Healthwork understands that privacy is important and that care is needed about how personal data is used and shared.1. Definitions and Interpretation
In this policy, the following terms shall have the following meanings:
|Account||Means an account required to access and/or use certain areas/features of our site.|
|Cookie||Means a small text file placed on your computer or device by our site when you visit certain parts of our site and/or when you use certain features of our site. Details of the Cookies used by our site are set out in section 13.|
|Cookie Law||Means the relevant parts of the Privacy and Electronic Communications (EC Directive) Regulations 2003.|
|Personal Data||Means any and all data that relates to an identifiable person who can be directly or indirectly identified from that data. This definition shall, where applicable, incorporate the definitions provided in the EU Regulation 2016/679 – the General Data Protection Regulation ("GDPR").|
|Patient||Any person who is assessed by a Healthwork Ltd clinician.|
|Customer||Any organisation or person who buys services from Healthwork Ltd.|
|Manager||Anyone in the management structure of 'patients'.|
We/us/our means Healthwork of 16 St John St, Manchester, M3 4EA2. Information About Us
We are a full service specialist occupational health and wellbeing service provider. We provide services such as pre-placement health services, occupational physician services, nursing and technician medicals/services, physiotherapy, counselling and drug and alcohol screening. Our registered office is at Healthwork, 16 St John St, Manchester, M3 4EA. Healthwork is the trading name of Gel Ltd. We are registered with the Information Commissioner and we hold SEQOHS accreditation from the Royal College of Physicians.3. What Does This Policy Cover?
We respect and value the privacy of everyone who visits this website, and will only collect and use personal data in ways that are described here, and in a manner that is consistent with our obligations and data protection rights under the GDPR
- As a data subject, you have the following rights under the GDPR, which this policy and our use of personal data have been designed to uphold:
- The right to be informed about our collection and use of personal data
- The right of access to the personal data that we hold about you
- The right to rectification if any personal data we hold about you is inaccurate or incomplete
- The right to be forgotten – i.e. the right to ask us to delete any personal data we hold about you (we only hold your personal data for a limited time, as explained in section 6)
- The right to restrict (i.e. prevent) the processing of your personal data
- The right to data portability (obtaining a copy of your personal data to re-use with another service or organisation)
- The right to object to us using your personal data for particular purposes
- Rights with respect to automated decision making and profiling
We collect data from our customers, from patients, and from the managers of patients. Most of the data we collect relates to patients who are referred to us by their employer or who contact us directly. We may collect some or all of the following personal, and non-personal data:
- Name, and date of birth (to verify the identity of the individual)
- Contact information such as addresses, email addresses and telephone numbers (to enable us to contact and communicate with customers, managers, and patients)
- Standard identification information to verify the identity of the patient for certain medical assessments and blood tests
- Occupational health records
- Email addresses of our customers for marketing purposes
- Our clinicians may need reports and information from other healthcare professional (such as GP, specialist doctor or nurse). If this is needed, we will always obtain written consent to do this
- All personal data will be processed and stored securely, for no longer than is necessary in light of the reason(s) for which it was first collected. We will comply with our obligations and safeguard data under the GDPR at all times. We will retain data according to the retention policies of our customers. Where we are responsible for holding data, we will use the following retention periods:
Clinical records: Kept during the employment of the individual 6 years after last use for 'leavers' COSHH records: 40 years Ionising radiation records: 50 years
- We have our own bespoke IT system that is secure and confidential. The system requires every person using it to become a user and have an account set up. Data that you provide will be used to create this user account.
- Our use of personal data will always have a lawful basis. We will process data for the purposes of preventative/occupational medicine, or because you have consented to our use of your personal data (e.g. by subscribing to emails or signing consent forms). We will process data in line with the GDPR, General Medical Council guidelines and Faculty of Occupational Medicine Guidelines (Ethics Guidance for Occupational Health practice).
