Privacy Policy
Privacy Policy.
Last updated 26th December 2024.
This Privacy notice for Workplace Assess ('we', 'us' or 'our') describes how and why we might access, collect, store, use and/or share ('process') your personal information when you use our services ('services'), including when you;
- Visit our website at www.workplaceassess.co.uk or any website that links to this Privacy Policy.
- Engage with us in other related ways, including any sales, marketing or events.
Questions or concerns? Reading this Privacy Policy will help you understand your privacy rights and choices. We are responsible for making decisions about how your personal information is processed. If you do not agree with our policies and practices, please do not use our Services.
If you still have questions or concerns please contact us at occhealthphysio@yahoo.com
SUMMARY OF KEY POINTS.
This summary provides key points from our Privacy Policy.
What personal information do we process? When you visit, use or navigate our Services, we may process personal information depending on how you interact with us and the Services, the choices you make, and the products and features you use. Learn more about personal information you disclose to us.
Do we process any sensitive personal information? Some of the information may be considered 'special' or 'sensitive' in certain jurisdictions. For example your racial or ethnic origins, sexual orientation and religious beliefs. We do not process sensitive personal information.
Do we collect any information from third-parties? We do not collect any information from third-parties.
Workplaceassess.co.uk is fully committed to compliance with the Data Protection Act 2018 (DPA 2018) and the UK General Data Protection Regulation (UK GDPR). This privacy notice explains how we collect, process, store, and retain personal data in connection with the occupational health services we provide to our customers and their employees. It also sets out our obligations under medical records-related legislation.
Legal Basis for Processing Data
Workplaceassess.co.uk processes personal data based on specific lawful purposes, as outlined by the UK GDPR, including providing occupational health services. We collect and process data that is necessary for conducting occupational health assessments, ensuring that it is relevant and limited to what is required for the service being provided.
What Data Do We Collect?
Personal Data: This includes data such as an employee’s name, date of birth, and contact details (e.g., email, phone number). This information is used to correctly identify employees and maintain appropriate communication.
Special Category Data: As an occupational health provider, we are required to collect sensitive information, such as medical history, symptoms, and ongoing treatment. This data is considered special category data under Article 9(2)(h) of the UK GDPR, which relates to health services and is processed with the explicit consent of the individual.
How Is Data Obtained?
Fit2work.org as Data Controller and Data Processor
Workplaceassess.co.uk acts as a Data Controller for clinical data obtained during consultations. However, in some instances, depending on the service provided (e.g., health surveillance or medical assessments), Workplaceassess.co.uk may act as a Data Processor. In such cases, the customer (employer) remains the Data Controller for occupational health reports, fitness for work certificates, and any occupational health advice provided to the employer.
Retention of Data
Data is retained in line with relevant statutory requirements:
Data Storage and Security
All data is stored within the UK on secure systems. Electronic records are encrypted, and access is restricted to authorized personnel. Paper records are stored in locked cabinets. Data transfers, when necessary, are securely handled using encrypted formats, and Workplaceassess.co.uk ensures that no records are retained following confirmed receipt by the new service provider or employer.
Third-Party Processing and International Transfers
Where third parties are involved in processing, we ensure they provide adequate guarantees of data protection and confidentiality, with appropriate data processing agreements in place. No personal data is transferred outside of the UK or EEA by Workplaceassess.co.uk or our third parties.
Feedback and Data Protection Queries
We regularly gather feedback on our services through anonymous surveys. To raise any concerns or requests related to data protection, please contact occhealthphysio@yahoo.com You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if necessary.
Privacy Statement
Who We Are
Workplaceassess.co.uk gathers and processes your personal information in accordance with this privacy notice and in compliance with the relevant data protection Regulation and laws. This notice provides you with the necessary information regarding your rights and our obligations and explains how, why and when we process your personal data.
Workplaceassess.co.uk is a small private company based in the UK. We are registered on the Information Commissioner’s Office Register; registration number ZB386535 listed under Steven Shore and act as the data controller when processing your data. Our designated Data Protection Champion is Steven Shore who can be contacted on occhealthphysio@yahoo.com
Information That We Collect
Workplaceassess.co.uk processes your personal information to meet our legal, statutory and contractual obligations and to provide you with our products and services. We will never collect any unnecessary personal data from you and do not process your information in any way, other than as specified in this notice.
