Occupational Health Jobs & Vacancies

Maximising Attendance & Wellbeing Through Healthy Work

Privacy Notice

Version: 1.2

Effective Date: 1st November 2023


Introduction

COPE Occupational Health Services Limited ("COPE", "we", "our", "us") is committed to protecting your personal data and respecting your privacy. This privacy notice explains how we collect, use, and protect personal data in relation to our services, recruitment, website, and communications. It also outlines your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

 

Who We Are

COPE provides occupational health services to employers and their employees. We may act as either a Data Controller or Data Processor, depending on the context of the service provided. For example, we are typically the Data Controller for clinical information collected during consultations, but may act as a Processor when providing reports back to the referring employer.


When This Notice Applies

This privacy notice applies when you:

  • Use our occupational health services as an employee or customer
  • Visit our website or complete an online enquiry form
  • Submit an enquiry or data rights request
  • Apply for a job with COPE


What Data We Collect

Depending on your interaction with us, we may collect:

Personal Data

  • Name, contact details, date of birth
  • Employment details (role, location, manager)
  • Recruitment data (CV, application info, right to work)

Special Category Data (Health Information)

  • Medical history, symptoms, treatments, and fitness assessments
  • Data collected during occupational health consultations or health surveillance


We only collect data that is necessary for the service being delivered and process it in accordance with Article 6(1) and Article 9(2)(h) of the UK GDPR.



How We Collect Your Data

We collect data from:

  • Your employer when they refer you to our services
  • Directly from you through consultations, web forms, or recruitment applications
  • Other healthcare providers with your consent (e.g., GP reports)


How We Use Your Data

We process your personal data for purposes such as:

  • Booking and conducting occupational health consultations
  • Providing clinical assessments and reports to your employer
  • Supporting workplace health and safety compliance
  • Managing recruitment applications
  • Responding to website enquiries
  • Improving our services through anonymised analysis


We will only share medical information with your employer with your explicit consent, unless an exception applies (e.g., safety-critical roles or legal obligations).


Legal Basis for Processing

We rely on the following lawful bases to process your personal data:

  • Legitimate Interests – Providing occupational health services to clients
  • Legal Obligation – Compliance with employment or health and safety law
  • Contract – Managing recruitment and employment applications
  • Consent – Only when explicitly required (e.g. sharing medical reports)
  • Vital Interests – In emergency or safeguarding situations


Data Sharing

We may share your data with:

  • Your employer (with appropriate consent)
  • Laboratories or other healthcare providers supporting your care
  • Approved third-party processors (e.g. system providers)
  • Regulatory authorities where legally required


All third parties are bound by confidentiality agreements and data protection obligations. We do not sell your data or use it for marketing without your permission.


Data Security and Storage

Your data is stored securely in the UK using encrypted systems with strict access controls. Where paper records are held, they remain in locked storage. All data transfers are encrypted, and records are only retained for as long as necessary.


Retention Periods:

  • Occupational Health Surveillance Records: 40 years
  • Other Clinical Records: 7–8 years after last contact
  • Recruitment Records (unsuccessful applicants): 12 months
  • Website Enquiries: Retained only as long as needed to respond


Your Data Rights

You have the right to:

  • Access your data
  • Rectify inaccurate information
  • Request erasure (where applicable)
  • Restrict or object to processing
  • Withdraw consent (where consent is the lawful basis)
  • Data portability (in specific circumstances)
  • To lodge a complaint with the Information Commissioner’s Office (ICO):  www.ico.org.uk


To exercise any of your rights or raise a concern, please use the data rights form below.


Website Usage & Cookies

When you visit our website:

  • We collect information via cookies
  • Data from contact forms is sent securely to our internal systems and not stored on the public website
  • We do not share your web data with third parties for marketing


Our website may contain links to other sites; we encourage you to review their privacy notices separately.


Changes to This Notice

We may update this privacy notice periodically, the latest version will always be available on our website. Last updated: XX 2025