WHO ARE WE?
Medigold Health Consultancy Limited (including its group companies or subsidiaries: Hampton Knight Limited; Ablemed Health Limited; IMASS Group Limited;), has its registered office at Medigold House, Queensbridge, Northampton NN4 7BF.
We can act as both data processor (we undertake the processing on behalf and on the instruction of the data controller) and data controller (we decide how your personal data is processed and for what purposes).
OUR DATA PROTECTION OFFICER
Our Data Protection Officer is Mrs G Foster, you can contact her using the following email address: firstname.lastname@example.org
PERSONAL DATA - WHAT IS IT?
Personal data means information from which a living individual can be identified. Identification can take place using the information alone or in conjunction with any other information in the data controller’s possession or likely to come into the data controller’s possession. The processing of personal data is governed by the Data Protection Act 1998 and the General Data Protection Regulation (EU) 2016/679 (the “GDPR”) (when the latter comes into force).
SENSITIVE DATA - WHAT IS IT?
Sensitive data is personal data of an individual, the data subject, relating to any of the following is specifically racial or ethnic origin;
- political opinions;
- religious or philosophical beliefs;
- trade union membership;
- data concerning health;
- data concerning sex life or sexual orientation;
- genetic data; or
- biometric data when processed to uniquely identify the data subject.
HOW AND WHY WE USE YOUR PERSONAL DATA?
When we carry out alcohol and drug testing, we need to collect personal and sensitive category data in order to undertake and process testing, including identifying you as a donor, meeting statutory requirements of testing and providing outcomes to your employer.
WHAT PERSONAL DATA DO WE COLLECT ABOUT YOU?
We collect information about you and your health (in particular medication) as part of the alcohol and drug testing procedure.
HOW DO WE OBTAIN YOUR PERSONAL DATA?
Your personal data may be obtained directly from you; or alternately via your employer. Outcome data will be provided by the testing laboratory.
HOW DO WE PROCESS YOUR PERSONAL DATA?
We comply with our obligations under the GDPR by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of personal data; by protecting personal data from loss, misuse, unauthorised access and disclosure; and by ensuring that appropriate technical measures are in place to protect personal data.
SHARING YOUR PERSONAL DATA
Your personal data will be treated as strictly confidential and will only be shared with the laboratories who undertake the specific testing, your employers when providing the outcome of testing, authorised representatives including a Medical Review Officer and if applicable, statutory organisations such as London Underground Ltd, Network Rail and Constructing Better Health.
HOW LONG WILL WE KEEP YOUR PERSONAL DATA?
We will retain your personal data, only for as long as we need that personal data for the purposes of the processing and subsequent for record purposes for one year if an alcohol or drug test result is negative or two years if an alcohol or drug test result is positive.
We may retain your personal data for a longer period of time if applicable for statutory organisations such as London Underground Ltd, Network Rail and Constructing Better Health or in accordance with your employer’s data retention policy.
WHERE DO WE PROCESS YOUR PERSONAL DATA?
We do not process any of your personal data outside of the European Economic Area.
CONDITIONS FOR PROCESSING
We process your data under the following Articles of the GDPR:
- Article 6(1) (f): processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party.
- Article 9 (2) (h): processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems or services.
WHAT ARE YOUR RIGHTS?
Right of access. The GDPR gives you the right to access copies of the personal data held about you. Your right of access can be exercised in accordance with the GDPR. The first copy of the personal data held about you will be provided free of charge but any subsequent copy will be subject to a reasonable fee based on the administrative costs of providing copies of the personal data to you.
Right to request an electronic copy of your personal data. When you provide personal data, you have the right to be provided with a structured, commonly used and machine-readable copy and have the right, in certain circumstances, to ensure that we transmit that personal data to another data controller without hindrance (the right to data portability).
Right to correct or erase personal data and to restrict processing. You have the right to ensure that we correct the records of any personal data held about you which are inaccurate. You also have the right to ensure that we complete any incomplete personal data held about you.
You have the right to ensure that we erase your personal data (the right to be forgotten).
In certain circumstances, such as when you have contested the accuracy of personal data, you have the right to restrict our processing of your personal data. That means that we will hold your personal data on file but that we cannot process that personal data. We will inform you if for any reason the restriction on processing your personal data is lifted.
When any rectification or erasure of personal data or restriction of processing has taken place, we shall communicate any rectification to you or erasure or restriction of processing to each recipient to whom the personal data has been disclosed, unless this proves impractical or involves disproportionate effort. We shall, if you request, inform you about those recipients.
Exercising your rights. If at any point you believe the personal data we process is incorrect, you can request to see this personal data. If you would like a copy of the personal data about you that we process, or if you wish to have that personal data transferred to another company or organisation, please contact us via: email@example.com.
To exercise any of your other rights please contact our Data Protection Officer, Mrs G Foster, using the following email address: firstname.lastname@example.org
If you wish to raise a complaint on how we have handled your personal data, please contact our Data Protection Officer, Mrs G Foster, using the following email address:
email@example.com and she will investigate the matter.
If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO). https://ico.org.uk/
Further information about how we process your personal data can be accessed via our website: www.medigold-health.com