GDPR Privacy Notice/Statement

Hexagon Health Limited act as both the Data Controller and Data Processor and is committed to protecting the rights of the individual and acknowledge that any personal data of yours that we handle will be processed in accordance with the Data Protection Act 1998 (DPA) and the General Data Protection Regulations (GDPR) 2018. In addition, our registered health professionals will adhere to their professional standards with regards to confidentiality.

What Data will be collected?

The following data may be collected, held and shared by Hexagon Health Limited:

  • Personal information (e.g. Name, Address, Date of Birth)

  • Characteristics (gender)

  • Present Job role

  • Health information

  • Details about lifestyle prescription and care received

  • Results of investigations, such as laboratory tests, etc.

 Who will it be collected from?

  • Human Resources

  • Employees

  • Occupational Health Practitioners

  • You

How will it be collected?

  • Online

  • Verbal

Why is it collected?

  • Your records are used to ensure that you receive the best possible care. We collect and hold data for the sole purpose of providing lifestyle services to our patients and we will ensure that the information is kept confidential. However, we can disclose personal information if:

    • It is required by law

    • You provide consent – either implicitly or for the sake of their own care, or explicitly for other purposes

    • It is justified to be in the public interest

  • Data may also be used for research, auditor statistics but will be anonymised if this is the case.

Lawful Basis for processing the information

  • To comply with employer legal obligations such as health and safety, Duty of Care. (Article 6 (f))

  • Additional Special category -Article 9(2)(h) specifically authorises processing of data as Occupational Medicine is a special category thus “processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services” and Article 9(3) which states that processing is permitted, “When these data are processed by a regulated health professional”.

 How long will data be held for?

  • Clinical Records associated with Health Surveillance will be held for 10 years after last entry.

 How will the data be stored?

Your records will be stored in accordance with Hexagon Health Limited’s medical records storage policy complying with GDPR regulations and professional regulatory bodies.

Who will my information be shared with?

The information will be received and processed by Hexagon Health. We will not share information about you with third parties without your consent unless the law allows us to. Anonymised data regarding workforce statistics may be given to your employer but this will not be patient identifiable.

What are your rights?

You have the right to see any information we hold about you in your medical health record. The request should be made in writing and should be responded to within 4 weeks without charge. You can also request that an amendment is attached to your medical health record if you believe any of the information held by Hexagon Health Limited is inaccurate or misleading. In addition, you have a right to withdraw consent to the retention of data, this will be in liaison with your employer to whom the data also relates. You may have contractual and statutory obligations to provide data if this situation arises, we may suggest that you discuss with your employer. You have a right to lodge a complaint to the Information Commissioner’s Office on telephone number 0303 123 1113 or email registration@ico.org.uk.

Next

Cookies Policy