Privacy Notice Information Sheet
This Privacy Notice tells you what you can expect in relation to the personal information about you, which is collected, handled and processed by SPAGEOH.
This is a general notice and does not include details on how we manage patient data.
SPAGEOH, whose office is based at 29 Allens Avenue, Norwich, NR78EP is the data controller.
We will process any personal data of yours that we handle in accordance with all applicable data protection laws in force at the time. From the 25 May 2018 the General Data Protection Regulations (GDPR) apply.
The information we may collect and how we use that information:
We collect the relevant personal data necessary to communicate with you. This may be for a number of reasons:
As a patient: please see our specific Privacy notice on the website www.spageoh.com
As a contact within one of our clients: The personal data collected will be relevant to your role within your organisation (our client) and will be used only for the specific purposes that it was collected. Your role and the purpose may include:
· HR- to communicate the results of occupational health services delivered to your staff.
· Finance- to send and receive financial information including invoices, remittances and statements.
· Management- to communicate the results of occupational health services delivered to staff.
The information collected will include your name, email address, work telephone number and work location.
As an interested party
The personal data collected will be used solely for the purposes of keeping you informed about our services and other relevant information and resources.
How we hold the information:
All the personal data we hold is stored on our secure database in the UK. If paper copies are held awaiting audit and shredding these are held in locked cabinets and in secure premises.
Disclosure of your information:
We will not disclose your personal data to any person or party other than yourself without your consent, unless there is a lawful reason to do so.
What is the legal basis for processing the information:
Where appropriate we will rely on your consent to process your personal data.
For clients, we may also rely on our processing being necessary to perform a contract for your organisation.
For sales and information enquiries it is necessary for our legitimate interests in order to be able to respond to your request.
You have the right at any time to ask for a copy of the personal data that we hold about you.
In regards to your personal data we will provide this to you free of charge (provided your request is not manifestly unfounded or excessive). You can request your information by phone or via email to admin@spageoh.com Prior to providing any information we will require verification of your identity and a completed Data Subject Access Request.
Retention of your data:
Your data will be retained in accordance with our records retention and protection policy. Any requests for removal will be managed in line with any legal requirements for us to retain the information.
Sales Enquiries- 12 months after the request
Client contact details- 3 years after the end of the contract or within 2 months of notification that you no longer work for that client.
The right to erasure:
You have the right to request erasure of the personal data held by us where-
· The data is no longer necessary in relation to the purpose in which it was collected
· Where there is no legal grounds for us to process your data.
· Your data has been unlawfully processed.
In order to request erasure you should contact us by emailing admin@spageoh.com. On receipt we will confirm your identity and whether the data can be erased and if not, provide you with the reason.
Concerns:
If you have a concern about the way we are collecting or using your personal data, you should raise your concern with us in the first instance by emailing admin@spageoh.com.
Contact:
Please address any questions, comments or requests regarding our data processing to admin@spageoh.com
Changes to the privacy notice:
This privacy notice may be changed by us at any time.
Privacy Notice Information Sheet – Patient Data
This Privacy Notice tells you what to expect in relation to the personal information
about you, which is collected, handled and processed by SPAGE OH ltd on
your behalf as a patient.
SPAGE OH Ltd, whose Head Office is 29 Allens Avenue Norwich NR78EP is the data controller and is registered with the Information Commissioner’s Office (ICO) as such.
We will process any personal data of yours that we handle in accordance with all
applicable data protection laws in force at the time. With effect from 25 May 2018,
the General Data Protection Regulations (“GDPR”) will apply. We will also process
your data and medical records in accordance with the guidelines set-out by the
General Medical Council (GMC), Faculty of Occupational Medicine (FOM) and any
other appropriate professional bodies.
The information we may collect
By definition the information we hold in relation to your health is classified as ‘Special
Category Data’. Article 9.1 prohibits the processing of a range of personal data
including health data except where certain criteria apply.
The Lawful Processing Condition under which we hold and manage your data is
Article 9.2(h) which supersedes Article 9.1:
[9.1 shall not apply where] processing is necessary for the purposes of preventive or
occupational medicine, for the assessment of the working capacity of the employee, medical
diagnosis, the provision of health or social care or treatment or the management of health or
social care systems and services on the basis of Union or Member State law or pursuant to
contract with a health professional and subject to the conditions and safeguards referred to in
paragraph 3;
The Legitimate Interest Processing Condition under which we hold and manage your
data is Article 6.1(f) - processing is necessary for the purposes of the legitimate interests
pursued by the controller or by a third party. Data is held and managed on behalf of your
employer who has a duty of care to comply with the Health and Safety at Work Act
as well as other associated laws.
