Privacy and Cookie Policy

Healthwork understands that privacy is important and that care is needed about how personal data is used and shared.

1. Definitions and Interpretation

In this policy, the following terms shall have the following meanings:

Account	Means an account required to access and/or use certain areas/features of our site.
Cookie	Means a small text file placed on your computer or device by our site when you visit certain parts of our site and/or when you use certain features of our site. Details of the Cookies used by our site are set out in section 13.
Cookie Law	Means the relevant parts of the Privacy and Electronic Communications (EC Directive) Regulations 2003.
Personal Data	Means any and all data that relates to an identifiable person who can be directly or indirectly identified from that data. This definition shall, where applicable, incorporate the definitions provided in the EU Regulation 2016/679 – the General Data Protection Regulation ("GDPR").
Patient	Any person who is assessed by a Healthwork Ltd clinician.
Customer	Any organisation or person who buys services from Healthwork Ltd.
Manager	Anyone in the management structure of 'patients'.

We/us/our means Healthwork of 16 St John St, Manchester, M3 4EA

2. Information About Us

We are a full service specialist occupational health and wellbeing service provider. We provide services such as pre-placement health services, occupational physician services, nursing and technician medicals/services, physiotherapy, counselling and drug and alcohol screening. Our registered office is at Healthwork, 16 St John St, Manchester, M3 4EA. Healthwork is the trading name of Gel Ltd. We are registered with the Information Commissioner and we hold SEQOHS accreditation from the Royal College of Physicians.

3. What Does This Policy Cover?

This privacy policy applies to the data held by Healthwork and the use of our site ( https://www.healthworkltd.com ). Our site may contain links to other websites. Please note that we have no control over how data is collected, stored, or used by other websites and we advise you to check the privacy policies of any such websites before providing any data to them.

We respect and value the privacy of everyone who visits this website, and will only collect and use personal data in ways that are described here, and in a manner that is consistent with our obligations and data protection rights under the GDPR

Please read this privacy policy carefully and ensure that you understand it. Your acceptance of our privacy policy is deemed to occur upon your first use of our site. If you do not accept and agree with this privacy policy, you must stop using our site immediately.

4. Your Rights

1. As a data subject, you have the following rights under the GDPR, which this policy and our use of personal data have been designed to uphold:
• The right to be informed about our collection and use of personal data
• The right of access to the personal data that we hold about you
• The right to rectification if any personal data we hold about you is inaccurate or incomplete
• The right to be forgotten – i.e. the right to ask us to delete any personal data we hold about you (we only hold your personal data for a limited time, as explained in section 6)
• The right to restrict (i.e. prevent) the processing of your personal data
• The right to data portability (obtaining a copy of your personal data to re-use with another service or organisation)
• The right to object to us using your personal data for particular purposes
• Rights with respect to automated decision making and profiling
2. If you have any cause for complaint about our use of your personal data, please contact us and we will do our best to solve the problem for you.
3. For further information about your rights, please contact the Information Commissioner's Office or your local Citizens Advice Bureau.

5. What Data Do We Collect?

We collect data from our customers, from patients, and from the managers of patients. Most of the data we collect relates to patients who are referred to us by their employer or who contact us directly. We may collect some or all of the following personal, and non-personal data:

• Name, and date of birth (to verify the identity of the individual)
• Contact information such as addresses, email addresses and telephone numbers (to enable us to contact and communicate with customers, managers, and patients)
• Standard identification information to verify the identity of the patient for certain medical assessments and blood tests
• Occupational health records
• Email addresses of our customers for marketing purposes
• Our clinicians may need reports and information from other healthcare professional (such as GP, specialist doctor or nurse). If this is needed, we will always obtain written consent to do this

6. How Do We Use Your Data?

1. All personal data will be processed and stored securely, for no longer than is necessary in light of the reason(s) for which it was first collected. We will comply with our obligations and safeguard data under the GDPR at all times. We will retain data according to the retention policies of our customers. Where we are responsible for holding data, we will use the following retention periods:

   Clinical records:	Kept during the employment of the individual 6 years after last use for 'leavers'
   COSHH records:	40 years
   Ionising radiation records:	50 years

2. We have our own bespoke IT system that is secure and confidential. The system requires every person using it to become a user and have an account set up. Data that you provide will be used to create this user account.
3. Our use of personal data will always have a lawful basis. We will process data for the purposes of preventative/occupational medicine, or because you have consented to our use of your personal data (e.g. by subscribing to emails or signing consent forms). We will process data in line with the GDPR, General Medical Council guidelines and Faculty of Occupational Medicine Guidelines (Ethics Guidance for Occupational Health practice).
4. Medical information is held confidentially and securely. Confidential medical information can only be accessed by authorised Healthwork employees. A hierarchy system is in place on our portal for managers enabling them to only access information that patients have agreed to them accessing (i.e. the occupational health report).
5. For our customers, and with their permission, we may also use their data for marketing purposes that may include contacting our customers by email, telephone, and/or post with information, alerts, and news on our services. We will not, however, send any unsolicited marketing or spam and will take all reasonable steps to ensure that we fully protect our customer's rights and comply with our obligations under the GDPR.
6. Third parties whose content appears on our site may use third party cookies. Please note that we do not control the activities of such third parties, nor the data they collect and use and advise you to check the privacy policies of any such third parties.
7. You have the right to withdraw your consent to us using your personal data at any time, and to request that we delete it.
8. We do not keep personal data for any longer than is necessary in light of the reason(s) for which it was first collected.

