Libby Morley, Owner of Mindshift Consultancy, as Data Controller is committed to protecting the rights of the individual and acknowledges that any personal data of yours that we handle will be processed in accordance with the Data Protection Act 1998 (DPA) and the General Data Protection Regulations (GDPR) 2018.
What Data will be collected?
The following data maybe collected, held and shared.
- Personal information (e.g. Name, Address, Date of Birth, Phone number/s)
- Characteristics (ethnicity, gender)
- Past and present Job roles
- Health Records
Who will it be collected from?
- Human Resources
- Company Executives
- Occupational Health Physicians, Specialist Occupational Health Practitioners and other clinical staff working for or on behalf of Mindshift Consultancy.
- General Practitioners or other NHS health professionals
- Third Party (e.g. OH clinics working on behalf of Mindshift Consultancy, under direct instruction)
How will it be collected?
- Via Apollo Direct (Web-based, secure network Occupational Health software)
Why is it collected?
- For the purposes of preventative or Occupational Medicine, for the assessment of the working capacity of the employee. To ensure the health and safety of the employees at work and to allow consideration of any adjustments that may be required to support their ability to work.
- Data may also be used for research, audit or statistics, but will be anonymised if this is the case.
Lawful Basis for processing the information
- Lawful basis for processing this sensitive personal information is by consent from the individual, in written, electronic or verbal form.
- Additional condition - Article 9 (2)(h) specifically authorises processing of data as Occupational Medicine is a special category thus “processing is necessary for the purposes of Occupational Medicine” and Article 9 (3) which states that processing is permitted “When these data are processed by a regulated health professional”
How long will data be held for?
- Management referral information will be held for 7 years after the employee has left their job or 75 years of age (whichever is soonest) as recommended by the British Medical Association (BMA)
- Pre-placement medicals will be discarded after 2 years if the employee doesn’t take up the offer of the job
- 40 years in relation to Health Surveillance as required by the Health and Safety Executive (HSE)
How will the data be stored?
- Your records will be stored in accordance with Mindshift Consultancy medical records storage policy following GDPR regulations.
Who will my information be shared with?
- We may share information about you with third parties working on our behalf. This will only be done with your consent, which shall be obtained prior to the release of any personal data to such persons.
- Some data may be shared without consent, if there are concerns about your or others mental or physical safety or a breach of law is suspected
What are your rights
You have the right to see any information we hold about you in your Occupational Health record. The request should be made in writing and should be responded to within 4 weeks without charge. You can also request that an amendment is attached to your health record if you believe any of the information held by Mindshift Consultancy is inaccurate or misleading.