top of page

Privacy Policy


Last reviewed: 5th February 2024

Next review due: 5th February 2025


By using this website, you expressly agree to the collection and use of your information for the purposes set out in this privacy policy. 


All Health Matters (AHM) as both the Data Controller and Data Processor is committed to protecting the rights of the individual and acknowledge that any personal data of yours that we handle will be processed in accordance with the General Data Protection Regulations (GDPR) 2018. Please read this privacy policy carefully as it contains important information about our use of your information. It explains what information we collect about you, and how we use it, including when we might disclose it to third parties. 



We take no identifiable user-based data without consent on our website.

The only data taken that will include user-identifiable data is from submitted forms from our contact (to enquire about how we can help your business or serve your personal medical requirements), recruitment (to apply for any vacancies that we have advertised), or bookings made online (for service available to book through the website).

Google Analytics: No identifiable data is taken via Google Analytics on our website, please visit  to find out more about Google’s position on privacy and data protection.

We will never contact you apart from as a response to our email or booking form unless you have given us express permission (via the radio button on the contact form on the contact page).


What data will be collected 

So that you can enquire about our services you may choose to submit your personal contact information including your name, company, email address, and contact number to us using our website enquiry form. We will process your information on the basis that you have given us your explicit consent to contact you about our services. The information you provide will only be used to contact you about our occupational health and private medical services, as outlined in your accompanying message.   


We will also ask you at the time of submitting your website enquiry, whether you would like to receive our company newsletter. If you select yes then you will also receive our standard company newsletter no more frequently than twice monthly. 


We may also collect data about your use of our website automatically using cookies. Please see our Cookie Policy for more information. 


The following data may be collected, held and shared by All Health Matters if you are an employee of an AHM client or a private customer: 

·         Personal information (e.g. Name, Address, Date of Birth) 

·         Characteristics (ethnicity, gender) 

·         Past and present Job roles 

·         Health Records 


If you send us any sensitive personal data, including information about your health (such as a medical condition) or your disability, we may use that information to provide the services to our client/s. We will do this in line with any notices provided or consent that AHM or our client obtains from you and otherwise in compliance with relevant legislation. This includes data protection and equality laws. Where appropriate, it also includes ethical guidelines issued by the General Medical Council, Faculty of Occupational Medicine and others. We may also contact the author of information you send us to confirm it is accurate. 


We will take appropriate measures to protect such sensitive personal data at all times. We and any third parties who host or maintain our website or online systems may need to manage the information about you and/or your computer to maintain our systems effectively. Every care has been taken to ensure that the suppliers we work with comply with GDPR by way of due diligence checks and regular enquiry to ensure that their services remain compliant and secure. 



Where will it be collected from 

·         Directly from you 

·         Human Resources 

·         Managers 

·         Employees 

·         Occupational Health Physicians 

·         Other Medics 


How will it be collected 

·         Web form / paper form

·         Post 

·         E mail 

·         Verbal 

·         Fax 


Why is it collected 

·         Article 9 of GDPR states that processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health and social care or treatment, or the management of health and social care systems. It is collected to ensure the health and safety of the employees at work and to allow consideration of any adjustments that may be required to support their ability to work. 

·         Data may also be used for research, audit or statistics but will be anonymised if this is the case. 

·         To provide private medical services to you.


Lawful Basis for processing sensitive information 

·         Lawful basis for processing this sensitive personal information is to provide information and services as requested by you. 

·         To provide management information with regard to fitness for work. 

·         Additional condition -  Article 9(2)(h) specifically authorises processing of data as Occupational Medicine is a special category thus “processing is necessary for the purposes of Occupational Medicine” and Article 9(3) which states that processing is permitted “When these data are processed by a regulated health professional” 

·         To comply with the legal requirement to store Health Data/ Outcomes under Health Surveillance (HS) legislation. 


How long will data be held for 

·         Management referral information will be held for 6 years after the employee has left their job or 75 years of age (whichever is soonest) as recommended by the British Medical Association (BMA) 

·         Preplacement medicals will be discarded after 2 years if the employee doesn’t take up the offer of the job 

·         40 – 50 years in relation to Health Surveillance as required by the Health and Safety Executive (HSE) 

·         Client information will be held for the duration of our business relationship with you, and for 3 years following last contact unless otherwise agreed. 

·         Private customers’ data will be held for 2 years following date of last appointment. 


How will the data be stored 

·         Your medical records will be stored in accordance with medical records storage on electronic management systems which complies with GDPR regulations.  Paper records are stored in accordance with DPA medical records storage. 

·         Web enquiries will be stored for 2 years unless we enter into a contractual agreement with you, in which case this will be stored for the duration of the working relationship and up to 3 years after unless otherwise agreed.


Who will my information be shared with 

·         We will not share information about you with third parties without your consent unless the law allows us to. 


What are your rights 

·         You have the right to see any information we hold about you in your occupational health record. The request should be made in writing and should be responded to within 4 weeks without charge. You can also request that an amendment is attached to your health record if you believe any of the information held by All Health Matters is inaccurate or misleading, subject to legislative clauses. 


Changes to privacy policy 

·         We reserve the right to add to or change the terms of this privacy policy at our sole discretion, without prior notice to you. If we change this privacy policy, we will post the new privacy policy on the website, and it will become effective from the time of posting to the website. Please visit this privacy policy on a regular basis to make sure you have read the latest version and you understand what we do with your information. Wherever possible, we will give you notice of any changes prior to their implementation. 


Links to other websites 

·         This website contains links to other websites. Please be aware that we are not responsible for the privacy policies of such other sites. We encourage users to be aware when they leave the website and to read the privacy statements of each and every website that collects personally identifiable information. This privacy statement applies solely to information collected by this website and AHM. 



If you have any questions about our privacy policy or the information we hold about you, please contact us at the address or telephone number on our website.

See also: Cookie Policy
bottom of page