Maitland Medical Service Ltd are engaged to deliver occupational health services and support.
Maitland confirms its commitment to compliance with the Data Protection Act 1998 (DPA) to be replaced by The General Data Protection Regulations on the 25th May 2018, Computer Misuse Act, the Human Rights Act 1998 (HRA), relevant health service legislation, the common law duty of confidentiality, Human Rights Act and the common law of confidence. Maitland is committed to the lawful, fair and transparent processing of data in relation to individuals (Article 5 GDPR).
The legal basis on which Maitland Medical processes information in respect of occupational health is based on: the legitimate interests of an employer, requiring advice on fitness for work, ensuring the efficient and safe running of the business, compliance with health and safety legislation, employment law, ie: the Equality Act and all legal duties with respect to tax and social security legislation ie: pay sick pay etc. Article 6 (1) (f)
Maitland confirms that information collected and processed will be adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed and, with consent, reports, containing guidance on health at work will be provided to the employer. Information collected and processed will be only for specified, explicit and legitimate purposes. Any personal data held will be kept up to date and every reasonable step taken to ensure that inaccurate personal data processed is erased or rectified without delay.
Maitland are committed to the implementation and maintenance of technical and organizational measures to ensure the integration of data protection into all processing activities, promoting privacy and data protection compliance. This Privacy Notice outlines how Maitland collects, uses, retains and discloses personal information.
The information that Maitland collects and holds constitutes personal data. Due to the nature of the work undertaken, Maitland will act as joint ‘Data Controller’ for the purposes of the provision of occupational health services. Maitland recognises the importance of protecting personal and confidential information in all that we do, all we direct or commission, and takes care at all times to meet its legal duties.
In this Privacy Notice: “Data Protection Legislation”: means the Data Protection Act 1998 (as amended, superseded or replaced) and all applicable laws and regulations relating to processing of personal data and privacy, including the Data Protection Act 1998 and The General Data Protection Regulation (EU) 2016/679) (“GDPR”).
Due to the nature of the services provided by occupational health, Maitland Medical will continue to act as data controller (where Data Controller and Data Processor have the meanings as defined in the Data Protection Legislation). This Privacy Notice sets out the scope, nature and purpose of processing, the duration of the processing and the types of Personal Data and categories of Data Subject (where Personal Data and Data Subject have the meanings as defined in the Data Protection Legislation).
The Client and Maitland Medical confirm that they will ensure that all necessary appropriate consents and notices are in place to enable lawful transfer of the personal data for the duration and purposes of this agreement.
The client is required to consent to Maitland appointing third-party processors of Personal Data. Maitland confirms that it has entered or (as the case may be) will enter with the third-party processor into a written agreement incorporating terms which are substantially similar to those between the Client and Maitland. Maitland confirm they shall remain fully liable for all acts or omissions of any third-party processor appointed by it pursuant to this agreement.
The controlling and processing of personal data held by Maitland in the course of providing occupational health support and advice. Maitland is a ‘data controller’ under the DPA. Maitland have registered with the Information Commissioner (ICO) confirming that we control and process personal data. Details are publicly available from the: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow SK9 5AF ico.org.uk
The basis on which Maitland processes information handled is: Article 9 (Special category data)(2)(h) Processing is necessary for the purposes of preventive or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis EU or Member State law or pursuant to contract with a health professional and subject to the conditions and safeguards referred to in paragraph 3.
Maitland’s legal justification for processing is: Article 6 (1)(f) Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which required protection of personal data, in particular where the data subject is a child. Justification is based on the legitimate interests of the employer, requiring advice on fitness for work and the efficient and safe running of the business, to comply with health and safety legislation, employment law ie: The Equality Act, legal duties with respect to tax and social security legislation ie: pay sick pay: Occupational Health assist and advise on this.
Maitland will retain information only for as long as necessary. Records are maintained in line with the Faculty of Occupational Medicines retention schedule which determines the length of time records should be kept. This is throughout the duration of employment (if not transferred, destroyed within 7 years of leaving the company) and 40 years for health surveillance records. Information Governance Alliance/ Dept. of Health 2016 /Reg 11 COSHH Regs 2002 and ACOP 2013
Information will be managed electronically and occasionally in paper form.
Information is processed to enable Clients to act lawfully in the management of health issues within the workplace.
Information is also gathered in order to support and monitor services provided and optimise the delivery of high quality healthcare. This type of information will usually be utilised in an anonymised form, so that any individual employee cannot be identified.
