+44 (0) 2476 309727   Flu Vaccination Booking 

Privacy Policy

Sugarman Occupational Health Services are committed to ensuring that your privacy is protected. This policy explains how Sugarman Occupational Health Services use any information collected about you.

Occupational Health Privacy Notice

Please read this privacy notice to understand how what personal information we collect from you, how we use and store this information, how long we retain it and for which legal purpose we share it.

The General Data Protection Regulation requires us to manage all personal information in accordance with some important principles. In particular, we are required to process your personal information fairly and lawfully. This means that you are entitled to know how we use this information.

To find out about our Privacy Notice, please see the relevant sections below:

 Who we are

 Who is our Data Protection Officer

 Why we collect personal information about you

 What information are we collecting

 What is our legal basis for processing your personal information

 Who do we collect your personal information from

 How we collect your personal information

 What we do with your personal information

 Who we share your personal information with and why

 How we maintain your records

 What are your rights

 How to contact the Information Commissioners Office

 

Who We Are

Sugarman Health & Wellbeing Ltd (Occupational Health Services) is a subsidiary of our parent company, The Cordant Group, established in 1956. Launched in 1996, Sugarman Occupational Health Services is a national occupational health service provider working alongside organisations across the UK helping them promote and maintain the health and wellbeing of their staff. Please visit our website to find out more about what we do: www.sugarmanohservices.co.uk/

Our Data Protection Officer

Sugarman Health and Wellbeing Ltd is registered with The Information Commissioner’s Office (ICO) to process personal and special categories of information under the Data Protection Act 2018. Our registration number is Z9612058.

Cordant Group PLC has appointed a Data Protection Officer (DPO) who looks after your data protection rights. You can write to us at:

Data Protection Officer
10 Fenchurch Street
London
EC3M 3BE

Or Email us at thedpo@cordantgroup.com

Why We Collect Personal Information About You

We collect and maintain personal information about you to enable us to provide an occupational health and wellbeing service for the employees of our customers, so that we can provide the best possible advice for occupational health reasons. Sugarman Health and Wellbeing, on behalf of your employer, collects, stores and processes personal information about you to ensure compliance with legal, professional body and industry requirements.

We recognise the need to treat your personal and sensitive data fairly and lawfully and no personal information held by us will be processed unless the requirements for fair and lawful processing are met. Your information will never be shared or sold for marketing purposes.

Personal information you provide us is held in confidence and will only be used for the purposes explained to you and to which you have consented. Unless there are exceptional circumstances, such as where the health and safety of others is at risk, where the law requires it, or there is an overriding public interest to do this.

What Information We Collect

To enable us to carry out our activities and obligations as a service, we collect the following personal information from you:

 Personal information to include: Name; Date of Birth; National Insurance Number; Occupation; Gender.

 Contact information to include: Address; Contact telephone numbers; Contact emails

 GP and/or Specialist contact details.

 Contact details of your manager

 Past and present occupational job roles and occupational exposure

 Health information that is classed as “special category data, for example:

 Health questionnaire completed during the recruitment process

 Occupational health information and notes such as:

 Medical information including physical and mental health conditions; Disabilities; Results of medical investigations and biological testing; immunization data; health surveillance record

 

What Our Legal Basis Is For Processing Your Personal Information

In order for occupational health to process your personal information, much of which is “special category data” – that which is sensitive – we hold and process your information in accordance with the Data Protection Act 2018 and rely on a lawful basis under this act for processing your personal information which is set out below:

 Article 6 (1) (e): processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

 Article 9 (2) (b): as a lawful basis processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment or social security or social protection

 Article 9 (2) (h): processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems or services Occupational health also processes data in circumstances where it is necessary to:

 Enable the employer on behalf of whom occupational health acts to comply with legal obligations under the Health and Safety At Work Act 1974, to protect your health and safety at work as far as is reasonably practicable.

 Enable the employer on behalf of whom occupational health acts to comply with your contract of employment.

In addition, we comply with the Common Law Duty of Confidentiality and various national and professional standards and requirements.

We have a duty to:

 Maintain full and accurate records of the care we provide to you.

 Keep records about you confidential and secure

 Provide information in a format that is accessible to you.

The Occupational Health Department does not require explicit consent of employees to process their personal data if the purpose falls within the legal basis detailed above. However, in line with General Medical Council and Faculty of Occupational Medicine Good Medical Practice guidelines, we will seek explicit consent wherever practicable.

For further information on this legislation please visit: http://www.legislation.gov.uk/

Who We Collect Your Personal Be healthy at work Information From

 You (The Data Subject)

 Your Manager; Your Human Resources; Your Health and Safety Representatives

 Healthcare Specialists or Health Services that we may refer you to as part of our assessment process

 With your consent, your GP or other Specialists from whom you have received treatment.

