Privacy Policy

GIPPING OH is committed to protecting and respecting your privacy.

According to the United Kingdom General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, there are specific requirements when we process your Personal Data. This privacy notice will inform you as to which Personal Data we collect, why we process it, for how long we will process it, with whom we will share your data with, as well as your legal rights regarding the processing of your Personal Data when you are a Client, Customer, when you use our website (, or when we otherwise deal with you in the course of our business.

Please read the following privacy notice carefully to understand our views and practices regarding your Personal Data and how we will treat it.

Whenever you provide personal information, we are legally obliged to use it in accordance with the laws concerning the protection of personal information. GIPPING OCCUPATIONAL HEALTH LIMITED is a company incorporated and registered in England and Wales with company number 3127904 whose registered office is at 10-11 Norfolk House, Williamsport Way, Lion Barn Industrial Estate, Needham Market, Suffolk, IP6 8RW. (“Gipping OH”)

By “Personal Data” we refer to information collected or held by Gipping OH, that identifies and relates to you as an individual.

For the purposes of the United Kingdom General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and any other applicable data protection and privacy laws and regulations (“Data Protection Legislation”), Gipping OH will be the ‘data controller’ and has registered with the Information Commissioners Office under registration number, Z8108635.

We have appointed a data privacy manager who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the data privacy manager using the details set out below.

Contact details

Our full contact details are as follows:

Address: 10-11 Norfolk House, Williamsport Way, Lion Barn Industrial Estate, Needham Market, Suffolk, IP6 8RW

Telephone Number: 01449 766913

Email address:


The Personal Data that we collect

For the purposes listed below, we collect, use, store and transfer the following information regarding you:

  • Your name;
  • Postal address;
  • Profession (and relevant professional details relating to your company);
  • Invoicing details/address;
  • Information regarding the services you request;
  • Supplementary information you provide us about yourself when contacting us;
  • Email address; and
  • Telephone numbers (including mobile).

We may also collect technical information about you when you visit the Website. This information may include the Internet protocol (IP) address used to connect your computer to the Internet, your browser type and version, time zone setting, operating system and platform, browser plug-in types and version, the full URL clickstream to, through and from the Website, page response times, download errors, length of visits to certain pages, page interaction (such as scrolling, clicks and mouse-overs) and methods used to browse away from the page.

The collected information is used to provide an overview of how people are accessing and using the Website. It is not used for any additional purpose, such as to profile those who access the Website.

We will also need to collect or receive information about you to provide our services, this will often include:

  • Physical health information;
  • Mental health information;
  • Occupational health information;
  • Career and job role based data;
  • Training undertaken and qualifications gained;
  • Information about and from your health care professionals pertinent to our services;
  • Lifestyle information that you may offer to us;
  • Employee ID.

Purposes and lawful bases for processing

We will only process your Personal Data when we have a valid legal basis for doing so.

The legal basis we mainly rely on for processing Personal Data is legitimate interests. Where we rely on this lawful basis, we will always inform you of our legitimate business interest and your right to object. Where we use legitimate interest, we will undertake a ‘balancing assessment’ to ensure that our legitimate interests do not outweigh those of the data subject/s. The purposes for which we will process your Personal Data on the basis of legitimate interests are listed below:

  • to process the services requested by your employer;
  • to ensure our records are complete and accurate;
  • to provide the specific services to you as contracted by your employer;
  • to undertake sales analysis and management of the business;
  • to give you information that you request from us and to improve our services;
  • to notify you about changes to our services;
  • to allow us to operate the Website efficiently;
  • any relevant troubleshooting, testing or statistical analysis as appropriate; and
  • to keep the Website secure.

In some circumstances we will seek your consent to process your Personal Data:

  • to provide you with information about our services that we offer via promotional communications;
  • to keep you up to date with features on the Website; and
  • to use marketing and analytics cookies on our website.

Where we rely on your consent to process your Personal Data, you can withdraw your consent at any time by emailing or updating your cookie preferences on our website.

If we have collected sensitive Personal Data as part of our service provision, we will always ensure that we either request explicit consent from you or document the appropriate exemption to allow the processing of this data.

Retaining your information

We retain a record of your Personal Data in order to provide you with a high quality and consistent service. We will always retain your Personal Data in accordance with the Data Protection Legislation and never retain your Personal Data for longer than is necessary, in accordance with our Data Retention Policy and Schedule.

Protecting your information

We are committed to ensuring that your information is secure and we have procedures in place to prevent any unauthorised access or disclosures and to safeguard and keep secure the information that we collect online.

Records required to be kept in hard copy are maintained in secure premises with access controls employed at all times. Transfer of this information is always via locked transport cases.

All the personal data collected by us and stored electronically is held on secure servers in the UK/EU unless we state otherwise in the “Transfer of data outside of the UK/EU” section. Where required, this information is encrypted for additional security. We use safeguards such as firewalls, data encryption and passwords. We enforce physical access controls to our buildings and files, and we authorise access to Personal Data only for those employees who require it to fulfil their job responsibilities.

Data protection officer

To ensure we continue to monitor our obligations under Data Protection Legislation, Gipping OH has appointed a data protection officer (DPO). If you wish to contact the DPO regarding any specific elements of Gipping OH’s data handling, please send your enquiries for attention of the DPO to

Transfer of data outside of the UK/EU

We shall not transfer any Personal Data to any country outside of the UK or EU unless we ensure that such Personal Data is subject to an adequate level of protection and appropriate legal safeguards in accordance with Data Protection Legislation. If we share your Personal Data with third parties located in third countries that are not covered by an adequacy decision, we rely on standard contractual clauses with the UK addendum as our mechanism to safeguard the transfer.

Sharing your information with others

As part of our service provision we may be required to share elements of your personal data with third parties as per the terms of our service. The sharing arrangement we operate under with third parties who act as joint controllers of your data, will always be made available to you on request.

Please be assured that we will not share your information for any other reason unless we are required by law or permitted to do so under this Privacy Notice. The main circumstances in which we will be permitted or required to disclose this by law will be by court order, to government bodies and law enforcement agencies. However, sometimes we may share your information with third parties in the following ways:

  • we may use carefully selected sub-processors to help us collect, store or manage your information;
  • analytics and search engine providers that assist us in the improvement and optimisation of the Website; and
  • if Gipping OH is acquired by a third party, in which case Personal Data held by it about its customers will be one of the transferred assets.

Your rights relating to your Personal Data

You have rights in relation to any Personal Data that we hold about you. If you wish to access your Personal Data you may make a formal subject access request by contacting Gipping OH at

The information you request must relate to you or another person for whom you have authority to act on their behalf. Gipping OH will require confirmation of your ID prior to providing any information about the data we hold. If you are unable to provide sufficient information to prove your ID, Gipping OH reserves the right to refuse your request for access to Personal Data.

The other rights you have in relation to the Personal Data we hold regarding you are:

  • the right to rectify any inaccuracies in the information we hold;
  • the right to erasure of information in specific circumstances;
  • the right to request transfer of your information to another controller;
  • the right to request restriction of the processing of your information; and
  • the right to object to processing in specified circumstances.

If you have provided us with consent to process your information, you always reserve the right to withdraw this consent via the method detailed in the paragraph below. We are committed to ensuring that your wishes are respected and upon notification that you wish to withdraw your consent, Gipping OH will immediately cease processing the information in question.

Please send your request to Gipping OH by emailing We will always process your request within one month.

Changes to this Privacy Notice

We may change this Privacy Notice at any time to ensure it always accurately reflects the way we collect, use and safeguard your Personal Data.

Please check this notice from time to time to ensure you are aware of any updates we may have made to our Personal Data handling practices. The date of the changes will be listed in the ‘Last updated’ section below. We will notify all of our current clients of any updates to this notice via email and we will post the relevant announcement on our website homepage.

We recommend that you print a copy of this page for your reference.


Our Website uses cookies to help us recognise different users of the Website and to provide users of the Website with a good experience when using it. Please see our Cookies Policy for further information.

Information regarding children

We do not intentionally market our services or collect information via this website from data subjects under the age of 13. We do not collect information regarding children for the provision of our services and will erase any data collected if informed by the parent or legal guardian of a child whose data we have erroneously collected.

How can you make a complaint?

Please note that if you are not satisfied with the processing of your Personal Data as set out in this Privacy Notice, please contact us at

If you feel we have not adequately resolved your issue, you have the right to issue a complaint with the Information Commissioner’s Office (

Contacting us

Please contact us at if you have any questions, comments or requests regarding this Privacy Notice

Last updated April 2023

Sign up to the Gipping Newsletter

Get all of our latest news and insights right into your inbox.