top of page

Privacy Policy

1. Introduction

This Privacy Policy explains how we at 'Peak Occupational Health' collects, uses and discloses personal data obtained through or in connection with the operation of our occupational health website [PeakOccupationalHealth.com]. We act as the data controller for personal data collected via the Website within the meaning of the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018 (together, “Data Protection Legislation”).

By using the Website or otherwise providing your personal data to us, you acknowledge the processing described in this Policy.

​

2. Contact Details

For the purposes of Data Protection Legislation, our contact details are:

If you have any questions or concerns regarding this Policy or our data processing practices, please contact our us at the above email address.

​

3. Categories of Personal Data Collected

We may collect and process the following categories of personal data about you:

  • Identification and contact information: name, address, telephone number, email address, employer details and job title;

  • Special category data (health data): medical and occupational health information which you voluntarily provide or which is otherwise obtained in the course of providing occupational health services;

  • Technical and usage data: IP address, browser type, device identifiers, and information collected through cookies or similar technologies;

  • Communications data: correspondence and records of interactions with us.

​

4. Purposes of Processing and Legal Bases

We process your personal data for the following purposes and under the following legal bases:

PurposeLegal Basis under UK GDPR

Provision of occupational health assessments and related services Article 6(1)(b) – performance of a contract; Article 9(2)(h) – provision of health or social care services

Responding to enquiries and managing appointments Article 6(1)(b) – performance of a contract; Article 6(1)(f) – legitimate interests

Compliance with legal and regulatory obligations Article 6(1)(c) – compliance with a legal obligation

Processing of health data where required for employment, health and safety obligations Article 9(2)(b), (h) – employment and health purposes

Analytics, improvement of services, and IT security Article 6(1)(f) – legitimate interests

Marketing communications (where applicable) Article 6(1)(a) – consent (may be withdrawn at any time)

​

5. Recipients of Personal Data

We may disclose personal data to:

  • Occupational health professionals engaged by us under appropriate confidentiality obligations;

  • Your employer or instructing organisation where necessary for the provision of services and as permitted by law;

  • Third-party service providers, including IT hosting, secure email and data storage providers, acting as processors under written contracts;

  • Regulators, courts or law enforcement agencies where required by law.

We do not sell or rent personal data to third parties.​

​​

6. Data Retention

We will retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. Health records will be retained in accordance with statutory retention periods applicable to occupational health records in the United Kingdom.

​

7. Data Subject Rights

You have the following rights under Data Protection Legislation:

  • Access: to obtain confirmation as to whether we process personal data about you and, if so, to access such data;

  • Rectification: to have inaccurate or incomplete personal data corrected;

  • Erasure: to request deletion of your personal data where applicable;

  • Restriction: to request the restriction of processing in certain circumstances;

  • Objection: to object to processing based on legitimate interests or for direct marketing;

  • Data portability: to receive personal data you have provided to us in a structured, commonly used and machine-readable format, where applicable;

  • Withdrawal of consent: where processing is based on consent, to withdraw consent at any time without affecting the lawfulness of processing before its withdrawal.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection, at https://www.ico.org.uk.

​

8. Security of Processing

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage.

​

9. Cookies and Tracking Technologies

We use cookies and similar technologies to collect technical and usage data to improve the functionality and performance of the Website. Please refer to our separate Cookie Policy for detailed information about the cookies we use and how you may manage your preferences.

​

10. Updates to This Policy

We may amend this Policy from time to time to reflect changes in our processing practices or in applicable law. We will publish the updated Policy on this Website and, where appropriate, notify you of significant changes.

Last updated: 22/09/2025

bottom of page