Privacy policy
Divity Health recognises the importance of respecting the personal privacy of all customer data and they need to build in appropriate safeguards during the collection, storage, processing and utilisation of personal data. Company will comply with the requirements of all the relevant data protection legislation. Information will be collected and used fairly, stored safely and not disclose to any person unlawfully.
Divity Health LTD acts as both the Data Controller and Data Processor is committed to protecting the rights of the individual and acknowledge that any personal data of yours that we handle will be processed in accordance with the General Data Protection Regulations (GDPR) 2018 and all other relevant data protection legislation.
What Data will be collected?
The following data may be collected, held by Divity Health LTD in order to carry out our role as Occupational Health Providers and we will not share the data outside of the Divity Health Team without consent:
• Personal information (e.g. Name, Address, Date of Birth)
• Past and present Job roles
• Characteristics such as gender.
• Health Records
Who will it be collected from?
Post/Letter/Referral Form/Health Form
-
Email
-
Verbal
-
Pabau Software System
MedM software [sleep apnoea screening]
Block.co
Why is it collected?
• For the purposes of preventive or occupational medicine, fitness certification for the assessment and enhancement of the working capacity of the employee.
• To ensure the health and safety of the employees at work and to allow consideration of any adjustments or restrictions that may be required to support their ability to work.
• Data may also be used for research, audit or statistics but will be anonymised if this is the case.
Lawful Basis for processing the information
Lawful basis for processing this sensitive personal information:
9 {2} (h) processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional and subject to the conditions and safeguards referred to in paragraph 3
How long will data be held for?
• Management referral information will be held for 6 years after the employee has left their job as recommended by the British Medical Association (BMA)
• Pre-placement medicals will be discarded after two years if the employee doesn't take up the offer of the job or two years after they have left employment
How will the data be stored?
Your records will be stored in accordance with Divity Health records storage policy following GDPR regulations.
Who will my information be shared with?
We will not share information about you with third parties without your consent unless the law allows us to.
• 40 years or 50 years in relation to specific Health Surveillance as required by the Health and Safety Executive (HSE)
What are your rights?
You have the right to see or be told what will be in your occupational health report. You will be given a reasonable time to read the report, before it is sent to your employer, if you have requested to see it first.
You can also request that an amendment is attached to your health record if you believe any of the information held by Divity Health LTD is inaccurate or misleading. Factual errors will be corrected.
You have the right to withdraw your consent at any time whilst your report is being prepared and before it is sent to your employer. However, should consent be withdrawn, the employer will only be able to act on/make decisions regarding your fitness for work, without the benefit of a medical report, and this may disadvantage you.
You have the right to see any information we hold about you in your occupational health record. The request should be made in writing and should be responded to within 4 weeks without charge.
Contact information
We keep this privacy policy under regular review and will place any updates on our website.
Please do not hesitate to contact us relating to any questions you may have on data protection, or our processing of personal data should be directed to our Data Protection Officer by email to info@divityhealth.com
Your rights under the General Data Protection Regulations 2018
There are 8 fundamental rights that effect how we can collect, store and use your data. They are:
1. The right to be informed - Divity Health LTD as both the Data Controller and Data Processor is committed to protecting the rights of the individual and acknowledge that any personal data of yours that we handle will be processed in accordance with the General Data Protection Regulations (GDPR) 2018 and all other relevant data protection legislation.
What Data will be collected?
The following data may be collected, held by Divity Health LTD in order to carry out our role as Occupational Health Providers and we will not share the data outside of the Divity Health Team without consent:
• Personal information (e.g. Name, Address, Date of Birth)
• Past and present Job roles
• Characteristics such as gender.
• Health Records
Who will it be collected from?
Post/Letter/Referral Form/Health Form
-
Email
-
Verbal
-
Pabau Software System
MedM software system
Block.co
Why is it collected?
• For the purposes of preventive or occupational medicine and fitness certification, for the assessment of the working capacity of the employee.
• To ensure the health and safety of the employees at work and to allow consideration of any adjustments or restrictions that may be required to support their ability to work.
• Data may also be used for research, audit or statistics but will be anonymised if this is the case.
Lawful Basis for processing the information
Lawful basis for processing this sensitive personal information:
9 {2} (h) processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional and subject to the conditions and safeguards referred to in paragraph 3
How long will data be held for?
• Management referral information will be held for 6 years after the employee has left their job as recommended by the British Medical Association (BMA)
• Pre-placement medicals will be discarded after two years if the employee doesn't take up the offer of the job or two years after they have left employment
How will the data be stored?
Your records will be stored in accordance with Divity Health LTD records storage policy following GDPR regulations.
Who will my information be shared with?
We will not share information about you with third parties without your consent unless the law allows us to.
• 40 years or 50 years in relation to specific Health Surveillance as required by the Health and Safety Executive (HSE)
What are your rights?
You have the right to see or be told what will be in your occupational health report. You will be given a reasonable time to read the report, before it is sent to your employer, if you have requested to see it first.
You can also request that an amendment is attached to your health record if you believe any of the information held by Divity Health LTD is inaccurate or misleading. Factual errors will be corrected.
You have the right to withdraw your consent at any time whilst your report is being prepared and before it is sent to your employer. However, should consent be withdrawn, the employer will only be able to act on/make decisions regarding your fitness for work, without the benefit of a medical report, and this may disadvantage you.
You have the right to see any information we hold about you in your occupational health record. The request should be made in writing and should be responded to within 4 weeks without charge.
Contact information
We keep this privacy policy under regular review and will place any updates on our website.
Please do not hesitate to contact us relating to any questions you may have on data protection, or our processing of personal data should be directed to our Data Protection Officer by email to info@divityhealth.com
must be completely transparent in how we are using your personal data (personal data may include data such as a work email, work mobile if they are specific to an individual, health information, etc).
2. The right of access - you have the right to know exactly what information is held about you and how it is processed. This is encapsulated in our Privacy Policy, which is available on request.
3. The right of rectification - you will be entitled to have personal data rectified if it is inaccurate or incomplete.
4. The right to erasure - this is also known as 'the right to be forgotten'. This refers to your right to have your personal data deleted or removed without the need for a specific reason as to why you wish to discontinue. There are exceptions to this right such as Health Surveillance records and some health assessment kept for ongoing management, support and assessment whilst in employment.
5. The right to restrict processing - this is an individual's right to block or suppress processing of their personal data to unauthorised persons.
6. The right to data portability - this allows individuals to retain and reuse their personal data for their own purpose.
7. The right to object - Divity Health LTD will not use personal data for the purpose of direct marketing, scientific and historical research.
8. Rights of automated decision making and profiling - there are safeguards put in place to protect you against the risk that a potentially damaging decision is made without human intervention. Divity does not use any automated processing.
In practice this will mean that you have the right to ask for a copy of the personal information held by Divity Health LTD. Requests must be made in writing. You also have the right to require correction of any inaccuracies in the information held.
There are exemptions set out in the data protection legislation which may form the legal basis on which an Occupational Health professional may refuse to disclose all or part of your Occupational Health record.
The main exemptions are that information must not be released if:
· It is likely to cause serious harm to your physical or mental health or to that of others.
· It relates to someone who would normally need to give their permission (where that person is not a health professional involved in your care).