This is a summary of the Privacy and Data Protection measures we use.

The full text of our Privacy Policy is available from here: Thomson Screening Privacy Policy. Previous versions of our privacy policies are available by request. Please contact us. We will not disclose your personal data to any third party

Privacy Policy for WorkScreenerTM

When you sign up, we expect you to sign up as a representative of an organisation, WorkScreenerTM is not available to individuals. When you or your organisation signs up for our services, there will be a contract in place prior to starting the service. Your organisation is the Data Owner and Thomson Screening is the Data Processor. (as defined by GDPR). As Data Owner, it is your responsibility to ensure that only persons specifically authorised by you can access the software and to ensure that the data added to the software is managed in accordance with GDPR requirements. We give you the tools to do this.

Compliance

WorkScreenerTM conforms to all national requirements (eg in the EU the GDPR, in the USA HIPAA and FERPA etc). Thomson Screening is registered with the Information Commissioner’s Office in the United Kingdom. Our Registration ID is Z3489680 We are also registered with NHS Information IG Toolkit. Our registration ID is 8HW22 We regularly review our compliance with our Privacy Policy. When we receive formal written complaints, we will contact the person who made the complaint to follow up. We work with the appropriate regulatory authorities, including data protection authorities, to resolve any complaints regarding the transfer of personal data that we cannot resolve with our users directly.

Information that we collect

We collect or store different types of personal information and each type has its own protection, access and deletion framework. These types are:

Patient /Screening information:

Patient identifiable information that is part of the WorkScreenerTM  operation. It is information that you create when you use WorkScreenerTM. This information is created by you, either via uploading, adding or amending records and carrying out tests. When you use the system, you will also populate it with your data: details of employees you screen, their results and any letters sent out to patients. This information is highly protected and is entirely under organisation’s control. You and your colleagues are responsible for obtaining the necessary permissions from patients or their legal representatives prior to adding their data to our system. For the purposes of GDPR (General Data Protection Regulation): you are and remain the Data Owner, WorkScreenerTM/Thomson Screening is the Data Processor. We provide you with tools to create, maintain and delete this information directly in the system. Once information is added to our system we have an extensive range of security measures and process in place to protect it from harm and ensure it is available to you. Details of these security measures and our Data Protection framework are available on request as a separate document. We work hard to protect WorkScreenerTM and our users from unauthorised access to or unauthorised alteration, disclosure or destruction of information that we hold. In particular:

Details of these and additional security measures and our Data Protection framework are available in our Information Governance Policy.

Business contact information:

Personal information necessary for conducting our business, for example user names and contact details. People in this category are linked to Thomson Screening by some form of contract, or SLA either directly or through their role in their organisation. We may also collect and use contact details of public officials available in the public domain. Please also read our Terms and Conditions.