Health Management are committed to ensuring the privacy and confidentiality of the information we hold of users of our website, our customer online portal, applicants applying for roles within Health Management (HML) and employees being assessed by, or utilising, our service.

This privacy statement explains what kind of information is collected by HML during a visit to our web site, customer online portal, responding to an advertised role or when an employee is referred to our service and how we use this information.

The information collected, held and used is in strict compliance with not only all current UK legislation but the confidentiality and ethical codes set out by the General Medical Council and Faculty of Occupational Medicine.

This privacy statement covers four areas;

  • Visitors to our website
  • Customers  using our online portal
  • Employees who may be referred to, or utilise, our service 
  • Job applicants applying for HML advertised roles on the website

Collection and processing of personal data

For the purpose of system security, when you visit our web site, our web server temporarily registers the domain name or the IP address of the requesting computer as well as the date of access, the file request of the client (file name and URL), the HTTP response code and the Web site from which you are visiting us, and the number of bytes transferred during the session. We might also, in some cases, store some information in the form of 'cookies' on your PC so that we can optimize our web site according to your preferences. Please see the ‘Cookies’ section for more information.

We will not collect any other personal data such as name, address, telephone number or e-mail address unless you provide this information voluntarily, for example  when completing a ‘contact us’ form, when accessing the customer online portal or when applying for a HML advertised position.

Use and forwarding of personal data

We will use your personal data exclusively for the technical administration of the web site and to provide you with an appropriate service when using our online portal or registering interest in a HML advertised role. We will not disclose any data to third parties or government agencies without your consent, except where required by law.

Our employees and business offices are obligated to treat all data as confidential and safeguard it accordingly.


We have taken extensive technical and operational precautions to protect the data retained by us against unauthorized access, unlawful processing, accidental loss or destruction, damage or misuse.

Our security procedures are revised regularly, adapted to reflect technological progress and are governed under our ‘Information Security Management System’ which forms a key part of the Health Management ISO27001 accreditation. 

Customers using our online portal

When you register on our customer on line portal to use the service, we will take information from you such as your name, e mail address and details of the individual you are referring/asking to complete a questionnaire that may include both personal and sensitive data. Please see below how we process and keep confidential the information we obtain.

This data will be protected by our security procedures which are regularly updated to reflect progress and development in the various technologies we use.

All our security and protection measures meet both current legislation in the UK and the ethical guidelines issued by the General Medical Council and Faculty of Occupational Medicine.

We request that the Customer online portal is only accessed and used within the EEA

Individuals who may be referred to us, or utilise, our service

Due to the nature of our work, Health Management manage both personal and sensitive data, as classified under the Data Protection Act (DPA). We have developed a very specific set of protocols, procedures and IT security measures to ensure the protection of the data we hold on you. We are also governed by or registered with a number of public bodies and councils, all of which have guidelines and ethical codes that are followed to ensure your confidentiality.

Health Management operate within the best practice guidelines and principles set out within the DPA. These guidelines include;

  • We will process your information fairly and lawfully.
  • We will always gain your consent before sharing information with your employer.
  • We will only obtain personal and sensitive data to provide occupational health and primary care services. We will ensure we meet all legal requirements when processing this information and will not process the data for any other purposes, such as marketing.
  • We will ensure all data held is ‘relevant’ and ‘appropriate’ to the purpose for which it has been obtained
  • We will endeavour to ensure data is accurate and if it is found to not be, we will correct it, if appropriate
  • We will not keep your data for longer than is ‘necessary’.
  • We will always process data in accordance with your rights under the Act
  • We take all necessary measures to protect your data against unauthorised or unlawful processing, accidental loss or destruction, and damage. Security of the Health Management computer networks is governed under the ‘Information Security Management System’ which forms a key part of the HML ISO27001 certification.
  • We will not transfer your data outside the European Economic Area. 

Should you wish for copies of your records (A Subject Access Request)

If you would like access to your records, the request should be made in writing, the letter must include your full name, address and date of birth. The letter must also specifically request copies of information held by ‘Health Management’ (not simply state OH/Primary care or your organisation’s name) and ask for your ‘occupational health records’. A security check will be made to verify your identity before we will release this information. There is a charge made for this information to be collated and sent to you

Applicants applying for a role within Health Management

Our recruitment tool is accessed via a portal on our website. HML collects your  data to allow us to process your application for employment. Your  data will be treated as confidential and made accessible only to authorised HML employees and/or  other parties engaged specifically to support HML in conducting recruitment and selection and for employment purposes in respect of successful candidates. 

When you register your interest for a Health Management advertised role, the information you choose to include in the application will be held securely and confidentially by our team, in accordance with our security procedures which are regularly updated to reflect progress and development in the various technologies we use.

The data that we collect from you (which may contain sensitive personal data, as defined in the Act) may be transferred to, and stored at, a destination outside the EEA. It may also be transferred to or processed by staff operating outside the EEA who work for or with us. Privacy laws vary in the different countries where we might potentially process your data. We undertake to ensure that your data will be protected with all reasonable measures wherever it is held. Your data will only be held for as long as necessary in line with business and or legislative requirements. 

You will be asked, when applying for a role, to accept these terms as part of the recruitment process.


A cookie is a piece of information that a website sends to your browser (like Internet Explorer or Firefox).

We use cookies to determine how many site visitors we’ve received – and whether these are first-time or repeat visitors. Our cookies never store any personal information about you.

Making a complaint

If you’re unhappy with any aspect of our service, please let us know straight away.

For more information on our complaints policy, please click here.