Maitland on account of the nature of their work deal with ‘special category’ data. This can include:
Article 9 (2) (b) confirms that processing is necessary for the purposes of carrying out employer’s obligations and exercising specific rights of the controller or data subject in the field of employment, social security and social protection law.
The information Maitland will hold may include:
Maitland will only collect and use information for the lawful purposes of administering.
The information will only be shared with other organisations where there is a statutory obligation to do so. This can be due to:
Maitland are committed to taking all reasonable measures to ensure the confidentiality and security of personal data for which we are responsible, whether computerised or on paper. We ensure that the storage, handling and movement of health records does not in any circumstances compromise the confidentiality of patient/client information.
All clients have the right to expect that personal information given to occupational health in confidence will not be disclosed without their explicit consent except in the most exceptional of circumstances. All staff handling occupational health information receive training at appointment and throughout engagement regarding patient confidentiality, security and non-disclosure. They are also provided with written guidance advising them of their information governance responsibilities and follow best practice guidelines ensuring the necessary safeguards and appropriate use of person-identifiable and confidential information.
Under the Confidentiality Code of Conduct, all staff are also required to protect information, and inform as to how information will be used. This includes, in most circumstances, allowing personal decisions in respect of how information can be shared. All of Maitland’s employees both clinical and support teams are subject to the common law duty of confidentiality. Information provided in confidence will only be used for the purposes advised and consented to by the service user, unless it is required or permitted by the law.
All sensitive information exchanged electronically will be encrypted and/or password protected. Our occupational health web based system is ISO27001 compliant. Maitland security systems include Enterprise Mobility suite + Security which include Multi Factor Authentication, Encryption of mobile devices, USB ports locked, Mobile Application Management, Advanced Threat Protection, Firewall and Anti-virus protection. We have our systems scanned for vulnerabilities and periodic penetration tests undertaken. Maitland also hold Cyber Essentials.
Please contact us if you have any questions regarding this Privacy Notice: Julie Michalski, Managing Director or Sarah Paradine, Practice Manager, Maitland Medical Service, Milestones, Royal Parade, Chislehurst, Kent BR7 6NW.
Employees can ask for inaccuracies to be corrected or for additional information to be added. Data can be erased if the data is no longer necessary, consent is withdrawn consent (where the processing is based on consent and there is no other legal ground for processing), the data has been unlawfully processed. In the first instance, contact: Reeva Steadman, Lead Account Manager, Maitland Medical Service, Milestones, Royal Parade, Chislehurst, Kent BR7 6NW. If required a complaint can be made to Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow SK9 5AF ico.org.uk
When someone visits http://maitlandmedicaloccupationalhealth.com we collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. We collect this information in a way which does not identify anyone. We do not make any attempt to find out the identities of those visiting our website. We will not associate any data gathered from this site with any personally identifying information from any source. If we do want to collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it.
If you have previously browsed to our website and no longer wish to accept cookies, please be aware that some cookies may have already been set. You may delete these cookies at any time via your browser by following these instructions: aboutcookies.org
You can control cookies via your browser settings by following the instructions at aboutcookies.org however if you choose to block cookies then your browsing experience may be affected.
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.
The text below explains the cookies we use and why.
Cookie: Allow Cookies
Purpose: These cookies are set in order to remember preferences in regards to cookies.
Cookie: Google Analytics
Purpose: We use Google Analytics to monitor traffic levels, search queries and visits to this website.
Google Analytics stores IP address anonymously on its servers, and neither Maitland Medical, CIVIC or Google associate your IP address with any personally identifiable information.
These cookies enable Google to determine whether you are a return visitor to the site, and to track the pages that you visit during your session.
Find Out More: Google website
Name: ywadp10001467053656/ ywadp1000255860556/ fpc10001467053656/ fpc1000255860556
Purpose: Yahoo! WebPlayer plays audio and video on Web pages for users across the Internet. By adding Yahoo! WebPlayer to their sites, publishers can offer relevant audio, video, and other rich context to supplement their site. You do not need to be a registered Yahoo! user to add Yahoo! WebPlayer to your site or to use the product.
Information Collection and Use Practices
Purpose: The PHPSESSID cookie is native to PHP and allows our website to keep track of data in relation to our secure login areas. It allows a user session and to send state data via a session cookie. The PHPSESSID cookie disappears once the website and session is closed.