If you would like to download a copy of our privacy notice please click here
Who we are
Industrial Diagnostics Company Limited are a company registered in England under number 04819173. Our registered office is at 2 Merus Court, Meridian Business Park, Leicester, LE19 1RJ.
Our commitment to you
Industrial Diagnostics Company Limited are committed to:
Protect the privacy, confidentiality and integrity of the information we collect, store, transfer and process in accordance with the General Data Protection Regulation (GDPR) and to meet our legal requirements and contractual obligations. In addition, we operate within guidelines and ethical codes relating to confidentiality, as provided by the Information Commissioner Office (ICO), The Faculty of Occupational Medicine, the Nursing and Midwifery Council and other health professions regulators.
The main purpose of this privacy notice is to explain what information is collected by us, Industrial Diagnostics Company Limited, and how we use this information. It also explains your rights, including to access, rectify or erase your data.
This privacy notice has been designed so that you don't have to read the entire document to find information on a topic. However, if you want to read all of it – please feel free to do so.
Please access any of the topics below by clicking on the link to be directed to the relevant section.
Types of personal data we collect
The types of personal information we process include but is not limited to:
- Identification data - such as your full name, gender, date of birth, National Insurance Number
- Contact details - such as home and business address, email address and mobile and/or home telephone number
- Employment details - including job title, location, employment contract, background checks
- Information about your health – including medical history, medication and clinical observations of any medicals or health assessments that we carry out, and details of your General Practitioner or other professionals where this has been provided to enable assessments to be made of your medical fitness or any appropriate adaptations to your employment
- Financial information (employment only) – such as banking details, salary, expenses, taxation information
Our legal basis for collecting and using the personal data described above will depend on the personal data concerned and the way we collect it. We will normally collect personal data under one of the following lawful basis for performing of our Occupational Health/Audiology services: Article 6(1) (f) and Article 9(2) (h). Our lawful basis for processing data in an employment relationship is Article 6(1) (b).
How your personal data is used
Your personal data will only be used for the purposes for which it was collected, as indicated to you at the time you provided your personal data to Industrial Diagnostics Company Limited. We operate within the GPDR principles and best practice guidelines, and we will use your personal data as follows:
- To deliver and administer our services, including to assess your medical capability to undertake a role, to determine your fitness for work, to assess your hearing, to offer you work (employment only)
- The personal data we obtain will be used fairly and lawfully for the purposes of providing Occupational Health, NHS audiology services or for employment purposes
- Your consent will be obtained before sharing information, e.g. Occupational Health information being sent to your employer. Please note that we may process your personal data without your knowledge or consent, in compliance with our obligations, e.g. a criminal investigation
- All personal data held will be ‘relevant’ and ‘appropriate’ to the purpose for which it has been obtained. We will inform you if we need to use your personal data for an unrelated purpose and we will explain the legal basis that allows us to do so
- Your personal data will be kept for as long as is required
- We will strive to protect your personal data against unauthorised or unlawful processing, accidental loss or destruction, and damage through appropriate measures
- Your personal data will not be transferred outside the European Economic Area
Automated decision making and profiling
We may use a technology-only based approach to deliver our services and to make a decision about you in relation to those services. For example, you may be asked to respond to a set of questions and if your answers do not require further explanation then a certificate is automatically generated. You will be advised when we are using such services.
Working with us
When you work with us, or when making an application for employment, we may process personal data about you and your dependents, beneficiaries and other individuals whose personal data has been provided to us. For further information on why and how personal data is collected and processed employees should refer to their Employee Handbook. Job applicants can request a copy of our job applicant’s privacy notice by emailing us at the address stated in the contact us section of this notice.
At our Head Office, Atherstone House, we reserve the right to use closed circuit television (CCTV) systems to the front external area of our premises as deemed necessary. Therefore, visitors to our Head Office should expect the outside area to be visible on a television monitoring system. Any information obtained from systems will be used with strict adherence to the GDPR. Information will be used for the prevention and detection of crime and to ensure compliance with our policies and procedures.
