KC Business Health Ltd is committed to protecting personal data and to complying with data protection legislation. KC Business Health Ltd is both Data Controller and Data Processor in accordance with the General Data Protection Regulation (GDPR). The following privacy notice explains how KC Business Health Ltd uses personal information collected, what we do with the information, whom the information is shared with and the right of an individual to access their data.
About KC Business health Ltd
KC Business Health Ltd is an occupational health provider who provides specialist occupational health services to a variety of organisations. Occupational health is a specialist branch of nursing and medicine and as such is bound by the rules and regulations of relevant health care regulatory organisations.
The legal bases we rely on
There are a number of legal reasons for which data can be collected and processed. The lawful basis for processing employee information is for the employer’s compliance with duty of care, its duty under the Equality Act and its duty to pay sick pay. In addition, the law on data protection specifically details preventative or occupational medicine, assessment of working capacity and medical diagnosis, which includes personal health information.
For example, this can be for: a referral due to a health issue affecting work or vice versa, health surveillance as required by Health & Safety law/guidance or a pre-placement assessment as an employee starts employment.
What information is collected?
KC Business Health Ltd collects information applicable only to the service being provided. The type of information collected could include: name, date of birth, gender, details of a physical or mental health condition, telephone number, postal address and e-mail address. Some of this information is identified as special category (sensitive) data under the GDPR and will come from the consultation process, medical reports and 3rd parties such as employers.
How is the information used and stored?
KC Business Health Ltd will process (collect, store and use) the information provided in compliance with Data Protection law and occupational health professional standards in order to provide specified occupational health services. No information will be disclosed to a third party without specific consent from the employee, other than when there is a legal obligation or it is in the public interests to do so e.g., to protect the safety of colleagues or the general public.
Information is stored electronically and as such appropriate technical and security measures are in place and continually reviewed to ensure that unauthorised parties do not have access to personal data. For example: password protection is used on all electronic equipment and encryption and password protection on all outcome reports and occupational health records.
How long is the information kept?
KC Business Health Ltd keeps occupational health records for the duration of the contract with the employer who has engaged the services of KC Business Health Ltd. Records are destroyed in accordance with legal and professional guidance.
Access to information
Employees who have engaged with the services of KC Business Health Ltd have the right to see the information held about them and a right to rectify any personal data held that is factually inaccurate or incomplete. A request to access personal information should be made directly to Data Protection Officer, Karen Coomer at Ingleside, 188 Stockton Lane, York, YO31 1EY or via email at firstname.lastname@example.org. Data requests should include name, company and contact details. Verification of identity will be asked for before proceeding with any request. There will be no charge for information and most requests will be responded to within a month.
If the contact facility of the website is used information will be held as appropriate in order to provide further information or a service. The KC Business Health Ltd website may contain links to other websites. As this privacy notice only applies to this website the privacy notices from other websites should therefore be read.
If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.
You can contact them by calling 0303 123 1113 or go online to www.ico.org.uk/concerns