Your Data
Ethos Health process your personal data, which includes your name, contact details, medical history, prescription medicines and data generated about you for example: sensitive health data, specific health surveillance data and medical assessment examinations results
for the purposes of occupational health care industry, health surveillance and fitness for
work advice.
Data Controller
Data Controller – Ethos Health is a “Data Controller”, this means we are responsible for how we store and process and use your personal data that we hold on you.
We only retain and process relevant information as detailed above. No information will be shared with any other bodies unless specific written consent is granted by the individual being assessed.
Legal Justification
The legal justification for data processing is covered by Article 6 (1)(f) and Article 9(2)(H), which allows for occupational medicine practice. No consent is required for processing this data.
Personal Data Retention
Ethos Health will hold sensitive/ personal information in line with the guidance from the General Medical Council and GDPR Regulations. Health records i.e. (statutory health surveillance) will be retained for a period of 40 years. All other sensitive documentation
such as health reports, e-mails etc need only be retained for a period of 6 years after ceasing employment
Your Rights
You have the right to a copy of the information we hold about you, generally without charge. You can make a formal subject access request to Ethos Health either verbally or in writing. You may ask us to correct any inaccurate information held about you.
Complaints
If you have a complaint about the application of the GDPR (2018) you should notify Ethos Health in writing. If you are not satisfied with our response you may lodge a complaint with the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Please ask for more information