0141 889 5522
support@hbcompliance.co.uk
Mon - Fri : 09:00 AM - 05:00 PM

Consent Information

Healthier Business UK Ltd. processes personal data on behalf of recruitment agencies, using the lawful bases provided by GDPR, such as Legitimate Interests and Special Category Data (Article 9(2)(h)), for occupational health purposes. In many cases, consent is not required for processing activities necessary for occupational health assessments, fitness for work evaluations, or compliance with health and safety regulations.

However, explicit consent will be obtained in specific situations, such as:

· Sharing personal data with third-party professionals (e.g., doctors or specialists).

· I am contacting external medical professionals for further health information.

· Providing recommendations to employers or recruitment agencies beyond legal occupational health assessments.

Our Role as a Service Provider

Healthier Business UK Ltd. provides third-party Occupational Health services and online training programs for candidates on behalf of recruitment agencies. These services ensure that candidates meet the required health and training standards for their employment role. Our services include:

· Occupational Health assessments include health screenings, Fitness to Work evaluations, and remote case management referrals.

· Online training services, where candidates’ personal data (including training progress and completion) is processed to confirm completion of onboarding requirements.

The Role of the Recruitment Agency

Recruitment agencies play a crucial role in the consent process. The agency is responsible for ensuring that candidates are fully informed about the services provided by Healthier Business UK Ltd., including our role in conducting Occupational Health assessments and online training. The agency must:

· Communicate to the candidate the purpose of the assessments and training programs.

· Ensure that candidates understand how Healthier Business UK Ltd. will process their personal and medical data during onboarding.

Agencies are expected to partner with Healthier Business UK Ltd. to ensure compliance with all relevant data protection and clinical governance standards.

Methods for Obtaining Consent

Healthier Business UK Ltd. uses multiple methods to ensure that explicit consent is obtained from candidates before any services are conducted. These methods are aligned with GDPR and SEQOHS standards to ensure that all consent is fully informed, specific, and freely given. Methods for obtaining consent include, but are not limited to:

· Written Consent: Obtained through completing Occupational Health questionnaires, management referral forms, and consent for escalation to third-party medical professionals.

· Online Consent: For online training, consent is obtained when candidates access and engage with training materials. By completing the training, candidates consent to processing their data for progress tracking and results sharing.

· Verbal Consent: In specific cases, verbal consent may be documented, particularly during consultations or follow-up assessments.

Healthier Business UK Ltd. may also implement additional methods to obtain consent based on the nature of the service or the requirements of clients and auditors.

Consent for Occupational Health and Training Services

Although explicit consent is not required for all occupational health activities under Article 9(2)(h) of the GDPR, Healthier Business UK Ltd. collects consent under Article 9(2)(a) as a best practice to ensure transparency and compliance. Consent is explicitly required for certain services where personal data is shared or escalated to third parties. These areas include:

· Review of medical records, immunisation status, and health questionnaires: Under Article 9(2)(h), explicit consent is not required for routine occupational health assessments and issuing a Fitness to Work certificate. However, Healthier Business UK Ltd. may collect consent as a precaution to ensure candidates are fully informed.

· Remote case management referrals: When health assessments are necessary, and the results must be communicated to the recruitment agency or employer, explicit consent is obtained before proceeding, in line with Article 9(2)(a).

· Escalation to third-party Occupational Health Physicians (OHPs) or other medical professionals: Explicit consent is required under Article 9(2)(a) when further specialist input is necessary, and personal data is shared with external professionals.

· Online training services: Consent is required under Article 9(2)(a) for using personal data during online training services, including tracking course completion and providing reports to the recruitment agency.

Right to Withdraw Consent

Candidates can withdraw their consent at any time, either verbally or in writing, without any negative consequences. Withdrawing consent will not affect the lawfulness of data processing before withdrawal. Upon withdrawal of consent, all further processing of personal data will cease unless legally required. Recruitment agencies and candidates will be promptly informed of any impacts on completing services, such as Occupational Health assessments or training.

To withdraw consent, candidates must contact the recruitment agency directly. Healthier Business UK Ltd., as a data processor, will act upon the instructions of the data controller in ceasing the processing of personal data

Compliance with SEQOHS, FOM and GDPR Standards

Healthier Business UK Ltd. is committed to maintaining the highest clinical governance and data protection standards, as SEQOHS and GDPR outlined. All data processing activities, including obtaining consent, are designed to meet these standards and ensure full transparency for candidates, recruitment agencies, and auditors.

As a data processor, Healthier Business UK Ltd. processes personal data on behalf of recruitment agencies and data controllers. Requests for data access, erasure, or rectification must be directed to the recruitment agency, who will instruct Healthier Business UK Ltd. on how to proceed.

Audit and Monitoring

Candidate data may be subject to periodic audits and performance reviews in compliance with clinical governance and quality assurance processes. Auditors, including SEQOHS assessors, may review data to ensure compliance with best practices and regulatory standards. All auditing activities are strictly adhered to confidentiality and data protection protocols.

Your Rights and Responsibilities

Candidates have the right to:

· Understand how their personal data is processed and used.

· Access, correct, or amend their data as needed.

· Withdraw consent without penalty.

Recruitment agencies have the responsibility to:

· Ensure candidates are fully informed about Healthier Business UK Ltd.’s services and their role in the consent process.

· Support Healthier Business UK Ltd. in compliance with data protection and clinical governance standards.

Contact Us for More Information

For more detailed information on how consent is obtained, processed, and managed, or to understand your rights and responsibilities in full, please request a copy of our Consent Procedure by contacting Healthier Business UK Ltd. directly.