How we use your information
At Medmark we respect your rights. We do not require you to provide personal information unless you wish to avail of additional features or services. Where data is submitted it will be used for the stated purpose and any reasonably incidental purposes only.
This starts with making sure that you get meaningful choices about how and why data is collected and used, and ensuring that you have the information you need to make the choices that are right for you across our products and services.
If you do not agree, or if you are not comfortable with any aspect of the Privacy Statement, you can discontinue use of the website.
We are working to get your trust by focusing on five key privacy principles:
- Control: We will put you in control of your privacy with clear choices.
- Transparency: We will be transparent about data collection and use so that you can make informed decisions.
- Security: We will protect the data that you entrust to us via strong security and encryption.
- Strong legal protections: We will respect your local privacy laws and fight for legal protection of your privacy as a fundamental human right.
- Benefits to you: When we do collect data, we will use it to benefit you and to make you experiences better.
These principles form the foundation of Medmark’s approach to privacy and will continue to shape the way we build our products and services.
On the rest of this website, you will find links to more information and controls so that you can make the right decisions for you.
Changes to our Privacy Statement
We reserve the right to modify this Privacy Statement at any time. Each time you use this website you shall be bound by the then current Privacy Statement and accordingly you should review the Privacy Statement each time you use this website. This is a live document, under regular review.
What Kinds of Data Does Medmark Collect?
You have the opportunity to send us information via this website, such as through the “contact us” pages or any other area where you may send emails or provide feedback. By choosing to participate in these, you might provide us with some personal information. This information may include your name, email and telephone number. The purpose of collecting this information is so we can contact you regarding any questions you may have asked or to provide you with other information that may be relevant to you or your business in the form of newsletters or press releases.
This information will only be used by us for:
- The purpose for which it was provided by you and any reasonably incidental purposes;
- Verification purposes and statistical analysis; and
- Marketing and administration purposes.
The types of personal data which we process for occupational health purposes which are covered by the GDPR include:
- Residential address
- Data concerning health
- Medical information
- Birth dates
We will safeguard your personal data to ensure it remains confidential and will only handle your personal data in accordance with the terms contained in our Privacy Notice and applicable data protection law.
We will retain your medical records on an ongoing basis, for as long as we have a relationship with you, and in order for us to:
- comply with our legal records retention obligations;
- inform a diagnosis of a latent condition, ensure your health and safety and protect your vital interests;
- defend or bring legal claims; and/or
- address complaints regarding our services.
We will delete your personal data once it is no longer required for these purposes.
Types of personal data
Personal data is any information relating to an identified or identifiable natural person. The types of data which we request and which are covered by the General Data Protection Regulation (GDPR) include:
- Residential address
- Birth dates
- Medical information
- Special category personal data concerning health
Lawful bases for processing data
The lawful bases under which Medmark processes personal data include:
- Article 6(1)(b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
- Article 6(1)(c) processing is necessary for compliance with a legal obligation to which the controller is subject;
- Article 6(1)(d) processing is necessary in order to protect the vital interests of the data subject or of another natural person;
- Article 6(1)(e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
The lawful bases under which Medmark processes special category personal data include:
- Article 9(2)(h) processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services;
- Article 9(2)(b) processing is necessary for the purpose of carrying out obligations or rights of the data controller or the data subject in the field of employment law;
- Section 45 of the Bill: processing data concerning health for the purpose of an insurance policy, health insurance and/or occupational pension; and/or
- Article 9(2)(i) processing is necessary for reasons of public interest in the area of public health.
We will always process your personal data in accordance with this privacy notice and all applicable data protection laws.
Security and retention of your personal data
We have appropriate technical and organisational measures in place to protect your personal data from unlawful or unauthorised destruction, loss, change, disclosure, acquisition or access. Personal data is held securely using a range of security measures.
We will retain your personal data and medical records on an ongoing basis for as long as we have a relationship with you, and/or in order for us to:
- Comply with our legal records retention obligations;
- Inform a diagnosis of a latent condition, ensure your health and safety and protect your vital interests;
- Defend or bring legal claims; and/or
- Address complaints regarding our services.
You have certain rights under the GDPR which include the right to access, amend, update, restrict, delete or object to the use of, your personal data; and to request information about the basis on which your personal data is processed.
Access Requests for Medical Reports
Under GDPR and the Data Protection Acts, you may obtain a copy of the referral or medical report furnished to your employer following your assessment. You should put your request in writing to the individual who commissioned Medmark to prepare the report. This is normally the HR Manager in a workplace.
The employer has responsibility as the Data Controller under the terms of the Data Protection Act to release the report within 30 days of receiving a request in writing.
Further details on Subject Access Request (SARs) and the Data Protection Acts can be obtained from: The Office of the Data Protection Commissioner, Canal House, Station Road, Portarlington, Co. Laois, Ireland www.dataprotection.ie. Similar regulations apply to public bodies under the Freedom of Information Acts 1997 and 2003.
If you would like to exercise any of your rights, please contact our Data Protection Officer at email@example.com. You also have the right to lodge a complaint with the Irish Office of the Data Protection Commissioner at any time.
Sharing your personal data
We only collect and use your personal data when requested to do so and, in the normal course, we only share any data we collect about you back to the referring organisation. We may share your data where required or permitted by law to do so.
People who Email Us
Any email sent to us, including any attachments, might be monitored and used by us for reasons of security and for monitoring compliance with our data protection policy. Email monitoring or blocking software may also be used. Please be aware that you have a responsibility to ensure that any email you send to us is within the bounds of the law. Unsolicited material of a criminal nature will be reported to the relevant authorities and blocked.
Children's Privacy Protection
We understand the importance of protecting Children's privacy in the interactive online world. This Website is not designed for or intentionally targeted at children 13 years of age or younger. It is not our policy to intentionally collect or maintain information about anyone under the age of 13.
Removal or Alteration of Personal Data
You have the right to be given a copy of information held by us about you. There is no charge for this. We will provide the requested information to you within 30 calendar days of the receipt of written authorisation from the data controller.
You have the right to access your data and to have any inaccuracies in the details we hold corrected. You also have the right to have the information erased if we do not have a legitimate reason for retaining same. We will agree to any such valid requests within 30 calendar days of receipt of a valid request in writing.
Please send all requests in writing to the Data Protection Officer (DPO), 69 Lower Baggot Street, Baggot Street Bridge, Dublin 2, D02 HW52. Phone: 01-6761493. Email: firstname.lastname@example.org We reserve the right to request you to provide additional information in order to enable us to identify your personal data and/or to verify your identity.
When you choose to fill our website feedback form you consent to the use of that information as set out in this statement. We will always communicate any changes made to our statement to ensure that you are always informed on how your information is used and why.
We take our security responsibilities seriously, employing the most appropriate physical and technical measures. We review our security policy regularly.
Links to Other Websites
This privacy statement does not cover the links within this site linking to other websites. We encourage you to read the privacy statements on the other websites you visit.
If you have any questions about this Privacy Statement, our practices relating to the website or your dealing with the website you can contact us at email@example.com or write to us at:
Data Protection Officer (DPO),
69 Lower Baggot Street,
Baggot Street Bridge,
Dublin 2, D02 HW52.