Privacy Policy

Worksite Medicals Ltd

1. Introduction

Worksite Medicals Ltd is committed to protecting your personal data and handling it in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This policy explains how we collect, use, and protect your information when you use our services.

2. Who We Are

Worksite Medicals Ltd provides occupational health assessments, including safety-critical medicals.

Contact details:
info@worksitemedicals.co.uk
 03300245975

3. What Information We Collect

We may collect and process the following information:

• Personal details (name, date of birth, contact details)
• Employment information (job role, employer details)
• Medical information relevant to your assessment
• Test results (e.g. audiometry, spirometry, blood pressure)

4. How We Use Your Information

Your information is used to:

• Carry out occupational health assessments
• Determine fitness for work
• Communicate outcomes to you and your employer (with your consent)
• Maintain clinical records in line with legal requirements

5. Lawful Basis for Processing

We process your data under:

• Consent (for sharing outcomes with employers)
• Legal obligation (health and safety requirements)
• Provision of healthcare services

6. Sharing Your Information

• Only fitness-for-work outcomes are shared with employers
• No detailed medical information is shared without your explicit consent
• Information may be shared with regulatory bodies where required by law

7. Data Storage and Security

• Records are stored securely on password-protected systems
• Access is restricted to authorised personnel
• Paper records (if used) are stored securely and transferred to electronic systems promptly

8. Data Retention

• Records are retained for a minimum of 7 years
• Data is securely deleted or destroyed after this period

9. Your Rights

You have the right to:

• Access your personal data (Subject Access Request)
• Request correction of inaccurate information
• Request restriction or deletion where appropriate

To make a request, contact us using the details above.

You have the right to request a copy of the personal data we hold about you (Subject Access Request). Requests will be responded to within one month in accordance with UK GDPR. Where appropriate, we may require proof of identity before releasing information.

10. Data Breaches

Any data breaches are investigated and managed in line with UK GDPR, including notification to the ICO where required.

11. Cookies and Website Data

Our website may collect limited data such as cookies for functionality and analytics. No clinical data is collected via the website.

12. Complaints

If you have concerns about how your data is handled, please contact us.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO):
www.ico.org.uk

13. Updates to This Policy

This policy is reviewed annually and updated as required.