Employee Privacy Notice – COVID-19 Workplace Testing
In this Privacy Notice, we describe how your Personal Data will be collected, used and shared in connection with our efforts to carry out testing for viral material of SARS-CoV-2 and SARS-CoV-2 antibodies in the workplace in the context of the COVID-19 pandemic (our “COVID-19 Workplace Testing”). For clarity, in this Privacy Notice, “SARS-CoV-2” refers to the virus that causes the COVID-19 disease.
Who is responsible for the handling of my Personal Data?
Employer is the Controller (for the purposes of the General Data Protection Regulation (“GDPR”)) of your Personal Data.
What types of Personal Data will be collected and processed in connection with our COVID-19 Workplace Testing?
Employer will collect and process Personal Data about you, which may include:
For what purposes will Employer process my Personal Data and on what legal basis?
Employer will process your Personal Data for the following purposes:
We rely on the following legal bases for our collection and processing of your Personal Data:
Where the Personal Data we process is special category data, the additional basis for processing that we rely on is that this is necessary in carrying out our health and safety obligations and exercising our rights in employment and the safeguarding of your fundamental rights, in particular to ensure the health, safety and welfare of employees (Article 9(2)(b) GDPR). In addition, we rely on processing condition 1 at Schedule 1 of the Data Protection Act 2018, which relates to the processing of special category data where this necessary to enable us to comply with our legal obligations in the field of employment, including under the following legislation: (i) the Health and Safety at Work Act 1974, and (ii) the Management of Health and Safety at Work Regulations 1999.
With whom does Employer share my Personal Data?
Whenever possible, when your Personal Data is shared with third parties, your identity will be protected in accordance with accepted industry standards and applicable laws. Your Personal Data will not be made publicly available. Employer never sells your Personal Data to third parties.
In order to carry out the COVID-19 Workplace Testing, we share your Personal Data with Testing For All, as further described in the section ‘Who is responsible for the handling of my Personal Data’.
Where will my Personal Data be maintained?
Employer may disclose any additional servers or services where your Personal Data is maintained in your company Data Protection notice.
How will my Personal Data be protected?
Employer takes technical measures that are designed to protect your Personal Data from unauthorized access and use;
What are my rights with regards to my Personal Data?
The GDPR gives you the following rights:
How long will my Personal Data be retained?
Your Personal Data will not be kept for longer than is necessary, as stated in this Privacy Notice, and will be retained in an anonymized format wherever possible. When your Personal Data will no longer be necessary for the purpose of responding to the COVID-19 pandemic, it will only be retained to the extent that this is required under applicable legislation, and will otherwise be deleted.
How do I submit questions or concerns?
If your concern cannot be resolved, you may submit a complaint to the UK Information Commissioner’s Office.
Updated 24 September 2020