Data Protection

You are here: > Data Protection

Who we are?
Employee Health and Performance Limited (EHPL) are an independent provider of occupational health services.

What is our purpose of processing your data?
EHPL are contracted to process employees’ personal health data and we confirm that the information provided in the health questionnaires will be processed by occupational health practitioners for the following reasons only:

i) To assess an employee’s ability from a health perspective, to perform their job role 

ii) To identify whether any reasonable adjustments may be required to help with any disability or impairment an employee may have 

iii) To confirm that none of the requirements of the job role would negatively affect any pre-existing health conditions an employee may have

Our lawful basis for processing your data
As occupational health professionals, Article 9 (2) clause h) of the GDPR states that ‘processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems or services’.

What happens to the health information provided? 
i) When the employee has completed this questionnaire, EHPL will make a recommendation to the employer to confirm and identify if any adjustments, supports or restrictions are required to ensure the employee can safely undertake the duties of the job role 

ii) We will ask the employer to identify specific individuals to receive EHPL’s recommendation and this may include a line manager(s), human resources department and health and safety departments

iii) We confirm that the employer will not see the health information provided by the employee, without the employee first providing permission and we can confirm under the Access to Medical Records Act 1988 the employer cannot apply to a doctor or other specialist to see an employee’s health records without prior permission from the employee

How long do we retain your data for?
EHPL takes data security very seriously and we will only retain data in secure conditions for as long as we are legally obliged to; and no longer. This means for six years from the date employment is ended and one year from the date of the questionnaire if the job role does not commence.

Employee rights
You can withdraw your consent for us to process your data at any time and if you wish to do so please email EHPL at the following address:

You can ask to see your data at any time and we have made available a Subject Access Request Form:

Under current Data Protection legislation there may be exceptions set out which may form the basis on which an Occupational Health Professional may refuse to disclose all or part of your occupational health record or reports(s) upon request. The main exemptions are that information must not be released if: 

It is likely to cause serious harm to your physical or mental health or to that of others 
It relates to someone who would normally need to give their permission (where that person is not a health professional who has cared for the patient)

Download Subject Access Form

Useful links

Find out how to request your personal information:

Guidance for job applicants on Section 60 of the Equality Act 2010

Questions about health and disability during recruitment

Access to Medical Reports Act 1988

Raising a concern with an organisation handling your personal data: