Employers have a duty of care and legal requirement to take care of their workforce by ensuring that they are fit to carry out their job role safely. Your company has asked Cornerstone Occupational Health to look at your health in relation to the work that you do. Health information that we collect is known as personal and sensitive data.
Under the General Data Protection Regulations (GDPR) personal and sensitive data may only be collected, processed, stored and disclosed by Cornerstone Occupational Health with your explicit consent. There are circumstances such as when there is an immediate risk to safety or where disclosure is required by law that will override the requirement for your explicit consent. You have the right to withdraw you consent at any time up until results are processed and released to your employer.
Cornerstone Occupational Health handle all data in accordance with relevant data protection legislation.
Cornerstone Occupational Health is registered with the Information Commissioners Office (ICO) as a data controller. All reasonable efforts are made to protect the confidentiality, integrity and availability of your data at every stage. This includes any data obtained by Cornerstone Occupational Health from data subjects, employers and data processors.
Why we collect personal data
Personal data is collected primarily for the purpose of medical assessment, health surveillance, drug and alcohol testing and sickness absence management. Sensitive personal data includes information relating to medical history, medications and, where relevant, lifestyle.
Processing of personal data
Cornerstone Occupational Health uses a range of electronic products and platforms to process your data. Cornerstone Occupational Health will not transfer your data outside of the European Economic Area (EEA) without appropriate protection. We will never sell your data or use it for purposes other than the reason it was initially collected. Some of our data collection is paper based. Details of assessments are recorded on forms which are processed and stored securely at Cornerstone Occupational Health’s premises.
Disclosure of results
In all cases results of any tests or reports will be given to you and reported to you and the person designated to receive your results. Results will be provided in verbal, electronic or written format.
Retention and destruction of records
Medical records are retained by Cornerstone Occupational Health in line with our retention schedule. Records are held for as long as is required and our retentions schedule takes into consideration the rules of specific laws e.g. The Control of Substances Hazardous to Health. Cornerstone Occupational Health keeps electronic records which are only accessible by authorised company personnel. Any paper copies containing sensitive personal data is securely destroyed.
Access to personal data (subject access requests)
You have the right to see data held about you. If requested, we will arrange for you to receive or review all data held, or you may request specific information. Such requests must be made in writing and addressed for the attention of the Data Protection Officer. A response to this will be issued within one month.
If you have questions about your data contact our data protection officer Jan Webb at firstname.lastname@example.org
- Data: Information held by Cornerstone Occupational Health
- Data Controller: Cornerstone Occupational Health is the date controller
- Data processor: Any third party contracted by Cornerstone Occupational Health to provide professional services to or on behalf of us
- Data subject / you: The individual undergoing testing with Cornerstone Occupational Health
- Employer: The company who you work for and pays for your testing and receives results
- Personal data: Any data which identifies you- e.g. Name, date of birth, National Insurance Number
- Results: The outcome of any medical assessment, screening or testing you have with us
- Sensitive personal data: Any information relating to your health