AGILLEX PRIVACY STATEMENT
This statement sets out information you should read regarding the way we collect and process your personal data.
Data we collect
1. Data you provide
We ask you to provide us with some types of personal data when you contact us or if you ask us to provide you, or your organisation, with services. This information includes your name and contact details (email address, postal address and telephone numbers).
Where you use our occupational health services, this information will also include special categories of data, including information that may reveal your racial or ethnic origin or data concerning your health, including sex life or sexual orientation.
2. Data from other sources
We may receive some personal information from your employer. This may include your contact details so that we can communicate with you in respect of the services that we are providing.
For example, we may receive information from your employer in relation to management referrals for occupational health services, including information concerning your health.
We also have access to analytical data provided by Google Analytics relating to the use of our website, though this information is typically provided in an anonymised form.
Our website only uses session cookies, i.e. cookies that only last so long as you are accessing our website.
A cookie is a small file automatically placed on your device that is intended to enhance the user experience. You can disable these by adjusting your browser settings.
How we use your data
1. Our services
We use your personal data as necessary to provide our services to you or your organisation.
Exceptionally, we may need to contact you relating to your use of our website. For example, to notify you of changes to the services that we provide.
We will notuse your personal data for advertising or direct marketing purposes.
4. Data sharing
Periodically, we may need to share your personal data with third parties. For example, if we need to share your information with other professionals for the purpose of providing our services. However, we will not share your information without your prior consent, and then only for the purposes for which you have authorised.
We will not share or sell your personal data with or to third parties for the purpose of direct-marketing or other advertising activities.
5. Legal disclosures
We may need to disclose your personal data if required to do so by law or by a regulatory body (e.g. a court or the Information Commissioner’s Office), of if we believe in good faith that a disclosure is reasonably necessary and proportionate.
Before making such a disclosure we will use our reasonable endeavours to ensure that it is justified and, where lawful to do so, will notify you of a disclosure request.
6. Change in control or sale
We may share your personal data with a third party organisation that wishes to buy or merge with our business, or if there is any material change in control, including in relation to activities preparatory to a sale, merger or change of control.
Following a sale, merger or change of control, the resulting entity may continue to use your personal data subject to the terms of this privacy statement.
1. Data retention
We will retain your personal data as long as necessary to supply our services. Thereafter, we will retain your personal data for so long as we may be required by any applicable law or as reasonably necessary for evidential purposes.
If we need to retain your personal data, we will reduce it to the amount reasonably necessary to comply with that purpose.
2. Access to your personal data
You can ask us for a copy of your personal data at any time.
3. Control of your personal data
Delete data:you can ask us to erase or delete all or some of your personal data we no longer require it for the provision of our services. However, please note that we may need to retain some or all of your data to comply with our legal obligations or for evidential purposes.
Change or correct data:you can ask us to correct your data or provide us with updates where necessary
Object to, limit or restrict use of your data:you can ask us to stop using some or all of your data or to restrict our use of your data, e.g. where we no longer need to process your personal data but you require it for evidential purposes.
Other relevant information
We have implemented reasonable safeguards having regard to the nature of the information that we collect and the damage that might result if it is lost, disclosed or altered or unlawfully accessed, transmitted or processed. These measures include storing data in a secure environment managed and monitored by an industry-standard provider and encrypting data on our personal devices.
2. Transfers outside the EEA
We do not transfer your personal data outside the EEA; our service providers store your data on servers located within the EEA.
3. Legal basis for processing
We only collect and process your personal data where we have a lawful basis. These include:
· contract: where our processing is necessary for the performance of a contract with you, i.e. to provide you with our services;
· legitimate interest: where our processing is necessary for our legitimate interests or those of a third party unless these interests are overridden by your interests or fundamental rights and freedoms, e.g. to provide you with information about our services; or
· occupational health:where processing of special categories of personal data is necessary for the provision of our occupational health services, e.g. for the assessment of working capacity.
· contract with a health professional:where we process special categories of personal data in relation to a management referral it will be processed in accordance with a contract with the employer. However, it will only be processed by or under the responsibility of a professional subject to an obligation of professional confidentiality.
If you have any questions or complaints regarding this privacy statement, please contact us at email@example.com by writing to us at:
Data Protection @ Agillex
Unit 1, Office 1, Tower Lane Business Park
If we are unable to resolve your issue, then you can contact the Information Commissioner’s Office at https://ico.org.uk/make-a-complaint/
If we update this privacy statement we will publish a copy of the revised statement on our website and send you a notice drawing your attention to it. If you object to the proposed changes then you may ask us to delete your information, which we will do subject to any legal obligations, including the fulfilment of our services or as necessary for evidential purposes. We will assume you do not object to the revised statement if you have not objected within 30 days of its publication.