- Medical information is held confidentially and securely. Confidential medical information can only be accessed by authorised Healthwork employees. A hierarchy system is in place on our portal for managers enabling them to only access information that patients have agreed to them accessing (i.e. the occupational health report).
- For our customers, and with their permission, we may also use their data for marketing purposes that may include contacting our customers by email, telephone, and/or post with information, alerts, and news on our services. We will not, however, send any unsolicited marketing or spam and will take all reasonable steps to ensure that we fully protect our customer's rights and comply with our obligations under the GDPR.
- Third parties whose content appears on our site may use third party cookies. Please note that we do not control the activities of such third parties, nor the data they collect and use and advise you to check the privacy policies of any such third parties.
- You have the right to withdraw your consent to us using your personal data at any time, and to request that we delete it.
- We do not keep personal data for any longer than is necessary in light of the reason(s) for which it was first collected.
- We only keep personal data for as long as we need to in order to use it as described above and/or for as long as we have your permission to keep it.
- Data will only be stored in the EU.
- Data security is very important to us, and to protect data we have taken suitable measures to safeguard and secure data collected.
- Subject to section 8.2, we will not share or sell any of your data with any third parties for any purposes.
- In certain circumstances, we may be legally required to share certain data held by us, which may include your personal data, for example, for legal proceedings, where we are complying with legal obligations, a court order, or a governmental authority.
- In the event that any of your data is to be transferred in such a manner, you will be contacted in advance and informed and consulted of the changes.
- In addition to your rights under the GDPR, set out in section 4, you may be given options to restrict our use of your data. In particular, we aim to give you strong controls on our use of your data for direct marketing purposes (including the ability to opt-out of receiving emails from us).
- You may also wish to sign up to one or more of the preference services operating in the UK: The Telephone Preference Service ("the TPS"), the Corporate Telephone Preference Service ("the CTPS"), and the Mailing Preference Service ("the MPS"). These may help to prevent you receiving unsolicited marketing. Please note, however, that these services will not prevent you from receiving marketing communications that you have consented to receiving.
You may access certain areas of our website without having to provide any data at all.12. How Can You Access Your Data?
- Our site uses two first-party cookies. These cookies are only used for a strict purpose and not to track a user's movements afterwards. These cookies are:
Cookie name Cookie purpose .ASPXAUTH This is the 'ASP.Net Windows Forms Authentication' cookie. This is created to allow a user to login and is functionally required to stay logged in. Once a user logs out the cookie expires. alert-message-displayed This is set when an important breaking news notification has been shown in full-screen on the page to prevent it being shown again during the same visit to our site. The cookie expires after 24 hours.
- Our site uses Google Analytics to perform statistical analysis of page use, page interactions and paths taken through the website in order for us to evaluate, develop and improve our website by collecting information about how users use our website, for example by recording the part of a webpage clicked, the number of pages visited, the length of time of each session, and error messages (where applicable) with the purpose of improving our website and providing users with a better experience. This allows us to better and more accurately understand individual behaviours and needs.
For further information about Google Analytics:
- You can find more information about the cookies used by Google Analytics at: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage
- You can find more information about how Google uses the data collected via this service at: https://policies.google.com/technologies/partner-sites
- You can opt out of being tracked via Google Analytics by following the instructions at: https://tools.google.com/dlpage/gaoptout
- All Cookies used by and on our site are used in accordance with current cookie law.
- In addition to the controls that we provide, you can choose to enable or disable Cookies in your internet browser. Most internet browsers also enable you to choose whether you wish to disable all cookies or only third party Cookies. By default, most internet browsers accept Cookies but this can be changed. For further details, please consult the help menu in your internet browser or the documentation that came with your device. You can choose to delete Cookies on your computer or device at any time. It is recommended that you keep your internet browser and operating system up-to-date and that you consult the help and guidance provided by the developer of your internet browser and manufacturer of your computer or device if you are unsure about adjusting your privacy settings.