TOXICOLOGY
Effective Date: 01/03/2024
Our privacy notice is part of our approach to transparency and protection of your personal information.
Abbott Healthcare Connections Ltd (“Abbott” or “we” or “us”) is the Data Controller for the processing of your personal data for the purposes of occupational health assessments for which you have been referred by your employer or voluntarily self-referred. At Abbott, we are committed to complying with our obligations under the UK Data Protection Act 2018 , the UK and EU General Data Protection Regulation (GDPR) and other applicable privacy laws.
How we look after your Data
This Privacy Notice is a Statement of how we process your personal data and which provides you with additional information relating to the processing of your personal data and how you may exercise your data protection rights. It should be read in conjunction with Abbott’s Privacy Policy.
What is Personal Data? “Personal Data” is any information that identifies you or from which you could be identified, in particular by reference to an identifier such as a name, an identification number, location data, an online identified or one or more factors specific to the physical, psychological, genetic, mental, economic or social identity. Personal Data includes subsets of special categories of information that reveal information about your health, among other things.
Information you are asked to provide:
Before attending your appointment
If you are referred or have voluntarily self-referred for a Health Assessment with us, you will be asked to complete a questionnaire and health profile before attending your appointment. Within the questionnaire you are asked to provide:
We may also receive some of these basic details from your employer if you have been referred to us by them or directly from you if you have voluntarily self-referred in order to carry out an assessment. These are verified with you via the questionnaire we ask you to complete above.
We require this personal data in order to identify you within our systems and ensure that your information is processed securely. Additionally, this range of personal data allows our systems and clinicians to provide an accurate, tailored Health Assessment.
During your appointment
Throughout your appointment we collect varying amounts of personal data. The amount of personal data that we collect will differ based upon the appointment service that you are referred or voluntarily self-referred for. Personal data that we collect may include:
We aim to deliver a thorough assessment during your visit and collect the above data in order to fully assess your fitness to complete your role or to provide a general overview of your current health status and provide the most clinically suitable recommendations where required. Should there be any part or test within the appointment that you do not wish to complete, please inform your clinician on the day of the appointment.
After your appointment
Communication with other health professionals – during your appointment journey it may be necessary to share your personal data with another health professional who is involved in your care (e.g. your GP, nurse, a consultant, external practitioners (where they are working with you on our behalf) or laboratory staff).
Voluntary Medicals - In the case of any voluntary self-referral, we do not share your personal data with any other professional external healthcare provider. The decision is entirely yours as to whom you wish to share your medical information.
Specimen transport - physical specimens (e.g. blood, urine or saliva sample) may be collected during your appointment. Specimens may be tested in laboratories that are not located at the site where your Health Assessment is carried out. In such cases, your specimens will be transported to the laboratory via an authorised and vetted courier.
Disclosures within Abbott – there may be entities within Abbott that are involved in providing and managing your healthcare assessment. All of Abbott’s entities sign up to the same standards, policies and rules as we do here in the UK, so your information is protected. Abbott may require transferring your personal data to other jurisdiction different from the country or region where you are based (e.g., outside of the European Union if you are a based in an EU country).
These jurisdictions may include the United States. To safeguard your personal information, we will only make such transfers based on (i) a decision by the European Commission that permits this, or in the case of the United Kingdom, a decision by the Information Commissioner’s Office (ICO), or (ii) subject to EU-approved Standard Contractual Clauses or, for the UK, an ICO approved International Data Transfer Agreement (UK IDTA) or UK Addendum.
Disclosures to your employer – we will only ever disclose information about your initial health assessment to your employer with your consent. However, where assessing for fitness to work in accordance with specific industry requirements, the outcome and any relevant restrictions will be disclosed as part of your Employers legal obligations. This may also involve an upload to a relevant industry data base (e.g. Sentinel). Please note, where you may use our medication checking service (Chemist on Call) the results and recommendations of the medications we have checked will be provided to your employer as part of the results process. If you have any concerns about what is or is not shared with your employer, please speak to your clinician at your assessment or contact the customer service team after the appointment.
In cases of voluntary self-referrals, please see paragraph headed ‘Voluntary Medicals above.
Disclosures to any other outside parties – there may be occasions where we are legally obliged to share your data with an organisation outside of you, Abbott or your Employer. We will seek your consent before we share anything where it is appropriate to do so but there may be some occasions where we cannot. Please see below for further information on how we handle requests to access your data.
