GDPR Privacy Notice/Statement
PEMS Health Limited act as both the Data Controller and Data Processor and is committed to protecting the rights of the individual and acknowledge that any personal data of yours that we handle will be processed in accordance with the Data Protection Act 1998 (DPA) and the General Data Protection Regulations (GDPR) 2018. In addition, our registered health professionals will adhere to their professional standards with regards to confidentiality.
What Data will be collected?
The following data maybe collected, held and shared by PEMS Health Limited:
Personal information (e.g. Name, Address, Date of Birth)
Characteristics (gender)
Past and present Job roles
Health information
Who will it be collected from?
Human Resources
Managers
Employees
Occupational Health Practitioners
You
We may on occasions request for further medical information from your GP or specialist. If this is the case, we will discuss this with you and obtain your written consent in accordance with Access to Medical Reports Act.
How will it be collected?
Post
Email
Verbal
Why is it collected?
For the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee. To ensure the health and safety of the employees at work and to allow consideration of any adjustments that may be required to support their ability to work.
Data may also be used for research, auditor statistics but will be anonymised if this is the case.
Lawful Basis for processing the information
To comply with employer legal obligation such as health and safety, Duty of Care. (Article 6 (f))
Additional Special category -Article 9(2)(h) specifically authorises processing of data as Occupational Medicine is a special category thus “processing is necessary for the purposes of Occupational Medicine” and Article 9(3) which states that processing is permitted, “When these data are processed by a regulated health professional”.
How long will data be held for?
Management referral information will be held for 10 years after you leave your job. Clinical Records associated with Health Surveillance will be held for 10 years after last entry.
Pre-placement medicals will be discarded after 1 year if the employee does not take up the offer of the job. If the job is taken up it will be treated with the management referral information and retained for the same length of time.
40 years in relation to Health Surveillance Record as required by the Health and Safety Executive (HSE) or up to 75th Birthday
Unwanted records will be destroyed.
How will the data be stored?
Your records will be stored in accordance with PEMS Health Limited’s medical records storage policy complying with GDPR regulations and professional regulatory bodies.
Who will my information be shared with?
The information will be received and processed by the PEMS Health. We will not share information about you with third parties without your consent unless the law allows us to.
What are your rights?
You have the right to see any information we hold about you in your occupational health record. The request should be made in writing and should be responded to within 4 weeks without charge. You can also request that an amendment is attached to your occupational health record if you believe any of the information held by PEMS Health Limited is inaccurate or misleading. In addition, you have a right to withdraw consent to the retention of data, this will be in liaison with your employer to whom the data also relates. You may have contractual and statutory obligations to provide data if this situation arises, we may suggest that you discuss with your employer. You have a right to lodge a complaint to the Information Commissioner’s Office on telephone number 0303 123 1113 or email registration@ico.org.uk.