Occupational Health - Privacy notices

Purpose
Occupational Health
Description

We process personal information to enable us to carry out our statutory duties in relation to health and safety and assist in managing staff attendance. This includes occupational health referrals, subsequent reports and statutory health surveillance information. The information is held in secure drives and backed up nightly. A data sharing agreement is in place with the OH provide. We process information relevant to the above reasons and purposes which may include:

  • Personal information
  • Medical information
  • Lifestyle and social information
If you do not give us your information

We will not be able to process your Occupational Health request.

Conditions for processing personal information

Article 6(1)(c) of UK GDPR - the processing is necessary for compliance with legal obligations to which the Council is subject.  These are listed below:

  • The Management of Health and Safety at Work Regulations 1999
  • The Health and Safety (Display Screen Equipment) Regulations 1992
  • Working Time Regulations1998
  • Control of Vibration at Work Regulations 2005
  • Control of Lead at Work Regulations 2002
  • Control of Asbestos Regulation 2012
  • Control of Substances Hazardous to Health 2002
  • Ionising Radiation Regulations 1999

Special category data in relation to health is processed under Article 9(2)(h) of UK GDPR for the purposes of preventative or occupational medicine and for the assessment of the working capacity of employees.

Your rights

View personal data

  • Change personal data
  • Restrict processing of personal data

Find out more about your rights

Who we share your information with

We sometimes need to share information with other organisations, such as:

  • Occupational Health Provider
  • Health and Safety Executive
  • Council Insurance Team
How long we hold your information

Health and safety documents are retained in accordance with the agreed retention schedule:

  • Health surveillance – 40 years after employee has left employment with the Council
  • Attendance management – 5 years after termination
Automated processing

Your personal information is not subject to automated decision making or profiling.

Data controller

The data controller is The Highland Council.

Data Protection Officer
Data Protection Officer
Highland Council Headquarters
Glenurquhart Road
Inverness
IV3 5NX

Phone: 01463 702029
Email: dpo@highland.gov.uk

Supervisory authority

If you are unhappy with the way we have processed your personal information you can contact the Information Commissioner:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Tel: 0303 123 1113
https://ico.org.uk/global/contact-us/