Occupational Health Privacy Notice

This privacy notice (Notice) explains how Imperial College London (the College, we, our, us) collects, uses and shares (or "processes") personal data of staff (including workers such as casual workers), prospective staff (i.e. job applicants), visiting academics and researchers, honoraries and secondees (you, your), and your rights in relation to the personal data we hold. This notice sets out the basis by which Imperial College London Occupational Health collects and uses the personal data of our service users.

Our users include, and accordingly this privacy policy applies to:

Current and former Imperial College London students (visiting/placement students)
Prospective students
Imperial College London staff (including workers such as casual Workers, visiting academics/researchers)
Medical Research Council Clinical Sciences Centre staff
Imperial College Health Centre staff
Royal College of Art students
Royal College of Art staff
Royal College of Music staff
Royal Albert Hall
Innovations Limited staff
IC Consultants Limited staff
Spie limited staff
Pulmocide Limited staff
Victoria and Albert Museum staff
Guy’s and St Thomas’ NHS Foundation Trust Occupational Health staff
Royal Marsden NHS Foundation Trust Occupational Health staff
UCL Occupational Health staff
Royal Geographical Society Enterprises Limited staff
Noonan UK Limited staff
Extracalm Cleaning LLP staff
Natural History Museum staff
Paratopes Limited staff
Kennedy Institute of Rheumatology staff
GlaxoSmithKline PLC staff
Respivert Limited staff
Molecular Vision Limited staff
Topivert Pharma Limited staff
Imanova Limited staff

From 25 May 2018, Occupational Health shall process your personal data in accordance with the General Data Protection Regulations (GDPR) and a revised College Data Protection Policy which will be published on the same page as the current Data Protection Policy.

Throughout this notice, “Imperial”, "we", "our" and "us" refers to Occupational Health at Imperial College London. "You" and “your” refers to our service users as listed above who use, have used or express an interest in using our services.

Personal information we hold about you

We may collect and process the following data about you:

  • Name
  • Contact details
  • Date of birth
  • National Insurance number
  • College department/department affiliation
  • College joining and leaving dates  (employment/study)
  • Job title
  • Information supplied by you through questionnaire, email, telephone or face to face consultation.
    • Health/medical history
    • lifestyle information and social circumstances;
    • Your interests and extra-curricular activities;
    • Racial information which may be relevant to clinical assessments (e.g. lung function)
  • Information supplied by your manager/academic supervisor which may include information such as attendance history, medical information
  • Medical information supplied by your GP/Specialist with your consent.

How we collect personal information about you

We collect most of the personal information we hold about you:

  • Through automatic data feeds from College systems.
  • From you via paper health/electronic questionnaires.
  • From your line manager/academic supervisor through referral questionnaires
  • From Registry in anticipation of you enrolling on a course (Medicine)
  • In the course of providing clinical services to you (e.g. vaccination history, blood test results, lung function test, GP reports)

How we use the information we hold about you and the legal basis for processing your data under GDPR

We need the information listed above (see Information we hold about you) primarily to allow us to perform our contract with you. We will process your data to enable Imperial to meet its commitment to you e.g. protecting and promoting your health at work, fulfilling our responsibility for the health assessment of health care workers and students who may be in contact with patients in NHS settings, advising on the management of work-related health problems and health problems which may be affected by work.

We use the information we hold about you:

  • Ascertain your fitness to undertake work where there is an established fitness standard.
  • Establish baseline health records where you may be working with substances and agents which have the potential to cause disease.
  • Monitor your health if you continue to be exposed to workplace allergens or substances which may cause disease.
  • Monitor your hearing if you are exposed to noise at work in line with the Noise at Work Regulations.
  • Oversee the monitoring your health if you are exposed to Ionising Radiation Sources
  • Advise on the management of accidents and exposures in the course of your work.
  • Ascertain your fitness to undertake work or study overseas, in line with the College Offsite Working Policy and recommend vaccinations and measures to protect your health as appropriate.
  • Provide advice and support to you in the management of a work-related health problem or health problem that affects you at work.
  • Within the established practice of medical confidentiality provide advice to your line manager/academic supervisor on the management of work related health problems or health problems that may affect you at work.

