Mike King, Clinical Operations Director/Data Protection Officer and Asclepius Occupational Health as Data Controller, is committed to protecting the rights of the individual and acknowledge that any personal data of yours that we handle, will be processed in accordance with the Data Protection Act 2018 (DPA) and the General Data Protection Regulations (GDPR) 2018. Our ICO data protection registration number ZA015225.
What Data will be collected?
The following categories of data maybe collected, held and shared by Asclepius OHS Ltd.:
Sensitive Personal data:
• Characteristics (Ethnicity, Gender).
• Past and present job roles.
• Health and Medical Records.
Who will it be collected from?
• Human Resources.
• Company Executives.
• Occupational Health Physicians, Specialist Occupational Health Practitioners and other Clinical Staff working for, or on behalf of Asclepius OHS Ltd.
• Third Party (e.g. Occupational Health Clinics working on behalf of Asclepius OHS Ltd. Under direct instruction).
How will it be collected?
• Via Apollo.Direct (Web-based, secure network Occupational Health software).
Why is it collected?
• For the purposes of preventive or occupational medicine, for the assessment of the working capacity of the Employee. To ensure the Health and Safety of the Employees at work and to allow consideration, of any adjustments that may be required, to support their ability to work.
• Data may also be used for research, audit or statistics, but will be anonymised if this is the case.
• Personal information about an individual is collected, for identification and medical record keeping purposes.
• Contact details, such as phone and email addresses are required, to enable the Consultation/Medical Assessment process to be undertaken.
• The Gender and National Insurance Number is only requested, where there is a legal requirement to do so, for example Health and Safety Executive (HSE) requirements, for the purpose of Health Surveillance.
• Gender is required, to enable us to give appropriate advice and support, in relation to occupational role and with a gender-sensitive approach, with regards to medical conditions, enabling accurate reports.
• Ethnicity information is required, where lung function testing is carried out, as part of Health Surveillance.
• Previous roles to assist in obtaining the background of employment, if connected to the Consultation/Medical Assessment.
• Health records, such as medical letters or medical certification, may be required, to enable a true and accurate Consultation/Medical Assessment.
Lawful Basis for Processing the Information:
• Lawful Basis for processing this sensitive personal information, is by consent from the individual, in written, electronic or verbal consent.
• Additional condition - Article 9(2)(h) specifically authorises processing of data as Occupational Medicine is a special category thus “processing is necessary for the purposes of Occupational Medicine” and Article 9(3) which states that processing is permitted “When these data are processed by a regulated health professional”.
• Health and Safety Executive (HSE). Legal requirement for Health Surveillance records.
How long will Data be held for?
• Management Referral information will be held for 7 years, after the Employee has left their job or 75 years of age, (whichever is soonest), as recommended by the British Medical Association (BMA).
• Pre-placement medicals will be discarded after 2 years, if the Employee does not take up the offer of the job.
• 40 years in relation to Health Surveillance, as required by the Health and Safety Executive (HSE).
How will the Data be stored?
• Your records will be stored in accordance with Asclepius OHS Ltd.’s Medical Records Storage Policy following GDPR regulations.
Who will my information be shared with?
• We may share information about you, with third parties working on our behalf. This will only be done with your consent, which shall be obtained prior to the release of any personal data to such persons.
What are your Rights?
• Fair processing of information and transparency over how we use your personal information.
• Require us to correct any mistakes in your information, which we hold.
• Require the erasure of personal information, concerning you in certain situations.
• Object at any time, to processing of personal data, concerning you for direct marketing.
• Object to decisions being taken, by automated means, which produce legal effects concerning you or similarly significantly affect you.
• Object in certain other situations, to our continued processing of your personal data.
• Otherwise restrict our processing of your personal data, in certain circumstances.
• You have the right to see any information we hold about you, in your Occupational Health Record. The request should be made in writing and should be responded to within 4 weeks, without charge. You can also request that an amendment is attached to your Health Record, if you believe any of the information, held by Asclepius OHS Ltd., is inaccurate or misleading.
If you have concerns about your data storage, or wish to complain, please contact Mike King, Data Protection Officer on 0203 940 78700, or via email to firstname.lastname@example.org in the first instance. You may also be asked to confirm your concern, or complaint, in writing, which should be sent to our Head Office at 1, Forge Court, Reading Road, Yateley, Hampshire, GU46 7RX.
If you are not happy with our response then please contact our Data Regulator, the ICO, at:
Information Commissioner’s Office:
Telephone: 0303 123 1113