Menu

020 8906 6817

Home » Privacy Policy

Privacy Policy

Expedite Health Privacy Notice

This privacy notice tells you what to expect us to do when you share your personal information with us.

Contact details

Post
Expedite Health Ltd
Vickers Business Centre
1, Vickers House,
Priestly Road,
Basingstoke,
Hampshire
RG24 9NP

Telephone
020 8906 6817

Email
admin@expeditehealth.com

What information we collect and use, and why

Occupational Health services, administration and management

We collect or use the following personal information as part of delivering occupational health services, administration and management for our clients:

  • Contact details (e.g. name, address, telephone number or personal email address)
  • Date of birth
  • Gender
  • Employment history (e.g. job application, employment references or secondary employment)
  • Performance records (e.g. reviews, disciplinary records, complaints or disciplinary action)

We also collect or use the following special category information for administration and management. This information is subject to additional protection due to its sensitivity:

  • Racial or ethnic origin
  • Health information
  • Staff health and wellbeing

Staff health and wellbeing

We collect or use the following personal information for managing staff health and wellbeing:

  • General health and wellbeing information
  • Occupational health referrals and reports
  • Sick leave forms or fit notes (e.g. Statement of Fitness for Work from a GP or hospital)
  • Accident at work records
  • Access needs or reasonable adjustments
  • Protected Characteristics (as defined by the Equality Act and s.75 of the Northern Ireland Act for the purpose of equal opportunities monitoring)

Lawful basis and data protection rights

Under UK data protection law, we must have a “lawful basis” for collecting and using your personal information. There is a list of possible lawful bases in the UK GDPR. You can find out more about lawful basis on the ICO’s website.

Which lawful basis we rely on may affect your data protection rights which are set out in brief below. You can find out more about your data protection rights and the exemptions which may apply on the ICO’s website:

  • Your right of access – You have the right to ask us for copies of your personal information. You can request other information such as details about where we get personal information from and who we share personal information with. There are some exemptions which means you may not receive all the information you ask for. You can read more about this right here.
  • Your right to rectification – You have the right to ask us to correct or delete personal information you think is inaccurate or incomplete. You can read more about this right here.
  • Your right to erasure – You have the right to ask us to delete your personal information. You can read more about this right here.
  • Your right to restriction of processing – You have the right to ask us to limit how we can use your personal information. You can read more about this right here.
  • Your right to object to processing – You have the right to object to the processing of your personal data. You can read more about this right here.
  • Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you. You can read more about this right here.
  • Your right to withdraw consent – When we use consent as our lawful basis you have the right to withdraw your consent at any time. You can read more about this right here.

If you make a request, we must respond to you without undue delay and in any event within one month.

To make a data protection rights request, please contact us using the contact details at the top of this privacy notice.

Our lawful bases for the collection and use of your data

Our lawful bases for collecting or using personal information as part of staff recruitment, administration and management are:

  • Consent – we have permission from you after we give you all the relevant information.
  • Contract – we must collect or use the information so we can enter into or carry out a contract with you.
  • Legal obligation – we must collect or use your information so we can comply with the law.
  • Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. Our legitimate interests are: Medical records pursuant to Occupational Health services.
  • Vital interests – collecting or using the information is needed when someone’s physical or mental health or wellbeing is at urgent or serious risk.
  • Public task – we must collect or use your information to carry out a task laid down in law.

Our lawful basis for collecting or using personal information as part of managing staff health and wellbeing are similar and may include the same lawful bases depending on the circumstances.

Where we get personal information from

  • Directly from you
  • Occupational Health and other health providers

How long we keep information

General Guidelines: Data retention periods are determined based on legal, regulatory, and business requirements. The following are general guidelines for different types of data:

  • Financial Records: Retained for a minimum of 7 years to comply with accounting and tax regulations.
  • Employee Records: Retained for 7 years following termination of employment.
  • Client Records: Retained without limitation after the end of customer relationship to fulfill medical and legal obligations.
  • Email and Communication: Retained for 2 years unless subject to specific legal or business requirements.
  • Contracts and Agreements: Retained for 7 years after the expiration of the contract.
  • Regulated Data: Retained according to specific regulatory requirements applicable to the type of data.

Special Circumstances: Data involved in litigation, audits, or investigations are retained until the conclusion of proceedings.

Who we share information with

In some circumstances, we may share information with the following organisations:

  • Health and benefit suppliers
  • External auditors
  • Suppliers and service providers
  • Professional consultants

Data processors

We use the following data processors for the following reasons:

  • Microsoft 365 – manages our IT systems and databases.

How to complain

If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice.

If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the ICO.

The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113
Website: https://www.ico.org.uk/make-a-complaint