Data Security & Compliance at Hessington Health At Hessington Health, we take data security and privacy extremely seriously. As a provider of occupational health services, we handle sensitive medical and personal information with the utmost care, ensuring compliance with all relevant data protection laws and regulations. We are fully registered with the Information Commissioner’s Office (ICO), with Hessington Health Ltd registered under ZA093459 and Dr Harjeev Rai as the designated Data Handler under Z3525032. These registrations affirm our commitment to adhering to the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. To maintain the highest standards of data protection, we uphold the following key principles: Lawful, Fair & Transparent Processing – We only collect and process personal data where there is a clear legal basis and ensure transparency in how information is used. Purpose Limitation – Data is only used for specified, legitimate occupational health purposes. Data Minimisation – We collect only the necessary data required for our services. Accuracy – We take steps to ensure that all personal data remains accurate and up to date. Storage Limitation – Data is retained only for as long as necessary, in line with legal and regulatory requirements. Integrity & Confidentiality – We implement robust security measures to protect personal data from unauthorised access, alteration, or loss. Accountability – We regularly review our data protection policies and practices to maintain compliance and uphold our duty of care.
