Global-OHS
Book an Appointment

Privacy Policy

Privacy Policy

Global OHS is committed to protecting the privacy and security of your personal information. This notice explains how we collect, use, store, and share personal information during and after your working relationship with us, in line with UK GDPR and the Data Protection Act 2018.

Who we are

Global OHS Ltd acts as the data controller, which means we decide how we hold and use your personal information. This notice does not form part of any contract, and we may update it from time to time.

Data Controller: Global OHS Ltd, 6 Loyal Parade, Mill Rise, Westdene, Brighton BN6 8EA
Email: hello@globalohs.com | Tel: 01273 359135
Data Protection Officer: Steve Birchall (Managing Director) | steve@globalohs.com | 01273 359135

What personal data we process

To provide occupational health services, we must process personal data and, in many cases, special category data (health information). We only collect what we need and we handle it with appropriate safeguards.

Information we receive from your employer

To arrange an appointment, your employer will usually provide your name, date of birth, address, telephone number, job details, and the reason for referral. They may also share relevant background such as sickness absence information or treatments they already know about. However, we expect your employer to discuss the referral with you before they send information to us.

Information we obtain during your consultation

During your consultation, our clinician will ask about your health and your work so they can provide safe, relevant advice. We keep a clinical record because professional standards require it. Your employer cannot access your clinical file.

If we run a consultation by phone or via Teams, we may record it for training and quality purposes. We store recordings securely and we retain them in line with our retention rules.

Information we may send to your employer

We only send an outcome report to your employer with your consent. Your clinician will explain what they intend to share, and you can request a copy.

Sometimes, your employer asks for clarification after receiving a report. In that case, we may provide supplementary advice. If it adds new sensitive detail or materially changes the opinion, we will contact you and, where appropriate, arrange further consent or a follow-up consultation.

How we store and protect your data

We use security controls designed to protect confidentiality and reduce the risk of loss, misuse, or unauthorised access.

  • We use encrypted, cloud-based occupational health software.

  • Users access systems through multi-factor authentication.

  • We store data in the UK and we do not transfer it overseas.

  • We limit access to staff who need it for their role, and we bind them to confidentiality obligations.

  • We train staff on information security and we maintain procedures for incident management.

If we suspect a personal data breach, we will assess it promptly and notify you and the relevant regulator where the law requires it.

Data sharing and confidentiality

Your confidential occupational health record is not accessible by your employer and we do not share it. Your employer must agree to our Data Sharing Agreement before they refer employees to us. This agreement sets out responsibilities for secure handling of referrals and reports, including what happens once the employer receives our advice.

To maintain occupational health standards, we also audit clinical records and reports at least twice a year for quality and training. We anonymise records before audit, and auditors sign confidentiality agreements.

Privacy Policy

Our lawful basis for processing

We process personal data to deliver occupational health services. We rely on consent for the consultation process and for sharing an outcome report with your employer. We also process special category data for occupational medicine purposes, with appropriate safeguards.

How long we keep your data

We retain data only for as long as necessary:

  • Occupational health consultation records: usually 15 years from the date you leave the employer we support.

  • Telephone recordings: usually 3 months, unless we need them for a complaint or legal matter (then we attach them to the clinical record).

  • Health surveillance records: up to 40 years, because conditions can develop later in life (in line with HSE guidance).

  • Pre-employment questionnaires: typically 3 years.

Your rights

UK GDPR gives you rights over your personal information. For example, you can:

  • request access to your data

  • request correction of inaccurate or incomplete data

  • request erasure in some circumstances

  • restrict processing

  • object to processing in certain situations

  • request data portability where applicable

  • withdraw consent (where we rely on it)

To exercise these rights, contact the Data Controller using the details above. We may ask for information to confirm your identity, because we must protect personal data from unauthorised disclosure.

If you are unhappy with how we handle your data, contact our Data Protection Officer first. You can also complain to the Information Commissioner’s Office (ICO) at any time.

ICO Registration Number: ZA122912
Companies House No.: 09616450
Document ref: BM.01.005 (Aug 24) | Review date: Aug 27

If you want, paste the specific paragraph(s) that your SEO tool flagged most heavily, and I’ll tighten those first (usually it’s the “may be / will be / is required” sections that inflate passive voice).