Healthwork understands that privacy is important and that care is needed about how personal data is used and shared.
1. Definitions and Interpretation
In this policy, the following terms shall have the following meanings:
|Account||Means an account required to access and/or use certain areas/features of our site.|
|Cookie||Means a small text file placed on your computer or device by our site when you visit certain parts of our site and/or when you use certain features of our site. Details of the Cookies used by our site are set out in section 13.|
|Cookie Law||Means the relevant parts of the Privacy and Electronic Communications (EC Directive) Regulations 2003.|
|Personal Data||Means any and all data that relates to an identifiable person who can be directly or indirectly identified from that data. This definition shall, where applicable, incorporate the definitions provided in the EU Regulation 2016/679 – the General Data Protection Regulation (“GDPR”).|
|Patient||Any person who is assessed by a Healthwork clinician.|
|Customer||Any organisation or person who buys services from Healthwork.|
|Manager||Anyone in the management structure of ‘patients’.|
We/us/our means Healthwork of 16 St John St, Manchester, M3 4EA
2. Information About Us
We are a full service specialist occupational health and wellbeing service provider. We provide services such as pre-placement health services, occupational physician services, nursing and technician medicals/services, physiotherapy, counselling and drug and alcohol screening. Our registered office is at Healthwork, 16 St John St, Manchester, M3 4EA. Healthwork is the trading name of Gel Ltd. We are registered with the Information Commissioner and we hold SEQOHS accreditation from the Royal College of Physicians.
3. What Does This Policy Cover?
We respect and value the privacy of everyone who visits this website, and will only collect and use personal data in ways that are described here, and in a manner that is consistent with our obligations and data protection rights under the GDPR
4. Your Rights
- As a data subject, you have the following rights under the GDPR, which this policy and our use of personal data have been designed to uphold:
- The right to be informed about our collection and use of personal data
- The right of access to the personal data that we hold about you
- The right to rectification if any personal data we hold about you is inaccurate or incomplete
- The right to be forgotten – i.e. the right to ask us to delete any personal data we hold about you (we only hold your personal data for a limited time, as explained in section 6)
- The right to restrict (i.e. prevent) the processing of your personal data
- The right to data portability (obtaining a copy of your personal data to re-use with another service or organisation)
- The right to object to us using your personal data for particular purposes
- Rights with respect to automated decision making and profiling
If you have any cause for complaint about our use of your personal data, please contact us and we will do our best to solve the problem for you.
For further information about your rights, please contact the Information Commissioner’s Office or your local Citizens Advice Bureau.
5. What Data Do We Collect?
We collect data from our customers, from patients, and from the managers of patients. Most of the data we collect relates to patients who are referred to us by their employer or who contact us directly. We may collect some or all of the following personal, and non-personal data:
- Name, and date of birth (to verify the identity of the individual)
- Contact information such as addresses, email addresses and telephone numbers (to enable us to contact and communicate with customers, managers, and patients)
- Standard identification information to verify the identity of the patient for certain medical assessments and blood tests
- Occupational health records
- Email addresses of our customers for marketing purposes
- Our clinicians may need reports and information from other healthcare professional (such as GP, specialist doctor or nurse). If this is needed, we will always obtain written consent to do this
6. How Do We Use Your Data?
All personal data will be processed and stored securely, for no longer than is necessary in light of the reason(s) for which it was first collected. We will comply with our obligations and safeguard data under the GDPR at all times. We will retain data according to the retention policies of our customers. Where we are responsible for holding data, we will use the following retention periods:
|Clinical records:||Kept during the employment of the individual 6 years after last use for ‘leavers’|
|COSHH records:||40 years|
|Ionising radiation records:||50 years|
We have our own bespoke IT system that is secure and confidential. The system requires every person using it to become a user and have an account set up. Data that you provide will be used to create this user account.
Our use of personal data will always have a lawful basis. We will process data for the purposes of preventative/occupational medicine, or because you have consented to our use of your personal data (e.g. by subscribing to emails or signing consent forms). We will process data in line with the GDPR, General Medical Council guidelines and Faculty of Occupational Medicine Guidelines (Ethics Guidance for Occupational Health practice).
