Privacy Notice for Products and Services

Last Updated: March 2026

Introduction 

Our privacy notices help you to understand what we do with your personal data, why we use it, who we share it with, how long we keep it and the rights that you have. For more information on your rights and how to exercise them, head straight to the ‘your rights’ section later in the document.

All our privacy notices will tell you the following:

References in this document to your “employer” should be deemed to include your employer, your employer’s representative (being any person who engages us on behalf of your employer) or pension trustees, as the context requires.

When does this privacy notice apply? 

This privacy notice is for clients who use our services, any of their employees who are referred to us, for those employees who become users of our services and any of the patients who use our primary care services.

Changes to this privacy notice: 

We make sure that we review our privacy notice from time to time and will update it on the website when we do, so that you can check it regularly.  The last updated date is shown at the beginning of the document.

Who are we? 

We are Medigold Health Consultancy Limited (“we,” “our,” “us”).  This includes its group company, Hampton Knight Limited, Health Management Limited, Matrix Diagnostics, and any appointed representatives, including medical practitioners acting on its behalf.  We are registered with the ICO under number Z7655289.  Health Management is registered with the ICO under number Z8503898, and Matrix is registered with the ICO under number ZA008740.  Our subsidiaries are separate entities and are therefore separate data controllers or processors of the data that they process. Medigold Health does however, have central services that are provided to all subsidiaries such as advisory services for data protection.  Where we do share data in order to provide a service, we have an appropriate data sharing agreement in place to do so.

We will be either the data “Controller” or data “Processor” of the personal data provided to us, depending on the context and service provided.  This privacy notice is provided with respect to the services for which we act as a data Controller. For example, for Occupational Health Management Referral services we are a Controller because we determine the means and purposes of processing your data, whereas for Alcohol and Drug Collection services (save for where one of our clinicians interprets the results and provides a report), we process your data as a Processor and your employer is the data Controller. Further details of our controller or processor role for a specific service can be provided on request.

What is our purpose and lawful basis? 

We have contracts with our clients that means that we have a responsibility to look after the occupational health and wellbeing of their workforces and advise them on health matters. Our purpose for processing your information is to ensure that we can let employers know that their employees are fit to do their jobs, are compliant with Health and Safety Law, can make ill-health retirement and pensions decisions, and that they have done everything that they need to do to ensure the wellbeing of their employees. To do this we need to process and record information relating to you. The lawful basis that we rely on is Article 6 (1 (f) (“Legitimate Interests”) and the special category condition is Article 9 (2) (h) (“Health – including occupational medicine”) of the UK GDPR. We have a legitimate interest in processing your personal data because we are required to do so in order to provide our services. The specific condition we meet to process your special category data is processing “necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services.”

If you provide us with any information about reasonable adjustments you require when attending an appointment with us, under the Equality Act 2010, the lawful basis we rely on for processing this information is Article 6 (1) (c) of UK GDPR to comply with our legal obligations under the Act.

The lawful basis we rely on for processing payment-related personal data is Article 6(1)(b) of UK GDPR (“Performance of a Contract”) and Article 6 (1 (f) (“Legitimate Interests”) where necessary to administer payments, prevent fraud, and maintain accurate financial records.

Where you access our Primary Care services registered as Health Management Limited, your personal data will be processed separately from occupational health services and medical records will not be shared with your employer.

The information we collect and how we use it 

We collect and use the information that you or your employer provides to us directly. For example, when a referral is made to us from your employer it may include personal information such as your full name, title, date of birth, address, contact telephone numbers, work, or personal email addresses, employment information (such as role and work history) and employee number.

When we use this information 

We use this information for the following reasons: 

We also collect and process sensitive information about you. This includes information about your health and forms part of your occupational health record.  This information can relate to both your physical and mental health.  It may include past and current medical history, medication that you may be taking or have taken, as well as past and current occupational health records.  We may also collect other personal and sensitive data, but only where absolutely necessary.  For example, if there is a clinical reason to do so, you may be asked to state your ethnicity, and occupational health records may require information about family history or lifestyle.

