Home » Privacy Policy » GDPR Privacy Notice Issue 1

GDPR Privacy Notice Issue 1

Company Health Services Ltd continue to take your privacy very seriously.

We are registered with the Information Commissioner’s Office, our Registration No Z9928907

Our registered company name and address is Company Health Services Ltd (“CHS”) 3 to 5 Vinalls Business Centre, Nep Town Road, Henfield, West Sussex BN5 9DZ.

We process data from a number of sources as follows and the legal basis relates to General Data Protection Regulations (“GDPR”) Art 9(2)h. We may also be Data Controller for the purposes of the Regulations.

1] Client employees

Health Surveillance

This is a group of health checks undertaken because a statutory requirement is placed on your employer in relation to the work that you undertake. Your work may fall into one or more sets of regulations and the purpose of the processing of this data is to enable your employer to meet their legal obligations.

The main statutory requirements arise from:

The Control of Substances Hazardous to Health Regulations (COSHH)
The Control of Noise at Work Regulations
The Control of Vibration at Work Regulations
The Ionising Radiations Regulations
The Control of Asbestos at Work Regulations
The Control of Lead at Work Regulations
The Reporting of Injuries, Diseases and Dangerous Occurrences Regulations (RIDDOR)
The Management of Health and Safety at Work Regulations
The Manual Handling Operations Regulations

Health and Clinical Records

In the case of some of the above we are required to provide your employer with a Health Record setting out the dates and outcomes of the health checks that we make. We also have to collect clinical information to support the health outcome on the Health Record but this is kept in a separate document and is known as a Clinical Record – much in the same way that your GP would keep notes about you, but it is not disclosed without your consent.

With some regulations we have to provide additional information to your employer as follows:

The Control of Lead at Work Regulations

We are required to provide specific information about the category of Blood Lead level that has been recorded. Special arrangements are required for women of reproductive capacity.

The Control of Vibration at Work Regulations

We follow the Tiered Scheme of Health Surveillance as required by the Health & Safety Executive. In the case of Tier 4 assessments we provide, with your informed consent, a more detailed report to the employer.

The Reporting of Diseases, Dangerous Occurrences Regulations

These Regulations require an employer to report a case of disease to The Health and Safety Executive. In the course of the health surveillance or other health assessment we may identify cases of disease that are reportable (criteria apply). In relation to our duties under The Health & Safety at Work Act 1974 we are obliged to identify a reportable case of disease to the employer. This is a statutory disclosure.

The Management of Health and Safety at Work Regulations

Risk Assessments of Young Persons and New and Expectant Mothers are required under these regulations and CHS will often be asked by employers to undertake such assessments.

The Manual Handling Operations Regulations

The Risk Assessment Schedule to these regulations requires an “Assessment of Individual Capability”. CHS is sometimes asked to assist the employer in providing information relating to your capability.

Visit Reports

We also provide the employer with an additional report (“Visit Report”) which details the group results of the health surveillance that has been carried out so that the employer can understand any general improvement or deterioration in health and / or the need for changes to their risk assessment and control process. CHS would provide, in this report, specific recommendations that the employer should consider. Examples might be the availability of suitable size range of gloves or that there is evidence that hearing protection in the worker group is not worn routinely. This requirement is made in some of the above regulations eg. COSHH and the Noise at Work Approved Codes of Practice.

Retention of data and Health Records

There is a legal obligation for the Health Record data to be retained for significant periods of time as required in various sets of regulations as follows, but please note that there is lack of clarity with some of the Regulations :

The Control of Substances Hazardous to Health Regulations (COSHH)

There is a regulatory requirement for the Health Record to be kept for at least 40 years (from the date of the last entry). (COSHH L5 6^th edition para 252).

The Control of Noise at Work Regulations

The Regulations only require the Health Record to be kept whilst you are employed. CHS will therefore keep the Health Record until the worker has reached the age of 75.

The Control of Vibration at Work Regulations

No period of time is mentioned in the Regulations although the Guidance mentions that it should be kept for the period of employment or longer. CHS will therefore keep the Health Record until the worker has reached the age of 75.

The Ionising Radiations Regulations

The requirement is to keep the Health Record until the worker has reached the age of 75 or 30 years from the date of the last entry. (IRR Reg 25(2)c)

The Control of Asbestos at Work Regulations

There is a regulatory requirement for the Health Record to be kept for at least 40 years from the date of the last entry. (Control of Asbestos Regulations 2012 Reg22(1)b) If you are an asbestos worker undertaking Licensed Asbestos work you will be offered the opportunity to participate in the HSE Survey of asbestos workers. The information that is collected will need to be shared with the HSE. Participation in the survey is optional.

The Control of Lead at Work Regulations

There is a regulatory requirement for the Health Record to be kept for at least 40 years (from the date of the last entry) (Control of Lead at Work Third Edition L132 para311)

Retention of Clinical Records

We will also keep Clinical Records for each person for whom we hold a Health Record for a similar period for medico legal purposes. Whilst there is no GDPR requirement to retain the clinical record it is, in our view, helpful to both employer and employee do so.

