Occupational Health Service privacy notice
Your Personal Information and how we use it
Sunderland City Council's Occupational Health Service needs to collect information about you as either a referring manager or an employee being referred, to help us to provide the best possible service.
We will only use information collected lawfully in accordance with the General Data Protection Regulation (GDPR) and the 2018 Data Protection Act.
We will not use any information we hold about you for any other purpose than that for which it was collected, unless we have obtained your consent beforehand.
What information do we collect?
We collect information about prospective employees, employees and former-employees. The minimum amount of Personally Identifiable Information and Special Category Data (Sensitive Personal data) is collected to deliver the service. The service does not use anonymised or pseudonymised data as the data subject must always be identified. This information may be recorded in writing, or electronically on a computer, or a mixture of both.
The type of information we will collect:
- your name, address and contact details including email address and telephone number
- details of any absences • the reason for the referral
- details of your job
- information about any medical conditions
- results of assessments
How is the information we collected used to help you?
The information we collect may be used to help you in the following ways:
- decisions on whether fit for employment;
- identify any support required to return to work and remain in work;
- identify whether medically fit to continue in your role;
- provide immunisation required for your role;
- identify whether referral to an independent medical practitioner or your GP is required.
Do we share information about you with anyone?
There are times when it will be appropriate for us to share relevant information with your manager and HR Adviser who in the course of undertaking their activities, are provided with a report from Occupational Health as part of the service delivered to them.
We do not share information about you with anyone without your consent unless the law requires or allows us to do so. We will always seek your positive consent to share information if there is no legal basis to share.
In all cases where we must pass on information, we will only share the minimum amount of information required and will use the most secure method to transfer.
The lawful basis on which we use this information
We process personal information where there is a relevant legal basis to do so as provider of an Occupational Health service. These legal grounds include:
- Processing is necessary to enable you to comply with your contract of employment the Council or a partner organisation on behalf of whom the OHS actsProcessing is necessary to comply with the Data Controller's statutory obligations e.g. statutory health checks, illhealth retirement assessments.
Some of the information we need to hold is classed as special category information - primarily ethnicity, gender and any health conditions. Our lawful basis for processing this data is provided by Article 9(2)(h) of GDPR - the provision of health or social care.
How we look after your information
All information is held securely with physical, organisational and electronic access controls to ensure it is secure both at rest and when in transit.
How long we will look after your information
We will keep information in line with Sunderland City Council's Retention Schedule for Occupational Health Service. We will only keep it for as long as we need it which is either 7, 40 or 50 years depending on the nature of the service being delivered. When we no longer need your information, it will be destroyed securely by deletion or electronic records and shredding of paper files.
Requesting access to your personal data
You can find out if we hold any personal information about you by making a 'subject access request' under the General Data Protection Regulation.
In addition, you have the right to request the rectification or erasure of your personal data, and to object to, or request restriction of, processing your data.
If you have any concern about the way we are collecting or using your personal information, we request that you raise your concern with us in the first instance.
Alternatively you can contact the Information Commissioner's Office at https://ico.org.uk/concerns/
Further information
https://www.sunderland.gov.uk/data-protection
Contact us
Data Protection Officer
Sunderland City Council
City Hall
Plater Way
Sunderland
SR1 3AA
Email: data.protection@sunderland.gov.uk
Tel: 0191 5611023