Medical information is held confidentially and securely. Confidential medical information can only be accessed by authorised Healthwork employees. A hierarchy system is in place on our portal for managers enabling them to only access information that patients have agreed to them accessing (i.e. the occupational health report).
For our customers, and with their permission, we may also use their data for marketing purposes that may include contacting our customers by email, telephone, and/or post with information, alerts, and news on our services. We will not, however, send any unsolicited marketing or spam and will take all reasonable steps to ensure that we fully protect our customer's rights and comply with our obligations under the GDPR.
Third parties whose content appears on our site may use third party cookies. Please note that we do not control the activities of such third parties, nor the data they collect and use and advise you to check the privacy policies of any such third parties.
You have the right to withdraw your consent to us using your personal data at any time, and to request that we delete it.
We do not keep personal data for any longer than is necessary in light of the reason(s) for which it was first collected.
7. How and Where Do We Store Your Data?
We only keep personal data for as long as we need to in order to use it as described above and/or for as long as we have your permission to keep it.
Data will only be stored in the UK.
Data security is very important to us, and to protect data we have taken suitable measures to safeguard and secure data collected.
8. Do We Share Your Data?
Subject to section 8.2, we will not share or sell any of your data with any third parties for any purposes.
In certain circumstances, we may be legally required to share certain data held by us, which may include your personal data, for example, for legal proceedings, where we are complying with legal obligations, a court order, or a governmental authority.
9. What Happens If Our Business Changes Hands?
In the event that any of your data is to be transferred in such a manner, you will be contacted in advance and informed and consulted of the changes.
10. How Can You Control Your Data?
In addition to your rights under the GDPR, set out in section 4, you may be given options to restrict our use of your data. In particular, we aim to give you strong controls on our use of your data for direct marketing purposes (including the ability to opt-out of receiving emails from us).
You may also wish to sign up to one or more of the preference services operating in the UK: The Telephone Preference Service (“the TPS”), the Corporate Telephone Preference Service (“the CTPS”), and the Mailing Preference Service (“the MPS”). These may help to prevent you receiving unsolicited marketing. Please note, however, that these services will not prevent you from receiving marketing communications that you have consented to receiving.
11. Your Right to Withhold Information
You may access certain areas of our website without having to provide any data at all.
12. How Can You Access Your Data?
You have the right to ask for a copy of any of your personal data held by us (where such data is held). Under the GDPR, no fee is payable and we will provide any and all information in response to your request free of charge. Please contact us for more details.
Our site only uses one cookie. This is the '.ASPXAUTH' ASP.Net Windows Forms Authentication’ cookie. This is created to allow a user to login and stay logged in. Once a user logs out the cookie expires. The cookie is only used for this purpose and not to track a user’s movements afterwards. We have carefully chosen not to use extensive cookies and have taken steps to ensure that your privacy and personal data is protected and respected at all times
All Cookies used by and on our site are used in accordance with current cookie law.
In addition to the controls that we provide, you can choose to enable or disable Cookies in your internet browser. Most internet browsers also enable you to choose whether you wish to disable all cookies or only third party Cookies. By default, most internet browsers accept Cookies but this can be changed. For further details, please consult the help menu in your internet browser or the documentation that came with your device. You can choose to delete Cookies on your computer or device at any time. It is recommended that you keep your internet browser and operating system up-to-date and that you consult the help and guidance provided by the developer of your internet browser and manufacturer of your computer or device if you are unsure about adjusting your privacy settings.
14. Contacting Us
- HAVS Courses 21st - 22nd June 2018
- New Service – Aviation Medicals
- New Liverpool Office
- Dates Announced for Spring 2018 Courses - Case Management, Report Writing and Chester Step Test Courses All Available to Book Now.
- Australian flu
- Health Promotion Activities - Alcohol Awareness
- Alcohol Awareness Week
- Healthwork Alert 46
- Healthwork Alert 45 - Seasonal Flu Vaccinations 2017
- Healthwork Alert 44