Privacy Policy

1. Introduction

CheckAtWork Ltd ("we", "us", or "our") is committed to protecting your privacy and ensuring the security of your personal data. This privacy policy explains how we collect, use, store, and protect your information when you use our occupational health screening services.

As a provider of occupational health services, we process both personal data and special category data (health data). We are registered with the Information Commissioner's Office (ICO) and comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data Controller Information

3. What Information We Collect

3.1 Personal Data

• Full name and contact details
• Date of birth
• Employment information
• Emergency contact details
• National Insurance number

3.2 Special Category Data (Health Data)

• Medical history and health questionnaires
• Health screening results (blood pressure, BMI, vision, hearing, etc.)
• Mental health assessments
• Occupational health recommendations
• Fitness for work assessments
• Vaccination records (where applicable)

3.3 Technical Data

• IP addresses and browser information
• Website usage data via cookies
• Login credentials for our portal

4. Legal Basis for Processing

We process your data under the following legal bases:

4.1 For Personal Data:

• Contract: To provide occupational health services
• Legal obligation: To comply with health and safety legislation
• Legitimate interests: To improve our services and communicate with you

4.2 For Special Category Data (Health Data):

• Explicit consent: Where you have given clear consent
• Employment law: To meet occupational health obligations
• Public health: For workplace health and safety purposes
• Vital interests: To protect health and safety in emergencies

5. How We Use Your Information

5.1 Primary Purposes:

• Conducting health screenings and assessments
• Providing occupational health advice and recommendations
• Preparing health reports for employers (anonymized where appropriate)
• Maintaining health surveillance records
• Managing appointments and communications

5.2 Secondary Purposes:

• Quality assurance and service improvement
• Statistical analysis (anonymized data)
• Research and development (with explicit consent)
• Legal compliance and regulatory reporting

6. Data Sharing and Disclosure

We may share your information with:

6.1 With Your Consent:

• Your employer (fitness for work status only, not detailed medical information)
• Your GP or other healthcare providers (with explicit consent)
• Occupational health specialists for second opinions

6.2 Legal Requirements:

• Health and Safety Executive (HSE) where legally required
• Courts and law enforcement agencies where legally obligated
• Regulatory bodies for professional standards

6.3 Service Providers:

• Secure IT hosting and data processing services
• Laboratory services for test analysis
• Professional indemnity insurers

7. Data Security

We implement robust security measures including:

• End-to-end encryption for data transmission
• Secure, password-protected databases
• Regular security audits and penetration testing
• Staff training on data protection
• Physical security measures for paper records
• Secure disposal of confidential waste

8. Data Retention

We retain your data for the following periods:

• Occupational health records: 40 years from last entry (HSE requirement)
• Personal data: 7 years after last contact
• Website data: 2 years
• Marketing data: Until you unsubscribe or 3 years of inactivity

9. Your Rights

Under UK GDPR, you have the right to:

• Access: Request copies of your personal data
• Rectification: Correct inaccurate information
• Erasure: Request deletion (subject to legal obligations)
• Restrict processing: Limit how we use your data
• Data portability: Receive your data in a portable format
• Object: Object to processing based on legitimate interests
• Withdraw consent: Withdraw consent at any time

To exercise these rights, contact us at privacy@checkatwork.co.uk

10. Cookies and Website Data

Our website uses cookies to:

• Ensure website functionality
• Analyze website usage (Google Analytics)
• Remember your preferences
• Improve user experience

You can control cookies through your browser settings.

11. International Transfers

We primarily process data within the UK. Where we transfer data internationally, we ensure adequate protection through:

• Adequacy decisions by the UK government
• Standard contractual clauses
• Binding corporate rules

12. Children's Privacy

We do not knowingly collect personal data from individuals under 16 without parental consent. If we become aware that we have collected such data, we will take steps to delete it promptly.

13. Changes to This Policy

We may update this privacy policy periodically. We will notify you of significant changes by email or through our website. The "last updated" date at the top indicates when changes were made.

14. Complaints

If you have concerns about how we handle your data, please contact us first at privacy@checkatwork.co.uk. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO):

15. Contact Information

For any questions about this privacy policy or our data practices, please contact: