Gipping OH are committed to protecting the privacy and ensuring the security of your personal information. This privacy notice explains how we collect, use, share, and protect your personal data in accordance with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.
Data Controller
Gipping Occupational Health Limited
10 – 11 Norfolk House
Williams Port Way
Lion Barn Industrial Estate
Needham Market
Suffolk
IP6 8RW
Company Registration: 3127904
ICO Registration: Z8108635
Types of Personal Data Collected
We may collect and process the following categories of personal data:
- Your name
- Postal address
- Profession (and relevant professional details relating to your company)
- Invoicing details/address
- Information regarding the services you request
- Supplementary information you provide us about yourself when contacting us
- Email address
- Telephone numbers (including mobile)
- Cookies data – such as your IP address, browsing and clicks data
We will also need to collect or receive information about you to provide our services, this will often include:
- Physical health information
- Mental health information
- Occupational health information
- Career and job role-based data
- Training undertaken and qualifications gained
- Information about and from your health care professionals pertinent to our services
- Lifestyle information that you may offer to us
- Employee ID.
Purposes of Processing
We collect and process your personal data for the following purposes:
- to process the services requested by your employer
- to ensure our records are complete and accurate
- to provide the specific services to you as contracted by your employee
- to undertake sales analysis and management of the business
- to give you information that you request from us and to improve our services
- to notify you about changes to our services
- to allow us to operate the Website efficiently
- any relevant troubleshooting, testing or statistical analysis as appropriate
- to keep the Website secure.
Data Retention
We retain a record of your Personal Data to provide you with a high quality and consistent service. We will always retain your Personal Data in accordance with the Data Protection Legislation and never retain your Personal Data for longer than is necessary and in accordance with our Data Retention Policy and Schedule.
Lawful Basis for Processing
We rely on the following lawful bases for processing your personal data:
- Contractual necessity: Processing necessary for the performance of a contract with your employer and by extension, you.
- Vital interests: Processing necessary to protect your vital interests, via occupational advice and monitoring, whilst you are at work
- Legitimate interests: Processing necessary for our legitimate interests, such as providing quality care, managing our services, and improving our operations. We ensure that your rights and freedoms are upheld.
Data Sharing
As part of our service provision, we may be required to share elements of your personal data with third parties as per the terms of our service. The sharing arrangement we operate under with third parties who act as joint controllers of your data, will always be made available to you on request.
Please be assured that we will not share your information for any other reason unless we are required by law or permitted to do so under this Privacy Notice. The main circumstances in which we will be permitted or required to disclose this by law will be by court order, to government bodies and law enforcement agencies. However, sometimes we may share your information with third parties in the following ways:
- with carefully selected sub-processors to help us collect, store, or manage your information, such as our IT services who provide operational platforms
- with our website provider who manage webforms on our behalf
- analytics and search engine providers that assist us in the improvement and optimisation of the Website
- if Gipping OH is acquired by a third party, in which case Personal Data held by it, about its customers, will be one of the transferred assets.
Third parties who may have access to Gipping OH data are signed into data processing and non-disclosure agreements to ensure restrictions on data use and are vetted to ensure that the highest level of security is applied to the data they may have access to.
Securing Your Personal Data
Gipping OH uses a range of security techniques to keep your personal data secure, these include:
- Strict access control
- Network monitoring and management
- Security Policies
- Use of multi – factor authentication
- Anti – malware software
- Encryption techniques
- Employee training and awareness
International Transfers
Gipping OH do not transfer Occupational Health data or other personal data outside of the EEA.
The only instance where data may be transferred outside of the EEA is when cookies data is collected by Google Analytics and may be transferred to Google servers which are located within Europe, Asia, Oceania and the US. Google uses the commissioner’s adequacy decision, Binding Corporate Rules (BCRs) and legally binding, enforceable agreements between public bodies and authorities to ensure that the transfer remains secure and protects the privacy of the data.
Your Rights
You have the following rights regarding your personal data:
- The right to access: You can request a copy of the personal data we hold about you.
- The right to rectification: You can request the correction of inaccurate or incomplete personal data.
- The right to erasure: You can request the deletion of your personal data in certain circumstances.
- The right to restrict processing: You can request the limitation of the processing of your personal data in certain circumstances.
- The right to data portability: You can request the transfer of your personal data to another organisation.
- The right to object: You can object to the processing of your personal data in certain circumstances.
- The right to lodge a complaint: If you believe your data protection rights have not been upheld, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) or another supervisory authority.
Contact Us
If you have any questions or concerns regarding the processing of your personal data or would like to exercise your rights, please contact our Data Protection Officer on: rebecca.richards@strident.co.uk
If you would like to make a complaint about the way Gipping OH processes your personal data, you may make a complaint to the supervisory authority the ICO:
Wycliffe House, Wilmslow, Cheshire, SK9 5AF, Tel: 0303 123 1113 (local rate)
Or you can use the online service which allows you to make a complaint using the online form. You can report a breach, a concern or even just request more information. The ICO online can be found here: https://ico.org.uk/global/contact-us/
Last updated October 2024