Search
Make an enquiry
Make an enquiry
Know your numbers Encourage your team to prioritise their health with a know your numbers day Learn more

Join us in delivering clinical excellence – Recruiting now!

Show more

If you deliver clinical excellence and are looking for a rewarding opportunity, we invite you to apply now as we are actively recruiting passionate professionals.

Dismiss

Privacy Policy

Last updated 13th December 2023

At Spire Occupational Health we are committed to protecting your personal data and respecting your privacy. This Privacy Notice is provided to set out the important details about the information (“personal data”) that Spire Occupational Health and the healthcare professionals responsible for your care will collect and hold about you, how we use your personal data, how we share it, and we protect it.

It also sets out our commitment to comply with your right to be informed, to access, to amend, or to remove your information (“personal data”) in accordance with the Data Protection Act 2018 (DPA) and the UK General Data Protection Regulation (GDPR) 2018.

Please take your time to read this Privacy Notice carefully.

About us:

Spire Occupational Health as both the Data Controller and Data Processor is committed to protecting the rights of the individual and acknowledges that any personal data we hold and handle will be processed in accordance with the Data Protection Act 2018 (DPA) and the UK General Data Protection Regulations (GDPR) 2018.

Spire Occupational Health is a subsidiary of Spire Healthcare Group. Spire Healthcare Group Plc. (“Spire”) is a company registered under company number 09084066, and whose registered address is 3 Dorset Rise, London, EC4Y 8EN.

What personal data will be collected:

The following personal data may be collected and shared by Spire Occupational Health:

  • Personal information (e.g. Name, Address, Date of Birth, Contact Details)
  • Financial information, such as credit card details used to pay for any services
  • Past and present job roles
  • Background referral details
  • Any images taken of you by the closed-circuit television (“CCTV”) systems we have installed at our clinics

Special categories of personal data

We also collect and use more sensitive personal data (known as “special category data”) about you, such as information relating to your physical and mental health. Special category data must be handled even more sensitively than “standard” personal data. For example, if you are a patient, we will need to use personal data about your health to provide your care. Your special category data will be managed in accordance with the law and this Privacy Notice, and all applicable professional standards including guidance from the General Medical Council and British Medical Association.

The special category personal data we hold about you includes the following:

  • details of your current or former physical or mental health. This may include personal data about any healthcare services you have received (both from us directly and other healthcare providers such as GPs, dentists, or hospitals (private and/or NHS)) or need, including about clinic and hospital visits and medicines administered. This may also include details of previous healthcare services you have received from other healthcare providers in circumstances where medical negligence is alleged, or being investigated, against that third-party provider. We provide further details below on the manner in which we handle such personal data
  • details of care you have received from us including any images taken in relation to your care
  • details of your nationality, race and/or ethnicity
  • details of your religion
  • details of any genetic data or biometric data relating to you
  • data concerning your sex life and/or sexual orientation

The confidentiality of your medical information is important to us. We make every effort to prevent unauthorised access to and use of information relating to your current or former physical and mental health. In doing so, Spire Occupational Health complies with UK data protection law, including the Data Protection Act 2018, and all applicable medical confidentiality guidelines issued by professional bodies including, but not limited to, the General Medical Council and the Nursing and Midwifery Council.

Aggregated Data

We gather, use, and share information called ‘Aggregated Data’ for our internal and marketing needs. This data is a mix of statistics or general information and doesn’t show who you are. But if we ever blend this info with your personal details and it helps identify you, we’ll handle it just like personal data, following this privacy policy.

How do we collect your personal data? 

Directly from you

We collect your personal data directly from you when: 

  • Complete an online enquiry form on the Spire Occupational Health website
  • Have remote consultations with a healthcare professional including virtual or by telephone
  • Send us a question via our website, by email or by social media
  • Correspond with us via letter, email, telephone (all incoming and outgoing calls from/to patients are recorded) or social media, including where you reference Spire in a public social media post
  • Take part in marketing activities
  • Attend a clinic and are recorded on the CCTV systems we have installed

From other Healthcare Providers

  • Occupational Health Physicians (OHPs) and Occupational Health Advisors (OHAs), who have been involved in your care.
  • GPs, dentists, or hospitals (private and/or NHS)) or need, including about clinic and hospital visits and medicines administered. This may also include details of previous healthcare services you have received from other healthcare providers in circumstances where medical negligence is alleged, or being investigated, against that third-party provider.

