LJ Ocuppational Health Privacy Policy

Welcome to L J Hannah Occupational Health Ltd Privacy Policy. The General Data Protection Regulation (GDPR) came into effect on 25th May 2018. This replaces the Data Protection Act 1998 in the UK. GDPR is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union. This framework improves the protection of European data subjects’ rights and clarifies what companies that process personal data must do to safeguard these rights. 

L J Hannah Occupational Health Ltd respects your privacy and is committed to protecting your personal data. This privacy policy will inform you as to how we look after your personal data.
As both the Data Controller and Data Processor of your data we are committed to protecting your individual rights to privacy. Your data will be processed in accordance with the General Data Protection Regulations 2018 (GDPR)


The term “processing” covers virtually everything that can be done with data, including:


  • Collection

  • Recording

  • Storage 

  • Disclosure by transmission

  • Erasure and destruction.

As your Occupational Health (OH) records are also classed as a “clinical record” L J Hannah Occupational Health Ltd. also has a legal and ethical duty (under relevant health professional codes of conduct) not to disclose confidential medical information to third parties, including your Employer, without your informed written consent, unless public need overrides duty to confidentiality or a court order.

What Data will be collected?

The following data may be collected, held and shared by L J Hannah Occupational Health Ltd.

  • Personal information (e.g. Name, Address, Date of Birth, emails, phone numbers).

  • Personal characteristics e.g. ethnicity, gender etc.; some of this may be classed as “special category data”.

  • Past and present job roles.

  • Health information e.g.  this is classed as “special category data”.

  • Relevant reports from other health practitioners e.g General Practitioners and other treating specialists

  • Occupational Health Records

  • Health Surveillance Records


Who will the data be collected from?

  • Employees

  • Managers

  • Human Resources

  • Your treating doctors/health professionals (with your consent) e.g. GP, Specialists.


How will it be collected?


  • Verbally e.g. telephone calls, face to face conversations.

  • In writing e.g. forms you and/or your Employer may complete e.g. health assessment forms, management referral forms, from other parties e.g. GP letters etc. These may be sent to us electronically and/or by surface mail.

Who will have access?


  • L J Hannah Occupational Health practitioners (nurses, doctors, technicians) to perform assessments and provide advice on fitness for work.


  • Administrative support staff on a “need to know basis” e.g. to book appointments, process reports etc. All administrative staff understand the need for confidentiality and their contractual obligation to preserve it.


Why is it collected i.e. what is the “lawful basis” for processing the data?


Our lawful basis for processing your data is:


  • Legal obligation: the processing is necessary for us to comply with the law, namely relevant health and safety legislation and employment legislation, and to support your Employer in complying with the same law as we are acting as their agent.


  • For the assessment of the working capacity of the employee.


  • To ensure the health and safety of the employees at work and to allow consideration of any adjustments that may be required to support their ability to work.


  • Vital interests: “the processing is necessary to protect someone’s life”. Part of our work will be to help protect your health from harm that may potentially arise from work processes e.g. exposure to chemicals.


  • We need to process your “special category data” for the “purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health”. This processing is also subject to conditions and safeguards specified by relevant nursing and medical professional bodies.

How long will data be held for?



  • Most OH clinical records relating to the hire of an individual will only be kept for two years if the post is not taken up


  • Most other OH records will be held for six years after the individual’s departure from the Employer or 75 years of age ( whichever is soonest )



  • Health Surveillance – In relation to Health and Safety Executive (HSE) – 40yrs



How will the data be stored?



  • Occupational Health records will be stored securely and confidentially; medical records e.g. in locked filing cabinets, on secure digital servers, encryption etc. Every attempt will be made to keep your data secure when we are transmitting it to 3rd parties e.g. reports to you and your employer will be password protected.



What are your rights?


  • You have statutory right of access to your occupational health records (in full or in part) under the GDPR 2018, or to authorise a third party, such as a legal adviser, to exercise that right on their behalf.


  • The request should be made in writing clearly outlining to us what records you wish to see. We will endeavour to provide the Information without delay and at the latest within one month of receipt. If the request is complex/numerous we may extend this timeframe by a further two months; if this is the case, we will inform you why the extension is necessary within one month of your request.


  • This information will normally be provided without charge unless a request is manifestly unfounded or excessive, particularly if it is repetitive.

  • We may request additional written consent from you if a third-party request is made under our legal and ethical duty to protect your medical confidentiality.


  • You can request that an amendment is attached to your OH record if you believe any of the information held by L J Hannah Occupational Health Ltd. is inaccurate or misleading.


  • You do not have a “right to erasure” of your data if the processing is necessary for the purposes of preventative or occupational medicine (e.g. where the processing is necessary for the working capacity of an employee; for medical diagnosis; for the provision of health or social care; or for the management of health or social care systems or services). This applies as your data is being processed by and under the responsibility of a health professional under the relevant professional codes of conduct.


For your information we have obligations and professional responsibilities in relation to clinical confidentiality as per our professional bodies, The General Medical Council and the Nursing and Midwifery Council.


If you require any further information, please contact:


The Data Protection Officer

L J Hannah Occupational Health Ltd

Tel: 07966373276

Email: Laura@ljhocchealth.co.uk