Privacy Policy

At Symbios Health Limited, we are committed to protecting and respecting your privacy.

This Policy explains when and why we collect personal information about people who visit our website, how we use it, the conditions under which we may disclose it to others and how we keep it secure.

We may change this Policy from time to time so please check this page occasionally to ensure that you are happy with any changes. By using our website, you are agreeing to be bound by this Policy.

Any questions regarding this Policy and our privacy practices should be sent by email to hello@symbios.health or by writing to Symbios Health, Wessex House, Teign Road, Newton Abbot, Devon TQ12 4AA. Alternatively, you can telephone us on 0800 999 1824.

Who are we?

Symbios Health is a doctor-led occupational health provider in Plymouth and the South West. We provide the full range of occupational health services, from statutory medicals such as asbestos, and lead, through to new starter medical screening, management referrals, health and wellbeing advice and more. Symbios health is a “Data Controller”, which means that we are responsible for deciding how we hold and use the personal information about you. We are required under General Data Protection Legislation to notify you of the information contained in this policy

How do we collect information from you?

We obtain information about you when you use our website, for example, when you complete the contact form.

We will comply with data protection law which dictated that the information that we hold about you must be :

  1. Used lawfully, fairly and in a transparent way.
  2. Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
  3. Relevant to the purposes we have told you about and limited only to those purposes.
  4. Accurate and kept up to date.
  5. Kept only as long as necessary for the purposes we have told you about.
  6. Kept securely.

We may also collect information that is given to us as part of an ongoing medical record, or through a consultation process at the client’s request.

What type of information is collected from you?

We will not collect any other personal data such as name, address, telephone number or e-mail address unless you provide this information voluntarily, for example, when completing the ‘contact us’ section or when accessing the customer online portal.

Use of ‘cookies’

Like many other websites, the Wool Duvet website uses cookies. ‘Cookies’ are small pieces of information sent by an organisation to your computer and stored on your hard drive to allow that website to recognise you when you visit. They collect statistical data about your browsing actions and patterns and do not identify you as an individual. For example, we use cookies to store your country preference. This helps us to improve our website and deliver a better more personalised service.

It is possible to switch off cookies by setting your browser preferences. For more information on how to switch off cookies on your computer, visit our full cookies policy. Turning cookies off may result in a loss of functionality when using our website.

Main Cookies used on our site:

Google Analytics

These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site.

The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited

For more information on Google Analytic’s privacy policy visit here https://support.google.com/analytics/answer/4597324. (Opens in a new window – please note that we cannot be responsible for the content of external websites).​

We may use your information to:

• Contact you regarding queries raised in the contact form;
• Progress an order you have submitted and send you information directly related to this;
• Carry out our obligations arising from any contracts entered into by you and us;
• Seek your views or comments on the services we provide;
• Notify you of changes to our services;
• Send you communications which you have requested and that may be of interest to you.
• These may include information about  campaigns, appeals, other fundraising activities, promotions of our associated companies goods and services;
• Process a grant or job application.

Where we need to comply with a legal obligation

Where it is needed to protect your interests ( or someone elses interests ) in the context of both UK legislation and GMC/ Faculty of occupational medicine standards.

Where it is needed in the interest of public safety eg terrorism or substantial threat.

We review our retention periods for personal information on a regular basis. We are legally required to hold some types of information to fulfil our statutory obligations. We will hold your personal information on our systems for as long as is necessary for the relevant activity, or as long as is set out in any relevant contract you hold with us.

Customers using the Gateway portal:

When clients register to use the portal as part of our service, we will need to take information from you such as your name, contact details and the email address and contact details of the employee that you are referring in order to provide them with portal access. This data will be protected by our security procedures and encrypted email technology. All of our security and protection measures meet the guidelines regarding confidentiality and data management from the Gen medical Council, faculty of occupational medicine and the UK government.

We are registered with the information Commissioner’s office.

The Kind of information that we hold about you:

There are special categories of more sensitive personal data which require a higher level of protection.

We may collect, store, and use the following categories of personal information about you:

  • Personal contact details such as name, title, addresses, telephone numbers, and personal email addresses.
  • Date of birth.
  • Gender.
  • Marital status and dependants.
  • Next of kin and emergency contact information.
  • National Insurance number.
  • Bank account details, payroll records and tax status information.
  • Salary, annual leave, pension and benefits information.
  • Start date.
  • Location of employment or workplace.

Photographs.