Change of purpose

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. We may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Who we share your information with

In line with the principles of medical confidentiality no medical information (diagnosis, results of tests etc.) is shared without your informed consent (permission). This is a professional requirement separate to any requirements of data protection legislation. Where specific health assessment process are undertaken, information on the outcome of such assessments is shared internally to nominated individuals who have a business need to know. All pathology is undertaken by an accredited external laboratory who are GDPR compliant. Referrals to NHS Specialist’s, Employee Assistance Program or independent practitioners are not made without consultation with service users and only with their agreement. We have no electronic interface with NHS record keeping systems. Occupational Health Records are archived using a third party electronic document management system.



Human Resources

The Doctors Laboratory (pathology services)

Line managers/ Academic supervisors

Royal Brompton and Harefield NHS Trust (clinical imaging)

Facility managers

NHS clinicians (on a case by case basis)

Safety Managers

Confidential Care Ltd (Employee Assistance Program)

Academic administrators

Box-IT (document management system)

Radiation Protection Officers

Independent physiotherapist

Biological Safety team

ASE Corporate Eyecare

We may in exceptional circumstances process your personal data because it is necessary to protect your or another person's vital interests, for example, where you have a life-threatening accident or illness in the workplace and we have to share your personal data in order to ensure you receive appropriate medical attention.

Information security

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Your rights as a data subject

You have the right to:

  • Withdraw consent where that is the legal basis of our processing
  • Access your personal data that we process, see Access to the information we hold about you
  • Rectify inaccuracies in personal data that we hold about you
  • Be forgotten i.e. for your details to be removed from systems that we use to process your personal data
  • Restrict the processing of your data in certain ways
  • Obtain a copy of your data in a commonly used electronic form
  • Object to certain processing of your personal data by us

For further information see the Information Commissioner’s Office or contact Imperial’s Data Protection Officer. You have a right to complain to the Information Commissioner’s Office about the way in which we process your personal data.

How long we keep your information for

Your information is stored in line with the College’s retention schedule (pdf). Further information is available from the College Archives and Corporate Records Unit. Anonymous data from surveys and feedback exercises may be retained for a longer period to aid year on year comparisons.

Access to the information we hold about you

If you wish to have access to information from your Occupational Health record   you may do so by requesting a copy of your Immunisation report directly form occupational Health occhealth@imperial.ac.uk   If this request is not made from an Imperial College email account, we will need to verify your identity before releasing information.

To obtain access to, and copies of, the remaining personal data we hold about you. Further information of how to make such an application can be found at http://www.imperial.ac.uk/admin-  services/legal-services-office/data-protection/subject-access-requests/

Please note that the above rights are not absolute, and requests may be refused where exceptions apply. You can find out more about your rights at www.ico.org.uk.

If you have any questions about these rights or how your personal data is used by us, you should contact the Data Protection Officer whose details are set out in the section Data controller and Data Protection Officer details below.

Contact and complaints

The ICO does recommend you seek to resolve any issues with the data controller initially prior to any referral to it. If you have any queries about this privacy notice or how we process your personal data, or if you wish to exercise any of your rights under applicable law, you may contact your line manager or the Data Protection Officer whose details are set out in the section Data controller and Data Protection Officer details below. If following such referral you are still not satisfied with how your personal data is used by the College you can make a complaint to the Information Commissioner (www.ico.org.uk).

Data Protection Officer

Imperial has appointed a Data Protection Officer to oversee compliance with this privacy notice. If you have any questions about this privacy notice or how we handle your personal information, please contact the Data Protection Officer at:

Imperial College London
Data Protection Officer
Exhibition Road
Faculty Building Level 4
London SW7 2AZ


Changes to this privacy notice

We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.