Privacy Notice – Health Assessment Clients
This Privacy Notice applies to:
Optimal Health and Wellbeing Health Assessment Clients, the other privacy notice on our website also applies.
This privacy notice sets out how we deal with your Personal and Special Category Data data and keep it protected.
What Data We Collect, Where, When and Why
We may collect personal data such as:
Contact information (name, email, phone number) in order to provide our services and potential invoicing.
We collect and process this data in accordance with legitimate interest.
This is collected when you make a booking – We process your contact information upon making a booking in line with 6 (1) (B) – Processing is necessary for performance of a contract with the data subject or to take steps to enter into a contract.
We may collect Special Category data such as:
Health information/ data concerning health provided by you including personal and family medical history including medication, lifestyle and dietary habits and supplementation details provided by you on completion of our questionnaire.
We use this information in order to provide you with our Health Assessment Service (Legitimate Interest) and this is provided by you on returning the Health Assessment Questionnaire.
We may collect Special Category data such as:
Biometric data and data concerning health during the Health Assessment this is collected at the time of the Health Assessment and in order to provide you with the service (Legitimate Interest)
What Purpose We Use Your Personal Data For and How Long We Store it
We use your personal data when we need to know information about you to be able to provide services and only use personal data where there is a legitimate interest in doing so.
When you contact us or book through our website we may collect your personal data in line with 6 (1) (B) – Processing is necessary for performance of a contract with the data subject or to take steps to enter into a contract. Optimal Health and Wellbeing will retain your personal data provided for as long as necessary to fulfil the booking/contract and if necessary collection of invoice (usually a maximum of 3 months following the Health Assessment).
What Purpose We Use Your Personal and Special Category Data For and How Long We Store it
If you have not given explicit consent to the storage of your Health Assessment Report this data will be securely destroyed within 10 working days of the Health Assessment in order to allow for resending if necessary.
If you give explicit consent to the storage of your Health Assessment Report we store this in order to compare the differences upon attending your next Health Assessment and improve your experiences with our service. We store this data for 2 years and if you have not attended for a further Health Assessment after this point the data will be securely destroyed.
Prior to 25th May 2018 Consent for Storage of Health Assessment Report was accepted via verbal confirmation, from Friday 25th May 2018 in line with GDPR onwards Consent will be recorded via a consent form and stored for proof, consent can be withdrawn at any time by contacting Optimal Health and Wellbeing on the contact information at the bottom of this policy.
No data is shared with any other organisation unless agreed otherwise with your explicit consent.
Optimal Health and Wellbeing uses up-to-date data storage and security techniques in order to protect your personal and special category data from unauthorized access, improper use or disclosure.
Data Security Measures
You will receive your Health Assessment Report via email in an encrypted (password protected) file format.
You will have chosen the password used to protect the file at the time of the Health Assessment.
If you have given consent for storage the Health Assessment Report will then be pseudonymised eg: key coded so it is no longer personally identifiable and saved on a password protected, encrypted and firewalled computer in a locked office.
A back up of reports is also saved on a password protected encrypted external hard drive in a locked cabinet.
The key code to allow the reports to be identified will be stored on a separate password protected, encrypted external hard drive in a locked safe.
With a back up of the key code also saved on a password protected, encrypted, firewalled laptop in a locked house.
The GDPR provides the following rights for individuals:
The right to be informed
The right of access
The right to rectification
The right to erasure
The right to restrict processing
The right to data portability
The right to object
Rights in relation to automated decision making and profiling
Data Controller and Processor
Information that is collected will be the responsibility of Optimal Health and Wellbeing who will act as the Data Controller in relation to your personal data.
Due to the nature of the business Optimal Health and Wellbeing may also collect special category data in some circumstances where you have engaged in our services and for this will be the Data Processing Officer (DPO).
Contact details for the Data Controller and Data Processing Officer are:
Address: Pirouet House, The Wellness Centre, Union Street, St Helier, Jersey JE2 3RF
If you wish to use any of your rights surrounding the personal or special category data we may hold from the Health Assessment please contact us on the details above
You may request details of the personal information we hold about you by making a ‘subject access request’ under the Data Protection (Jersey) Law 2018.