Thistle Occupational Health Privacy Policy

Our Commitment to You

This policy has been written in accordance with the following legislation: General Data Protection Regulation (EU 2016), Privacy and Electronic Communications Regulations 2003, and the Data Protection Act 2018. 

Thistle Occupational Health is committed to protecting your data and complying with our responsibilities as a data controller.  Thistle Occupational Health is registered with the Information Commissioner’s Office (ICO) and our registration number is ZA549347.  This policy statement documents that we are responsible for managing how we use personal information about you and sets out the need for the information we have on you.

Data We Collect & Why?

Thistle Occupational Health delivers occupational health services, assessment of fitness for work and work capacity of employees, medical diagnosis and management of these cases.  Due to the nature of our work, we manage both personal and special category (sensitive) data, as classified under the current data protection legislation. We have procedures and IT security measures the ensure the protection of the data we hold. We are also goverend by the General Medical Council, Faculty of Occupatonal Medicine and registered with the ICO, all of which have guidelines and ethical codes the we follow to ensure your confidentiality. 

Thistle Occupational Health operates within the principles set out in the current data protection legislation and best practice guidelines; these include:

• We will process your information fairly and lawfully for the purposes of providing occupational health services.
• We will always gain your consent before sharing information with your employer.
• We will ensure we meet all legal requirements when processing this information and will not process the data for any other purposes, such as external marketing.
• We will ensure all data held is ‘relevant’ and ‘appropriate’ to the purpose for which it has been obtained.
• We will not keep your data for longer than is ‘necessary’.
• We will always process data in accordance with your rights under the current data protection legislation.

All reasonable efforts are made to protect the confidentiality, integrity and availability of your data at every stage from collection to archiving or destruction; this includes any data obtained by Thistle Occupational Health from data subjects, employers and data processors – including intellectual property.  Thistle Occupational Health will not transfer your data outside the European Economic Area (EEA) without appropriate protection.  We will never sell your data on, nor use it for other purposes than why it was originally collected.   

Anonymised data may be used by Thistle Occupational Health or disclosed to others e.g. regulatory bodies such as Oil and Gas UK, HSE for audit, research or statistical purposes.  No individual will be identified in this anonymised research.

Your Privacy Rights  

You have the right to withdraw consent at any time up until any results are processed and released to your employer.  There are, extenuating circumstances which will override this condition – for example, where disclosure is required by law or where there is an immediate danger to your health.  More information on your rights under GDPR can be found on the ICO website.  Thistle Occupational Health assures that all personal health data collected is handled in accordance with Data Protection legislation.

How long do we keep your Data for?

We will only retain your information for as long as we need to support the purposes for which it was collected.  Records are maintained in line with our retention schedule which follows industry guidance and determines the length of time records should be kept. At the end of this period the information is destroyed or deleted in line with our confidential destruction procedures.

Accessing Your Personal Data?

In accordance with Data Protection regulations, data subjects have the right to see all information held about themselves.  On receipt of a subject access request, we will arrange for individuals to receive or review all data held by Thistle Occupational Health, or request specific information, e.g. all medicals undertaken between a specific date range. Such requests must be made in writing (email, post or delivered in person) and addressed for the attention of the Data Protection Officer. A response will be issued within one calendar month. If you have questions about your data, contact our Data Protection Officer; Iain Donaldson, 1 Thistle Road, Dyce, Aberdeen, AB21 0NN or e-mail: Iain. Donaldson @ Thistleoh.com

Queries about how we process your personal information

At Thistle Occupational Health we make every endeavour to protect your data. In the unfortunate circumstance that you are not happy with the manner in which we process your data, you may wish to make a complaint. In the first instance, please contact the Thistle Occupational Health Data Protection Officer in writing, stating your name, date of birth, contact details and the nature of your complaint.

If you are not happy with the response you receive you may also wish to contact the UK data protection regulator, the Information Commissioner, whose contact details are available at https://ico.org.uk

Privacy Notice Changes

We reserve the right to update or make changes to this privacy notice at any time.