Occupational Health and Wellbeing

TfL Occupational Health and Wellbeing (OH&W) provides comprehensive in-house occupational health services to Transport for London (TfL) and Greater London Authority (GLA) employees. It also provides advice and assistance to employees of some other external bodies. This page explains how TfL uses your personal data when you use its OH&W services

TfL employees should read this page alongside the Employment privacy page.

Our services

The OH&W service consists of:

•    Wellbeing services
•    Medical advisory services
•    Drugs and alcohol assessment and treatment services (TfL staff only)
•    Physiotherapy 
•    Mental Health (Trauma Support) (TfL staff only) 
•    Drug and Alcohol Testing (TfL staff Only)  

OH&W helps people with health issues get into work, stay in work, and return to work quickly and safely after illness and injury. 

OH&W will collect your personal data to be able to provide you with the above services. All personal data held by OH&W will be processed in accordance with the relevant legislation, most particularly the UK's implementation of the General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. These set out the legal requirements that OH&W must abide by when processing your personal data.
 

Personal information we hold

The personal information we hold may include:

  • 'General' personal information, e.g. name, date of birth, National Insurance number
  • Personal characteristics e.g. social situation or other factors relevant to your use of O&HW services
  • Contact details e.g. telephone, address and email
  • GP and/or specialist contact details
  • Past and present occupational job roles and occupational exposure

Some information we hold is classed as 'special category data' and this includes:    

  • Health information (e.g. medical history, medication)
  • Ethnicity
  • Gender
  • Information about other protected characteristics
     

Legal basis for processing your personal data

Under privacy and data protection legislation, TfL is only allowed to use personal information if we have a proper reason or 'legal basis' to do so. In the case of OH&W, there are a number of these 'legal grounds' we rely on, which are:
 
For the performance of a contract, for example: 

  • To comply with the obligations contained within your contract of employment to provide support or assess medical fitness for your current role. 

Legal obligations, for example:

  • Providing Health Surveillance information to the Health and Safety Executive (HSE) 

Where you have given consent, for example:

  • You have asked us to release your OH record to a third party e.g. to a legal representative.

Most of the information collected by OH&W is classed as Special Category personal data as it is more sensitive than other forms of personal data.  In respect of OH&W this consists of medical, health and ethnicity information we collect from you or we obtain from other sources (such as your GP or other health care provider) as part of providing you with Occupational Health services.
 
As before, our legal grounds for processing Special Category Data includes:

Where the processing is necessary for:

  • Preventive or occupational medicine;
  • The assessment of an employee's working capacity;
  • Medical diagnosis;
  • The provision of health care or treatment;
  • The provision of social care (this is likely to include social work, personal care and social support services); or
  • The management of health care systems or services or social care systems or services.

 Where it's necessary for carrying out the obligations and exercising specific rights of TfL or you in the field of employment and social security and social protection law, for example:

  • Annual reporting to evidence distribution across ethnicities.  

Archiving, research and statistics for the purposes of: 

  • Annual OH reporting to identify trends which formulates the direction of wellbeing initiatives
  • Research studies to identify the impact on employee health

Where we have your explicit consent to do so for a particular purpose, for example;

  • Where you have asked for your medical/health information to be disclosed to a legal representative. 

Obtaining and using your personal information

We obtain your personal data from a range of different sources.  These include:

  • From yourself, for example when you fill out health questionnaires 
  • Pre-employment documents 
  • From your SAP employment record to create a record in our Occupational Health system.
  • From OH&W through in person or remote medical/health assessments, screening and tests.
  • When you give your permission for OH&W to seek advice from your Doctor, treating clinician or another health care provider.
  • From your manager or HR, for example on a referral to OH&W

The information may be gathered verbally and then written (e.g. telephone calls and face to face conversations or written as above and by emails.


In some cases, it will be necessary to get more information such as, a medical report from your doctor or other health care providers, to provide support and advice, such as on whether your condition affects your fitness to work. OH&W will always seek your informed consent before they request further information from another health practitioner.

The information collected and provided to OH&W will be used for the following purposes:

  • For the purposes of preventive or occupational medicine, for the assessment of your working capacity, providing advice and assistance to your employer regarding your fitness to work, medical diagnosis, the provision of health care or treatment. To provide evidence-based advice on fitness for work.
  • To comply with legal obligations relating to employment or social protection law, particularly regarding health and safety in safety critical environments, such as such as the Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 2013 (RIDDOR).
  • For statistical reporting purposes and development of Wellbeing initiatives
  • OH&W may also use aggregated or depersonalised data in order to plan the service and monitor health trends in the workplace
  • We may (with consent) use the information to refer on to third parties such as physiotherapy or trauma therapy
  • The processing is necessary for us to comply with the law, namely relevant health and safety legislation and employment legislation, and to support your employer in complying with the same law as we are acting as their agent e.g. for health surveillance.
  • We may also use your anonymised data for research, audit or statistical analysis to help us do our work and improve services. If this data is to be shared outside of OH it will always be anonymised so you are not identifiable.

Length of time we keep your information

Most of your personal information will be retained by OH&W for the duration of your employment plus an additional seven years from the date on which you cease to be an employee. This is for the following reasons:

  • To maintain records according to rules that apply to us (for example, employment law) 
  • To establish and defend any legal rights 
  • To respond to correspondence, concerns, or complaints 

Due to the different types of health data collected by OH&W there may be a requirement to retain some of your information for longer than seven years, for example:

  • Personal information relating to exposure to hazards such as asbestos or those listed under the Control of Substances Hazardous to Health Regulations 2002 (COSHH regulations) will be retained for 40 years. 
  • Drug and Alcohol results will be retained for 85 years in line with industry standards  
     

Keeping your personal information secure

Your personal data will be held securely and only accessed and processed by authorised OH&W personnel.