We may also request and collect information from your GP, consultant, or other healthcare professionals. These may be sent directly from your employer, if you have shared this information with them, or you may prefer to share these directly with us.  We may also request these directly from relevant healthcare professionals. These will be processed as part of your occupational health record.

When we use this information 

It will depend on the nature of the service we are providing when we use this health information, but it may include: 

We may use your data to provide management reporting to your employer and to improve our services. We provide our clients with data analysis about their workforce so that they can identify key themes and trends. Such data will be anonymised or pseudonymised to the extent practicable. Confidential medical information will not form part of management information passed to your employer.

We may also need to verify that you are who you say you are if you request information from us in accordance with your rights.  To do this we will ask you to supply two pieces of identity evidence such as a birth certificate and driving licence.  This information will only ever be used to verify your identity.

We may leverage artificial intelligence (AI) technology privately hosted by Medigold Health to streamline the initial drafting process of reports. No automated decision making occurs in this process as it is managed by a clinician who reviews and retains control of the output. This processing does not produce legal or similarly significant effects for you within the meaning of Article 22 UK GDPR. Your health information is not used to train our AI systems.

We use automated systems to assist with the initial triage of occupational health related questionnaires, including questionnaires used for pre-placement and health surveillance purposes. Where responses do not disclose any health condition or concern requiring clinical review, a standard outcome may be generated confirming that no such conditions have been identified based on the information provided.  Where responses indicate a potential health condition or concern, a clinician reviews the information before any occupational health outcome is determined or shared.  Automated processing is limited to identifying whether clinical review is required and does not involve automated decision making within the meaning of Article 22 of the UK GDPR.

Where you pay for services directly (for example, private primary care services, vaccinations, or other chargeable services), we will process limited payment-related information such as payment amount, date, and transaction reference.

We do not collect or store your card number, card security code, or full card details. A third-party payment service provider processes card payment securely.

The information we share and why 

Under the English common law of confidentiality, we are required to share information with your employer with your consent, but where a report has been generated, we will always ask you if you want to see the report before we send it.  (N.B. This is not to be confused with the legal basis under UK GDPR, which is expressly not consent but is legitimate interests (see above).)

Please note that if your role is ‘safety critical’ we will not need your consent to share certain fitness information with your employer (see safety critical section below).

If you decide that you want to see a report first rather than at the same time as your employer, you have the right to do so. If you do choose to see the report before your employer, we will send it to you and then we allow you two business days to correct any factual inaccuracies before we share it with your employer.  Please note that only factual corrections will be considered. Changes to clinical opinion will only be made where a change to the underlying facts alters the clinical opinion. Amendments may take the form of an addendum to the original report, in line with Faculty of Occupational Medicine guidance.

When we provide the report to your employer it is not your full occupational health record but will include relevant facts and opinion as to whether you are medically fit to do a particular task or job, whether you have a condition which may affect your role and/or whether any adjustments are recommended. If you choose not to allow your employer to see the report, they will have to make a decision based on the information that they have.

Some of our contracts may also require us to transfer information to other specialist clinical services who work in partnership with us, such as laboratory services and therapy services.  They may require your personal information to process blood tests or supply treatment to you.

We may be required, in some circumstances, to share information with HSE/DVLA/U.K. HSA or other relevant public bodies. We will only do so where we are required to by law or if it is in the public interest.

Our clinicians may share information provided with their colleagues to ensure a high quality of service is provided.  They may also need to share information where serious safeguarding concerns are raised, and we have a strong Safeguarding Policy in place to ensure that the right practices are followed.

We provide some of our services to other members of the Medigold Health Group and share some central functions, such as Legal, Governance, Risk and Compliance, HR, Marketing, Finance, and IT. As such, it is necessary to share personal data with other Medigold Health Group companies. We will always have appropriate data sharing terms and subcontracts in place, and all of our Group entities and staff are bound by the same strict codes of conduct and confidentiality.

