Privacy Statement & Data Sharing agreement

Home/Privacy Statement & Data Sharing agreement

Caer Health Quick Guide, Privacy Statement

This is a quick guide outlining the main issues about how we handle sensitive personal information.


Who are we?

We are Caer Health Services Ltd, an experienced Occupational Health (OH) provider based in Wales.


Data Controller:

Caer Health Services Ltd, 5a Penty Newydd, Caerphilly Business Park, Van Road, Caerphilly, CF833GS

Email:  Tel: 02920 881 967


Data Protection Officer:

Neil Hill – Managing Director

Email: Tel: 02920 881 967


What information do we process?

In order to give OH advice, we need to know who you are, what you do and what the issue is. This information comes to us from your employer in the form of a referral. The employer will discuss the referral with you, at which time you consent to the process. When you see one of our clinical staff they will ask for your further consent to the assessment and report.


Confidentiality and Consent

The information we obtain as part of our clinical services is confidential and your OH records are not able to be seen by others, including your employer. For OH advice to be available to your employer, we would normally produce a report for your employer, outlining the main issues relevant to your case. You will see the report and be offered a copy. We need your consent before we would send this to the employer. You are not obliged to give consent in which case, no report will be sent.


Security of information

We take reasonable security precautions for the personal information we store. This includes IT security measures such as data encryption as well as physical security and access controls. Your employer is also required to take reasonable precautions with the OH report/supplementary information that we send to them.


Legal basis for Processing

We process personal sensitive information in accordance with the General Data Protection Regulation (GDPR). Our legal basis to process personal sensitive information falls under Article 6, Legitimate Interest and Article 9 for the purpose of Occupational Health Medicine.


Rights of Individuals

These have been strengthened under the GDPR and include the following. If you would like to exercise any of these rights, please contact the data controller.

Rights of individuals under the GDPR

  • To be informed
  • Of access
  • Of rectification
  • Of erasure
  • To restrict processing


What we will not do

We never pass your information to anyone other than your employer or GP/Specialist – and that is always with your consent.


Further information or guidance

If you would like further information or wish to make a complaint or suggestion, please contact our Data Protection Officer. You can also make a complaint to the Information Commissioner’s Office (ICO). Our full Privacy Statement can be viewed online.