Fair and Lawful Processing:
In order to provide you with an Occupational Health assessment, we are the ‘Data Controller’ of the data we collect and use about you. Due to the nature of Occupational Health, there may be some instances where we are an Independent Controller with your employer, and we work together with them on Occupational Health matters.
Each organisation is required to demonstrate that they are processing personal data fairly and lawfully. To do this we must have a ‘lawful basis for processing’ personal data which is outlined below;
In order to assess your working capacity
Customers obligations:
Article 6 = Legal Obligation (Health & Safety, Working with dangerous Chemicals etc.)
Article 9 = Occupational Health (Assessment of the working capacity of the employee)
Abbotts obligations:
In order to inform your employer of their obligations to action any support you may need or any medical condition or history you believe is relevant
Article 6 = Consent
Article 9 = Explicit Consent
In order to assess and provide you with a general overview of your medical health status having voluntarily self-referred
Article 6 = Consent
Article 9 = Explicit Consent
In order to investigate, establish or defend any claims that may result from your treatment
Article 6 = Legitimate Interest in defence of a legal claim
Article 9 = Defence of Legal Claim
We may also look to continually improve clinical treatment; therefore, we may use aggregated anonymised data as part of a research project or an assessment of our services.
How long will we keep my personal data for?
Subject to applicable data subject rights, we will not hold personal data for longer than required to comply with our legal obligations. Where we are under a legal obligation to retain data, we will retain it in accordance with the applicable legal requirement.
Document Type | Retention Period | Statutory or Recommended | Reference Used | Where is Data Stored |
---|---|---|---|---|
Type of data | Maximum retention period | Statutory | Reason for length of period | |
Occupational Health Records – relating to all information held unless covered by another Regulation. | During employment and for 6 years following the end of employment or until the 75th birthday, which ever is sooner. Or until record formally transferred on end of contract. | Recommended | Ethics Guidance for Occupational Health Practice, London. Faculty of Occupational Medicine, 2012. Records Management Code of Practice for Health and Social Care. London: Information Government Alliance/Department of Health, 2016. Ohaw.co/IGA2016 | Electronic or paper files within AHCC |
Health Records and Clinical Records kept by reason of COSHH. | 40 years following date of last entry. Or until record formally transferred on end of contract. | Statutory | Control of Substances Hazardous to Health Regulations 2002. All records kept as not practical to separate from individual OH records. | Electronic or paper files within AHCC |
Health Records and Clinical Records kept under Ionising Radiation Regulations 2017. | 30 years following date of last entry or until 75th birthday. Or until record formally transferred on end of contract. | Statutory | Ionising Radiation Regulations 2017. All records kept as not practical to separate. | Electronic or paper files within AHCC |
Health Records and Clinical Records including biological monitoring results kept under Control of Lead at Work Regulations 2002. | 40 years following date of last entry. Or until record formally transferred on end of contract. | Statutory | Control of Lead at Work Regulations 2002. | Electronic or paper files within AHCC |
Health Records and Clinical Records kept under Control of Vibration at Work Regulations 2005. | “For the duration they remain under health surveillance and possibly longer.” For practical purposes in OH record keeping treated as per OH records kept for 6 years post surveillance programme or until records formally transferred. | Statutory | Control of Vibration at Work Regulations 2005. | Electronic or paper files within AHCC |
Health Records and Clinical Records kept under Control of Asbestos Regulations 2012. | 40 years following date of last entry. Certificates only need to be kept for 4 years from the date of issue but for practical purposes unlikely to be able to separate. Or until record formally transferred on end of contract. | Statutory | Control of Asbestos at Work Regulations 2002 (SI 2002/2675). Also see the Control of Asbestos Regulations 2006 (SI 2006/2739) and the Control of Asbestos Regulations 2012 (SI 2012/632). | Electronic or paper files within AHCC |
Records of tests and examinations of control systems and protective equipment under the Control of Substances Hazardous to Health Regulations (COSHH) 2002. | 5 years from the date on which the tests were carried out. | Statutory | Control of Substances Hazardous to Health Regulations (COSHH) 2002. | Electronic or paper files within AHCC |
Records relating to children and young adults. | Retain until individuals 25th birthday or 26th if 17 at conclusion of contract. | Recommended | Electronic or paper files within AHCC. This item dealt with as per NHS guidance as no specific OH guidance relating to children – 2 links here BMA. | |
Assessments under health and safety regulations and records of consultations with safety representatives and committees. | 6 years post contract end. | Recommended | Best practice. | Electronic or paper files within AHCC |
Travel health consultation and vaccine records. | 10 years from date of last entry or post contract. | Recommended | RCN Competencies for Travel Health. | Electronic or paper files within AHCC |
Document Type Retention Period Statutory or Recommended Reference Used Where is Data Stored: |
Document Type
Retention Period
Statutory or Recommended
Reference Used
Where is Data Stored: |
Document Type
Retention Period
Statutory or Recommended
Reference Used
Where is Data Stored: |
Document Type
Retention Period
Statutory or Recommended
Reference Used
Where is Data Stored: |
Document Type
Retention Period
Statutory or Recommended
Reference Used
Where is Data Stored: |
Document Type
Retention Period
Statutory or Recommended
Reference Used
Where is Data Stored: |
Document Type
Retention Period
Statutory or Recommended
Reference Used
Where is Data Stored: |
Document Type
Retention Period
Statutory or Recommended Reference Used Where is Data Stored: |
Document Type
Retention Period
Statutory or Recommended Reference Used
Where is Data Stored: |
Document Type
Retention Period
Statutory or Recommended Reference Used
Where is Data Stored: |
Your rights over your personal data:
The law gives you certain rights in respect of the information that we hold about you. Below is a short overview of the key rights available to you.
Where we seek your consent to share any Personal Data with someone like your employer, at any point you can contact us to remove that consent and change your mind. To do so, simply contact the customer service team via AHCC.customerservice@abbott.com.
To exercise any of your rights please contact DataProtectionUK@abbott.com or speak to your clinician.
Requests to access your data:
You may request copies of your occupational health records or parts thereof, at any time. You may also request that a copy of your occupational health records is sent to a third party, such as a solicitor.
If you want to access to your occupational health records, we need to confirm the following details from you;
It should also contain a signature, if in letter form. If we receive the request by e-mail or phone call, we may make an additional security check to ensure you are who you say you are. This is designed to protect your information.
If the request comes from a third party, such as a solicitor, then it is essential that we have the following information included in a consent form from the individual. The consent form should include:
If we receive a request from a third party, we may contact you to verify that the request is legitimate, and you have asked them to request the data.
How do we protect your data?
We have a wide range of measures in place to help ensure your information is protected both within our own organisation and those partners and suppliers that we chose to work with. These range from training for our staff through to technical security measures with things like data encryption and cyber security software. We look to keep this updated as best we can and encourage a culture effective information handling amongst our staff.
What happens if things go wrong?
Where something does not live up to our normal high standards you may have cause to raise a concern regarding an element of your customer journey. It is important that we learn from these episodes to continually enhance services and as such we carry out thorough investigations. In order to fully investigate your concern, we may need to share information with our Data Privacy team. In any case, we will only share a limited amount of information, as little as is necessary to investigate the concern. We may also need to share details of your concern with the clinicians who conducted your appointment for the purposes of the investigation. If the concern has come via a third party (e.g. a regulatory body or solicitor) we may need to disclose your data with them in order to resolve, defend or investigate a concern.
Further Information and how you can get in touch:
For further information about how your data may be processed or to ask any questions, please raise this with the customer service team, AHCC.customerservice@abbott.com. If you are not satisfied with how we handle your personal data or a request to exercise one of your rights in relation to your data, you can contact the Data Protection Officer via DataProtectionUK@abbott.com.
Should you remain dissatisfied you have a right to complain to the Information Commissioner’s Office on 0303 123 1113 or through their website https://ico.org.uk/
A Leader in Toxicology
©2024 Abbott. All rights reserved. Unless otherwise specified, all product and service names appearing in this Internet site are trademarks owned by or licensed to Abbott, its subsidiaries or affiliates. No use of any Abbott trademark, trade name, or trade dress in this site may be made without the prior written authorization of Abbott, except to identify the product or services of the company.
This website is governed by applicable U.S. laws and governmental regulations. The products and information contained herewith may not be accessible in all countries, and Abbott takes no responsibility for such information which may not comply with local country legal process, regulation, registration and usage.
Your use of this website and the information contained herein is subject to our Website Terms and Conditions and Privacy and Cookie Policy. HIPAA & Patient Info
Abbott - A Global Leader in Toxicology.