Privacy policy

Maximus X
Home Icon

This privacy policy applies to the following Maximus UK companies and their websites and platforms (the “websites”).

Reference to “Maximus UK” in this policy shall mean each of the companies listed below. By accessing and using the following websites and platforms or services offered by Maximus UK companies (the “websites”) you agree to comply with all applicable laws (see Terms of Use):



Maximus UK Services Limited

Maximus UK Services Limited when trading as “Remploy”

Maximus UK Services Limited when trading as “Centre for Health and Disability Assessments”



This privacy policy tells you:

  • what information we collect from you
  • how we use that information
  • whether the information is disclosed to others and under what circumstances
  • how we protect your privacy

People who may use the websites include:

  • our clients and prospective clients (organisations that contract us to provide services)
  • our customers (the end users of our services, for example, UK citizens or our clients’ employees)


Information we collect from you

When you contact us about our services or to get information available on the website, we collect only the information we need, including:

  • any questions, queries or feedback you send us about using the website
  • your email address if you send an email to us
  • details you send to us about our services, such as:
  • your name, address and email address
  • your work and education history
  • information about your health or disability which is required as part of any relevant process
  • Data you enter into any apps or systems you may use as part of accessing our services, such as height, weight and date of birth;
  • information from third party device manufacturers – for example, your activity such as walking or cycling (please note: we do not receive this information from the manufacturer without your explicit consent)
  • information on how you use the website or online services, collected automatically using cookies; this includes the internet browser you used, the site you came to our site from and your IP address (please see our Cookies Policy for more information).

Where we collect information for marketing purposes, for example Marketing Lead Forms such as Facebook, we may collect the following information:

  • your name and contact information including email address
  • demographic information such as postcode, preferences, and interests


How we use the information we collect

We use the information we collect to:

  • keep our records up-to-date
  • improve the website, products and services by monitoring how you use them (we might also use aggregated or non-identifiable information to help with this)
  • respond to any feedback, questions or requests you send us, if you’ve asked us to respond
  • give you information you request about other services we provide, e.g. where you sign up to a newsletter
  • provide services to you if you are a customer (including by providing you with user account access to our online systems or portals)
  • to produce outcome reports and / or any associated advice to our clients or directly to you as a customer

Where we record telephone calls, these will be used for training and quality assurance purposes and may be used in dispute resolution or in defence of legal claims.

Where we operate CCTV systems, these systems may be used for the detection and prevention of crime and recordings may be used in dispute resolution or in defence of legal claims.

Where we use Facebook Lead Forms, we will hold the information and use it to:

  • periodically send promotional emails about new products, special offers or other information which we think you may find interesting using the email address which you have provided in line with any opt-in or consent you have provided.
  • obtain information in relation to Facebook advertising, including custom audiences, conversion tracking and remarketing


Sending us information about your health or disability

If you send us any sensitive personal data, including information about your health (such as a medical condition) or your disability, we may use that information to provide the services to our client/s. We will do this in line with any notices provided or consent that Maximus UK or our client obtains from you and otherwise in compliance with relevant legislation, including data protection and equality laws; and, where appropriate, ethical guidelines issued by the General Medical Council, Faculty of Occupational Medicine and others. We may also contact the author of the information you send us to confirm that it is accurate.


Keeping your information secure

We store all customer information on secure servers in line with our data retention policies, client requirements and data protection legislation. We take extensive technical and operational steps to protect the data we keep against unauthorised access, unlawful processing, accidental loss or destruction, damage, or misuse.

Although we do our best to protect the information we collect and store about you, we cannot guarantee the security of any information sent to us via the internet.

Maximus UK companies align to (and in most cases are certified to) the international information security standard ISO27001.


Disclosing your information

We will not sell your information or share it with any other organisations for their own marketing, market research or commercial purposes.

We may pass on the information we collect about you:

  • in an anonymised (so you are not identifiable) way to:
    • our client e.g. how you use our systems and programmes
    • researchers, e.g. to identify themes and trends and improve outcomes, for example, health outcomes
  • if we need to disclose your personal information to any law enforcement agency, court, regulator, government authority or other third party where we believe this is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights or the rights of any third party
  • to other parties where we identify serious concerns about your or someone else’s health or wellbeing
  • to any third party or supplier for the purposes of providing the services, where you have provided consent (where appropriate)
  • as part of a sale of some or all of our business and assets to any third party or as part of any business restructuring or reorganisation

Where information is passed to other parties, it will be subject to controls to maintain security and confidentiality of the data and, where it is anonymised data, to prevent re-identification.


Your rights

Under data protection laws, you have a number of rights. For example, you can ask us:

  • for a copy of the information we hold about you
  • to delete information or correct any inaccuracies
  • to update any out-of-date information

If you have access to your own data via one of our applications or web portals, you may be able to correct, delete or retrieve a copy of your personal data directly from that system.

If we hold your information for the purposes of services we provide on behalf of another organisation, any request you make may be more relevant to them and we may ask you to contact them directly. If you do send your request to us and we pass it to another organisation, we will tell you.

When making your request you should provide us with enough information to allow us to confirm your identity. We may ask for more information, for example to allow us to locate that information or if someone else makes the request to us on your behalf we may ask for a specific form of authority by which you allow them to receive your information from us on your behalf.

If you ask us to delete all data we hold about you, and we hold the information based on:

  • your consent – we will delete it. Where we do agree to delete your data this may result in the termination of our services;
  • another legal basis – we will consider your request on a case by case basis, establish if the legal basis still applies and whether we can otherwise delete the information. If it is not necessary for us to keep it, we will delete it.

If you want to receive information about who the data controller is for one of our services, or the legal basis for processing your personal information under GDPR you should contact us.


How to contact us

When contacting our Data Protection Team (including our Data Protection Officer), please let us know:

  • Which Maximus UK Company/ies or programme your request relates to
  • What your request relates to – e.g. right of access request
  • Any other information we might require;
  • sufficient information to enable us to identify your records such as Name, Address and Customer Reference Number
  • the time period you were involved in one of our programmes

You can contact our Data Protection Team by:


Freedom of Information

Please note that Maximus UK are not subject to the Freedom of Information Act 2000 (FOIA). We may hold information on behalf of clients who are subject to FOIA, however, you should direct any requests to those Public Authorities in the first instance.


Links to other websites

This website contains links to and from other websites. This policy does not cover other websites. If you visit another website after this one, you should read the privacy policy for that website to learn how your information is used.


Changes to this policy

We occasionally update this privacy policy. When we do, we change the ‘last updated’ date at the end of the privacy policy.

Last updated: March 2023