Who we are
Employee Health and Performance Limited (EHPL) is an independent provider of occupational health and ergonomic services. In addition to EHPL this Privacy Notice includes our two main websites:
EHPL will be what’s known as the ‘Data Controller’ of the personal data you provide to us.
Our legal basis for processing your personal data
In order to deliver our occupational health services, EHPL processes your data in accordance with the following GDPR articles:
- Article 6, 1.(f) “processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party,”
- Article 9, 2. (h) “processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health,”
Our purpose for processing your personal data
We will only collect personal data about you so that we can fulfil our contractual obligations to provide occupational health services and advice. This may include when you are referred by your employer to the service for medical opinion, statutory health surveillance and fitness to work medicals.
The information we collect within our health questionnaires and via our occupational health service personnel may include the following:
- Basic personal details such as: Name, address, date of birth, job function and contact details
- Your current medical and health status, and history
- Additional health information provided that maybe by you, your employer or other third parties that can help us provide professional guidance to you and your employer. These might include your GP, consultant, or other specialist provider such a counsellor or physiotherapist.
Where we process your data
EHPL take data protection seriously. We have a Data Protection Policy and processes in place to oversee the secure processing of your personal data and with this in mind we do not process your data outside the European Union.
For the purposes of IT hosting and maintenance this information is located on servers within the European Union. No 3rd parties will have access to your personal data unless the law allows them to do so; or you have given your specific consent.
How long we keep it
We will not keep your data any longer than the minimum period we are legally obliged to do so, and we regularly review this.
We will process personal data during the duration of any contract and will continue to retain only the personal data needed for the minimum legal obligations, which for the purposes of providing occupational health services is 6 years after the employee leaves or their 75th birthday; with the exception of where COSHH (Control of Substances Hazardous to Health) applies and this will be for 40 years. EHPL will review this requirement on a regular basis and erase data in accordance with its legal obligations.
At any point whilst EHPL is in possession of or processing your personal data, all data subjects have the following rights:
- Right of access – you have the right to request a copy of the information that we hold about you;
- Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete;
- Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records;
- Right to restriction of processing – where certain conditions apply you have a right to restrict the processing;
- Right of portability – you have the right to have the data we hold about you transferred to another organisation;
- Right to object – you have the right to object to certain types of processing such as direct marketing;
- Right to object to automated processing, including profiling – you also have the right not to be subject to the legal effects of automated processing or profiling;
In the event that EHPL refuses your request under rights of access, we will provide you with a reason as to why, which you have the right to legally challenge.
Exercising your rights
In the event that you have a question or wish to make a complaint about how your personal data is being processed by EHPL, you have the right to complain to the EHPL Director and Data Protection Officer:
For the attention of the Director
Employee Health and Performance Limited,
If you do not get a response within 40 days, you can complain to the Data Protection Regulator; the Information Commissioner’s’ Office (ICO).
Raising a concern about an organisation handing your personal data with the ICO:
Links to other websites
This Privacy Notice applies solely to our websites and our practices.
To help you understand Data Protection and your rights, we have provided links below to third party websites with useful information. However, please be aware that Employee Health and Performance Limited is not responsible for the data protection and privacy practices within any of these linked websites:
Access to Medical Records Act 1998:
Raising a concern with an organisation handing your personal data:
This website uses first-party persistent cookies for the purpose of making this experience as easy as possible for the site visitor.
- your display preferences, such as contrast colour settings or font size
- if you have already replied to a survey pop-up that asks you if the content was helpful or not (so you won’t be asked again)
Enabling these cookies is not strictly necessary for the website to work but it will provide you with a better browsing experience. You can delete or block these cookies, but if you do that some features of this site may not work as intended.
Analytics – Like many websites we use Google Analytics to track visitors to this website and also Facebook’s tracking pixel in order to measure the results of any Facebook Ads. If you do not consent to data being used by these 3rd parties then we suggest you disable all cookies in your browser settings. This may however cause functionality on some website to not work correctly.
The cookie-related information is not used to identify you personally and the pattern data is fully under our control. These cookies are not used for any purpose other than those described here.