This Privacy Notice explains how we collect, use, and protect your personal and medical information when you attend a DVLA Group 2 medical assessment.
1. Patient Privacy Notice (DVLA Medicals) Privacy Notice Who we are Medal Health Ltd, rating as F.A Driving Medicals provides DVLA Group 2 and occupational driver medical assessments. Address: 680 Attercliffe Road, S9 3RP Telephone: 07456848368 Email: fadrivingmedicals@gmail.com For the purposes of data protection legislation, F.A Driving Medicals is the Data Controller. What information we collect We collect personal and medical information required to complete DVLA D4 and related medical assessment forms. This includes identifying details, medical history, examination findings, and test results. Why we collect this information Your information is collected to: Carry out DVLA Group 2 medical assessments Complete DVLA D4 medical forms accurately Comply with legal, regulatory, and professional obligations Lawful basis for processing We process your data under: UK GDPR Article 6(1)(c) – processing is necessary to comply with a legal obligation UK GDPR Article 9(2)(h) – processing is necessary for the provision of healthcare and occupational medicine We do not rely on consent to process medical information. Who we share your information with Your completed medical form is provided to you and may be submitted to the DVLA or relevant licensing authority by you. We do not routinely share your information with third parties unless required by law or where you instruct us to do so. How we store your information Personal data and medical information collected as part of DVLA Group 2 medical assessments are stored securely using encrypted cloud-based systems. Where a copy of a completed medical form is retained, it is stored using Sync.com, which provides end-to-end (zero-knowledge) encryption, meaning only authorised clinicians can access the data. Images of completed forms may be temporarily captured on a secure iPhone device solely for the purpose of uploading to encrypted storage and are deleted immediately from the device after upload. Access to records is restricted, protected by strong authentication measures, and data is retained only for as long as necessary in accordance with our retention policy, after which it is securely deleted. How long we keep your information Medical records relating to DVLA assessments are retained for 7 years from the date of assessment and then securely destroyed. Your rights Under data protection law, you have the right to: Request access to your personal data Request correction of inaccurate or incomplete information Raise concerns with the Information Commissioner’s Office (ICO) Some rights (such as erasure) may be limited where we are required to retain records for legal or professional reasons. Contact If you have any questions about how your data is handled, please contact us using the details above.