Health Screening

This is a group of health checks undertaken to make sure that you do not have a health condition that might affect your ability to work safely. The reason for processing this data is to enable your employer to comply with The Health and Safety at Work Act 1974 which requires the employer to ensure your Health, Safety and Welfare (S2). This is particularly relevant where your work is safety critical.

The main types of health check are:

Safety Critical Medical Examinations
Fork Lift Truck Medical Examinations
Other Driver Medical Examinations
Confined Space Medical Examinations

We provide both the employer and employee with a Certificate of Examination detailing the tests that have been undertaken. The certificate may make recommendations about specific requirements that are needed to ensure safe working. For example the employee may be required to wear corrective spectacles to meet a driving standard.

In the case of examinations for employees working in confined space we provide either a certificate of examination or a certificate of fitness depending on the type of work that you may be required to undertake.

We will keep Clinical Records of individuals who have undergone Health Screening until they reach age 75 in case of future medical legal claims.

Case referral

There are occasions when your employer may require a health report on your health status, for example where you have been absent from work for a prolonged period or where you are frequently absent from work or where there might have been a change in your health or where you have been involved in an accident and suffered injuries that might impact on your ability to work safely in future or where you may have become disabled within the criteria set out in the Equality Act 2010.

In these cases your employer will explain to you the reason for the referral. CHS will then undertake an assessment and / or an examination in direct consultation with you and provide your employer with a report including a medical opinion and advice on your rehabilitation or otherwise. The report will also provide an opinion on the application of the Equality Act and “reasonable adjustments” but ultimately this will be for an employment tribunal to determine

You will always see a copy of the report before it is disclosed to your employer and we will make appropriate amendments for factual accuracy. However the opinion expressed in the report will only be amended if it is based on a factual inaccuracy. Nevertheless you will have the right to refuse disclosure but please be advised that your employer will then have to make a decision on your continued employment without the benefit of that report.

We will keep Clinical Records of individuals who have undergone Health Screening until they reach age 75 for medico-legal purposes but you can ask for earlier erasure (see below).

We use a period trawl process to remove data which has time expired as above.

We will continually revise the periods for which we hold data in line with regulatory changes or guidance from professional bodies.

2] Other Client employees

In some instances we have contact with client employees for other reasons such as procurement, human resources etc. In these cases we would hold and process certain data, for example email addresses and telephone numbers. This is to ensure the smooth interaction between us.

3] Company Health Services Employees and Ex-employees

We will keep records of employees for two years after they have left our employment. Details of the reasons that we process employees data is provided in our staff handbook.

Individuals’ rights

The GDPR provides the following rights for individuals:

The right to be informed

We have produced a Policy Paper identifying the types of data that we hold and the legal basis for holding such data.

Our Privacy Notice explains the reasons for processing personal data, the retention periods and who it will be shared with.

The right of access

Subject Access requests

We recognise that individuals have the right of access to data that we hold. The individual should make a signed written request to Company Health Services Ltd 3 to 5 Vinalls Business Centre, Nep Town Road, Henfield, West Sussex, BN5 9DZ or by email to info@chs.uk.com. Subject to verification we will provide data free of charge and within one month of the request.

The right to rectification

We endeavour to ensure that data that we hold is accurate. Where this is discovered to be incorrect then we will correct it either by request in writing, email or verbally and subject to verification we will correct the data within a period of one month following the application.

The right to erasure

We will respond to the individual’s right to erasure of their data except in circumstances where we are legally constrained from doing so.

Applications should be in writing but which may be delivered by email to Company Health Services Ltd 1 The Pavilions, 3 to 5 Vinalls Business Centre, Nep Town Road, Henfield, West Sussex, BN5 9DZ or by email to info@chs.uk.com.

We will also advise other parties to whom we have previously disclosed data about the request.

We will need to verify the identity of the applicant.

The right to restrict processing

On request and pending investigation we will transfer the relevant data to a separate file where no further processing will take place. We will investigate the request to ensure that the applicant is made aware of any legal constraints placed on us and where the request is validated we will comply with the request within one month of the application.

Requests can be made in writing or verbally but may delivered by email to Company Health Services, Ltd 1 3 to 5 Vinalls Business Centre, Nep Town Road, Henfield, West Sussex, BN5 9DZ or by email to info@chs.uk.com

The right to data portability

We recognise the right of the individual to transfer their personal data to another from one data controller to another, usually another occupational health provider. We reserve the right to make a charge for transfer of large data sets and where the data set is sizeable the right to extend the period of compliance to a total of 3 months so that we can accommodate the necessary administrative requirements to ensure that the rights of the individuals concerned are respected.

We would endeavour to transfer the data by means of a mutually agreed procedure so the data can be read by the recipient.

The right to object

We understand the right of the individual to object to the processing of their data and on receipt of a request we will stop processing the data until their case can be considered and transfer their data to a handling file.

Requests can be made in writing or verbally but may delivered by email to Company Health Services, Ltd 3 to 5 Vinalls Business Centre, Nep Town Road, Henfield, West Sussex, BN5 9DZ or by email to info@chs.uk.com

In cases where there is a legal obligation we may discuss the matter with the applicant to ensure that they have a full understanding of the reason for processing their data.

Rights in relation to automated decision making and profiling.

We do not use any automated decision making process.