Privacy Notice

Privacy Notice Information Sheet – Patient Data

This Privacy Notice tells you what to expect in relation to the personal information

about you, which is collected, handled and processed by SPAGE OH ltd on

your behalf as a patient.

SPAGE OH Ltd, whose Head Office is 29 Allens Avenue Norwich NR78EP  is the data controller and is registered with the Information Commissioner’s Office (ICO) as such. 

We will process any personal data of yours that we handle in accordance with all

applicable data protection laws in force at the time. With effect from 25 May 2018,

the General Data Protection Regulations (“GDPR”) will apply. We will also process

your data and medical records in accordance with the guidelines set-out by the

General Medical Council (GMC), Faculty of Occupational Medicine (FOM) and any

other appropriate professional bodies.

The information we may collect

By definition the information we hold in relation to your health is classified as ‘Special

Category Data’. Article 9.1 prohibits the processing of a range of personal data

including health data except where certain criteria apply.

The Lawful Processing Condition under which we hold and manage your data is

Article 9.2(h) which supersedes Article 9.1:

[9.1 shall not apply where] processing is necessary for the purposes of preventive or

occupational medicine, for the assessment of the working capacity of the employee, medical

diagnosis, the provision of health or social care or treatment or the management of health or

social care systems and services on the basis of Union or Member State law or pursuant to

contract with a health professional and subject to the conditions and safeguards referred to in

paragraph 3;

The Legitimate Interest Processing Condition under which we hold and manage your

data is Article 6.1(f) - processing is necessary for the purposes of the legitimate interests

pursued by the controller or by a third party. Data is held and managed on behalf of your

employer who has a duty of care to comply with the Health and Safety at Work Act

as well as other associated laws.

We will also, and subsequent to the above lawful and legitimate reasons for holding

your data, we will also ask for your consent.

The information that we may collect, hold and process about you is set out below.

A) At the time of making a booking for your occupational health appointment we will

ask you to provide the following data. Where appropriate will ask for your consent

to hold this data and will subsequently confirm with you on arrival at your

appointment that it is correct.

 Your name

 Your date of birth

 Your address

 Your email addresses

 Your telephone number(s)

 Your employer (where relevant)

In the event that your appointment is made by another party, and they provide us

with your information, we will confirm correctness and where appropriate, your

consent for us to hold it, when you attend for your appointment.

B) At the time of, subsequent to and or relevant to your appointment we will also

collect

 Relevant information regarding your health - past and current

 Relevant information regarding your current and past employment

 Copies of any information sent to us by your employer (where relevant)

 Copies of any forms or questionnaires that you have completed

 Copies of any notes or opinions made by the clinician

 A log of our communications with you by email and telephone

 Records as received from other health professionals such as your GP, a

specialist consultant, previous OH provider or therapist etc.

This information will have been provided, or will be provided, by you or a third party

who we work with, such as your employer, a representative or another occupational Health Provider working on behalf of your employer or another specialist or GP.

Medical Records are managed in line with the GMC regulations and guidance.

Consent for processing, storing and disclosing medical records requires consent at

all stages.

How we use the information

The above information is used to provide our services to you in our capacity as an

Occupational Health Provider.

The information under A above may be used as follows:

 To ensure that your patient record is maintained appropriately

 To send you updates in regard to your renewal dates for medicals and

vaccinations

The information under B above may be used as follows:

 To determine your fitness for role, travel, activity or other

 To deal with any medical and health and safety issues relating to your role

 To maintain a record of your health status including details of any certificates

Issued

How we hold the information

All the personal data we hold is stored on our secure database in the UK.

Where paper copies are held awaiting audit and shredding these are held in locked

cabinets and in secure premises. Once all records have been saved to the database

and an audit for completeness has been conducted the paper copies are securely

shredded.

Disclosure of your information

We will not disclose your personal data, medical records or functional information or

certification to any person or party other than yourself, unless there is a lawful

reason to do so, without your consent.

What is the legal basis for processing the information?

Where appropriate we will rely on your consent to process your personal data.

Where your data is held in regard to Occupational Health Services (the medical

service provided was related to your occupation or role regardless of whether you or

your employer requested it) consent is not required as per Article 9.2(h):

Your rights

You have the right at any time to ask for a copy of the personal data and or the

medical records that we hold about you.

In regard to your personal data we will provide this to you free of charge (provided

your request is not manifestly unfounded or excessive). You can request your

information by phone or via email to admin@spageoh.com. Prior to providing any information we will requireverification of your identity.

In regard to your medical records these can be provided following a written and

signed request. This should be sent to admin@spageoh.com or to the Head Office address as above. There may be a charge for the provision of medical records.

Retention of your data

Your data will be retained in accordance with our Records Retention Policy and

Protection Policy.

In summary, your patient data and associated medical records will be held until you

request them to be removed. We will not automatically delete any record so as to

ensure that your occupational health record is maintained as a full and accurate

record and available for the duration of your working life.

Any requests for removal will be managed in line with any legal requirements for us

to retain the information.

The right to erasure

You have the right to request erasure of your personal data held by us where: 

- the data is no longer necessary in relation to the purpose in which it was collected

- where there is no legal ground for us to process your data

- your data has been unlawfully processed. 

In order to request erasure, you should contact us by emailing admin@spageoh.com

On receipt we will confirm whether the data can be erased and if not provide you will the reason.

Any requests for the right for erasure will be managed in line with any legal

requirements for us to retain the information.

Concerns

If you have a concern about the way we are collecting or using your personal data,

you should raise your concern with us in the first instance by emailing admin@spageoh.com

or refer directly to the Information Commissioners Office website. 

Contact

Please address any questions, comments and requests regarding our data

processing practices to us at admin@spageoh.com

Changes to the Privacy Notice

This Privacy Notice may be changed by us at any time.

END