Created 2nd February 2021. Version 0.3

Specific Privacy Notice

Back Record Conversion (Digitisation) of Occupational Health Records

The Human Resources Directorate have commissioned the conversion of all Essex Police held Occupational Health records, by DeepStore Limited (Processor).

Introduction

This Specific Privacy Notice has been created to make it easier for you to understand what personal data Essex Police processes about you, how and why it will be used in connection with the digitalisation of existing paper records held by Essex Police Occupational Health department. It is a requirement of the General Data Protection Regulation (GDPR).

It is subordinate to, and should be read in conjunction with, the force’s high-level Privacy Notice.

The high-level Privacy Notice provides you with complete details of the rights you have relating to the personal data we hold about you now and any personal data we might collect about you in the future.

If you have no access to the internet and require access to the high-level Privacy Notice please contact the Essex Police Information Rights Team (contact details below) and they will provide a copy to you. The team will also facilitate the provision of the Privacy Notice in large font, or Braille, or published in other languages.

Privacy Information

1. Who is the Controller (the person who determines the purpose and means by which your personal data is processed) and what are their contact details?

The Controller is:

Chief Constable of Essex Police
Essex Police HQ
PO Box 2
Chelmsford
CM2 6DA

Article 13(1)(a)
Article 14(1)(a)

2. What are the contact details of Essex Police’s Data Protection Officer?

Data Protection Officer
Essex Police HQ,
PO Box 2
Chelmsford
CM2 6DA

Email: [email protected]

Article 13(1)(b)
Article 14(1)(b)

3. For what purpose(s) is my personal data intended to be processed by Essex Police?

Essex Police’s Human Resources Directorate have commissioned the digital conversion of all Essex Police held Occupational Health records, by DeepStore Limited (Processor). This digitisation activity will assist in the secure management of these records (data protection compliance).

Article 13(1)(c)

4. What personal data of mine will be processed by Essex Police?

Essex Police will provide the Processor, DeepStore Limited, with all information held in Occupational Health records for the purpose as stated above; the personal data/information will include but is not limited to:

  • Name, date of birth, national insurance number, contact details, address
  • Details of your job and in regards your employment
  • Medical health questionnaire other medical information
  • Occupational Health referrals from line managers
  • Occupational Health reports following consultations
  • Results of medical tests
  • Force Medical Officer reports on suitability for ill health retirement
  • Details about your GP or specialists
  • Correspondences and information from other parties like your GP or other health care professionals
  • Consent forms
  • Details of appointments
  • Details of any complaints you have made and how these complaints were dealt with
  • Details of any fees you may have been charged, the amounts you have paid and some payment details

5. How will my personal data be processed by Essex Police?

The existing hard copies (records) will be securely transported to an appropriately secure location of the Processor where the records will be scanned and the digital product provided to Essex Police, via secure means. Following this process, the original records will be destroyed by the Processor – in line with requirements as set by Essex Police – who will provide the Controller will certificates of destruction.

6. What is Essex Police’s legal basis for processing my personal data?

Essex Police’s legal basis is GDPR Article 6(1)(b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract; And where Special Category personal data is processed the lawful basis applied is GDPR Article 9(2)(b) processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law in so far as it is authorised by Union or Member State law or a collective agreement pursuant to Member State law providing for appropriate safeguards for the fundamental rights and the interests of the data subject;

Article 13(1)(c)
Article 14(1)(c)

7. If my personal data is obtained by Essex Police from someone else what are the categories of personal data collected?

N/A

Article 14(1)(d)

8. Who will my personal data be disclosed to by Essex Police?

The contracted Processor, DeepStore Limited

Article 13(1)(e)

9. Does Essex Police intend to transfer my personal data out of the U.K. or to an international organisation?

No

Article 13(1)(f)
Article 14(1)(f)

10. If Essex Police intends to transfer my personal data out of the U.K. or to an international organisation what safeguards are there to protect my personal data?

N/A

Article 13(1)(f)
Article 14(1)(f)

11. How long will my personal data be retained by Essex Police?

No change. Occupational Health records are held in accordance with relevant policy and procedure – W1000 Information Management and W1012 Force Retention Schedule
(where you do not have access to Essex Police systems please contact the Force DPO for disclosure of this information)

Article 13(2)(a)
Article 14(2)(a)

12. What are my rights under the GDPR?

You have the following rights under the GDPR:

  • Right to be informed
  • Right of access
  • Right of erasure
  • Right to restriction of processing
  • Right to data portability
  • Right to object
  • Right not to be subject of automated decision-making

Full details of those rights and how to exercise them can be found in Essex Police’s high-level Privacy Notice which can be found on the home page of the Essex Police website. It can also be obtained from:

Information Rights Team
Essex Police HQ
PO Box 2
Chelmsford
CM2 6DA

Email: [email protected]

Article 13(2)(b)
Article 14(2)(c)

13. If Essex Police relies on my consent to be the legal basis for processing my personal data can I withdraw that consent?

N/A

Article 13(2)(c)
Article 14(2)(d)

14. Who can I lodge a complaint with if I am unhappy about the way my personal data is processed by Essex Police?

You may lodge a complaint with the Information Commissioner’s Office. Their contact details are:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 0303 123 1113

Website:  www.ico.org.uk

You may wish to initially raise any concerns with the Data Protection Officer.

Article 13(2)(d)
Article 14(2)(e)

15. If my personal data was obtained by Essex Police from someone else from who or where was it obtained by Essex Police?

N/A

Article 14(2)(f)

16. Am I required to provide my personal data under a statutory or contractual requirement, or a requirement necessary to enter into a contract, or am I obliged to provide it?

Some information held in Occupation Health records may be held as part of a contractual requirement.

Article 13(2)(e)

17. Will my personal data be used for automated decision-making, including profiling?

No

Article 13(2)(f)
Article 14(2)(g)

18. If my personal data will used for automated decision-making, including profiling what logic will be involved and what significance and consequences will there be for me from the automated decision-making?

N/A

Article 13(2)(f)
Article 14(2)(g)