Privacy Notice – Health Surveillance
his privacy notice explains how we process any personal or sensitive information we collect about you when you are referred or access our occupational health services.
CHANGES TO OUR PRIVACY NOTICE
We keep our privacy notice under regular review.
WHO ARE WE?
Medigold Health Consultancy Limited (including its group companies or subsidiaries) (“Medigold Health”) has its registered office at Medigold House, Queensbridge, Northampton NN4 7BF.
At the time this notice was produced Medigold Health’s group companies included:
- Ablemed Health Limited
- IMASS Group Limited
- Hampton Knight
WHO IS THE DATA CONTROLLER?
The Data Controller will normally be your employer or employer representative.
OUR DATA PROTECTION OFFICER
Our Data Protection Officer is Mrs G Foster, you can contact her using the following email address: email@example.com
PERSONAL DATA – WHAT IS IT?
Personal data means any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier. The processing of personal data is governed by the General Data Protection Regulation (EU) 2016/679 (the “GDPR”)
SENSITIVE DATA – WHAT IS IT?
Personal data of an individual, the data subject, relating to any of the following:
- racial or ethnic origin
- political opinions
- religious or philosophical beliefs
- trade union membership
- data concerning health
- data concerning sex life or sexual orientation
- genetic data; or
- biometric data where processed to uniquely identify the data subject.
PROCESSING YOUR DATA
HOW AND WHY WE USE YOUR PERSONAL DATA?
Medigold Health carries out a range of health surveillance services. We collect health information where this is required to identify risk, such as noise or vibration, advise employers on control measures, and identify signs and symptoms of occupational disease and conditions.
WHAT PERSONAL DATA DO WE COLLECT ABOUT YOU?
We collect information about you and your health when you access any of our medical services including role specific medicals (for example, for work in confined spaces), statutory health and safety requirements (for example, relating to hand arm vibration), for the provision of other services such as alcohol and drug testing, or wellness events.
WHERE DO WE OBTAIN YOUR PERSONAL DATA?
Your personal data is normally obtained through the process of undertaking a surveillance medical, or from historical records.
HOW DO WE PROCESS YOUR PERSONAL DATA?
Medigold Health complies with its obligations under the GDPR by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of personal data; by protecting personal data from loss, misuse, unauthorised access and disclosure; and by ensuring that appropriate technical measures are in place to protect personal data.
SHARING YOUR PERSONAL DATA
The main purpose of undertaking surveillance is to provide advice to your employer or employer representative or in some instances the organisation that your employer will be contracted to – for example if you are a Subcontractor or working on a Joint Venture. In many instances, a fitness to work medical is required to work on specific sites.
Your employer should advise you if your fitness to work medical results are required to be shared, in order for you to work on a specific site or within a specified area.
We may also be required to share data due to statutory or regulatory obligations such as to the HSE.
In some instance we may be required to provide additional information such readings from equipment used to test hearing and respiratory.
HOW LONG WILL WE KEEP YOUR PERSONAL DATA?
Medigold Health will retain your personal data, your occupational health file, only for as long as we need that personal data for the purposes of the processing or in agreement with your employer’s retention period.
WHERE DO WE PROCESS YOUR PERSONAL DATA?
We do not process any of your personal data outside of the European Economic Area.
CONDITIONS FOR PROCESSING
We process your personal data under Article 6(f)
(f) “processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party”
and your health-related data under Article 9 – 1(h)
“processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional.
WHAT ARE YOUR RIGHTS?
Right of access. The GDPR gives you the right to access copies of the personal data held about you. Your right of access can be exercised in accordance with the GDPR. The first copy of the personal data held about you will be provided free of charge, but any subsequent copy will be subject to a reasonable fee based on the administrative costs of providing copies of the personal data to you.
Right to request an electronic copy of your personal data. Where you provide personal data you have the right to be provided with a structured, commonly used and machine-readable copy and have the right, in certain circumstances, to ensure that we transmit that personal data to a recipient of your choice without hindrance (the right to data portability).
Right to correct. You have the right to ensure that we correct the records of any personal data held about you which are inaccurate. You also have the right to ensure that we complete any incomplete personal data held about you.
Right to erasure. You have the right to ensure that we erase your personal data (the right to be forgotten).
Right to restriction. In certain circumstances, such as where you have contested the accuracy of personal data, you have the right to restrict our processing of your personal data. That means that we will hold your personal data on file but that we cannot process that personal data. We will inform you if for any reason the restriction on processing your personal data is lifted.
Where any rectification or erasure of personal data or restriction of processing has taken place we shall communicate any rectification to you or erasure or restriction of processing to each recipient to whom the personal data has been disclosed, unless this proves impossible or involves disproportionate effort. We shall, if you request, inform you about those recipients.
Exercising your rights. If you wish to exercise any of your rights, or if at any point you believe the personal data, we process is incorrect, you can request to see this personal data. If you would like a copy of the personal data about you that we process, or if you wish to have that personal data transferred to another company or organisation, please contact us at: firstname.lastname@example.org or by accessing our online portal at https://www.medigoldone.com/Display/DataRightsRequest/
If you wish to raise a complaint on how we have handled your personal data, please contact our Data Protection Officer, Mrs G Foster, email@example.com
If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at https://ico.org.uk/
Further information about how we process your personal data can be accessed via our website medigoldhealth.tempurl.host
Privacy Notice Revision: GDPR02e-28/06/2018-Rev4
A downloadable version of this policy can be found here