Skip to content

Privacy Notice

Who we are

We are an Occupational Health service and provide a range of health services including:

  • Management referrals
  • Health Surveillance
  • Immunisations
  • Workplace assessments
  • Medicals
  • Covid-19 testing

What is a privacy notice?

A Privacy Notice is a statement by the organisation to service users, visitors, carers, the public and staff that describes how we collect, use, retain and disclose personal information we hold. This privacy notice is part of our commitment to ensure that we process your personal information/data fairly and lawfully.

Why issue a privacy notice?

Medwyn Occupational Health recognises the importance of protecting personal and confidential information in all that we do and takes care to meet its legal and regulatory duties. This notice is one of the ways in which we can demonstrate our commitment to our values and being transparent and open and commitment to our values of respecting diversity, acting with integrity and striving for excellence. This notice also explains what rights you have to control how we use your information.

What are we governed by?

The key pieces of legislation/guidance we are governed by are:

  • Data Protection Act 1998
  • Human Rights Act 1998 (Article 8)
  • Freedom of Information Act 2000
  • Public Records Act 1958
  • Computer Misuse Act 1990
  • The Common Law Duty of Confidentiality
  • International Organisation for Standardisation (ISO) – Information Security Management Standards (ISMS)
  • General Data Protection Regulations (GDPR) May 2018

Who are we governed by?


Our doctors, nurses and registered support staff are also regulated and governed by professional bodies.

Why and how we collect information

We may ask for or hold personal confidential information about you which will be used to support delivery of appropriate care and treatment. This is to support the provision of high quality care.

These records may include:

  • Basic details such as name, address, date of birth.
  • Contact we have had such as appointments
  • Details and records of treatment of care, including notes and reports about your health
  • Results of x-rays, blood tests etc.
  • Information from people who know you well such as health professionals.
  • Medwyn Occupational Health provides COVID-19 testing to enable clients to satisfy their travel requirements. Data is shared with the laboratory providing the test and if necessary with Public Health Authorities, including Public Health England and the Department of Health and Social Care.

It may also include personal sensitive information such as sexuality, race, your religion or beliefs and whether you have a disability, allergies or other health conditions. It is important for us to have a complete picture as this information assists staff involved in your care to deliver and provide improved care and treatment plans.

Information is collected in several ways, via the employer, healthcare professionals, hospital letters or directly from you.

How we use information

  • To help inform decisions that we make about your care
  • To ensure that your treatment is safe and effective
  • To work effectively with other organisations who may be involved in your care
  • To ensure our services can meet future needs
  • To review care provided to ensure it is of the highest standard possible
  • For research and audit

The lawful basis of processing

Individuals agree to accepting the COVID-19 test under:
Article 6(1)(e); “necessary… in the exercise of official authority vested in the controller’

And provide consent for their personal data to be processed under:
Article 9(2)(h) ‘necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services…”

We will also recognise your rights established under UK case law collectively known as the “Common Law Duty of Confidentiality”

“Common Law Duty of Confidentiality”, common law is not written out in one document like an Act of Parliament. It is a form of law based on previous court cases decided by judges; hence, it is also referred to as ‘judge-made’ or case law. The law is applied by reference to those previous cases, so common law is also said to be based on precedent.

The general position is that if information is given in circumstances where it is expected that a duty of confidence applies, that information cannot normally be disclosed without the information provider’s consent.

In practice, this means that all patient information, whether held on paper, computer, visually or audio recorded, or held in the memory of the professional, must not normally be disclosed without the consent of the patient. It is irrelevant how old the patient is or what the state of their mental health is; the duty still applies.

Three circumstances making disclosure of confidential information lawful are:
• where the individual to whom the information relates has consented;
• where disclosure is in the public interest; and
• where there is a legal duty to do so, for example a court order.

How information is retained and kept safe

Information is retained in secure electronic and paper records and access is restricted to only those who need to know. We follow the guidance published by the Information Commissioner

It is important that information is kept safe and secure to protect your confidentiality. There are a number of ways in which your privacy is shielded; by removing your identifying information, using an independent review process, adhering to strict contractual conditions and ensuring strict sharing or processing agreements are in place.

The Data Protection Act 1998 regulates the processing of personal information. Strict principles govern our use of information and our duty to ensure it is kept safe and secure.

Technology allows us to protect information in a number of ways, in the main by restricting access. Our guiding principle is that we are holding your information in strict confidence.

How do we keep information confidential?

Everyone working for Medwyn Occupational Health is subject to the Common Law Duty of Confidentiality and the Data protection Act 1998. Information provided in confidence will only be used for the purposes to which you consent to, unless there are circumstances covered by the law.

Under Medwyn Occupational Health Confidentiality Code of Conduct, all staff are required to protect information, inform you of how your information will be used and allow you to decide if and how your information can be shared. This will be noted in your records.

All Medwyn Occupational Health staff are required to undertake annual training in data protection, confidentiality, IT/cyber security with additional training for data protection officers and IT staff.

Who will the information be shared with?

To provide best possible care, sometimes we will need to share information about you with others. We may share your information with a range of Health and Social Care organisations and regulatory bodies. You may be contacted by any one of these organisations for a specific reason; they will have a duty to tell you why they have contacted you. Information sharing is governed by specific rules and law.

Your right to withdraw consent for us to share your personal information

You have the right to refuse/withdraw consent to information sharing at any time. We will fully explain the possible consequences to you, which could include delays in you receiving care.

Contacting us about your information

Each organisation has a senior person responsible for protecting the confidentiality of your information and enabling appropriate sharing. This person is known as the Caldicott Guardian. The Caldicott Guardian for Medwyn Occupational Health is the Business Manager, Mrs. Nanette Nobes. If you have any questions or concerns regarding the information we hold on you, the use of your information or would like to discuss further then please contact:

Mrs. Nanette Nobes
Business Manager
Medwyn Occupational Health
Reigate Road


Can I access my information?

Under the Data Protection Act 1998 a person may request access to information (with some exceptions) that is held about them by an organisation.

Right to complain

You have the right to complain to the Information Commissioner’s Office, you can use this link or call their helpline Tel: 0303 123 1113 (local rate) or 01625 545 745 (national rate)

There are National Offices for Scotland, Northern Ireland and Wales, (see ICO website)

Need help with something?

Which in-clinic test are you looking for?

Book an in-clinic appointment for an individual Day 2 or Day 8 Covid-19 RT-PCR test

Book an in-clinic appointment package that includes both Day 2 and Day 8 Covid-19 RT-PCR tests.

Sunday 15 May 2022:
We apologise for current problems with our phone lines. This is being investigated by our technical team.
Please use online chat or email if you need to contact us.

What in-clinic test are you looking for?

Book an in-clinic appointment for an individual Day 2 or Day 8 Covid-19 RT-PCR test

Book an in-clinic appointment package that includes both Day 2 and Day 8 Covid-19 RT-PCR tests for £189.