We will also, and subsequent to the above lawful and legitimate reasons for holding
your data, we will also ask for your consent.
The information that we may collect, hold and process about you is set out below.
A) At the time of making a booking for your occupational health appointment we will
ask you to provide the following data. Where appropriate will ask for your consent
to hold this data and will subsequently confirm with you on arrival at your
appointment that it is correct.
Your name
Your date of birth
Your address
Your email addresses
Your telephone number(s)
Your employer (where relevant)
In the event that your appointment is made by another party, and they provide us
with your information, we will confirm correctness and where appropriate, your
consent for us to hold it, when you attend for your appointment.
B) At the time of, subsequent to and or relevant to your appointment we will also
collect
Relevant information regarding your health - past and current
Relevant information regarding your current and past employment
Copies of any information sent to us by your employer (where relevant)
Copies of any forms or questionnaires that you have completed
Copies of any notes or opinions made by the clinician
A log of our communications with you by email and telephone
Records as received from other health professionals such as your GP, a
specialist consultant, previous OH provider or therapist etc.
This information will have been provided, or will be provided, by you or a third party
who we work with, such as your employer, a representative or another occupational Health Provider working on behalf of your employer or another specialist or GP.
Medical Records are managed in line with the GMC regulations and guidance.
Consent for processing, storing and disclosing medical records requires consent at
all stages.
How we use the information
The above information is used to provide our services to you in our capacity as an
Occupational Health Provider.
The information under A above may be used as follows:
To ensure that your patient record is maintained appropriately
To send you updates in regard to your renewal dates for medicals and
vaccinations
The information under B above may be used as follows:
To determine your fitness for role, travel, activity or other
To deal with any medical and health and safety issues relating to your role
To maintain a record of your health status including details of any certificates
Issued
How we hold the information
All the personal data we hold is stored on our secure database in the UK.
Where paper copies are held awaiting audit and shredding these are held in locked
cabinets and in secure premises. Once all records have been saved to the database
and an audit for completeness has been conducted the paper copies are securely
shredded.
Disclosure of your information
We will not disclose your personal data, medical records or functional information or
certification to any person or party other than yourself, unless there is a lawful
reason to do so, without your consent.
What is the legal basis for processing the information?
Where appropriate we will rely on your consent to process your personal data.
Where your data is held in regard to Occupational Health Services (the medical
service provided was related to your occupation or role regardless of whether you or
your employer requested it) consent is not required as per Article 9.2(h):
Your rights
You have the right at any time to ask for a copy of the personal data and or the
medical records that we hold about you.
In regard to your personal data we will provide this to you free of charge (provided
your request is not manifestly unfounded or excessive). You can request your
information by phone or via email to admin@spageoh.com. Prior to providing any information we will requireverification of your identity.
In regard to your medical records these can be provided following a written and
signed request. This should be sent to admin@spageoh.com or to the Head Office address as above. There may be a charge for the provision of medical records.
Retention of your data
Your data will be retained in accordance with our Records Retention Policy and
Protection Policy.
In summary, your patient data and associated medical records will be held until you
request them to be removed. We will not automatically delete any record so as to
ensure that your occupational health record is maintained as a full and accurate
record and available for the duration of your working life.
Any requests for removal will be managed in line with any legal requirements for us
to retain the information.
The right to erasure
You have the right to request erasure of your personal data held by us where:
- the data is no longer necessary in relation to the purpose in which it was collected
- where there is no legal ground for us to process your data
- your data has been unlawfully processed.
In order to request erasure, you should contact us by emailing admin@spageoh.com
On receipt we will confirm whether the data can be erased and if not provide you will the reason.
Any requests for the right for erasure will be managed in line with any legal
requirements for us to retain the information.
Concerns
If you have a concern about the way we are collecting or using your personal data,
you should raise your concern with us in the first instance by emailing admin@spageoh.com
or refer directly to the Information Commissioners Office website.
Contact
Please address any questions, comments and requests regarding our data
processing practices to us at admin@spageoh.com
Changes to the Privacy Notice
This Privacy Notice may be changed by us at any time.
END
Copyright © 2018 SPAGE OH - All Rights Reserved.
Powered by GoDaddy