We share information with a third party to support and host some of our UK based systems, including our database, website, and telephone system. We also use third party expertise for the electronic scanning of medical records and storage of archived paper records.  We use Survey Monkey to compile any feedback you choose to provide about our clinicians.  To do this we will share your name, phone number, and email address.  You provide any further information if you decide to participate in the survey. We share information with our Governance, Risk and Compliance platform OneTrust, to correspond with you about any data rights requests you may make and to record any incidents that may occur. We also share information with a business analytics platform for the purpose of providing our clients with data analysis about their workforce so that they can identify key themes and trends. For health surveillance we may also share data with this platform to ensure that recall dates can be managed by your employer so that they remain compliant. Such data will be anonymised or pseudonymised to the extent practicable. To be able to do this we may need to share additional data fields with the processor, although these will not be visible to your employer.

There may be occasions where we are asked to share information with third party suppliers nominated by your employer or your employer’s representative so that you are able to access services that they provide such physiotherapy and counselling.  This may be a self-referral process or a service where we are required to book the appointments on your behalf.  The third parties will become separate data controllers of any information that they process.  Under the English common law of confidentiality, they may ask for your consent to allow us to process any report that they generate and share this with your employer or your employer’s representative.

Where information is shared with a third party, such as a laboratory to process test results, we have data sharing agreements in place, and only those authorised to process your data will be permitted to do so for the purpose of the processing.  This means that they cannot do anything with your personal information unless we have instructed them to do it.  They will not share your personal information with any organisation apart from us.   They will hold it securely and retain it for the period we instruct unless other legal obligations apply.

We have contracts in place with all suppliers that help us to ensure security and privacy of your personal information in accordance with UK GDPR, and they may not use your information for any other purpose.  All our third parties are bound by the same strict codes of conduct and confidentiality and have restricted access to occupational health information. We are ISO27001 and Cyber Essentials Plus certified.

We will never use personal data that you have shared with us for occupational health purposes for marketing purposes.

In circumstances where your employer changes provider, we may share your records with the incoming provider selected by your employer. In such circumstances we will ask your employer to inform you that this is going to happen. Once the records are transferred the responsibility of data Controller will be transferred to the incoming provider.

We use a third-party payment service provider to process card payments on our behalf. Where you make a payment, your name and payment details are transferred securely to that provider for the sole purpose of processing the transaction.

The payment service provider acts as an independent data controller in respect of card data and processes your information in accordance with their own privacy notice and applicable payment industry standards (including PCI DSS).

We receive confirmation of payment and limited transaction details only.  We do not have access to, and do not store, your full card details.

Sharing fitness information in safety critical roles 

Where you work in a safety critical role, we will need to inform your employer where we are required to by law or if it is in the public interest.

A written statement about your current fitness status to undertake your role will be automatically provided to your employer following the consultation. This statement will indicate fitness and details of any adjustments or restrictions.  If your job role involves the need for a personal track safety card, the (PTS) competency level will also be provided as appropriate.

If you are required to undertake a sentinel medical assessment and drug and alcohol test, the results will be recorded on the Sentinel database immediately whether you pass or fail.  This will include any relevant restrictions if applicable.

Following a consultation, you may be advised to inform a licensing authority or statutory organisation (such as the DVLA) of the outcome of a medical, examination or consultation, and it is your responsibility to do so.  However, if requested by a licensing authority, DVLA or statutory organisation we will provide a copy of the outcome report.

Exceptionally, in the public interest, we may have a duty to inform a statutory body or licencing organisation where you cannot or will not do so.

We may also share information by directly contacting your employer, or being contacted directly by your employer, about your statement of fitness for your safety critical role.  We will not share any details other than those relating to your statement of fitness outcome report.

How long do we store your information? 

How long we store your information will depend on the type of record that we have been processing.

Your occupational health records are processed for the duration of our contract with your employer and for a further six years after you have left their employment.  After this time, your occupational health record will be securely deleted.

