Maitland Medical Logo
what is occupational health

Privacy Notice

July 2020

Maitland Medical Service Ltd (“Maitland”) is engaged to deliver occupational health services and support to employers and the information that it collects from employees is “personal data”. Personal data is any data that identifies you or from which you can be identified and it includes special categories of data that reveal information about your health. This notice is a statement of how Maitland processes your personal data.

Maitland is committed to compliance with all relevant legislation including the Data Protection Act 2018 and The General Data Protection Regulations (“GDPR”) In providing our services, we are the “data controller” (as defined in the GDPR) of the data we collect and use about you. Maitland have registered with the Information Commissioner (ICO) confirming that we control and process personal data. Details are publicly available from the: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow SK9 5AF

Types of personal data Maitland collect

Information is processed to enable your employer to act lawfully in the management of health issues within the workplace.

Information is also gathered in order to support and monitor services provided and optimise the delivery of high-quality healthcare. This type of information will usually be utilised in an anonymised form, so that any individual employee cannot be identified.

Maitland on account of the nature of its work handles ‘special category’ data. This can include:

  • personal details such as names, addresses, emails, telephone numbers
  • date of birth to ensure correct identification
  • employment details
  • services, for example details of the services accessed or offered by providers
  • details contained within an employee’s health record
  • physical or mental health details and any known disabilities
  • an overview of absence data
  • responses to surveys
  • education, training (of our physicians/ clinicians/Specialists)
  • offences (including alleged offences), criminal proceedings and sentences
  • complaints, accidents, and incident details


The information Maitland will hold may include:

  • information provided from your employer
  • information gathered from an employee’s GP or Specialist or treatment provider
  • information gathered from information provided by the employee regarding their medical history


How it will be collected

  • post
  • Email
  • Verbal (either by telephone or face to face)
  • Health questionnaire
  • Health assessment

How Maitland will use your personal data

Maitland will only collect and use information for the lawful purposes of administering:

  • Occupational Health Consultancy and Advisory services
  • Education
  • Health administration and services
  • To make contact to make appointments / arrange assessments
  • To ensure appropriate communication and exchange of information
  • Advice on the protection and promotion of health, safety and wellbeing
  • To advise employers regarding health issues in the context of employee working hours and activities
  • To review all assessments and advice and care given to ensure it is of the highest possible standard
  • To continually improve the efficiency and standards of occupational health services and support
  • Anonymised information ie: information held that does not contain identifiable data, will be used to look at trends in health and wellbeing and any work-related health issues

Sharing information

The information will only be shared with other organisations where there is a statutory obligation to do so. This can be due to:

  • Our obligations to comply with current legislation
  • Our duty to comply with a Court Order
  • We hold your written consent to disclosure

Fair and lawful processing

Each organisation is required to demonstrate that they are processing personal data fairly and lawfully. To do so we must have a lawful basis for processing personal data which is outlined below: The lawful basis on which Maitland processes information in respect of occupational health is based on: Article 6 (1) (f): the legitimate interests of an employer, requiring advice on fitness for work, ensuring the efficient and safe running of the business, compliance with health and safety legislation, employment law, ie: the Equality Act and all legal duties with respect to tax and social security legislation ie: pay sick pay etc.

In addition the basis on which Maitland processes special category data is: Article 9 (Special category data)(2)(h): Processing is necessary for the purposes of preventive or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis EU or Member State law or pursuant to contract with a health professional and subject to the conditions and safeguards referred to in paragraph 3.

Duration of Processing

Maitland will retain information only for as long as necessary. Records are maintained in line with the Faculty of Occupational Medicines retention schedule which determines the length of time records should be kept. This is throughout the duration of employment (if not transferred, destroyed within 7 years of leaving the company) and 40 years for health surveillance records. Information Governance Alliance/ Dept. of Health 2016 /Reg 11 COSHH Regs 2002 and ACOP 2013

Security of information

Maitland are committed to taking all reasonable measures to ensure the confidentiality and security of personal data for which we are responsible, whether computerised or on paper. We ensure that the storage, handling and movement of health records does not in any circumstances compromise the confidentiality of patient/client information. These range from training for our staff through to technical security measures including encryption and cyber security software. All sensitive information exchanged electronically will be encrypted and/or password protected.

