E&J Bio UK Ltd is keeping and processing records that include personal information about clients and patients. Under the General Data Protection Regulation there are certain duties and rights related to holding this information. Due to the medical nature of our services we hold additionally medical, work and financial information. This type of information is classified as sensitive and there are additional legal and professional requirements safeguarding it.
What We Hold
The information we hold is kept to a minimum and required for the provision of occupational health services.
Employees name, date of birth, national insurance number, contact details, address
Medical test booking details
Results of medical tests
Reason For Holding This Information
Our clinical staff needs to maintain personal information to meet statutory requirements and guidelines. It also enables us to keep an accurate record of contacts that we have had with you for medical and workplace assessments.
Article 9 of the GDPR refers to holding and processing special category data. This includes health data. In Article 9 paragraph 2 (h) processing of occupational health data is stated as being justified.
Right To Be Forgotten
The GDPR does include a right of the data subject to request erasure. However regarding medical data this right is superseded by other laws and regulations. Therefore the right to be forgotten is limited due to other legal requirements.
Confidentiality & Security
Medical records are kept confidential on cloud portal. The information is only accessed by occupational health staff for the provision of the service.
Due to professional requirements data cannot be anonymised for the performance of the medical assessment. We use encryption for safeguarding.
We do share the test results with the Department of Health & Social Care (DHSC) but no other third party organisations have access to your data.
There can be a legal obligation for disclosure due to the power to order a disclosure as it can be exercised by courts, tribunals or regulators or if a disclosure is in the public interest (e.g. if a person is putting others at significant risk).
Access to Personal Information
You have the right to request access to the information held about you. Please use our contact page to get in touch with us. The first copy is free which will usually be send by email. Repeated or excessive requests can be chargeable.
Due to the sensitive nature of the information we may request additional information to establish your identity.
Medical information has to comply with additional requirements. A healthcare professional can therefore withhold information if it is felt it may cause serious harm to the physical or mental health of the individual if disclosed.
Should any information we hold not be accurate we would expect you to inform us so we can amend your information.
If you have any concerns about the data we hold about you or how we use and process it, please get in touch with us via the contact page of the website. If you are still not satisfied you may contact the Information Commissioner’s Office. Our registration number is 13825658.