How We Collect Your Personal Information

Personal information will be collected directly from you during recruitment and employment.

Further personal information may be collected when you are referred into the occupational health service, for example, in undertaking management referrals and occupational health assessments; health surveillance and health screening; work station assessments; immunisations; or when providing physiotherapy and counselling services.

Personal information may also be collected from healthcare professionals in certain circumstances e.g. from your GP or treating specialist.

We collect this information by way of:

 Verbally by way of telephone calls or during face to face consultations.

 Email communications

 In writing or electronically via forms that you or your manager complete as part of the management referral process or for health surveillance, or via reports sent to us from other parties, for example, from your GP

 Online communication platforms such as Skype and our Occupational Health Online Secure Portal

What We Do With Your Personal Information

Your personal information is processed for the purpose of:

 To identify you and ensure your medical information is filed and stored correctly.

 To identify contact details, such as name, address, telephone number and email, to inform and remind you about your appointments and send you any relevant correspondence.

 To identify your GP contact in case of emergency or where we need to request a report from your GP, with your consent; as part of your occupational health assessment.

 To provide health clearance on your fitness to work / train.

 To assess and protect your health and your fitness to work.

 To identify a baseline of your health against which to measure any future changes.

 To undertake health surveillance

 To provide advice to managers on the impact of your health on work and work on your health.

 To promote your abilities and help support any disabilities in the workplace, recording recommendations for necessary adjustments, restrictions or modifications.

 To identify any additional support that would help you to improve your health.

 To provide you physiotherapy care.

 To provide you counselling care.

 To provide relevant immunisations and prophylactic treatments, if appropriate.

 To undertake health promotion, health education and health preventative activities.

 To undertake assessments for consideration of retirement on the grounds of ill health.

 To report and investigate complaints, claims and untoward incidents.

 To report events to the appropriate authorities when we are required to do so by law e.g. for communicable disease, under RIDDOR.

 To review your care e.g. clinical auditing to ensure we provide the relevant high quality service.

 To review the service and health of the workforce with anonymous management information and data trends.

Our service will provide specific reasons for the work undertaken in information leaflets that you will be provided before such duties are carried out by occupational health.

Where possible, we will always look to anonymise/pseudonymise your personal information so as to protect patient confidentiality, unless there is a legal basis that permits us to use it and we will only use/share the minimum information necessary.

Who We Share Your Information With and Why

We are required to protect your personal information, inform you of how your personal information will be used and allow you to decide if and how your personal information can be shared. Personal information you provide to Sugarman Occupational Health Service in confidence will only be used for the purposes explained to you and to which you have consented. Unless, there are exceptional circumstances, such as when the health or safety of others is at risk, where the law requires it or there is an overriding public interest to do so.

Your information is private and will only be shared when it is necessary and lawful to do so:

 Information on your fitness to work is shared with your line manager, departmental safety officer and HR with your consent.

 Details of your medical conditions will be shared with others involved, or to be involved, in the provision of your healthcare for medical purposes**

 Details of infectious diseases which present significant risk to human health and the wider public under the Public Health (Control of Disease) Act 1984 and the Health Protection (Notification) Regulations 2010 and where we have a legal duty.

 Assisting third parties with regulatory responsibility such as The Care Quality Commission and Information Commissioner’s Office where we have a legal duty.

There are a number of circumstances where we must or can share information about you to comply or manage with:

 Disciplinary/investigation processes; including referrals to Professional Bodies, e.g. NMC and GMC

 Legislative and/or statutory requirements

 Court Orders which may have been imposed on us

 Request for information from the police and other law enforcement agencies for the prevention and detection of crime and/or fraud if the crime is of a serious nature

 For our public sector clients, under the Freedom of Information Act, they are obliged as a public sector body to release relevant anonymous data following a legitimate request

 When it is required by us or others to detect, investigate or prevent serious crime where we have a legal duty.

Where there is cause to do this, Sugarman Occupational Health Service will always do its best to notify you of this sharing.

**The relationship between a patient and a medical professional is a special one. Clinicians have a common law duty of confidence. The Occupational Health Clinician will be satisfied that you consent to any sharing, even when this for genuine medical purposes under the General Data Protection Regulations 2018

We will not routinely disclose any information about you without your express permission.

Any disclosures of personal data are always made on a case-by-case basis, using the minimum personal data necessary for the specific purpose and circumstances and with the appropriate security controls in place. Personal Information is only shared with those agencies and bodies who have a "need to know" or where you have consented to the disclosure of your personal data to such persons.

Where possible, we will always look to anonymise/pseudonymise your personal information so as to protect confidentiality, unless there is a legal basis that permits us to use it, and will only ever use/share the minimum information necessary. However, there are occasions where your employer is required by law to share information provided to us with other bodies responsible for auditing or administering public funds, in order to prevent and detect fraud.