Rights over personal data

The law gives certain rights to you in respect of information that we hold about you. Below is a short overview of the key rights available:

  • Data Subject Access Request - with some exceptions designed to protect the rights of others, you have the right to a copy of the personal data that we hold about you. For more information on this right, please see the section below.
  • Right to Rectification - you have the right to have the personal data we hold about you corrected if it is factually inaccurate. This right does not extend to matters of opinion, such as an assessment of your wellbeing from a clinician or an assessment of your fitness to work.
  • Right to Erasure - in some limited circumstances, you have the right to have personal data that we hold about you erased (the “right to be forgotten”). This right is not generally available where we still have a valid legal reason to keep the data (e.g. because we are obliged to do so by law).
  • Right to Restrict Processing - you also have the right in some circumstances to request that temporary restrictions are placed on how we process your personal data. For example, if you contest its accuracy or where we are processing it based on our legitimate interest, and you contest our assessment that our interest overrides your rights.

How to contact us

Please contact us if you have any questions regarding this Privacy Notice: Sarah Paradine, Practice Manager, Maitland Medical Service, Milestones, Royal Parade, Chislehurst, Kent BR7 6NW.

Complaints about how we process personal information

Employees can ask for inaccuracies to be corrected or for additional information to be added. Data can be erased if the data is no longer necessary, consent is withdrawn consent (where the processing is based on consent and there is no other legal ground for processing), the data has been unlawfully processed. In the first instance, contact: Reeva Steadman, Lead Account Manager, Maitland Medical Service, Milestones, Royal Parade, Chislehurst, Kent BR7 6NW. If required a complaint can be made to Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow SK9 5AF

Cookie Policy

When someone visits we collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. We collect this information in a way which does not identify anyone. We do not make any attempt to find out the identities of those visiting our website. We will not associate any data gathered from this site with any personally identifying information from any source. If we do want to collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it.

If you have previously browsed to our website and no longer wish to accept cookies, please be aware that some cookies may have already been set. You may delete these cookies at any time via your browser by following these instructions:

You can control cookies via your browser settings by following the instructions at however if you choose to block cookies then your browsing experience may be affected.

Use of cookies by Maitland Medical

Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.

The text below explains the cookies we use and why.

Cookie: Allow Cookies
Name: civicAllowCookies
Purpose: These cookies are set in order to remember preferences in regards to cookies. 

Cookie: Google Analytics
Name: -utma/-utmb/-utmc/-utmz
Purpose: We use Google Analytics to monitor traffic levels, search queries and visits to this website. Google Analytics stores IP address anonymously on its servers, and neither Maitland Medical, CIVIC or Google associate your IP address with any personally identifiable information.
These cookies enable Google to determine whether you are a return visitor to the site, and to track the pages that you visit during your session.

Find Out More: Google website

Name: ywadp10001467053656/ ywadp1000255860556/ fpc10001467053656/ fpc1000255860556
Purpose: Yahoo! WebPlayer plays audio and video on Web pages for users across the Internet. By adding Yahoo! WebPlayer to their sites, publishers can offer relevant audio, video, and other rich context to supplement their site. You do not need to be a registered Yahoo! user to add Yahoo! WebPlayer to your site or to use the product.

Information Collection and Use Practices

  • When Yahoo! WebPlayer is used on a Website, Yahoo! may track, collect and store anonymous information about usage of the player. This information may be transmitted back to Yahoo! for diagnostic purposes and to help Yahoo! improve its products and services.
  • The anonymous, non-personally identifiable information may include a unique identifier that allows us to distinguish between different browsers.
  • Information collected during the use of Yahoo! WebPlayer is not associated with personally identifiable information about you or your Yahoo ID even if you are signed into the Yahoo! Network.
  • Websites do not receive personally identifiable information from Yahoo! WebPlayer; however, Yahoo! may share aggregate response data pursuant to the Yahoo! Privacy Policy. This data is anonymous and not identifiable.

Purpose: The PHPSESSID cookie is native to PHP and allows our website to keep track of data in relation to our secure login areas. It allows a user session and to send state data via a session cookie. The PHPSESSID cookie disappears once the website and session is closed.