access to any of your personal data held on our systems is restricted to nominated employees within Medigold Health Group who are required to have access to your information to provide our service. Those employees can only access your information using our secure IT network. Our employees are following a strong Password Policy and have regular training on Data Protection and Data Security.
Where information is shared with a third party, such as a laboratory to process test results, we have data sharing agreements in place, and only those authorised to process your data will be permitted to do so for the purpose of the processing. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation apart from us. They will hold it securely and retain it for the period we instruct unless other legal obligations apply.
We use anti-virus and anti-malware software to reduce the risk of any malicious computer virus or cyber-attack on our systems. We also have a process in place to ensure that all security software updates are applied as soon as they are released.
We also ensure that your information is encrypted when it is being moved. For example, when we share a report with your employer, they log into our secure portal to access it when it is ready. It is only the report that is stored on the portal for your employer to view, your Occupational Health record is kept securely on our system and visible only to us.
There may occasions where your employer is unable to use our secure portal and we are required to share your information via email. We will always apply additional password protection when we transfer your data in this way.
UK GDPR gives you certain rights when it comes to your personal data. However, as we are processing your information for the purpose of Occupational Health not all these rights will apply. The list below details your rights under UK GDPR.
- Right of access – this means that you have the right to request a copy of the personal data held about you.
This right applies to information that relates to you and identifies you and we have 30 days to respond once we can verify your identity.
- Right to rectification – if you think that any of your personal information that we hold is inaccurate or incomplete you can request it to be updated. We may ask you for evidence to show that it is inaccurate.
This right is often applied where we hold an incorrect email address or telephone number. It only applies where there are factual inaccuracies in your information, and you cannot alter the opinion of a clinical professional. Where documents are rectified and they are medical records, it may be appropriate for us to retain the original version and append the corrected version.
- Right to erasure – this is also known as the right to be forgotten. You can request that your personal data is erased, however, this right is not absolute.
As we process your information for the purpose of Occupational Health, we cannot erase these records. You can, however, request that we erase personal information such as an email address, if we are still able to identify your Occupational Health record.
- Right to restrict processing – when you have contested the accuracy of your personal data your right to restrict processing will be automatically implemented. That means we will hold your personal data on file, but we will not process it.
- Right to data portability – you have the right to ask us to electronically move, copy or transfer your personal information in a machine-readable format.
- Right to object – you have the right to object to the processing of your personal data at any time. This right only applies in certain circumstances.
- Right to withdraw consent –As we process your information for the purpose of Occupational Health, we have a legitimate reason to process your information and do not rely on consent. However, if we have previously informed you that we have relied on consent as a legal basis to process any of your information (please note this is different to common law consent), you are reminded that you can withdraw your consent at any time.
We will ask for information to verify your identity, so that we make sure we protect your information. The lawful basis that we rely on is Article 6 (1) (c) of the UK GDPR, which relates to our legal obligation to comply with the law. We will only keep verification information for as long as it is necessary to process your request.
Common law of confidentiality and consent
Health professionals have a duty to comply with the common law of confidentiality which means that you have a right to withdraw your consent for us to share information about your health to your employer (this is separate from and distinct to your rights under UK GDPR). If you choose to do this, we must notify your employer who may need to make decisions without the benefit of impartial Occupational Health advice. If your job involves a requirement for routine fitness to work medicals or health surveillance screening, then your employer may have to stop you from doing your job.
Data Protection Officer contact details and your right to complain
We work to the highest standards when it comes to processing your personal information. If you have any questions about your personal information, or how we use it, you can contact our Data Protection Officer, Isobel Watkins at firstname.lastname@example.org, or by writing to us at our registered office at Medigold House, Queensbridge, Northampton, NN4 7BF.
We encourage you to contact us if you have any concerns about how we use your personal information, however, if you are not satisfied with our response or believe we are processing your personal information incorrectly and not in accordance with UK GDPR, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at www.ICO.org.uk.