How We Maintain Your Records

When determining how long we keep your information, we take into account any legal requirements, the expectations of the data protection regulator and the amount of time since your last engagement with OH.

We do not keep records for longer than is necessary

Your personal information is held in both paper and electronic forms for specified periods of time in accordance with all appropriate legislation

We hold and process your information in accordance with the Data Protection Act 2018 as amended by the GDPR 2018. In addition, everyone working for Sugarman Occupational Health Services must comply with the Common Law Duty of Confidentiality and various national and professional standards and requirements.

We have a duty to:

 Maintain full and accurate records of the care we provide to you

 Keep records about you confidential and secure

 Provide information in a format that is accessible to you

Your data will be securely stored at Sugarman Occupational Health Service onrelevant secure servers.

Your Occupational Health data will be retained for a period of the person’s employment plus six years

For Health Surveillance health records, this will be stored for 40 years to comply with Health and Safety Control of Hazardous Substances at Work (COSHH) 2012 legislation. Information on Radiation Medicals will be stored for 50 years to comply with the Ionising Radiation Regulations.

The above will be applied, unless there are other clinical grounds or legislative reasons to keep them for a longer period.

What Your Rights Are

If we need to use your information for any reasons beyond those stated above, we will discuss this with you and ask for your explicit consent.

Access

You have a right to ask Sugarman if we have your personal information. If we do, you have a right to know:

 Why we have it

 What type of information we hold

 Whether we have or will send it to others

 How long we keep it

 Where we got it from

 Details of any automated decision-making

 You can ask for a copy of your occupational health record (in full or part).

Specifically, the Data Protection Act 2018 gives you certain rights, including the right to:

 Request to access the personal data we hold about you, e.g. personnel records. If you wish to do this, please contact Sugarman Occupational Health in writing. Please remember to include details of the information you require plus contact details and two forms of identification such as a copy of your driving license/passport and also a document with your name and address on such as a utility bill.

 Ask us to restrict the use of your information where appropriate

 Ask us to copy or transfer your information from one IT system to another in a safe and secure way, without impacting the quality of the information

 To your personal information to be transferred to other providers on certain occasions

Rectification

You do not have a “right to erasure” of your data as the processing is necessary for the purpose of preventative or occupational medicine (e.g. where the processing is necessary for the working capacity of an employee; for medical diagnosis; for the provision of health or social care; or for the management of health or social care systems or services). This applies as your data is being processed by and under the responsibility of a health professional under relevant codes of conduct and the common law duty of confidence.

You can, however, request that an amendment is attached to your occupational health record if you believe any of the information held by us is inaccurate or misleading.

Specifically, the Data Protection Act 2018 gives you certain rights, including the right to:

 Request the correction of inaccurate or incomplete information recorded in our records, subject to certain safeguards

Objection

Where Sugarman has relied on your consent to process your data, you have a right to withdraw your consent at any time.

Sugarman may look to another legal basis to undertake a processing activity.

Specifically, the Data Protection Act 2018 gives you certain rights, including the right to:

 Request that your information be deleted or removed where there is no need for us to continue processing it and where the retention time has passed

 To challenge any decisions made without human intervention (automated decision making)

 To object to the use of your personal information: in certain circumstances you may also have the

 right to ‘object’ to the processing (i.e. sharing) of your information where the sharing would be for a purpose beyond your care and treatment (e.g. as part of a local/regional data sharing initiative). This so called ‘’Data Opt-out’ initiative, developed by Dame Fiona Caldicott, is set to commence in 2018 and conclude in March 2020. Further information can be found on the following website:

https://digital.nhs.uk/national-data-opt-out

 To refuse/withdraw consent to the sharing of your health records: Under the Data Protection Act 2018 we are authorised to process, i.e. share, your health records ‘for the management of healthcare systems and services’. Your consent will only be required if we intend to share your health records beyond these purposes, as explained above (e.g. research). Any consent form you will be asked to sign will give you the option to ‘refuse’ consent and will explain how you can ‘withdraw’ any given consent at a later time. The consent form will also warn you about the possible consequences of such refusal/withdrawal.

Please contact the Occupational Health Administration Manager on 02476 309727 for further information or write to Occupational Health Administration Manager at:

Sugarman Health and Wellbeing Ltd
101 Lockhurst Lane
Coventry
Warwickshire
CV6 5SF
Email: info-occhealth@sugarmanhealth.com

 

How To Contact The Information Commissioner’s Office (ICO)

The Information Commissioner’s Office (ICO) is the body that regulates Sugarman under Data Protection and Freedom of Information legislation: https://ico.org.uk/. If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the. ICO at:

Information
Commissioner's Office
Wycliffe House
Waterlane
Wilmslow
Cheshire
SK9 5AF

Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number
Fax: 01625 524 510
Email: casework@ico.org.uk