We process your personal information for a number of legitimate interests from managing our relationship with you through to helping us improve our services and products to you.
Legitimate interest is one of the legal reasons why we process your personal information. Taking into account your interests, rights and freedoms, legitimate interests which allow us to process your personal information include:
- To manage our relationship with you, our business and third parties who provide products or services for us.
- To provide healthcare services for you directly or on behalf of a third party (for example, your employer).
- To keep our records up to date.
- If your service is being provided by your employer, to provide anonymised (information that cannot identify you as an individual) feedback to your employer so they can assess the health and wellbeing of their workforce.
- For research and analysis so that we can monitor and improve our products, services, websites and software or develop new ones.
- To contact you for market research and for marketing purposes about the quality of our service that we have provided to you.
- To monitor how well we are meeting our clinical and business performance expectations.
- Additionally, we process special category personal data under the provision Data Protection Act (2018) Schedule 1 Part 1 S(2)
“Processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems “
We only disclose information about you for the following reasons:
- In reports to your employer where you have been referred by your employer for an assessment and you have consented to this report being provided to your employer.
- To our approved partners or suppliers for the purpose of delivering the services that we have been engaged to provide; such as sending your name and blood samples to contracted blood testing laboratories.
- With your consent which we will obtain before we make such a disclosure
- It is required by law.
Your relevant data may be shared with third party providers that have contracts with ToHealth to provide relevant health care services.
Blood testing laboratories: We disclose name, gender, contact details and date of birth along with the blood sample so that your sample can be accurately processed and results returned directly to you or via ToHealth.
Your General Practitioner or doctor (with consent from you): We would disclose your clinical results so that they can act on any findings that our services obtain from screening or occupational health investigations.
Third party healthcare providers; if your package offers specialist tests or screenings that are not provided by ToHealth’s own clinical team we contract with carefully selected third party providers to offer these additional tests. We would disclose your contact details and relevant clinical measurements.
Third party lifestyle providers If your package offers lifestyle services such as coaching we contract with carefully selected third party providers to offer these additional services. We would disclose your contact details and relevant clinical measurements
If your employer pays for your screening then we will inform your employer of your name, screening location, services provided and attendance date so that ToHealth can correctly invoice for the screening carried out. We do not disclose to your employer any identifiable results or measurements from your own screening unless we are undertaking statutory tests such as fitness to work in an occupational health capacity.