top of page

Privacy Policy

 

Last reviewed: 3rd December 2024

Next review due: 3rd December 2025

 

All Health Matters Website Privacy Notice  

  

By using this website, you expressly agree to the collection and use of your information for the purposes set out in this privacy policy. 

​

All Health Matters (AHM), as both the Data Controller and Data Processor, is committed to protecting the rights of the individual and acknowledges that any personal data we handle will be processed in accordance with the Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR). Please read this privacy policy carefully, as it contains important information about our use of your information. It explains what information we collect about you and how we use it, including when we might disclose it to third parties. 

 

GDPR 

We take no identifiable user-based data without consent on our website. 

 

The only data taken that will include user-identifiable data is from submitted forms for: 

  • Enquiries about how we can help your business or provide private medical services. 

  • Recruitment (to apply for any vacancies we have advertised). 

  • Bookings made online (for services available to book through the website). 

 

Google Analytics: No identifiable data is taken via Google Analytics on our website. Please visit Google’s Privacy Policy to learn more about their position on privacy and data protection. 

 

We will never contact you apart from responding to your email or booking form unless you have given us express permission (e.g., via the consent option on the contact form). 

  

What data will be collected  

To enquire about our services, book an appointment, or participate in occupational health assessments, you may provide the following information: 

  • Personal information: Name, address, date of birth, contact details, and job role (for occupational health purposes). 

  • Sensitive data: Health records, medical conditions, vaccination history, and other details necessary for occupational health or private medical services. 

  • Booking details: Appointment dates, times, and services requested. 

  • Other information: Employment details (for occupational health services) and health outcomes. 

 

Occupational health records are securely stored in Orchid, a GDPR-compliant platform designed for managing occupational health services. Private health records are securely stored in Semble, a clinical management software designed for private medical services. 

  

We will also ask you at the time of submitting your website enquiry, whether you would like to receive our company newsletter. If you select yes then you will also receive our company newsletter no more frequently than twice monthly.  

  

We may also collect data about your use of our website automatically using cookies. Please see our Cookie Policy for more information.  

  

The following data may be collected, held and shared by All Health Matters if you are an employee of an AHM client or a private customer:  

  • Personal information (e.g. Name, Address, Date of Birth)  

  • Characteristics (ethnicity, gender)  

  • Past and present Job roles  

  • Health Records  

  

If you send us any sensitive personal data, including information about your health (such as a medical condition) or your disability, we may use that information to provide the services to our occupational health client/s. We will do this in line with any notices provided or consent that AHM or our client obtains from you and otherwise in compliance with relevant legislation. This includes data protection and equality laws. Where appropriate, it also includes ethical guidelines issued by the General Medical Council, Faculty of Occupational Medicine and others. We may also contact the author of information you send us to confirm it is accurate.  

  

We will take appropriate measures to protect such sensitive personal data at all times. We and any third parties who host or maintain our website or online systems may need to manage the information about you and/or your computer to maintain our systems effectively. Every care has been taken to ensure that the suppliers we work with comply with GDPR by way of due diligence checks and regular enquiry to ensure that their services remain compliant and secure.  

  

  

Where will it be collected from  

  • Directly from you through forms, emails, or verbal communication. 

  • Employers or HR representatives for occupational health services. 

  • Medical professionals (e.g., referral information).  

 

How will it be collected  

  • Web forms, emails, or paper forms. 

  • Phone calls or in-person consultations. 

  • Through secure booking systems or clinical software (e.g., Semble for private medical services).  

​

Why is it collected  

  • The UK GDPR states that processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health and social care or treatment, or the management of health and social care systems. It is collected to ensure the health and safety of the employees at work and to allow consideration of any adjustments that may be required to support their ability to work.  

  • Data may also be used for research, audit or statistics but will be anonymised if this is the case.  

  • To deliver private medical services, including consultations, diagnostic assessments, and treatments.  

 

Lawful Basis for processing sensitive information  

  • The Lawful basis for processing this sensitive personal information is to provide information and services as requested by you.  

  • To provide management information with regard to fitness for work.  

  • Additional condition -  Article 9(2)(h) specifically authorises processing of data as Occupational Medicine is a special category thus “processing is necessary for the purposes of Occupational Medicine” and Article 9(3) which states that processing is permitted “When these data are processed by a regulated health professional”  

  • To comply with the legal requirement to store Health Data/ Outcomes under Health Surveillance (HS) legislation.  

  

How long will data be held for  

  • Occupational health records: Will be held for 10 years after the employee has left their job or 75 years of age (whichever is soonest). 

  • Health surveillance records: Retained for 40–50 years as per HSE guidelines. 

  • Pre-placement medicals: Retained for 2 years if the job offer is not taken up. 

  • Private health records: Stored for 8 years following the last appointment, unless otherwise agreed. 

  • Client information: will be held for the duration of our business relationship with you, and for 3 years following last contact unless otherwise agreed.  

  • Web enquiries: Retained for 2 years unless a contractual relationship is established. 

 

How will the data be stored  

Your medical records will be stored in accordance with medical records storage on electronic management systems which complies with UK GDPR regulations.  Paper records are stored in accordance with DPA 2018 medical records storage.  

  • Private health records are stored in Semble, which is compliant with UK GDPR regulations. 

  • Occupational health records are stored securely in electronic management systems (Orchid and Microsoft 365) and, where applicable, in paper form under strict storage protocols.  

 

Who will my information be shared with  

We do not share information about you with third parties without your consent, unless required by law or to fulfil the service you have requested (e.g., referrals to other medical professionals). 

Your data may be shared with: 

  • Medical professionals involved in your care. 

  • Employers (for occupational health purposes, with your consent where required). 

  • Third-party software providers, such as Orchid and Semble, for the secure storage and management of your records. 

We ensure that all third-party providers comply with GDPR requirements through regular due diligence checks. 

  

What are your rights  

You have the right to: 

  • Access the personal data we hold about you. 

  • Request corrections to any inaccurate or incomplete data. 

  • Withdraw consent for receiving communications (where consent was previously provided). 

  • Request the deletion of your data where lawful and applicable. 

 

Requests should be made in writing and will be responded to within one calendar month. 

You can also request that an amendment is attached to your health record if you believe any of the information held by All Health Matters is inaccurate or misleading, subject to legislative clauses.  

  

Changes to privacy policy  

We reserve the right to amend this policy at any time. Any updates will be published on our website and will take effect from the date of publication. Where possible, we will notify you of significant changes in advance. 

  

Links to other websites  

This website contains links to other websites. Please be aware that we are not responsible for the privacy policies of such other sites. We encourage users to be aware when they leave the website and to read the privacy statements of each and every website that collects personally identifiable information. This privacy statement applies solely to information collected by this website and AHM.  

  

Contact  

If you have any questions about our privacy policy or the information we hold about you, please contact us at the address or telephone number on our website.  

​

​

See also: Cookie Policy
bottom of page