Privacy Notice

Please read this privacy notice to understand how what personal information we collect from you, how we use and store this information, how long we retain it and for which legal purpose we share it.

Privacy and Cookies Policy

About Sugarman Occupational Health 

This website is owned and operated by Sugarman Health and Wellbeing Limited. For the purposes of this privacy notice, Sugarman Health and Wellbeing Limited and, its subsidiaries will be known as ‘Sugarman Health and Wellbeing’.

The data controller for this website is Sugarman Health and Wellbeing Limited (registered company number 5466033) of 33 Soho Square, London, W1C 3QU.

Scope of this notice

We take the privacy of our website users seriously. Our privacy notice tells you what to expect when Sugarman Health and Wellbeing collects personal information through its website in accordance with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.

It also provides a summary of how we collect, use and protect your personal information within our publicly funded health and care services and corporate teams across Sugarman Health and Wellbeing. We will also explain what rights you have with regards to your personal information and how you can exercise those rights.

Privacy notices and information leaflets about health and care records are also provided at local service level in addition to this website.


Personal data: any information relating to an identifiable individual such as your name, NHS number, contact details. It can also be location data or online identifier.

Special categories of personal data are defined as: racial or ethnic origin, politics, religious or philosophical beliefs, trade union membership, genetics, biometrics (where used for identification) information concerning your health, sex life or sexual orientation.

Contacting us through our website, social media or email

When you provide information to us through this website we will store this data and hold it on a computer and/or in hard copy form. We will use this data to provide you with the services for which you have registered with us e.g. to process job applications, to make contact with us and for the purposes described in this statement including, where relevant, marketing, administration, development and improvement of this website.

When you interact with our Facebook and Twitter accounts, any information that you post is generally in the public domain.

Please note that we cannot guarantee the security of your information when you email correspondence with us.  We can encrypt messages if you prefer.   We operate an email monitoring system to safeguard the security of personal information being transmitted.  If your email is “quarantined” it may be reviewed by a member of our privacy team before being released or blocked.

Information we may collect from you and other sources:

Visitors to our website

When you visit our website we collect standard internet log information and details of visitor behaviours. This is statistical data only which we collect in order to find out the numbers of visitors to the site and the pages visited. The information is collected in such a way that does not identify individuals and we do not make any attempts to identify visitors this way.

Where we do collect personal information on the site, this will be made obvious to you through the relevant pages.

Web server log files

IP addresses are used by your computer every time you are connected to the Internet. Your IP address is a number used by computers on the network to identify your computer. IP addresses are automatically collected by our web servers so that data (such as the web pages you request) can be sent to you.

Web server log files are used to record information about our site, such as system errors. Log files do not contain any personal information or information about other sites which you have visited.


Please see our cookie section.

Social media

When you contact us through social media such as Facebook and Twitter, we hold your information and reason for contact in our social media management portal to enable us to easily access and manage our engagement with you.  This may result in us sharing your information with other parties within Sugarman Health and Wellbeing eg individuals involved in your care, managing your complaint etc.

Other contact

In order to provide you with a range of services, we may collect personal information from this website, from telephone responses, from written information sent to us and from other communications. We may for example, keep a record of your name, social media account name, mailing address, email address, telephone number, preferences and any other information you provide to us or is collected by us. We may supplement the information that you provide to us with information that we receive or obtain from other sources.

If you don’t provide this information, we will be unable to interact with you.

Information we may share about you:

We may provide information about you (on the understanding that such information will be kept confidential) to employees and agents of Sugarman Health and Wellbeing to administer any accounts, products and services provided to you by Sugarman Health and Wellbeing now or in the future.

As previously noted, we may also share the information you’ve provided to help with the resolution of a compliant or concern.

Otherwise we may disclose information about you to third parties:

  • where we have a duty to do so or if the law permits or requires us to do so; and
  • to anyone to whom we transfer or may transfer our rights and duties under our agreement with you.

Legal basis for processing your personal information:

  • We process your information for our legitimate interests of being able to respond to your enquiries, concerns or compliments, make improvements to our website and the service that we are providing.

Use of Cookies

A cookie is a string of information that a website stores on a visitor’s computer, and that the visitor’s browser provides to the website each time the visitor returns. This helps us to distinguish you from other visitors to our web site. The following lists the cookies used on this web site.

Google Analytics

_ga, _gat,_gid, cb-enabled (once accepted)
These cookies help tell us understand how many people have been to the site before, what time people visited the site and what pages were looked at.

Google Maps

_ga, _gat,_gid, cb-enabled (once accepted)
These are used by Google to track how many people use their maps. For more information, please refer to Google’s Privacy notice for more information:


On login, wordpress uses the wordpress_[hash] cookie to store your authentication details wp_set_auth_cookie( $user_id, $remember, $secure )
Use is limited to the admin console area. After login wordpress sets the wordpress_logged_in_[hash] cookie, which indicates when you are logged in and who you are, for most interface use, WordPress also sets a few wp-settings-{time}-[UID] cookies. The number on the end is your individual User ID (or UID) from the user database table.