From other third parties

  • Your employer, human resources (if they have been involved in referring you to us)  
  • From other healthcare officers in the local authority/ social services department 
  • Solicitors or other third parties acting on your behalf in connection with medico-legal proceedings 
  • GDPR-compliant marketing acceleration solutions

How will your personal data be stored:

Your records will be stored in accordance with Spire Occupational Health’s medical records storage policy following GDPR regulations.

Who do we share your personal data shared with?

Personal information that we receive from an employer is only accessed by our own administrators, Occupational Health Physicians (OHPs), Occupational Health Advisors (OHAs), doctors, and nurses. All staff have contractual confidentiality agreements, and our processes are designed to maintain confidentiality.

Our Occupational Health reports are sent securely to the named recipient, usually a Human Resources Officer or Manager. You will know who the report is going to at the point that we request consent for dispatch.

We will not share information about ‘you’ with third parties without your consent unless the law allows us to.

Who will your personal data be shared with:

Personal information that we receive from an employer is only accessed by our own administrators, Occupational Health Physicians (OHPs), Occupational Health Advisors (OHAs), doctors, and nurses. All staff have contractual confidentiality agreements, and our processes are designed to maintain confidentiality.

Our Occupational Health reports are sent securely to the named recipient, usually a Human Resources Officer or Manager. You will know who the report is going to at the point that we request consent for dispatch.

We will not share information about ‘you’ with third parties without your consent unless the law allows us to.

If we share your personal data, we will make sure appropriate protection is in place to protect it in line with data protection laws.

Why do we process your personal data?

Spire Occupational Health will only use (“process”) your personal information for the purpose for which we collected it and in which we have a legal basis for doing so. Please see below for further information.

Spire Occupational Health is a provider of occupational health services, designed to support businesses in the management of health and wellbeing issues in the workplace.

  • Therefore, Spire Occupational Health processes personal data and often sensitive medical information for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee.
  • To ensure the health and safety of the employees at work and to allow consideration of any adjustments that may be required to support their ability to work.
  • To provide you with up-to-date information regarding our range of services and to answer any queries raised by our online contact form.
  • To send you communications which you have requested and that may be of interest to you.
  • To seek your views and comments on the range of services we provide through surveys and questionnaires
  • Data may also be used for research, audit, or statistics but will be anonymised if this is the case.

If we need to use your information for an unrelated purpose, we will contact you and we will explain the legal basis that allows us to do so. Please note that we may process your personal information without your knowledge or consent, in compliance with our obligations in the case of criminal investigation.

Data Protection Policy

Your confidential Occupational Health record is not accessible by your employer and is never shared.

It is a requirement for employers making referrals to Spire Occupational Health to agree to our Data Protection Policy. This outlines the responsibilities of the referring employer and Integral Occupational Health staff for managing your personal information. In particular, it covers data security and confidentiality responsibilities. It also ensures you are aware of what information is being sent to us by your employer and that suitable controls are in place once the employer receives your Occupational Health report.

How long will data be held for:

We will only hold your personal data for as long as reasonably necessary to fulfil the relevant purposes set out in this Privacy Notice.

Management referral information 6 years after the employee has left their job or 75 years of age (whichever is soonest) as recommended by the British Medical Association (BMA). 
Pre-placement medicals/assessments 2 years if the employee doesn’t take up the offer of the job. 
 
Pre-placement medicals/assessments  3 years if the employee accepts the job offer.
 
Healthcare students & non-health student 6 years, from the date they commenced post the student leaving date of the University programme.
Medical retirement/Deceased employees Until any appeals have lapsed then plus 3 years. 
 
Health Surveillance (as required by the Health and Safety Executive (HSE)). 
 		40 years. 