We may also collect, store and use the following “special categories” of more sensitive personal information if they form part of your medical records

  • Information about your race or ethnicity, religious beliefs, sexual orientation and political opinions. • Trade union membership.
  • Information about your health, including any medical condition, health and sickness records.
  • Information about criminal convictions and offences.
  • Copy of driving licence.
  • Recruitment information (including copies of right to work documentation, references and other information included in a CV or cover letter or as part of the application process).
  • Employment records (including job titles, work history, working hours, training records and professional memberships).
  • Compensation history.
  • Performance information.
  • Disciplinary and grievance information.
  • Information about your use of our information and communications systems.
  • Photographs.

We may also collect, store and use the following “special categories” of more sensitive personal information if they form part of your medical records 

  • Information about your health, including any medical condition, health and sickness records.
  • Information about your race or ethnicity, religious beliefs, sexual orientation and political opinions.
  • Information about criminal convictions and offences.

Who has access to your information?

We will not sell or rent your information to third parties.

We will not share your information with third parties for marketing purposes.

Third Party Service Providers working on our behalf: We may pass your information to our third party service providers, agents subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf (for example send you mailings).

However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the service and we have a contract in place that requires them to keep your information secure and not to use it for their own direct marketing purposes. Please be reassured that we will not release your information to third parties beyond the company for them to use for their own direct marketing purposes, unless we are required to do so by law, for example, by a court order or for the purposes of prevention of fraud or other crime.

We may transfer your personal information to a third party as part of a sale of some or all of our business and assets to any third party or as part of any business restructuring or reorganisation, or if we’re under a duty to disclose or share your personal data in order to comply with any legal obligation or to enforce or apply our terms of use or to protect the rights, property or safety of our supporters and customers. However, we will take steps with the aim of ensuring that your privacy rights continue to be protected.

How you can access and update your information

The accuracy of your information is important to us. You have the right to request a copy of the information we hold about you so that you can ensure its accuracy. You can do this by the following methods:

Send an email to hello@symbios.health and request the information held about you; Telephone 0800 999 1824 or Write to us at: Symbios Health, Wessex House, Teign Road, Newton Abbot, Devon TQ12 4AA.

Subject Access Requests

Individuals may request copies of their occupational health records or parts thereof, at any time. These requests are known as subject access requests (SARs). An individual may also request that a copy of their occupational health records is sent to a third party, such as a solicitor.

If an individual wants access to their occupational health records, the request must be made in writing to ensure that we provide you with the correct data and do not share any incorrect information with an individual. The letter or e mail must include:

  • Your full name and title.
  • Your date of birth.
  • Your address.
  • Your signature
  • An express request for a copy of the occupational health records that we hold for you.

If the request comes from a third party, such as a solicitor, then it is essential that we have the following information included in a consent form from the individual. The consent form should include:

  • The individual’s full name and title.
  • The date of birth.
  • Their address.
  • It must explicitly consent to us sending the records to the named third party, i.e. contain the words ‘I consent to the release …’
  • It must be signed by the individual.

If we receive a request from a third party, we may contact you to verify that the request is legitimate and you have asked them to request the data.

Right to erasure

You have the right to be forgotten, should you wish any data we hold be erased please contact us via email on hello@symbios.health. Alternatively, you can telephone 0800 999 1824. We do have the right to hold some data for our own compliance with governing bodies such as HMRC.

Security precautions in place to protect the loss, misuse or alteration of your information

When you give us personal information, we take steps to ensure that it is treated securely. Any sensitive information (such as credit or debit card details) is encrypted and protected with the following software 128 Bit encryption on SSL. When you are on a secure page, a lock icon will appear on the bottom of web browsers such as Microsoft Internet Explorer.

Non-sensitive details (your email address etc.) are transmitted normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems. Where we have given (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

Links to other websites

Our website may contain links to other websites run by other organisations. This privacy policy applies only to our website‚ so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other sites even if you access them using links from our website.

In addition, if you linked to our website from a third party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party site and recommend that you check the policy of that third party site.

16 or Under

We are concerned to protect the privacy of children aged 16 or under. If you are aged 16 or under‚ please get your parent/guardian’s permission beforehand whenever you provide us with personal information.

Transferring your information outside of Europe

As part of the services offered to you through this website, the information which you provide to us may be transferred to countries outside the European Union (“EU”). By way of example, this may happen if any of our servers are from time to time located in a country outside of the EU. These countries may not have similar data protection laws to the UK. By submitting your personal data, you’re agreeing to this transfer, storing or processing. If we transfer your information outside of the EU in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this Policy.

If you use our services while you are outside the EU, your information may be transferred outside the EU in order to provide you with those services. 

Review of this Policy 

We keep this Policy under regular review. This Policy was last updated in January 2021.