What is a privacy notice?
A privacy notice is a statement that discloses some or all of the ways in which the organisation gathers, uses, discloses and manages our staff data. It fulfils a legal requirement to protect our staff privacy.
We hold your employment records in the strictest confidence, regardless of whether they are electronic or on paper. We take all reasonable precautions to prevent unauthorised access to your records, however they are stored. Any information that may identify you is only shared within the practice management team, or, if you are referred to hospital for occupational health reasons, to the clinician who will be treating you. We will only share information about you with anyone else if you give your permission in writing.
Why do we need one?
To ensure compliance with the General Data Protection Regulation (GDPR), we must ensure that information is provided to our staff about how their personal data is processed in a manner which is:
- Concise, transparent, intelligible and easily accessible;
- Written in clear and plain language and
- Free of charge
What is the GDPR?
The GDPR replaces the Data Protection Directive 95/46/EC and is designed to harmonise data privacy laws across Europe, to protect and empower all EU citizens’ data privacy and to reshape the way in which organisations across the region approach data privacy. The GPDR came into effect on 25 May 2018.
How do we communicate our privacy notice?
Our organisation’s privacy notice is displayed on our website, in writing (by means of this leaflet and full privacy notice document). We will:
- Inform our staff how their data will be used and for what purpose
- Allow our staff to opt out of sharing their data, should they so wish
What information do we collect about you?
Our service may need to access the medical records held by other health organisations that help us to make informed decisions about your continued occupational health care and employment management. We will also need to share information we record about you with our managerial team or potential future employers.
The employment process will create a sharing agreement between ourselves and other occupational health care providers you may have contact with. Your consent will allow us to view your occupational health records held by other health organisations and vice versa. This will only be done in order to provide any occupational working adjustments that are appropriate to your needs or to ensure your occupational health, such as for continued immunisation protection.
How do we use your information?
Your data is collected for the purpose of protecting your occupational health and employment.
We are committed to maintaining confidentiality and protecting the information we hold about you. We adhere to the General Data Protection Regulation (GDPR), the NHS Codes of Confidentiality and Security, as well as guidance issued by the Information Commissioner’s Office (ICO).
Accessing your records
You have a right to access the information we hold about you, and if you would like to access this information, you will need to speak to your line manager. Furthermore, should you identify any inaccuracies; you have a right to have the inaccurate data corrected.
What to do if you have any questions
1. Speak to your line manager.
2. Contact the local data protection officer at the practice – Siobain O’Neill
3. Ask to speak with our lead GP – Dr Karim Adab.
In the unlikely event that you are unhappy with any element of our data-processing methods, you have the right to lodge a complaint with the ICO. For further details, visit www.ico.org.uk and select ‘Raising a concern’.