Who we share your personal data with
We take care to allow access to personal data only to those who require such access to perform their tasks and duties, and to third parties who have a legitimate purpose for accessing it. For example, some personal data will be available to other health professionals, e.g. physiotherapists, counsellors, clinicians in a specialty field, your General Practitioner. Whenever we permit a third party to access personal information, we will implement appropriate measures to ensure the data is used in a manner consistent with this notice and that the security and confidentiality of the data is maintained.
Transfers to third-party service providers
In addition, we make certain personal data available to third parties who provide services to us. We do so on a "need to know basis" and in accordance with applicable data protection and data privacy laws.
For employment employee benefit plans service providers and third-party companies who provide us with employment law advice, accountancy and tax services. In addition, for hosting our web based platform and providing our IT support.
Transfers to other third parties
We may also disclose personal data to third parties on other lawful grounds, including:
- To comply with our legal obligations, including where necessary to abide by law, regulation or contract, or to respond to a court order, administrative or judicial process
- In response to lawful requests by public authorities (including for national security or law enforcement purposes)
- As necessary to establish, exercise or defend against potential, threatened or actual litigation
- Where necessary to protect the vital interests of our employees or another person
- In connection with the sale, assignment or other transfer of all or part of our business
- With your freely given and explicit consent
Retention of your information
We will only keep your information for as long as is necessary and with strict adherence to statutory requirements. However, as a general rule we will keep information in line with the below retention periods:
- Occupational Health records for the duration of your employment and a further six years or up to your 75th birthday, whichever is the earliest
- Higher Education records for 6 months following planned graduation
- NHS records for the duration of the service for which we are commissioned or on your death once we are informed
- Statutory records, including Control of Substances Hazardous to Health Regulations (COSHH) 40 years from the date of last entry and Medical Records under the Ionising Radiations Regulations 2017, until the age of 75 or at least 50 years
- Employee records will be retained in accordance with our Employee data - policy on retention periods available on request
In the event of a change to Industrial Diagnostics Company Limited providing our services, your records may be transferred to another provider. Where this is required you will be fully informed in writing at the time and you will be given the opportunity to object to your record being transferred.
You may exercise the rights available to you under the data protection law, as follows:
- Right to be informed
You have the right to be given information about how your data is processed and why.
- Right of Access
You can request to see the information that we hold about you. We will require a security check to verify your identity before we will release any information. Your request should be sent via letter or email.
- Right to rectification
Ask that we update, correct or complete the information held about you to be updated.
- Right to restrict processing
You can request that processing of your personal data is restricted, e.g. if you believe that your data is inaccurate.
- Right of erasure
You can request that we erasure your personal data. Please be aware that where there is a legal obligation to retain the information we can refuse your request.
- Right to object
To request that your personal data is not used marketing/statistical purposes. You will be informed if your data will be used for such purposes.
- Right to data portability
Ask us to provide information to you in a commonly used electronic format and to have that information transmitted directly to another organisation.
- Rights in relation to automated decision making and profiling
You can obtain human intervention where technology only has been used to make decisions. You can also obtain an explanation of the decision and you may be able to challenge the decision.
What to do if you are unhappy with the way your data is processed
Should you be unhappy with the way in which we process your data you can write to us by using one of the ‘Contact Us’ options detailed below.
Please include your name, date of birth and contact details, and mark for the attention of the ‘Data Protection Officer’.
If you are not satisfied with our response you can also contact the UK data protection regulator, the Information Commissioner, whose contact details are available at https://ico.org.uk
Changes to our privacy notice
Please note that we may update this privacy notice from time to time. Any changes that we make to this policy in the future will be posted on this webpage. Please check back frequently to see any updates and changes to this privacy notice.
If you need to contact us or require further information about our privacy notice please:
Send us an email: firstname.lastname@example.org
Post us a letter: Atherstone House, The Siding, Merry Lees, Merry Lees, Leicestershire LE9 9FE
Telephone us on: 08450 775512