WHAT IS THE PURPOSE OF THIS DOCUMENT?
Reed in Wellbeing Limited (Reed”) is a “data controller”. This means that we are responsible for deciding how we hold and use personal information about you. You are being provided with a copy of this privacy notice because you have provided your consent to Reed performing a health check on you for your own personal use or for the benefit of your employer. It makes you aware of how and why your personal data will be used and how long it will usually be retained for. It provides you with certain information that must be provided under the Data Protection Act 2018 (DPA).
DATA PROTECTION PRINCIPLES
We will comply with data protection law. This means that the personal information we hold about you must be:
We will collect, store and use the following categories of personal information:
HOW WE WILL USE INFORMATION ABOUT YOU
We will only process your personal information when you give us express consent to do so.
Situations in which we will use your personal information:
We need all the categories of information in the list above in order to carry out the health assessment. Please note that the health assessment is not mandatory, and therefore, should you not provide us with consent, we would unfortunately not be able to carry out the health assessment. In the event that the health assessment has been made available by your employer, we would have entered into an agreement with your employer who is also paying for this service. Under the contract we have entered into with your employer, we will provide them with an anonymised, aggregated summary report of the results of all employees who completed a Health Check. Please note that your employer will not be able to identify you from the aggregated information we provide them. If you request the Health Check directly from us without the involvement of your employer, then no information or data will be disclosed to your employer
HOW WE USE PARTICULARLY SENSITIVE PERSONAL INFORMATION
We collect the medical information you provide to us on the portal to perform the health check.
You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making.
How long will you use my information for?
We will retain your personal information for a period of 8 years after we have performed the heath check. After this period, we will securely destroy your personal information in accordance with our data retention policy.
Who will my data be shared with?
We may have to share your data with third parties, including third-party service providers and other entities in the Reed Group of Companies. We require third parties to respect the security of your data and to treat it in accordance with the law.
Why might you share my personal information with third parties?
We will share your personal information with third parties where required by law or where it is necessary to administer the health checks, or where we have another legitimate interest in doing so.
Which third-party service providers process my personal information?
"Third parties" includes third-party service providers (including contractors and designated agents) and other entities within our group. The following activities are carried out by third-party service providers:
All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
Transferring information outside the EU
We will not transfer the personal information we collect about you outside the EEA.
Your rights in connection with personal information
Under certain circumstances, by law you have the right to:
• Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
• Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
• Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
• Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
• Request the transfer of your personal information to another party.
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact RinP.firstname.lastname@example.org. You have the right to withdraw your consent for the processing of your personal data by Reed at any time. To withdraw your consent, please put your request in writing and send to RinP.email@example.com. . Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
DATA PROTECTION OFFICER
We have appointed a Data Protection Officer (DPO) to oversee compliance with this privacy notice. If you have any questions about this privacy notice or how we handle your personal information, please contact the DPO at RinP.firstname.lastname@example.org. You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.