The personal data that we may collect from you through a website inquiry includes:
The personal data that we may collect from you during physiotherapy assessment/treatment include:
We collect information in the below ways:
How We Use Your Personal Data (Legal Basis for Processing)
Workplaceassess.co.uk takes your privacy very seriously and will never disclose, share or sell your data without your consent; unless required to do so by law. We only retain your data for as long as is necessary and for the purpose(s) specified in this notice. Where you have consented to us providing you with promotional offers and marketing, you are free to withdraw this consent at any time. The purposes and reasons for processing your personal data are detailed below:
Your Rights
You have the right to access any personal information that Workplaceassess.co.uk processes about you and to request information about:
* What personal data we hold about you
* The purposes of the processing
* The categories of personal data concerned
* The recipients to whom the personal data has/will be disclosed
* How long do we intend to store your personal data for
* If we did not collect the data directly from you, information about the source
If you believe that we hold any incomplete or inaccurate data about you, you have the right to ask us to correct and/or complete the information and we will strive to do so as quickly as possible; unless there is a valid reason for not doing so, at which point you will be notified.
You also have the right to request the erasure of your personal data or to restrict processing (where applicable) in accordance with the data protection laws; as well as to object to any direct marketing from us. Where applicable, you have the right to data portability of your information.
If we receive a request from you to exercise any of the above rights, we may ask you to verify your identity before acting on the request; this is to ensure that your data is protected and kept secure.
Sharing and Disclosing Your Personal Information
We do not share or disclose any of your personal information without your consent, other than for the purposes specified in this notice or where there is a legal requirement.
Safeguarding Measures
Workplaceassess.co.uk takes your privacy seriously and takes every reasonable measure and precaution to protect and secure your personal data. We work hard to protect you and your information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures in place, including:
Consequences of Not Providing Your Data
You are not obligated to provide your personal information to Workplaceassess.co.uk however, certain information is required for us to provide our clinical services. We will not be able to offer our clinical services without it.
How Long Do We Keep Your Data
Workplaceassess.co.uk only ever retains personal information for as long as is necessary and we have strict review and retention policies in place to meet these obligations. We are required under UK tax law to keep your basic personal data (name, address, contact details) for a minimum of 6 years after which time it will be destroyed. We are required to keep your clinical records for a minimum of 8 years from the date of last treatment for adult records, and for children eight years after their 18 birthday or until 25 years of age.
Where you have consented to us using your details for direct marketing, we will keep such data until you notify us otherwise and/or withdraw your consent.
Special Categories Data
Owing to the services and treatments that we offer, Workplaceassess.co.uk will need to process sensitive personal information (known as special category data) about you, to ensure safe and effective treatment can take place. Where we collect such information, we will only request and process the minimum necessary for the specified purpose and identify a compliant legal basis for doing so.
Where we rely on your consent for processing special category data, we will obtain your explicit consent through a signature at your first consultation. You can modify or withdraw consent at any time, which we will act on immediately unless there is a legitimate or legal reason for not doing so.
Lodging A Complaint
Workplaceassess.co.uk only processes your personal information in compliance with this privacy notice and in accordance with the relevant data protection laws. However, if you wish to raise a complaint regarding the processing of your personal data or are unsatisfied with how we have handled your information, you have the right to lodge a complaint with the supervisory authority.
Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
0303 123 1113 / https://ico.org.uk/global/contact-us/email/
Consent
Workplaceassess.co.uk takes your privacy seriously and will only process your personal data with your consent and in accordance with the terms stated in our Privacy Notice. We will obtain your explicit consent before your virtual or face-to-face consultation. You can modify or withdraw consent at any time, which we will act on immediately unless there is a legitimate or legal reason for not doing so.
Cookie Notice
A ‘cookie’ is a small piece of data sent from a website and stored on the user’s computer by the user’s web browser while the user is browsing. When you visit a site that uses cookies for the first time, a cookie is downloaded onto your computer/mobile device so that the next time you visit that site, your device will remember useful information such as items added in the shopping cart, visited pages or logging in options.
Cookies are widely used in order to make websites work or to work more efficiently, and our site relies on cookies to optimise user experience and for features and services to function properly.
Most web browsers allow some control to restrict or block cookies through the browser settings, however, if you disable cookies you may find this affects your ability to use certain parts of our website or services. For more information about cookies visit https://www.aboutcookies.org