GOHS (Global OHS) is committed to protecting the privacy and security of your personal information.
This privacy notice describes how we collect and use personal information about you during and after your working relationship with us, in accordance with the General Data Protection Regulation (GDPR).
GOHS (Global OHS Ltd) are an Occupational Health provider and we are responsible for safeguarding the privacy of your information. We comply fully with the General Data Protection Regulations (GDPR) for information within our control. This Privacy Statement provides information about the type of data we collect and how it is managed. Having read this document, if you have any further questions, you can speak with a member of the GOHS Ltd clinical staff or contact our Data Protection Officer.
GOHS (Global OHS) is a “data controller”. This means that we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this privacy notice.
This notice does not form part of any contract to provide services. We may update this notice at any time.
It is important that you read this notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information.
Data Controller: GOHS (Global OH Solutions Ltd), Suite B, NBK House, 64a Victoria Road, Burgess Hill, RH15 9LH
Email: firstname.lastname@example.org, Tel: 01273 359135
Data Protection Officer: Steve Birchall; Managing Director; email@example.com, 01273 359135
For us to provide Occupational Health services to patients, personal and often sensitive medical information needs to be obtained.
Your consent is required before we would send personal information to your employer, such as an outcome report from your consultation. The clinician will discuss with you the information they would like to send to the employer. You can have a copy of this information. Usually this information is in the form of a report written during your consultation. Sometimes the report cannot be done at that time in which case it will be sent to you for review first. Sometimes employers may need guidance or clarification on the report. The clinician will consider if there is a need to notify you before sending such additional information. If the supplementary advice given does not contain more sensitive personal information than the original report and does not alter the opinion of the original report, then additional consent is not usually requested. However, if there is a material change to the report and the associated information and advice, you will be contacted, or a further consultation will be requested. The receiving employer is expected to maintain appropriate data security for the Occupational Health reports and advice we provide to them and this is covered by our Data Sharing Agreement.
We have put in place measures to protect the security of your information. Details of these measures are available upon request.
Third parties will only process your personal information on our instructions and where they have agreed to treat the information confidentially and to keep it secure.
We process personal sensitive information in accordance with the General Data Protection Regulations (GDPR) on the lawful basis of with Consent and for the purpose of Occupational Medicine.
We process personal information such as name, address and date of birth. We also collect occupational information and medical information including symptoms, history and treatments you may be undergoing. This medical information is regarded as Special Category Data.
Your information which we receive from an employer is only accessed by our own administration team and staff doctors and nurses. All staff have contractual confidentiality agreements and our processes are designed to maintain confidentiality. Our OH output reports are sent securely to the named recipient, usually a Human Resources officer or Manager. You will know who the report is going to at the point that we request consent for dispatch.
Your data is not transferred to other countries.
Most OH records that involve OH consultation will be kept for 10 years from the date of the last entry. This is a generally accepted timescale.
Health Surveillance records (such as hearing and breathing tests) should be kept for 40 years. This is because sometimes industrial diseases can develop later in life so such records should be retained. This is a recommendation from the Health & Safety executive. Most of the records we hold are not Health Surveillance records.
Pre-employment health questionnaires will be retained for 3 years.
The GDPR has strengthened the rights of individuals regarding data about them. These rights are outlined below:
This Privacy Notice is one of the ways we make sure you are informed about the sensitive personal information we collect.
You have the right of access to personal data we hold about you. If you would like access, please contact the Data Controller (details above). We will ascertain your identity and then forward you the requested data as soon as possible. We do not normally make any charges for providing this information.
If you feel that information we hold, is inaccurate or incomplete, please contact the Data Controller (details above). We will review the area you would like rectified and if this is appropriate, we will make the change. If we do not agree to the change, you have the right to complain to the Information Commissioner.
If you would like us to consider erasing the personal information that we hold about you, please contact the Data Controller. Your request will be passed to the Data Protection Officer who will want to discuss this with you. Sometimes Occupational Health records form important medicolegal documents for the exercise or defence of legal claims, such as with Health Surveillance records where such assessment is a statutory requirement. In such cases, we may not be able to agree to the erasure of your personal information.
Once your personal information has been obtained, you have the right to restrict further processing. This means there will be no more activity involving your data other than it being still held by us. This might arise if you did not wish to have any further OH involvement as we require consent to provide OH advice.
If there is to be a change of Occupational Health provider by your employer, the existing OH provider would seek evidence of consent for the transfer of your OH records to the new provider. We would also need to be satisfied that the new OH provider had reasonable arrangements in place for the safe storage of that data before we would transfer it. If you did not want your information to be transferred to another OH provider, you should state this if a notification of change of provider occurs within your organisation.
If you are not happy with any aspect of our information management, please consider contacting the Information Protection Officer for our Organisation and we will manage this as a complaint. You also have the right to complain to the Information Commissioner’s Office (ICO).
It is not possible for doctors and nurses to provide Occupational Health services without personal sensitive information being processed by us. It is a contractual requirement between GOHS Ltd and any referring party, such as your employer, that without the consent of individuals, we cannot provide OH advice for individual cases. Clinicians need to be satisfied that the individual consents to our process of OH assessment and advice, including the processing of sensitive personal information, and without such consent, we cannot provide the clinical service. The consequence of not providing consent for the processing of personal sensitive data is that the individual and the employer will not have access to our Occupational Health advice. This in turn may mean health risks are not minimised and harm could arise to both parties.
If you have any further questions, we would be pleased to help. Contact us on 01273 359135 or speak to your OH Professional. You can also ask to speak to the Data Protection Officer.
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact GOHS in writing.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
Where you have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact us. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
If you have any questions about this privacy notice or how we handle your personal information, please contact GOHS. You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.
We reserve the right to update this privacy notice at any time