We take no identifiable user based data without consent on our website.
The only data taken that will include user identifiable data is from submitted forms from our contact (to enquire about how we can help your business or serve you personal medical requirements), recruitment (to apply for any vacancies that we have advertised).
Google Analytics: No identifable data is taken via Google Analytics on our website, please visit https://privacy.google.com/businesses/compliance to find out more about Google’s position on privacy and data protection.
We will never contact you apart from as a response to our email form unless you have given us express permision (via the radio button on the contact form on the contact page, all other forms are ).
What Data will be collected
So that you can enquire about our services you may choose to submit your personal contact information including your name, company, email address, and contact number to us using our website enquiry form. We will process your information on the basis that you have given us your explicit consent to contact you about our services. The information you provide will only be used to contact you about our occupational health and private medical services, as outlined in your accompanying message.
The following data may be collected, held and shared by All Health Matters if you are an employee of an AHM client:
- Personal information (e.g. Name, Address, Date of Birth)
- Characteristics (ethnicity, gender)
- Past and present Job roles
- Health Records
If you send us any sensitive personal data, including information about your health (such as a medical condition) or your disability, we may use that information to provide the services to our client/s. We will do this in line with any notices provided or consent that AHM or our client obtains from you and otherwise in compliance with relevant legislation. This includes data protection and equality laws. Where appropriate, it also includes ethical guidelines issued by the General Medical Council, Faculty of Occupational Medicine and others. We may also contact the author of information you send us to confirm it is accurate.
We will take appropriate measures to protect such sensitive personal data at all times. We and any third parties who host or maintain our website or online systems may need to manage the information about you and/or your computer to maintain our systems effectively. Every care has been taken to ensure that the suppliers we work with comply with GDPR by way of due diligence checks and regular enquiry to ensure that their services remain compliant and secure.
Where will it be collected from
- Directly from you
- Human Resources
- Occupational Health Physicians
- Other Medics
How will it be collected
- Web form
- E mail
Why is it collected
- Article 9 of GDPR states that processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health and social care or treatment, or the management of health and social care systems. It is collected to ensure the health and safety of the employees at work and to allow consideration of any adjustments that may be required to support their ability to work.
- Data may also be used for research, audit or statistics but will be anonymised if this is the case.
Lawful Basis for processing sensitive information
- Lawful basis for processing this sensitive personal information is to provide information and services as requested by you.
- To provide management information with regard to fitness for work.
- Additional condition - Article 9(2)(h) specifically authorises processing of data as Occupational Medicine is a special category thus "processing is necessary for the purposes of Occupational Medicine" and Article 9(3) which states that processing is permitted "When these data are processed by a regulated health professional"
- To comply with the legal requirement to store Health Data/ Outcomes under Health Surveillance (HS) legislation.
How long will data be held for
- Management referral information will be held for 6 years after the employee has left their job or 75 years of age (whichever is soonest) as recommended by the British Medical Association (BMA)
- Pre placement medicals will be discarded after 2 years if the employee doesn't take up the offer of the job
- 40 – 50 years in relation to Health Surveillance as required by the Health and Safety Executive (HSE)
- Client information will be held for the duration of our business relationship with you, and for 3 years following last contact unless otherwise agreed.
- Private travel customers' data will be held for 2 years following date of last vaccine.
How will the data be stored
- Your records will be stored in accordance with medical records storage on electronic management systems which complies with GDPR regulations. Paper records are stored in accordance with DPA medical records storage.
Who will my information be shared with
- We will not share information about you with third parties without your consent unless the law allows us to.
What are your rights
- You have the right to see any information we hold about you in your occupational health record. The request should be made in writing and should be responded to within 4 weeks without charge. You can also request that an amendment is attached to your health record if you believe any of the information held by All Health Matters is inaccurate or misleading, subject to legislative clauses.
Links to other websites
- This website contains links to other websites. Please be aware that we are not responsible for the privacy policies of such other sites. We encourage users to be aware when they leave the website and to read the privacy statements of each and every website that collects personally identifiable information. This privacy statement applies solely to information collected by this website and AHM.