We take the privacy of your information seriously and we ask that you read this Privacy Notice carefully as it contains important information on:
- The personal information we hold about you
- What we do with your information, and
- Who your information might be shared with
About this document
This Privacy Notice will help you understand how we collect, use and protect your personal information. If you have any queries about this Privacy Notice or how we process your personal information, please contact us by email: firstname.lastname@example.org or by post: Manor Farm House, 20 Southwick Street, Southwick, BN42 4TB.
Who we are
The organisation responsible for the processing of your personal information is The Healthy Company Limited. This means that we are a ‘data controller’ under the Data Protection Act 1998 (and, once in force, to the General Data Protection Regulation (also known as the GDPR)). Our registration number with the Information Commissioner’s Office is Z6482673.
WHAT INFORMATION WE COLLECT ABOUT YOU
The personal data you have provided, we have collected from you, or we have received from third parties (your employer or a clinical consultant) includes:
- name, address, date of birth and gender
- post code:
- Professional life data
- Personal life data
- contact details, including telephone numbers and email address
- details about your family and dependents (e.g. your marital status and number of children)
- identifiers assigned to your computer or other devices, including your Internet Protocol (IP) address
- Health details and medical history
- when you contact us through any digital channel, we will inform you of the methods used by each of those channels at point of entry and at any point where we capture personal information.
HOW WE COLLECT INFORMATION ABOUT YOU
Most of the personal and medical information we hold about you is that which we collect directly from you or comes from your employer, for example, but not limited to:
a) when your employer refers you for an occupational health consultation they will complete a form with your details – please note that the initial information is provided by your employer.
b) when your employer asks us to provide occupational medical services to you on their behalf, e.g. Health Surveillance, Medicals, physiotherapy or counselling.
c) when you purchase our services directly – e.g. counselling, physiotherapy or osteopathy
d) when you complete an online health questionnaire on our website.
e) when you register to receive information from us
In order to understand more about you and provide you and your employer with accurate and professional advice, we also supplement and combine the personal information that we collect from you and your employer with other categories of data obtained from other sources, such as indicated below:
- Copies of your medical records from your GP, Consultant or other specialists along with their advice, should it be required
WHAT WE USE YOUR INFORMATION FOR AND THE LEGAL BASES FOR PROCESSING
We may store and use your personal information for the purposes of:
|Providing occupational health advice to your employer, where they have referred you, in order to give guidance to them for the following:
|Providing medical tests in order for your employer to comply with their statutory obligations e.g. Lung Function Test, Audio Test, Skin Surveillance or Hand Arm Vibration Tests, amongst others||
|Use your contact details to email you or contact you (either via our online portal or other method) to review any reports that we issue||
|Contact you to arrange/re-arrange an appointment with us||
Our “legitimate interests” as referred to above include:
- The employer needs advice on fitness for work of employees for the efficient and safe running of its business
- The employer needs advice in order to comply with its legal obligations under health and safety law
- The employer needs advice in order to comply with its duties under employment law, in particular the Equality Act
- The employer needs advice in order to comply with its legal duties with respect to tax and social security legislation
AUTOMATED DECISIONS AND PROFILING
We use the personal data you provide to us, information about you provided by third parties (please see “How we collect information about you” for further details), to enable us to advise your employer once they have offered you a job with them. This assessment confirms your fitness to undertake the job offered or determines if there should be reasonable adjustments provided by the employer in order for you to undertake the job. This assessment is provided through an online portal and is based on your answers to a set collection of questions. If the questions are answered as a negative, then an instant automated decision is made, and an email sent to your employer to confirm your fitness. If an answer is positive, then no automated decision is made as further contact is required from an OH nurse to clarify your medical details. At no point is your personal medical information disclosed to your employer or to anyone else who has not been cleared to review your details from within our organisation – unless you proved specific consent to do so.
We consider that, to the extent our decisions based solely on automated processing produce legal or similarly significant effects for you, those decisions are necessary for entering into, or performance of, our contract of Occupational Health Services to your employer/our customers. We, The Healthy Company Ltd , do not make any decisions on employment or your position within our customers place of work – this is purely an HR decision which our customers take responsibility for.
WHO WE SHARE YOUR DATA WITH
Where relevant given the nature of the services provided to you and your employer, we may also share your information with the following categories of third parties:
- Third party service providers who we instruct for the purposes of obtaining further clarification regarding your health information – this is only undertaken with your explicit consent.
- Third party service providers who we refer your details on to, with your consent, in order for you to continue your medical treatments – should it be required.
- Your employer, only with your explicit consent, through the provision of a report (if a referral has been made) – for the purposes of providing them with advice regarding any health issues. This is purely an opinion regarding your ability to undertake your role within the employer’s business and does NOT include any personal data that you do not consent to, or which is not pertinent to the advice that they have asked for.
PROCESSING OUTSIDE OF THE EUROPEAN ECONOMIC AREA (EEA)
We do not process any personal data outside of the EEA.
HOW LONG YOUR INFORMATION IS KEPT
We will retain your personal information for a number of purposes, as necessary to allow us to carry out our business. Your information will be kept for up to 8 years on our main systems after which time it will be archived, deleted or anonymised. Some of the archived information may be retained for up to 40 years where we are required to do so for statutory reasons and in order to comply with our industry guidance. Any retention of personal data will be done in compliance with legal and regulatory obligations and with industry standards. These data retention periods are subject to change without further notice as a result of changes to associated law or regulations. If you have any questions in relation to the retention of your personal data, please us at the details provided above.
- to obtain access to, and copies of, the personal information that we hold about you;
- to require that we cease processing your personal information if the processing is causing you damage or distress;
- to require us not to send you marketing communications.
- to require us to erase your personal information;
- to require us to restrict or object to our data processing activities;
- to receive from us the personal information we hold about you which you have provided to us, in a reasonable format specified by you, including for the purpose of you transmitting that personal information to another data controller; and
- to require us to correct the personal information we hold about you if it is incorrect.
Please note that these rights may be limited by data protection legislation and regulatory requirements, and we may be entitled to refuse requests where exceptions apply.
If you are not satisfied with how we are processing your personal information, you can make a complaint to the Information Commissioner.
You can find out more about your rights under data protection legislation from the Information Commissioner’s Office website: www.ico.org.uk.
You can at any time change or withdraw your consent from the Cookie Declaration on our website.
Your consent applies to the following domains: thehealthycompany.com