Under Health and Safety law, there is a requirement for employers to keep Health Surveillance records for forty years (“health records”) or longer in some cases.  These are separate to the clinical records that will be stored on our system (“medical records”), and most of these will be kept for a further six years after you have left the relevant employment or when the contract ends with your employer and for a further six years if we have not been informed of your leave date.  Where records have been transferred from a previous provider and it is not possible to tell whether the records, we hold are Occupational Health records, Health Surveillance medical records, or fitness outcome reports for Health Surveillance health records that your employer should hold, we may decide that the longer retention period of forty years should be applied to avoid premature destruction.

Where we have processed asbestos medicals, we are required to retain the relevant medical information for a longer period of forty years, in addition to any retention requirements specified by the client, due to the long latency period associated with asbestos‑related disease.

Certain other forms of statutory medical surveillance, such as surveillance relating to ionising radiation, are also subject to extended retention periods under health and safety legislation, which may result in records being retained for longer than six years where legally required.

Where records have been processed by us or transferred from a previous occupational health provider and it is not possible to establish whether the records include asbestos medicals or other statutory medical surveillance subject to extended retention, we will retain the records for the longer applicable period in order to avoid the risk of premature destruction.

If our contract with your employer terminates, subject to any run-off provisions or similar obligations, we will stop processing your information and your Occupational Health records including any Health Surveillance records will be transferred to your employer’s next Occupational Health provider (please see above).  Following the transfer, we will keep your transferred records for a further 90 days following successful receipt of transfer before securely destroying them.  If these records are not requested to be transferred, we will store them for six years following the end of the contract before they are securely destroyed.

Records retained on the original system (non-transferred) will comply with post‑transfer retention rules, which is limited to the minimum information necessary to demonstrate compliance with statutory, regulatory, contractual, and professional obligations.

Where we provide primary care services, including GP consultations, diagnosis or treatment, the information we record forms part of your primary care medical record. These records are held separately from occupational health records and are processed solely for the purposes of providing healthcare to you.

Primary Care Records

Primary care medical records are processed and retained in accordance with applicable healthcare records management requirements, which may require records to be retained for significantly longer periods than occupational health records, and in some cases for the lifetime of the patient.  Primary care records are not shared with employers and are not transferred as part of any occupational health provider change.

Drug and Alcohol (D&A) Collection Records

Where we provide Drug and Alcohol (D&A) collection services, this is a standalone service involving the collection of samples and associated chain‑of‑custody information.  In this context, we process personal data on behalf of our client and act as a data processor.

D&A collection records include identifying information, collection documentation, chain of custody records, and the transfer of samples and related information to either our laboratory services or to an external approved laboratory provider for analysis.  The analysis of samples is subject to the record‑keeping and retention arrangements of the relevant laboratory.

Where an individual discloses information about prescribed medication or other health information during the collection process and this information requires clinical interpretation, the relevant information may form part of an occupational health medical record.  In these circumstances, we act as a data controller in relation to that information, which is retained in line with the retention periods applicable to occupational health medical records.

Laboratory Records

Where we provide or arrange laboratory services, including the analysis of samples in connection with occupational health, health surveillance, primary care, or diagnostic services, we process and retain laboratory records such as test requests, sample identifiers, analytical results, and reporting information.

Laboratory records are retained separately from employer held records. Retention periods may vary depending on the nature of the test and the purpose for which it was performed.

Where laboratory results are used as part of an occupational health service or primary care service, relevant results may be incorporated into the corresponding occupational health or primary care medical record and retained in line with the retention periods applicable to those records.

Other Records

Recordings that have not formed part of a health record and are used for quality, training, and monitoring purposes, are stored on a restricted network, and retained for a maximum of 60 days before they are securely deleted. Any phone calls that are not made via Medigold Health Group telephony are not recorded.

Information that is processed about you, but that does not form part of your health record, such as internal email communications may be securely deleted as part of our in-house ‘housekeeping’ procedure to ensure that we do not retain your data unnecessarily.

Payment and billing records are retained in accordance with statutory accounting and tax requirements, typically for six years, and are stored securely with access restricted to authorised finance personnel.

