This is a summary of the Privacy and Data Protection measures we use.
When you sign up, we expect you to sign up as a representative of an organisation, WorkScreenerTM is not available to individuals. When you or your organisation signs up for our services, there will be a contract in place prior to starting the service. Your organisation is the Data Owner and Thomson Screening is the Data Processor. (as defined by GDPR). As Data Owner, it is your responsibility to ensure that only persons specifically authorised by you can access the software and to ensure that the data added to the software is managed in accordance with GDPR requirements. We give you the tools to do this.
Information that we collect
We collect or store different types of personal information and each type has its own protection, access and deletion framework. These types are:
Patient /Screening information:
Patient identifiable information that is part of the WorkScreenerTM operation. It is information that you create when you use WorkScreenerTM. This information is created by you, either via uploading, adding or amending records and carrying out tests. When you use the system, you will also populate it with your data: details of employees you screen, their results and any letters sent out to patients. This information is highly protected and is entirely under organisation’s control. You and your colleagues are responsible for obtaining the necessary permissions from patients or their legal representatives prior to adding their data to our system. For the purposes of GDPR (General Data Protection Regulation): you are and remain the Data Owner, WorkScreenerTM/Thomson Screening is the Data Processor. We provide you with tools to create, maintain and delete this information directly in the system. Once information is added to our system we have an extensive range of security measures and process in place to protect it from harm and ensure it is available to you. Details of these security measures and our Data Protection framework are available on request as a separate document. We work hard to protect WorkScreenerTM and our users from unauthorised access to or unauthorised alteration, disclosure or destruction of information that we hold. In particular:
- We encrypt WorkScreenerTM services using SSL.
- We review our information collection, storage and processing practices, including physical security measures, to guard against unauthorised access to systems.
- We restrict access to personal information to Thomson Screening employees, contractors and agents who need to know that information in order to process it for us and who are subject to strict contractual confidentiality obligations. They may be disciplined or their contract terminated if they fail to meet these obligations.
Details of these and additional security measures and our Data Protection framework are available in our Information Governance Policy.
Business contact information:
Personal information necessary for conducting our business, for example user names and contact details. People in this category are linked to Thomson Screening by some form of contract, or SLA either directly or through their role in their organisation. We may also collect and use contact details of public officials available in the public domain. Please also read our Terms and Conditions.