Your rights

You have certain rights in relation to your personal data that we hold about you. These include rights to know what personal data we hold about you and how it is used. We will use and hold your personal data in accordance with our obligations and these rights.

You may ask to exercise these rights at any time by contacting our DPO (contact details can be found at the bottom of this page). You will not usually be charged for exercising your rights.

These rights do not always apply in all cases, and we will let you know how we will be able to meet your request. If we cannot meet your request, we will explain why.

If you make a large number of requests or it is not reasonable for us to meet a request then we do not have to respond. Alternatively, we can charge for responding.

The right to access your personal data:
You have the right to request details and a copy of the personal data we hold about you and details about how we use it. We must confirm whether we have personal data about you, and we also need to provide you with a copy of your personal data.

We will usually provide you with your personal data in writing, unless you request otherwise. If you have made the request electronically (eg by email) the personal data will be provided to you electronically where possible.

In some cases we may not be able to fully comply with your request, for example if your request involves another person’s personal data and it would not be fair to that person to provide it to you.

The right to rectification:
You have the right to have inaccurate personal data about you corrected or removed.

The right to erasure (“right to be forgotten”):
You have the right to request that we delete certain personal data we hold about you. However, there are exceptions to this right. For example, we can refuse to delete your personal data if we need to keep for tasks which are in the public interest, or for establishing, exercising or defending legal claims.

The right to restrict processing:
You have the right to ask us to restrict our use your personal data. We do not have to comply with all requests to restrict our use of your personal data. For example, if we need to use it for tasks which are in the public interest or for establishing, exercising or defending legal claims.

The right to data portability:
You have the right to ask us to transfer your personal data to you or to someone else in a format that can be read by computer.

The right to object to marketing:
You have the right to ask us to stop sending you marketing messages at any time and we must comply with your request.

The right not to be subject to automatic decisions:
You have the right to not be subject to automatic decisions (ie decisions that are made about you by computer without any human input) in relation to your care or other processes that have a legal or similarly significant effect on you.

Please see the section on Automated decision making for details about when we may make automatic decisions about you.

If you have been subject to an automated decision and do not agree with the outcome, you can challenge the decision by contacting our DPO (contact details can be found at the bottom of this page).

The right to withdraw consent:
You have the right to withdraw any consent you have given us to use your personal data.

The right to object to other uses of your personal data:
You have the right to object to us using your personal data in a particular way (such as sharing it with third parties), and we must stop using it in that way unless specific exceptions apply. This includes, for example, if it is necessary to defend a legal claim brought against us, or it is otherwise necessary for the purposes of your ongoing healthcare services.

The Information Commissioner’s Office (“ICO”):
You can complain to the ICO if you are unhappy with the way that we have dealt with a request from you to exercise any of these rights, or if you think we have not complied with our legal obligations.

More information can be found on the ICO website: https://ico.org.uk/

Making a complaint will not affect any other legal rights or remedies that you have.

How can you contact us about your data or your data rights?

If you wish to contact us about your data, or if you require any further information in addition to what is included in this privacy notice, please contact our Data Protection Officer at – Spire Occupational Health, 3 Dorset Rise, London EC4Y 8EN. Email – dataprotection@spirehealthcare.com, Telephone – 020 8295 8250

How do I make a complaint about the way my data is being processed?

Spire Occupational Health is committed to protecting your data. If you are not happy with the way in which we process your data, you may wish to make a complaint.

In the first instance, please reach out to Spire Occupational Health via email at info@spireoccupationalhealth.com stating your name, date of birth, contact details, and the nature of your complaint against Spire Occupational Health.

If you are not happy with the response you receive or if you think we have not complied with our legal obligations, you may also wish to contact the UK data protection regulator, the Information Commissioner’s Office (“ICO”), whose contact details are available at https://ico.org.uk

Making a complaint will not affect any other legal rights or remedies that you have.

Updates to this Privacy Policy

We may update this Privacy Notice from time to time to ensure that it remains accurate.

The Privacy Policy was last updated in December 2023.