These and other retention periods are applied in accordance with our Data Destruction and retention Policy.  Records are reviewed once the relevant retention trigger has been met and are securely destroyed where continued retention is no longer necessary or appropriate and the applicable retention period has expired.

Where do we process your information? 

We process your health information within the UK and EEA, in accordance with UK GDPR. We do not send or store any special category data outside of the UK or EEA (unless your employer is based in or has an office outside of the UK or EEA and we are required to send information to them in order to fulfil our contract – in such circumstances we will only do so in accordance with UK GDPR and the Data Protection Act 2018).

Certain non‑health related personal data, such as contact details, card payment information, service communications, feedback, or technical and usage data, may be processed by approved third‑party service providers acting on our behalf, some of whom may be located outside the UK or EEA.  Where this occurs, we ensure that appropriate safeguards are in place in accordance with UK GDPR, including the use of adequacy regulations, standard contractual clauses, or other lawful transfer mechanisms.

How do we protect your information? 

We design our systems with your security and privacy in mind.  We have an ‘in-house’ IT department who are responsible for the security of the systems which hold your information.  All information is held on our secure system which is compliant with ISO 27001 and Cyber Essentials Plus standards for security and subject to annual penetration testing.  We work to protect the security of your personal information during any communications with you using secure communication methods and secure software procedures. All data is encrypted at rest, and we maintain physical, electronic, and procedural safeguards in connection with storage and disclosure of your personal information. Our security procedures mean that we may ask you to verify your identity before we disclose personal information to you.

Access to any of your personal data held on our systems is restricted to nominated employees within Medigold Health Group who are required to have access to your information to provide our services.   Those employees can only access your information using our secure IT network.  Our employees are following a strong Password Policy and have regular training on Data Protection and Data Security.

We use anti-virus and anti-malware software to reduce the risk of any malicious computer virus or cyber-attack on our systems.  We also have a process in place to ensure that all security software updates are applied as soon as they are released.

We also ensure that your information is encrypted when it is being moved.  For example, when we share a report with your employer, they log into our secure portal to access it when it is ready. It is only the report that is stored on the portal for your employer to view, your Occupational Health record is kept securely on our system and visible only to us.

There may be occasions where your employer is unable to use our secure portal, and we are required to share your information via email.  We will always apply additional password protection when we transfer your data in this way.

Your rights 

UK GDPR gives you certain rights when it comes to your personal data.  However, as we are processing your information for the purpose of Occupational Health not all these rights will apply.  The list below details your rights under UK GDPR. 

If you wish to exercise any of your rights, please select the ‘exercise your rights’ button at the end of this notice. This will take you into our privacy portal where our data rights team can process your request.

We will ask for information to verify your identity, so that we make sure we protect your information. The lawful basis that we rely on is Article 6 (1) (c) of the UK GDPR, which relates to our legal obligation to comply with the law. We will only keep verification information for as long as it is necessary to process your request.

Common law of confidentiality and consent 

Health professionals have a duty to comply with the common law of confidentiality which means that you have a right to withdraw your consent for us to share information about your health to your employer (this is separate from and distinct to your rights under UK GDPR).  If you choose to do this, we must notify your employer who may need to make decisions without the benefit of impartial Occupational Health advice.  If your job involves a requirement for routine fitness to work medicals or health surveillance screening, then your employer may have to stop you from doing your job.

Data Protection Officer contact details and your right to complain 

We work to the highest standards when it comes to processing your personal information.  If you have any questions about your personal information, or how we use it, you can contact our Data Protection Officer, Isobel Watkins at dpo@medigold-health.com, or by writing to us at our registered office at Medigold House, Queensbridge, Northampton, NN4 7BF.

We encourage you to contact us if you have any concerns about how we use your personal information, however, if you are not satisfied with our response or believe we are processing your personal information incorrectly and not in accordance with UK GDPR, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at www.ICO.org.uk.




Hero Graphic 1 Hero Graphic 2

We are hiring!

Show off your Superpowers with a career at Medigold Health.
Visit our We are hiring pages today.