INTRODUCTION AND DEFINITIONS
KML is committed to protecting and respecting your privacy.
This privacy notice sets out the basis on which any personal data which we collect about you, that you provide to us, will be processed.
This privacy notice is for this website www.kmloh.com and served by KML OH and governs the privacy of its users who choose to use it.
Our site may, from time to time, contain links to and from other websites. If you follow a link to any of these websites, please note that these sites have their own privacy policies and that we do not accept any responsibility or liability for those policies. Please check their privacy policies before you submit any personal data to those websites as they may not be on the same terms as ours.
How we use your information
The following sections explain what information we hold about you, why we are processing that information, the legal basis for the processing, the duration for which we keep your information and (if applicable) who your information will be shared with.
Which information do we process and for what purpose?
Information you give us. This is information about you that you give us such as your name, address, email address and phone number.
You may also provide sensitive personal information related to your health such as medical history and medical conditions.
We process information we collect about you for the following purposes:
- Medical assessment
- Health surveillance
- Drugs and alcohol screening/testing
What are the grounds for processing your information?
We are processing your data on the grounds that you have provided consent to the processing for the purposes set out above.
Duration and further processing
We only keep your information for so long as it is reasonably necessary. When setting our data retention periods, we consider the amount, nature, and sensitivity of the information we hold, the potential risk of harm from unauthorised use or disclosure of the information and the purposes for which we process the information (including whether we can achieve those purposes by other means).
We also take into account our other legal obligations to keep or securely dispose of personal information. For example, we are required to keep health surveillance records for 40 years under The Control of Substances Hazardous to Health Regulations.
KML OH uses eOPAS which is an ISO/IEC 27001 accredited standard to the highest level. i.e. electronic records, however there may be some circumstances when a paper record is made and then scanned and uploaded onto the electronic record. Once paper records have been successfully uploaded into electronic format the paper record is destroyed confidentially, e.g. by shredding.
Who is your information shared with?
We transfer information to third party providers where we are required to do so by law; also where such a transfer forms part of the provision of the occupational health service, such as employers.
We may transfer your information to individuals, companies and organisations that carry out occupational health service interventions and legal services on our behalf, such as counsellors, wellbeing service providers, other companies or individuals delivering health interventions, assessments or laboratory services. This is only done with your prior consent.
Automated decision making
We do not make automated decisions about you based on your information.
Under data protection law you have the following rights:
- if we are processing your data on the basis of your consent then you have the right to withdraw that consent at any time. Consent can be withdrawn by notifying us using the details set out in the ‘Contact’ section below;
- the right to access a copy of your information which we hold. Additional details on how to exercise this right are set out in the ‘Access to Information’ section, below;
- the right to prevent us processing your information in certain circumstances, for example, whilst a complaint about its accuracy is being resolved;
- the right to object to us processing your personal information in certain circumstances;
- the right to erasure. You can request that your personal data is erased altogether, although we can override this request in certain circumstances.
- the right to rectification. If at any point you believe that the personal data we hold about you is inaccurate, you can ask to have it corrected
- in certain circumstances, the right to request the information we hold on you in a machine readable format so that you can transfer it to other services. This right is called ‘data portability’. Additional details on how to exercise this right are set out in the ‘Access to Information’ section below.
You also have the general right to complain to us (in the first instance) and to the Information Commissioner’s Office (if you are not satisfied by our response) if you have any concerns about how we hold and process your information. Our contact details are set out in the ‘Contact’ section below. The Information Commissioner’s Office website is www.ico.org.uk.
For further information on your rights under data protection law and how to exercise them, you can contact Citizens Advice Bureau (www.citizensadvice.org.uk) or the Information Commissioner’s Office (www.ico.org.uk).
ACCESS TO INFORMATION
Under data protection law you can exercise your right of access by making a written request to receive copies of some of the information we hold on you.
You can receive this information without cost to yourself however if you are requesting copies of documents you already possess, we may charge reasonable administrative costs. We will also be allowed to charge you for our reasonable administrative costs in collating and providing you with details of the requested information which we hold about you if your request is clearly unfounded or excessive. In very limited circumstances, we are also entitled to refuse to comply with your request if it is particularly onerous.
We will always store your digital information on secure servers. Unfortunately, however, the transmission of information via the internet is not completely secure. Although we will do our best to protect your information, we cannot guarantee the security of your information transmitted to our site or otherwise to our servers (such as by email). Any such transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
CHANGES TO OUR PRIVACY NOTICE
This notice was last updated on 25 May 2018. Any material changes we may make to our privacy notice in the future will be uploaded to our website. Please check back frequently to see any updates or changes to our privacy notice.
Questions, comments and requests regarding this privacy notice are welcomed and should be addressed to the Data Protection Officer, KML Occupational Health, St Andrew’s House, Portsmouth Road, Esher, KT10 9TA. You can also contact us via our website; www.kmloh.com.