Privacy notice

Our work as a occupational health medical practice means we will hold and process a variety of data about you. This notice explains how and why we collect and use this data. It also explains your data rights and entitlements.

The confidentiality of personal information is of paramount concern to Taylor-Mohrs Occupational Health Services (Taylor-Mohrs). To this end, we fully comply with data protection legislation and the General Data Protection Regulation (GDPR).

Under GDPR, we act both as a Data Controller (of the data we generate) and as a Data Processor (of data received from clients).

It is important that you read this notice to inform you of what personal data we are collecting or processing about you.

How we use your data

We recognise the need to treat personal data in a fair and lawful manner. No personal data held by us will be processed unless the requirements for fair and lawful processing can be met.

Privacy Notice - summary of content

Our Privacy Notice explains how we will ensure that we do this, by describing:

  • What data we collect about you
  • Why we collect your data
  • What legal basis we rely on to handle your data
  • Whom we might share your data with
  • Where we store your data
  • How long we keep hold of your data
  • What rights you have in connection with your data
  • How you request a copy of the data that we hold about you
  • How to object to us holding your personal data
  • How to request to have your personal data corrected
  • How to request to have your personal data erased
  • How to request to withdraw consent to data processing

What data we collect about you

Taylor-Mohrs may hold the following data:

  • Details of former, current and prospective customers.
  • Details of former and current employees, workers and contractors.
  • Details about you, such as your name and address and other contact details such as an email address and telephone number.
  • Details about where you work and what your job is.
  • User data about the use our website, sourced from Google Analytics.

Specific to former and current patients:

  • Relevant information from your employer, including the reason for any referral to Taylor-Mohrs, and relevant information about any absences from work.
  • Information about your health, and how this affects your job
  • Results of investigations, such as laboratory tests, x-rays, etc.
  • Your immunity to certain diseases
  • Data from your GP or other Specialist who may be involved in your care.

Why we collect your data

We collect data to enable us to provide patients with the best possible occupational health service on behalf of their employer, with whom we have a contract to provide such services.

We also collect data in order to enter into and perform the employment contract we have with our staff and, to meet and comply with our regulatory and legislative obligations as an employer.

The legal basis we rely on to handle your data

Taylor-Mohrs will not collect, hold or otherwise process your data unless we have a legal basis to do so. The legal bases we rely on to process the types of information above are:

  • For the performance of a contract
  • For the purposes of the legitimate interests pursued by the controller or a third party
  • To comply with legal obligations
  • To provide health care services - in particular, the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems or services
  • For the purposes of carrying out the obligations and exercising specific rights of the controller or data subject in the field of employment or social security or social protection law

Our staff may check your details with you to ensure they are up-to-date and correct. So, if your details have changed (such as your name or address) you need to let us know.

Who we might share your data with

Data that we collect about your healthcare may be made available to your employer with whom we have a contract to provide occupational health services but only if you have given us consent to do so.

There are exceptional circumstances whereby we may share data about you without your knowledge, for example, when it is in the public interest, an emergency where you or someone else might suffer substantial harm or distress, where it relates to a 'communicable disease' or if data is required by law (such as a court order). We may also be required by law to share your data with Government departments or other agencies, to fulfil a statutory duty.

If we ask for your consent to share your information, you can withdraw that consent at any time simply by informing us. Please also see 'How to request to withdraw consent to data processing' below.

Where we store your data

Patient data is stored electronically on a secure encrypted database. It is prohibited for patient records to be altered or removed from our database. All computers are password protected and can only be used by staff of Taylor-Mohrs. Data is also stored in paper form in secure record storage. Access is only available to Taylor-Mohrs staff.

How long we keep hold of your data

We keep a record of your data for a set length of time, depending on the type of data it is. Standard patient records are usually destroyed after 6 years. Health surveillance records are stored for 40 years.

What rights you have in connection with your data

The General Data Protection Regulation (GDPR) gives you certain rights in respect of the information we hold about you. Within legal and regulatory constraints, you have the right to:

  • Have information about how your data is being processed
  • Request a copy of your data at any time (commonly known as a data subject access request)
  • Port (move/transfer) your data to an alternative service provider
  • Have your data in a format that you can access, share and move on to different companies
  • Have your data rectified or corrected if it is factually inaccurate
  • Be forgotten or have your data erased
  • Restrict who has access to your data and its processing
  • Not to be subject to automated decision making including profiling.

You can read more about these rights at: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/

If you are not satisfied with how we handle any requests in relation to your data you can contact the Medical Director at Taylor-Mohrs (contact details below) or Information Commissioner's Office on 0303 123 1113 or through their website.

How you request a copy of the data that we hold about you

You are entitled to a copy of the data that we hold about you. Normally this is available to you free of charge, but we may charge a reasonable fee to cover administrative costs such as copying, or if you request another copy of the same data.

We must provide you with the requested data (where it is appropriate to do so) within 1 month once we have sufficient details to be able to process the request.

We may refuse to respond to requests which are bulky, complex, repetitive and manifestly unfounded or excessive. If we do refuse such a request, we will tell you why.

How to request to have your personal data corrected

You are entitled to have personal data corrected if it is inaccurate or incomplete.

We must respond to your request within 1 month. However, we may extend this period by up to a further 2 months for complex requests.

We may refuse the request if we believe the information is accurate/complete or there is a legal basis to do so. If that is the case, you will be notified of this. You have the right to complain to the Information Commissioner's Office on 0303 123 1113 or through their website and to seek correction by order of a Court.

If you believe your information is inaccurate or incomplete, you should contact the Medical Director at Taylor-Mohrs, contact details below.

How to request to have your personal data erased

This is more commonly known as the 'right to be forgotten'. You may ask to have your data erased where:

  • It no longer needs to be kept by us (when it has gone beyond the minimum retention period)
  • Where you withdraw your consent or object to the use of your data and there is no requirement for us to retain the data
  • It has been used unlawfully
  • There is a legal obligation that we must comply with
  • You are under 16 and data has been stored electronically by us at your request

We may refuse your request (in full or part) where there is a legal basis to do so. If that is the case, you will be notified of this.

How to request to withdraw consent to data processing

You have the right to withdraw your consent to specific processing at any time.

When we have received notification that you have withdrawn your consent, we will no longer process your data for the purpose or purposes you originally agreed to, unless we have another legitimate basis to do so in law.

Changes to this privacy notice

We reserve the right to update this privacy notice at any time.

Contacting us about your data and rights

If you wish to contact us about your data, or if you require any further information in addition to what is included in this privacy notice, please contact the Medical Director at:

Taylor-Mohrs Occupational Health Services
2 Clifton Park
Clifton
Bristol
BS8 3BS
Telephone: 0117 906 4227

If we can't resolve your concern, you have the right to lodge a complaint with the Information Commissioner's Office, whose contact details can be found here.

Our Customers

Contact us

If you are interested in discussing how we can support your business with its occupational health requirements please contact us to arrange a no obligation consultation... [more]