Trinity Occupational and Public Health Solutions Ltd are committed to protecting your individual rights to privacy.  Your data will be collected and processed as outlined below in accordance with the General Data Protection Regulations (GDPR) 2018 which states that personal data must be processed fairly, lawfully and in a transparent manner. 

Lawful Basis – Consent

We will do this in line with any notices provided or consent that TOPHS Ltd or our customer obtains from the individual and otherwise in compliance with relevant legislation.  This includes data protection and equality laws.  Where appropriate, it also includes ethical guidelines issued by the General Medical Council, Faculty of Occupational Medicine and others. We may also contact the author of information to confirm it is accurate.

Special Category Data – Health

Data processing is necessary for the purposes of providing expertise in occupational medicine.

Identity of Data Controller

The Data Processor is Trinity Occupational & Public Health Solutions Ltd, the Data Controllers are the customers of Trinity Occupational & Public Health Solutions Ltd.  Where third parties are used to assist with data processing Trinity Occupational & Public Health Solutions Ltd remain the Data Processor and the third party is a Data Sub-Processor. 

What information is held

Personal information including personal identifiers (e.g. name, address, date of birth, gender etc), past and present job roles.

Sensitive personal data, including information about health/medical conditions may be used to provide services to our customers.  This data is classed as ‘Special Category Data’.

How Information is collected

The information is collected from customers of TOPHS Ltd, sub-contractors of TOPHS Ltd, the individuals and in some circumstances, the individual’s GP, Specialist, OH Provider and Employer.  The information may be collected verbally (e.g. during face to face consultations), in writing, (e.g. forms you and your employer may complete and or from other parties e.g. GP letters) and information may be collected electronically by email.

Purpose of data collection and how data will be used

The reason data is collected is to provide reports to customers.  This may be to the employer where there has been a management referral for advice.  It may be to a pensions authority or pensions trustees when the employee is claiming for ill health retirement or early release of deferred pension benefits.  It may be to an insurer when claiming under an insurance policy.  It may be to a lawyer when a medicolegal report is required.

How data will be stored

We store all client information on secure servers in line with our data retention policies, client requirements and data protection legislation.  We take extensive technical and operational steps to protect the data we keep against unauthorised access, unlawful processing, accidental loss or destruction, damage, or misuse.

Although we do our best to protect the information we collect and store, we cannot guarantee the security of any information sent to us via the internet.

Who data will be shared with

The information will remain with TOPHS Ltd, solely accessed by TOPHS Ltd personnel and contractors.

We will not share information with any other organisations for their own marketing, market research or commercial purposes.

We may pass on information collected:

  • in a protected occupational health report to our customer
  • if we need to disclose information to any law enforcement agency, court, regulator, government authority or other third party where we believe this is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights or the rights of any third party
  • to other parties where we identify serious concerns about an individual’s wellbeing
  • to any third party or supplier for the purposes of providing the services, where you have provided consent (where appropriate)

The potential effect of this on the individuals concerned

The potential effect of this on the individual concerned and the commissioner of services is to improve their health/suitability for work/rehabilitation back to work/provision of access to sick pay/access to pensions etc.  Dependant on service required.  Also to give advice informing insurance/remuneration/ compensation and medico-legal claims.

Is the intended use likely to cause individuals to object or complain

The intended use is unlikely to cause individuals to object or complain as it is ultimately for their benefit, either physically, financially or psychologically though it is appreciated that the ethically impartial independent advice may not always favour the data subject.

What we do to ensure the security of personal data

TOPHS Ltd are committed to data protection and data security is ensured by only TOPHS personnel having access to keys to locked offices, filing cabinets, mobile devices, computer log-in details and secure passwords to documents.  All documents are despatched electronically using password protection.  All records are stored and deleted in accordance with our retention policy.

Information about rights of access to their data

Rights of access to the data is in accordance with data protection laws:

For example, clients can ask us:

  • for a copy of the information we hold about them
  • to delete information or correct any inaccuracies
  • to update any out-of-date information

If we hold your information for the purposes of services we provide on behalf of another organisation, any request made may be more relevant to them as the data controller. If we do receive a request and we pass it to another organisation, we will tell you.

Subject Access Request (SAR)

If you should wish to make a request to access your data (known as a Subject Access Request – SAR) you can send your request in writing with enough information for us to confirm your identity or request an SAR Form for completion.  We may ask for more information, for example if someone else makes the request on your behalf we may ask for a specific form of authority by which you allow them to receive your information on your behalf.

If you ask us to delete all data we hold about you, there may be some circumstances we will be unable to agree to your request or where we do agree to delete your data this may result in the termination of our services.  

If you want to receive information about who the data controller is for one of our services, you should contact us.

How to contact us

You can contact our Data Protection Lead by:


Post: Data Protection Lead, TOPHS Limited, 5 Pelham Court, Pelham Road, Nottingham NG5 1AP

Links to other websites

TOPHS Ltd website contains links to and from other websites. This policy only covers TOPHS Ltd and does not cover other websites. If you visit other websites, you should read the privacy policy for that website/company to learn how information is used by them.

Changes to this policy

We occasionally update this privacy policy. When we do, we change the ‘last updated’ date at the end of the privacy policy.

Last updated: 19/06/2019