Access to systems that hold OH&W personal data is restricted to authorised personnel though a combination of physical and electronic security measures. Electronic access is restricted to authorised personnel using unique log in credentials and passwords and the level of access is dependent on the role that individual performs. In addition, all OH&W staff must sign a confidentiality agreement that also protects your health information.

Sharing your health information

OH&W will provide access to your personal information to: 

  • Occupational Health clinicians (nurses, doctors, technicians) in order to undertake appropriate assessments and provide evidence-based advice on fitness for work.
  • Occupational Health administrative support staff on a "need to know basis" (e.g. to book appointments, process reports etc.). 

All staff understand the need for confidentiality, their contractual obligation to preserve it and have signed confidentiality agreements. Clinicians have an added professional obligations to keep clinical records secure and confidential

OH&W also has contracts with a number of third party service providers, who provide specialist services, for example:

  • Sample testing
  • Medical assessments
  • Counselling and treatment 
  • Physiotherapy and mental health services. 

These third parties will process personal information in accordance with TfL's instructions and make decisions regarding the information as part of the delivery of their services; they are also required to put in place appropriate security measures that ensure an adequate level of protection for personal information.

In some circumstances, these service providers will be working with you directly. Where this is the case, they can provide you with their own privacy policies and details about confidentiality and how your personal data is processed.

OH&W will not share your personal data without your consent unless there is a legal or overriding public interest requirement that allows OH&W to do so for example: 

  • In an emergency where the health or personal security of an employee or the public is at immediate risk
  • In the case of safety critical work or circumstances, where disclosure of personal information is required for the safety of employees or others. In this circumstance the minimum appropriate information will be disclosed.
  • Where we are required to do so by law (eg in response to a court order, or to assist with investigations carried out by government departments such as Health and Safety Executive, HM Revenue and Customs, the Department for Work and Pensions, Job Centre Plus, the Child Support Agency, local authorities, or court order)
  • To the TfL Pension Fund
  • For the purpose of official inspections or audits, for example in relation to railway safety or national infrastructure security
  • If it is necessary to do so in order to establish or defend TfL's legal rights (ie in the context of a court case involving TfL)

In the very rare circumstances that we release information without your consent we would always advise you of this action.

OH&W will in all other circumstances, obtain your consent and give you an opportunity to review medical/health reports before they are disclosed wherever possible, e.g. a report to your employer on fitness to work.

Consent to disclose your medical/health report is not consent obtained as a legal ground for processing under UK GDPR and Data Protection Act 2018. Health professionals must continue to observe the common law of consent and confidentiality and the guidance of, for example, the General Medical Council.

Occupational Health will rely on an entirely separate "legal basis" or "legal ground" under the UK GDPR and Data Protection Act 2018 to process your personal and special category data.

If you have given your consent to disclose your medical/health reports to your employer, consent cannot be withdrawn once it has been disclosed. The processing of this personal information once released will be processed under another "legal basis" or "legal ground" under the UK GDPR and DPA 2018. Please refer to legal basis for using information above on this page and, for TfL employees, the Employment privacy notice.
 

Overseas processing

OH&W may process your personal information in the UK and in other countries both within, and outside, the European Economic Area (EEA).

Any such processing will be carried out in strict accordance with UK and EU privacy and data protection legislation and the appropriate contractual safeguards which TfL has put in place.
 

Your information rights

Under data protection legislation you are entitled to ask to see any personal data that we hold about you. 

You have statutory right of access to your OH records (in full or in part) under the UK GDPR and the Access to Medical Reports Act 1988, or to authorise a third party, such as a legal adviser, to exercise that right on your behalf. 

The request to have access to your records should be made in writing to the OH admin team at OHSubjectAccessRe@tfl.gov.uk clearly outlining what records you wish to see. We will endeavour to provide the requested information without delay and at the latest within one month of receipt.

If the request is complex, we may extend this timeframe by a further two months. Should this be the case we will inform you why the extension is necessary within one month of your request.

Access requests will normally be provided without charge unless a request is manifestly unfounded or excessive, particularly if it is repetitive. We may request additional written consent from you if a third-party request is made under our legal and ethical duty to protect your medical confidentiality.

You also have a number of other information rights which includes

  • The right to request an amendment to be attached to your OH record if you believe any of the information held by the OH&W is inaccurate or misleading.
  • You do not though have a "right to erasure" of your data if the processing is necessary for the purposes of preventative or occupational medicine (e.g. where the processing is necessary for the working capacity of an employee; for medical diagnosis; for the provision of health or social care; or for the management of health or social care systems or services). This applies as your data is being processed by and under the responsibility of a health professional under the relevant professional codes of conduct.
  • The right to complain to the regulator - Information Commissioner's Office

In the event of closure of the OH&W your records will be returned to yourself. In the event of transferal or outsourcing of the OH&W to a third party the employing organisation will contact you to advise of this and ascertain whether you consent to transfer any existing OH records.

The TfL Privacy and Data Protection team considers and coordinate responses to requests and complaints from people whose personal data is processed by TfL and its subsidiary companies. You can contact the Data Protection Officer by email at dpo@tfl.gov.uk
 

Changes to this page

It's likely that we'll need to update this statement from time to time, so check back here regularly to find out more. Your continued use of the site will mean that you accept those revisions. This page was last updated in February 2024.

If you require any further information regarding the contents of this page please contact OH&W at Luohme@tube.tfl.gov.uk