7. How and Where Do We Store Your Data?

1. We only keep personal data for as long as we need to in order to use it as described above and/or for as long as we have your permission to keep it.
2. Data will only be stored in the EU.
3. Data security is very important to us, and to protect data we have taken suitable measures to safeguard and secure data collected.

8. Do We Share Your Data?

1. Subject to section 8.2, we will not share or sell any of your data with any third parties for any purposes.
2. In certain circumstances, we may be legally required to share certain data held by us, which may include your personal data, for example, for legal proceedings, where we are complying with legal obligations, a court order, or a governmental authority.

9. What Happens If Our Business Changes Hands?

1. We may, from time to time, expand or reduce our business and this may involve the acquisition, sale and/or the transfer of a part of the business. Any personal data that you have provided will, where it is relevant to any part of our business that is being transferred, be transferred along with that part and the new owner or newly controlling party will, under the terms of this Privacy Policy, be permitted to use that data only for the same purposes for which it was originally collected by us.
2. In the event that any of your data is to be transferred in such a manner, you will be contacted in advance and informed and consulted of the changes.

10. How Can You Control Your Data?

1. In addition to your rights under the GDPR, set out in section 4, you may be given options to restrict our use of your data. In particular, we aim to give you strong controls on our use of your data for direct marketing purposes (including the ability to opt-out of receiving emails from us).
2. You may also wish to sign up to one or more of the preference services operating in the UK: The Telephone Preference Service ("the TPS"), the Corporate Telephone Preference Service ("the CTPS"), and the Mailing Preference Service ("the MPS"). These may help to prevent you receiving unsolicited marketing. Please note, however, that these services will not prevent you from receiving marketing communications that you have consented to receiving.

11. Your Right to Withhold Information

You may access certain areas of our website without having to provide any data at all.

12. How Can You Access Your Data?

You have the right to ask for a copy of any of your personal data held by us (where such data is held). Under the GDPR, no fee is payable and we will provide any and all information in response to your request free of charge. Please contact us for more details.

13. Our Use of Cookies

1. Our site uses two first-party cookies. These cookies are only used for a strict purpose and not to track a user's movements afterwards. These cookies are:

   Cookie name	Cookie purpose
   .ASPXAUTH	This is the 'ASP.Net Windows Forms Authentication' cookie. This is created to allow a user to login and is functionally required to stay logged in. Once a user logs out the cookie expires.
   alert-message-displayed	This is set when an important breaking news notification has been shown in full-screen on the page to prevent it being shown again during the same visit to our site. The cookie expires after 24 hours.

2. Our site uses Google Analytics to perform statistical analysis of page use, page interactions and paths taken through the website in order for us to evaluate, develop and improve our website by collecting information about how users use our website, for example by recording the part of a webpage clicked, the number of pages visited, the length of time of each session, and error messages (where applicable) with the purpose of improving our website and providing users with a better experience. This allows us to better and more accurately understand individual behaviours and needs.

3. For further information about Google Analytics:

   • You can find more information about the cookies used by Google Analytics at: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage
   • You can find more information about Google's privacy policy relating to the Google Analytics service at: https://support.google.com/analytics/answer/6004245
   • You can find more information about how Google uses the data collected via this service at: https://policies.google.com/technologies/partner-sites
   • You can opt out of being tracked via Google Analytics by following the instructions at: https://tools.google.com/dlpage/gaoptout
4. All Cookies used by and on our site are used in accordance with current cookie law.
5. In addition to the controls that we provide, you can choose to enable or disable Cookies in your internet browser. Most internet browsers also enable you to choose whether you wish to disable all cookies or only third party Cookies. By default, most internet browsers accept Cookies but this can be changed. For further details, please consult the help menu in your internet browser or the documentation that came with your device. You can choose to delete Cookies on your computer or device at any time. It is recommended that you keep your internet browser and operating system up-to-date and that you consult the help and guidance provided by the developer of your internet browser and manufacturer of your computer or device if you are unsure about adjusting your privacy settings.

14. Contacting Us

If you have any questions, comments or queries about this privacy policy or about your data, please contact us by email at support@healthworkltd.com, or by post at Healthwork, 16 St John St, Manchester, M3 4EA. Please ensure that your query is clear, particularly if it is a request for information about the data we hold about you.

15. Changes to Our Privacy Policy

We may change this privacy policy from time to time (for example, if the law changes). Any changes will be immediately posted on our site and you will be deemed to have accepted the terms of the privacy policy on your first use of our site following the alterations. We recommend that you check this page regularly to keep up-to-date.