General Data Protection Regulations Privacy Notice
This policy has been written in accordance with data protection legislation: General Data Protection Regulation (EU 2016), Privacy and Electronic Communications Regulations 2003, and the Data Protection Act 2018.
Employers have a duty of care, and in some cases, a legal obligation, to protect their workforce. Employers may ask Anchor Health Solutions to conduct medical assesments in relation to the work you do. Personal data is collected primarily for: medical assessment, health surveillance, substance and alcohol screening/testing, attendance management and statutory medical assessments. Sensitive personal data includes information relating to: medical history, details of any prescribed or over the counter medication used, lifestyle information, including the use of alcohol, tobacco or/and illicit drugs.
As a result, the management of health information has a special significance in law; it is classified as personal and sensitive data. Personal and sensitive data may only be; collected, processed, stored and disclosed by Anchor Health Solutions with your explicit consent. If consent is not given, data collection must not take place. You have the right to withdraw consent at any time up until any results are processed and released to your employer. There are, extenuating circumstances which will override this condition – for example, where disclosure is required by law or where there is an immediate danger to your health. More information on your rights under GDPR can be found on the ICO website. Anchor Health Solutions assures that all personal health data collected is handled in accordance with Data Protection legislation. Anchor Health Solutions is registered with the Information Commissioner’s Office as a data controller. Our registration number is ZA466183. All reasonable efforts are made to protect the confidentiality, integrity and availability of your data at every stage from collection to archiving or destruction; this includes any data obtained by Anchor Health Solutions from data subjects, employers and data processors - including intellectual property.
Processing of Personal Data
Anchor Health Solutions uses a range of secure electronic software products & platforms, along with some paper-based data collection. Some of these are required by specialised organisations responsible for recommending industry standards & maintaining industry-specific databases (e.g. CBH, Sentinel), as well as, statutory medical authorities (e.g. MCA & HSE) that require hardcopy records for monitoring & auditing purposes. Anchor Health Solutions will not transfer your data outside the European Economic Area (EEA) without appropriate protection. We will never sell your data on, nor use it for other purposes than why it was originally collected. Details of assessments are processed and stored in a secure facility located at 40 Union Terrace, Aberdeen.
Third party data processors
Anchor Health Solutions have contracts with a network of approved suppliers such as; physiotherapists, counselling and laboratories for testing of blood. Disclosure of results in all cases, results of any tests or reports will be provided to you on providing consent, to the person(s) who are formally designated to receive results, e.g. your employer or sponsor. Results may be conveyed as follows: Email – industry standard security measures are applied, Client Portal - secure customer portal, Industry-specific database and Post – all outgoing mail is sent in envelopes marked “Private & Confidential.”.
Retention and destruction of records
Medical records are retained by Anchor Health Solutions in line with the retention schedule. Records are held for as long as is required, and the retention schedule takes into consideration the guidance under specific laws, e.g. The Control of Asbestos at Work Regulations; and Control of Substances Hazardous to Health. Anchor Health Solutions keeps electronic records of data subjects’ information on databases which are only accessed by authorised company personnel. Any paper copies containing sensitive personal data is securely destroyed.
Access to personal data
In accordance with Data Protection regulations, data subjects have the right to see all information held about themselves. On receipt of a subject access request, we will arrange for individuals to receive or review all data held by Anchor Health Solutions, or request specific information, e.g. all medicals undertaken between a specific date range. Such requests must be made in writing (email, post or delivered in person) and addressed for the attention of the Data Protection Officer. A response will be issued within one month. If you have questions about your data, contact our Data Protection Officer; Oluropo Adeleke, 40 Union Terrace, AB10 1NP or email: firstname.lastname@example.org
Data: information held by Anchor Health Solutions
Data Controller: Anchor Health Solutions is the data controller
Data processor: Any third party contracted by Anchor Health Solutions to provide professional services to, or on behalf of, us
Data subject: the individual undergoing testing with Anchor Health Solutions
Employer: the company who you work for and pays for your testing and receives results. This may be a direct employer, an employment agency, a sponsor or sub-sponsor.
Personal data: any data which identifies you, e.g. name, date of birth, National Insurance number Results: the outcome of any medical assessment, screening or testing you have by us
Sensitive personal data: Any information relating to your health
Sponsor (see employer): particular to subcontractors as in the construction or rail industry. A data subject may have up to two additional “sub-sponsors”.