Privacy Notice – Health Assessment Clients

Privacy Notice – Health Assessment Clients

This Privacy Notice applies to:

Optimal Health and Wellbeing Health Assessment Clients, the other privacy notice on our website also applies.

This privacy notice sets out how we deal with your Personal and Special Category Data data and keep it protected.

What Data We Collect, Where, When and Why

We may collect personal data such as:

Contact information (name, email, phone number) in order to provide our services and potential invoicing.

We collect and process this data in accordance with legitimate interest.

This is collected when you make a booking – We process your contact information upon making a booking in line with 6 (1) (B) – Processing is necessary for performance of a contract with the data subject or to take steps to enter into a contract.

We may collect Special Category data such as:

Health information/ data concerning health provided by you including personal and family medical history including medication, lifestyle and dietary habits and supplementation details provided by you on completion of our questionnaire.

We use this information in order to provide you with our Health Assessment Service (Legitimate Interest) and this is provided by you on returning the Health Assessment Questionnaire.

We may collect Special Category data such as:

Biometric data and data concerning health during the Health Assessment this is collected at the time of the Health Assessment and in order to provide you with the service (Legitimate Interest)

What Purpose We Use Your Personal Data For and How Long We Store it

We use your personal data when we need to know information about you to be able to provide services and only use personal data where there is a legitimate interest in doing so.

When you contact us or book through our website we may collect your personal data in line with 6 (1) (B) – Processing is necessary for performance of a contract with the data subject or to take steps to enter into a contract. Optimal Health and Wellbeing will retain your personal data provided for as long as necessary to fulfil the booking/contract and if necessary collection of invoice (usually a maximum of 3 months following the Health Assessment).

What Purpose We Use Your Personal and Special Category Data For and How Long We Store it

If you have not given explicit consent to the storage of your Health Assessment Report this data will be securely destroyed within 10 working days of the Health Assessment in order to allow for resending if necessary.

If you give explicit consent to the storage of your Health Assessment Report we store this in order to compare the differences upon attending your next Health Assessment and improve your experiences with our service. We store this data for 2 years and if you have not attended for a further Health Assessment after this point the data will be securely destroyed.

Prior to 25th May 2018 Consent for Storage of Health Assessment Report was accepted via verbal confirmation, from Friday 25th May 2018 in line with GDPR onwards Consent will be recorded via a consent form and stored for proof, consent can be withdrawn at any time by contacting Optimal Health and Wellbeing on the contact information at the bottom of this policy.

Data Sharing

No data is shared with any other organisation unless agreed otherwise with your explicit consent.

Data Security

Optimal Health and Wellbeing uses up-to-date data storage and security techniques in order to protect your personal and special category data from unauthorized access, improper use or disclosure.

Data Security Measures

  • You will receive your Health Assessment Report via email in an encrypted (password protected) file format.
  • You will have chosen the password used to protect the file at the time of the Health Assessment.
  • If you have given consent for storage the Health Assessment Report will then be pseudonymised eg: key coded so it is no longer personally identifiable and saved on a password protected, encrypted and firewalled computer in a locked office.
  • A back up of reports is also saved on a password protected encrypted external hard drive in a locked cabinet.
  • The key code to allow the reports to be identified will be stored on a separate password protected, encrypted external hard drive in a locked safe.
  • With a back up of the key code also saved on a password protected, encrypted, firewalled laptop in a locked house.

Your Rights

The GDPR provides the following rights for individuals:

The right to be informed

The right of access

The right to rectification

The right to erasure

The right to restrict processing

The right to data portability

The right to object

Rights in relation to automated decision making and profiling

Data Controller and Processor

Information that is collected will be the responsibility of Optimal Health and Wellbeing who will act as the Data Controller in relation to your personal data.

Due to the nature of the business Optimal Health and Wellbeing may also collect special category data in some circumstances where you have engaged in our services and for this will be the Data Processing Officer (DPO).

Contact details for the Data Controller and Data Processing Officer are:

Email: info@optimalhealthandwellbeing.com

Address: The Ground Floor, 24 Hill Street, St Helier, Jersey, JE2 4UA

If you wish to use any of your rights surrounding the personal or special category data we may hold from the Health Assessment please contact us on the details above

You may request details of the personal information we hold about you by making a ‘subject access request’ under the Data Protection (Jersey) Law 2018.