Version Date: June 2021
Author: Stephanie Pearson
Health 2 Employment (H2E) Limited for the purposes of the Data Protection Act 2018 (DPA) and as defined by Article 4 (7) of GDPR, are registered as a ‘data controller’ for personal data processed by Health 2 Employment (H2E) Limited and other third parties contracted to process data for Health 2 Employment (H2E) Limited.
This means that we determine the purposes for which, and the manner in which, your personal data is processed. We have a responsibility to you and your personal data and will only collect and use this in ways which are compliant with data protection legislation. Health 2 Employment (H2E) Limited Data Protection registration can be viewed on the Information Commissioners Website.
Health 2 Employment (H2E) Limited has appointed a Data Protection Officer (DPO). The role of the DPO is to ensure that the organisation is compliant with GDPR and to oversee data protection procedures. The DPOs contact details are:
Governance and Data Manager
Health 2 Employment (H2E) Limited
Or e-mail: Stephanie.email@example.com
Health 2 Employment (H2E) Limited process personal information to enable us to provide services to our customers and clients; to promote our services, to maintain our own accounts and records and to support and manage our employees.
Health 2 Employment (H2E) Limited generally collects data in order to meet our contractual obligations.
The categories of information that we collect, hold and share include the following:
We may also process sensitive classes of information including:
We process personal information about:
Health 2 Employment (H2E) Limited does not knowingly solicit personal information from children under the age of 13 or send them requests for personal information. Much of the information we process will be obtained directly from you. We will also process information received from:
We need the information listed above (see what information we collect) primarily to allow us to perform our contract with you. We will process your data to enable us to meet our commitment to you e.g. protecting and promoting your health at work, fulfilling our responsibility for the health assessment, advising on the management of work-related health problems and health problems which may be affected by work, helping you get into work and providing counselling and other therapy services.
We use the information we hold about you to:
Change of purpose:
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, your explicit consent will be sought prior to processing. We may process your personal information without your knowledge or consent, in accordance with the regulations that apply to: 6(1)(f) of The General Data Protection Regulation 2016 (GDPR) & Data Protection Act 2018 (DPA18).
Some of the data held about you may be defined as ‘special category’ data under the GDPR & DPA18 (e.g. health date for employment purposes) and will be processed in accordance with the regulations that apply to: 9(2)(b) and/or 9(2)(h) of The General Data Protection Regulation 2016 (GDPR) & Data Protection Act 2018 (DPA) as part of the official authority vested in us as Data Controller and for reasons of substantial public interest.
Whilst the majority of information you provide to us is mandatory, some of it is provided to us on a voluntary basis. When we do process this additional information we will ensure that we ask for your consent to process this.
Where Health 2 Employment (H2E) Limited shares data with a third party who undertakes work for Health 2 Employment (H2E) Limited, Health 2 Employment (H2E) Limited requires that the sharing is undertaken under contract and is subject to a data sharing agreement, specifying the secure management of the data.
Data might also be shared with other bodies, for the purposes of those organisations fulfilling their own statutory purposes. Such sharing is undertaken using a standard data sharing agreement for specified legitimate and restricted purposes.
Where necessary or required we may also share information with:
We will not share any information about you outside the organisation without your consent unless we have a lawful basis for doing so.
In line with the principles of medical confidentiality no medical information (diagnosis, results of tests etc.) is shared without your informed consent (permission). This is a professional requirement separate to any requirements of data protection legislation. Where specific health assessment processes are undertaken, information on the outcome of such assessments is shared internally to nominated individuals who have a business need to know.
We may in exceptional circumstances process your personal data because it is necessary to protect your or another person's vital interests, for example, where you have a life-threatening accident or illness in the workplace, or where you disclose during treatment information giving rise to safeguarding concerns and we have to share your personal data in order to ensure you receive appropriate medical attention.
The security of the Health 2 Employment (H2E) Limited’s systems which process and store data are regularly reviewed in accordance with legislative and funding requirements, and assessments and checks promoted by the Information Commissioner's Office.
Data is securely deleted when it is no longer required for the purposes collected. For further details please see our General Data Protection Policy and Information and Communication Technologies Policy alongside our Document Retention Policy.
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
In addition, we limit access to your personal information to those employees, who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Health 2 Employment (H2E) Limited will keep your data in line with our Document Retention Policy.
Most of the information we process about you will be retained as determined by statutory obligations. Any personal information which we are not required by law to retain will only be kept for as long as is necessary to fulfil our organisational needs.
Anonymous data from surveys and feedback exercises may be retained for a longer period to aid year on year comparisons.
Under GDPR you have the following rights in relation to the processing of your personal data:
If a data subject has any concerns about the way we have handled their personal data or would like any further information, they should be advised to contact our DPO on the address provided above.
If we cannot resolve their concerns they may also complain to the Information Commissioner’s Office (ICO) (the Data Protection Regulator) about the way in which the organisation has handled their personal data.
The ICO however will only usually investigate a complaint once the organisation being complained to has had an opportunity to respond. Details of how to complain to the ICO will also form part of the Data Protection Officer response to any complainant.
Health 2 Employment (H2E) Limited may amend this Policy and the associated Privacy Notice from time to time. If we make any substantial changes in the way we use your personal information we will make that information available by amending this Policy and our Privacy Notice.
The Department for Work and Pensions (DWP) pays towards the costs of employment related programmes. Personal data is collected to deal with a variety of areas including:
The information the DWP collects about you depends on the reason for your business, but they may use the information for any of these purposes.
The DWP may also check information that they collect about you with other information they have.
The DWP may share your information for a number of reasons, including to:
Further information can be found at: