GDPR Privacy Notice/Data Protection Statement (updated February 2026)

1. Introduction & Data Controller

PEMS Health Ltd (“we”, “us”, “our”) is committed to protecting your personal data and your privacy. We are the Data Controller responsible for your personal information when we collect or process it, including via our website and in the provision of Occupational Health services.

Our registered office and contact details are:
PEMS Health Ltd
Company No: 10342241
Email: admin@pemshealth.co.uk

This privacy notice explains how and why we collect, use, disclose, store and protect your personal data, and your rights under the UK GDPR and Data Protection Act 2018.

2. The Personal Data We Collect

We may collect, hold and process the following categories of personal data:

  • Identity & Contact Details: e.g., name, address, date of birth, telephone number, email.

  • Characteristics: e.g., gender.

  • Employment Information: e.g., job role, employer details.

  • Health & Medical Data: e.g., health surveillance or assessment results provided by you or your GP/specialist.

We only collect data that is necessary for the services we provide and in accordance with data protection principles (lawful, fair and transparent processing).

3. How We Collect Your Data

We may collect personal data:

  • Directly from you (e.g., during consultations, forms, emails, telephone).

  • From your employer (e.g., HR or managers).

  • From third parties such as your GP or specialist with your consent and in accordance with the Access to Medical Reports Act.

4. Why We Collect Personal Data & Our Lawful Basis

We collect and process your personal data for the following purposes:

  • To provide occupational health services, assessments and reports.

  • To comply with our legal and professional obligations (including health and safety duties).

  • For health surveillance and preventive medicine where required by law.

  • To manage your record and maintain safe and effective clinical practice.

Lawful bases for processing your data include:

  • Contract: to fulfil our contractual obligations to you or your employer.

  • Legal obligations: compliance with health and safety law.

  • Legitimate interests: appropriate clinical and business operations.

  • Special category data processing: as permitted for occupational medicine under Article 9(2)(h) of the UK GDPR and through regulated health professionals.

5. How Long We Keep Personal Data

We retain your personal information only as long as necessary and in compliance with applicable law:

  • Referral & clinical management information: retained for 10 years after employment ends.

  • Pre-placement medical records: retained for 1 year if the placement does not proceed.

  • Health surveillance records: retained for 40 years or up to your 75th birthday, whichever is later, in line with HSE requirements.

  • Unwanted records: destroyed securely when no longer needed.

6. How Your Data Is Stored & Secured

Your personal and health information is stored and processed in accordance with our data protection policies and procedures, relevant professional standards and the UK GDPR. We implement appropriate technical and organisational measures to ensure data remains secure and confidential.

7. Who Your Data May Be Shared With

We will not share your personal data with third parties without your consent unless required or permitted by law. This may include:

  • Your employer (to whom clinical reports relate).

  • Healthcare professionals where further information is required with your consent.

  • Regulatory bodies or law enforcement agencies if legally obligated.

8. Your Rights

You have several rights regarding your personal data under UK GDPR, including:

  • Access: You can request a copy of the personal data we hold about you.

  • Rectification: You can ask for inaccurate or incomplete data to be corrected.

  • Erasure: You can request deletion in certain circumstances.

  • Restriction/Object: You have rights to restrict or object to processing where lawful.

  • Data Portability: You may receive your data in a structured format.

To exercise these rights, please contact us in writing. We will respond within the statutory timeframe (usually 1 month). If you have a complaint about how your data is handled, you can contact the Information Commissioner’s Office (ICO) at:
Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Phone: 0303 123 1113 | Website: ico.org.uk.

9. Updates to this Notice

We may update this privacy notice from time to time. The “Last Updated” date at the top of this page will indicate when changes were made. Substantial changes will be communicated appropriately

Next

Cookies Policy