ObsidianHealthcare
Trusted Before We Arrive.
Occupational Health Privacy Notice.
Effective Date: 1st July 2024
1. Purpose
1.1 Overview
This Privacy Notice explains how Obsidian Healthcare Recruitment Ltd (“we”, “us”, “our”) collects, processes, stores, and shares personal data in connection with occupational health (OH) services, including pre-employment health assessments, fitness-to-work evaluations, and ongoing health monitoring required for clinical roles.
1.2 Scope
This Notice applies to all individuals undergoing occupational health assessments arranged or facilitated by Obsidian Healthcare, including:
Prospective candidates
Agency workers
Employees
Contractors
Individuals referred by clients or partner organisations
1.3 Legislation
We process personal data in accordance with:
UK General Data Protection Regulation (UK GDPR)
Data Protection Act 2018
Health and Safety at Work etc. Act 1974
Equality Act 2010
Other relevant UK employment and safety laws
1.4 Queries and Complaints
For questions about this Notice or how we process OH data, contact our Data Protection Officer (DPO):
Data Protection Officer
Obsidian Healthcare Recruitment Ltd
4 Minster Court, Tuscam Way
Camberley, Surrey
GU15 3YY
United Kingdom
Email: gdpr@obsidianhealthcarerecruitment.com
Phone: 0208 068 7099
If you are unhappy with our response, you may contact:
Information Commissioner’s Office (ICO)
Wycliffe House, Water Lane
Wilmslow, Cheshire, SK9 5AF
Website: www.ico.org.uk
Telephone: 0303 123 1113
2. How We Collect Your Personal Data
2.1 Direct Collection
We may collect personal data directly from you through:
Online or paper-based OH forms
Health questionnaires and declarations
Pre-placement or periodic OH assessments
Phone, email, or online communication
Consultations with OH clinicians
2.2 Collection from Employers or Third Parties
We may receive OH-related information from:
Your employer or prospective employer
Occupational health providers
Laboratories or testing services
Healthcare professionals involved in OH assessments
Compliance or certification partners
2.3 Automated Collection
Where applicable, data may be collected via secure online systems used for:
Scheduling appointments
Completing OH forms
Uploading supporting documentation
Recording OH outcomes
3. What Personal Data We Collect
3.1 Identity Information
Full name
Date of birth
Contact details
Gender (where clinically relevant)
3.2 Health and Medical Information (Special Category Data)
This may include:
Immunisation and vaccination records
Allergy and medication information
Workplace health assessments
Fitness-for-work or fitness-to-practice findings
Medical conditions relevant to risk assessment
Drug and alcohol screening results
Recommendations, restrictions, or required adjustments
3.3 Employment Information
Role, department, and work environment
Work patterns or shift types
Job-specific clinical risk factors
3.4 Additional Sensitive Data
Any other information you provide related to disability, workplace needs, or health-related safety considerations.
4. How We Use Your Personal Data
4.1 Occupational Health Purposes
We use your data to:
Determine fitness to work
Identify workplace adjustments or restrictions
Comply with health and safety obligations
Provide legally compliant OH reports to employers
Protect employee and patient safety
4.2 Administrative Purposes
Scheduling and maintaining OH appointments
Maintaining OH records
Compliance with NHS or employer requirements
Supporting statutory and regulatory obligations
4.3 Legal Basis for Processing
We process OH-related personal data under:
Explicit consent (for special category data)
Legal obligation (health & safety law, employment law)
Performance of a contract (employment or placement requirement)
Legitimate interests (ensuring workplace safety and compliance)
No decisions are made based solely on automated processing.
5. Data Retention
5.1 Retention Periods (UK)
Occupational health records for workers: 40 years, where required under UK health & safety regulations (e.g., COSHH, ionising radiation).
General OH assessments: minimum 6 years, or longer if legally required.
Pre-employment OH assessments for unsuccessful applicants: 1 year.
5.2 Deletion and Anonymisation
Where retention is no longer required:
Records are securely deleted, or
Anonymised for statistical / compliance analysis
6. Data Sharing
We may share data with:
6.1 Employers / Prospective Employers
Only fitness-to-work outcomes and necessary recommendations—not detailed medical information—are shared.
6.2 Occupational Health Professionals
Including clinicians, nurses, and laboratories conducting assessments, tests, or reviews.
6.3 Regulators and Authorities
Where legally required (e.g., HSE, ICO, NHS trusts).
6.4 Service Providers
Including IT, secure hosting, and OH management systems under strict data-processing agreements.
6.5 Business Transfers
If the business is sold or restructured, data may be transferred under legal safeguards.
We do not sell personal data.
7. International Transfers
If data is transferred outside the UK, it will be protected by:
UK adequacy regulations, or
ICO-approved International Data Transfer Agreements (IDTAs), or
Standard Contractual Clauses (SCCs)
8. Your Rights
You have the right to:
Access your personal data
Request correction of inaccurate data
Request erasure (where legally appropriate)
Restrict processing
Object to certain processing activities
Request data portability
Withdraw consent at any time
Complain to the ICO
To exercise your rights, contact: gdpr@obsidianhealthcarerecruitment.com.
Proof of ID may be required.
9. Security Measures
We use technical, administrative, and physical safeguards to protect your data, including:
Encryption
Access controls
Secure storage systems
Staff training
Confidentiality agreements
Auditing and monitoring
10. Changes to this Notice
We may update this Notice from time to time. Updates will appear on our website with an amended effective date.
Company Information
Obsidian Healthcare Recruitment Ltd
Registered in England & Wales
Company Number: 13026849
Registered Office:
4 Minster Court, Tuscam Way,
Camberley, Surrey, GU15 3YY
United Kingdom