At Cognate Health Ltd, we take your privacy seriously. It is important that you know exactly what we do with personal information that you and others provide to us, why we gather it and what it means to you.
This document is being provided to you in line with our obligations under the General Data Protection Regulation (GDPR), which came into force on 25 May 2018. From that date, the GDPR, together with applicable Irish requirements, will amend existing data protection law and place enhanced accountability and transparency obligations on organisations when using your information. The GDPR will also introduce changes which will give you greater control over your personal information, including a right to object to processing of your personal information where that processing is carried out for our business purposes.
Please take time to read this notice carefully. If you are under 16 years of age, please read this summary with a parent or guardian and ensure you understand it. If you have any questions about how we use your information, please contact our Data Protection Officer at the details below.
This summary explains the most important aspects of how we use your information and what rights you have in relation to your personal information. You can get more detailed information by viewing our full Data Privacy Notice at www.cognatehealth.ie or by mail to Cognate Health Ltd, Ground Floor, Block B, Heritage Business Park, Mahon Industrial Estate, Blackrock, Cork
The information we will hold:
- Residential address, including your contact information;
- Date of birth (used for identification purposes)
- information about you provided by others e.g. referral letter from employer;
- medical information which you have consented to us such as: medical questionnaires, medical results, medical reports
Cognate will never use your information for any other reason than the purpose you have consented to.
How we collect your information:
We collect information: (i) you give us; (ii) information provided to us by third parties with your prior informed consent.
How we use your information and the legal basis:
We use, and share, your data where:
- processing is necessary for the purpose of preventative or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health of social care systems and services;
- processing is necessary for the purpose of carrying out obligations or rights of the data controller or the data subject in the field of employment law
- processing data concerning health for the purpose of an insurance policy, health insurance and/or occupational pension; and/or
- processing is necessary for reasons of public interest in the area of public health.
We will retain your medical records on an ongoing basis, for as long as we have a relationship with you, and in order for us to:
- comply with our legal records retention obligations
- inform a diagnosis of a latent condition, ensure your health and safety and protect your vital interests
- defend or bring legal claims; and/or
- address complaints regarding our services.
How we analyse your information:
We may anonymously analyse your information using means to:
- help us understand trends within your employment sector;
- to help us to offer products and service information we believe will be of interest to the general employment sector;
Where we store your information
Physical files are stored in our office and our archives. Electronic files are stored on our secure servers and in the cloud. You may contact us in case you wish to find out more or to obtain a copy of the appropriate safeguards.
Who we share your information with:
When providing services to you, we may share your information with:
- your authorised representatives;
- third parties with whom: (i) you have consented us to share your information i.e. your employer, (ii) you ask us to share your information i.e. your GP/Specialist, and (iii) onward referrals with your consent i.e. specialist, x-ray etc;
- Cognate Health Ltd Occupational Health Network;
- service providers who provide us with support services;
- statutory and regulatory bodies (including central and local government) and law enforcement authorities;
- healthcare professionals and medical consultants;
- business or joint venture partners.
How long we hold your information:
How long we hold your data for is subject to occupational health exposure legislation and regulatory rules we must follow, set by authorities such as the Irish Medical Council, World Health Organisation and Health & Safety Authority of Ireland.
Cognate Health Ltd. has adopted the policy that all health information records have to be kept for a minimum of 10 years with exceptions as outlined below:
Regulations made under the 2005 Act do sometimes require employers to maintain records for specified periods. In particular, an employer is required to keep a record of any accident or dangerous occurrence reportable to the HSA for a period of 10 years from the date of the accident or dangerous occurrence.
The Irish Medical Councils Guide to Ethical Conduct and behaviour states that Medical Records should be retained for an adequate period and eventual disposal may be subject to advice from legal and insurance bodies.
That Booklet also recommends retention of records for at least 10 years in relation to Occupational Medicine / General Practice.
In the case of Health Surveillance records for exposure to carcinogens must be kept for a minimum period of 40 years.
For exposure to biological agents the recommendation is to retain individual confidential medical records for an ‘appropriate’ time, usually between 10 to 40 years, depending on the length of time of exposure and/or the likely duration of risk to the safety and health of the employee due to exposure.
Implications of not providing information:
If you do not provide information we may not be able to:
- accurately assess your fitness for work;
- assess suitability for specific employment roles; and
- where relevant, give you or your employer a recommendation for job alterations.
We will tell you when we ask for information which is not a contractual requirement or is not needed to comply with our legal obligations.
In Cognate Health we recognise that your information is valuable and we take all reasonable measures to protect it whilst it is in our care. We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. Our server is restricted for access only to authorised people, emails and server are encrypted.
Unfortunately the transmission of information by means of the internet including email is not completely secure and although we will do the best to protect your personal data we cannot guaranty the security of your data transmitted by email.
Using companies to process your information outside the EU:
In some cases, we may transfer information about you to our service providers and other organisations outside the EU. We will always take steps to ensure that any transfer of information outside of the EU is carefully managed to protect your privacy rights.
How to exercise your information rights including the right to object:
From 25 May 2018, you will have several enhanced rights in relation to how we use your information, including the right, without undue delay, to:
- find out if we use your information, access your information and receive copies of your information;
- have inaccurate/incomplete information corrected and updated;
- object to particular use of your personal data for our legitimate business interests or direct marketing purposes*;
- in certain circumstances, to have your information deleted or our use of your data restricted*;
- exercise the right to data portability (i.e. obtain a transferable copy of your information we hold to transfer to another provider) *; and
- to withdraw consent at any time where processing is based on consent.
*These rights will be available from 25 May 2018
If you wish to exercise any of your data rights, you can contact us at www.cognatehealth.ie, by mail to Cognate Health Ltd, Ground Floor, Block B, Heritage Business Park, Mahon Industrial Estate, Blackrock, Cork or by contacting 0818 989 322.
Your request will be fully resolved within 30 days of receipt of the request. If you make your request electronically, we will try to provide you with the relevant information electronically.
You also have the right to complain to the Data Protection Commission or another supervisory authority. You can contact the Office of the Data Protection Commissioner at:
Telephone: +353 (0)761 104 800 or Lo Call Number 0818 989 322
Fax: +353 57 868 4757
Postal Address: Data Protection Commission, Canal House, Station Road, Portarlington, R32 AP23, Co. Laois.
How to contact us and/or our data protection officer:
If you have questions about how we use your information, you can reach our Data Protection Officer at www.cognatehealth.ie, by mail to Cognate Health Ltd, Ground Floor, Block B, Heritage Business Park, Mahon Industrial Estate, Blackrock, Cork or by contacting 0818 989 322.
We will update our Data Privacy Notice from time to time. Any updates will be made available onsite and, where appropriate, notified to you by SMS, e-mail.