Using the login pages

wp_setcookie($username, $password, $already_md5 = false, $home = ”, $siteurl = ”)
When you log into WordPress from, WordPress stores the following two cookies:

  • Your user name
  • A double-hashed copy of your password

The cookies are set to expire two weeks from the time they are set.

For more information about WordPress’s cookies, please refer to their Privacy notice which can be found at

Find out more about cookies

For more information about cookies, including how to view the cookies that have been set and how to manage or delete them, please visit

Legal basis for processing your personal information:

  • Legitimate interests of being able to maintain the functionality and usability of our website and other social media outlets.

Use of your information outside the European Economic Area

We may need to transfer your personal information to, and store it in, countries outside the European Economic Area which may not protect your personal information as extensively as the United Kingdom. If we do so we will ensure that an agreement is in place with anyone to whom we pass your information to ensure that your data is treated securely and in accordance with this Privacy notice.  By submitting your personal information, you agree to this transfer, storage and processing.


We take the security of your personal data very seriously. Technical and organisational controls have been designed and implemented to protect the personal information that we hold about you. These controls may be:

  • Technical measures to secure the information on our websites and other areas where information is hosted to prevent unauthorised access to your personal data.
  • Organisational controls such as regular confidentiality and security training, vetting, due diligence and contractual obligations imposed on our trusted providers and persons working under our instruction

However, due to the inherent security risk of providing information and dealing online, we cannot guarantee the security of any data you disclose online. Therefore, you recognise that your use of our website and social media contacts is entirely at your own risk.

Links to other websites

Please be aware that our site may link to other websites which may be accessed through our site. If you follow a link to any of these websites, please note that they will have their own cookies and privacy policies. We do not accept any responsibility or liability for the privacy and security practices of such third party websites and your use of such website is entirely at your own risk.

Your health and social care information

We will not collect information about your health and care through this website.  Each of our health and social services maintains its own privacy notice in relation to your health record. The health and social professionals caring for you keep records about your health and the care you receive.  The information is stored on both paper and computer systems.  You records will include basic information such as your address, ethnic group and next of kin.  They may also contain facts about your health, including appointments and test results.  They may also contain information based on the professional opinion of the staff caring for you.  Your records are used to ensure that:

  • Staff caring for you have accurate, up to date information to help them decide the best possible care and treatment for you
  • The information is available should you need another form of care, for example referral to another service
  • There is a good basis for looking back and checking on the type and quality of care you received
  • Your concerns can be properly looked into if you have a complaint
  • We have an accurate record

We ask you for information about yourself so that you can receive the care and treatment you need.  This relates to your health and care and local administrative purposes such as waiting list management, performance against targets, activity monitoring, local clinical and care audits and providing our commissioners with datasets for commissioning purposes and national collections.

We maintain a record of our contacts and appointments with you, together with relevant information supplied by other parties such as your family, representative, GPs, NHS Trusts, Social Care and community providers for continuity of care.

We may use your personal information to investigate complaints, or establishing, exercising or defending a legal claim, managing incidents, conducting health research and development, teaching and training our health and care professionals. We may also send you text reminders of forthcoming appointments to reduce the number of ‘did not attend’ (DNA’s).  You can always opt out of this by contacting the service handling your care.

It’s always helpful if you can inform us when you change address or telephone numbers to assist us with keeping your record up to date.

It is also our responsibility when we provide care to children and vulnerable adults, to ensure a safe environment that promotes their health and well-being and aids their recovery from illness or injury. Safeguarding children and vulnerable adults from harm is an essential aspect of health and social care.

As with all health and social care providers, we are subject to the statutory duty under the Health and Social Care Act 2012 to share information for your direct care.

Information we may collect from you:

  • Name, title, address and other contact details, date of birth, ethnicity, marital status, occupation, NHS number and contact details including next of kin or carer details
  • Power of Attorney, advocate or carer information
  • Information relating to your health and wellbeing and social care support and interventions
  • Sexual history including partners, sexual orientation where relevant
  • School information and information about your family health or social history
  • Images and recordings
  • Child and/or adult safeguarding concerns or protections in place
  • Any special needs or preferences for receiving information

If you don’t provide this information, your care will be compromised.

Information that we may collect from others:

  • As above plus
  • Referrals, reports, X-rays, pathology and other results and updates relating to careplans and other aspects of your health and care
  • Alerts and concerns
  • Recommendations for special arrangements at home
  • Incidents that you have been involved in
  • Requests for information from official authorities or your representatives
  • Your records if the service is transferring to us under contract
  • CCTV images captured
  • Information relating to safeguarding, MAPPA, Prevent concerns
  • Complaints and compliments

When we share your information:

We may share information about you for the following purposes;

  • To support your health and care arrangements including referrals, pathology and other results
  • If it is in your best interests
  • Recommendations for special arrangements at home
  • To manage incidents that you have been involved in
  • To deal with complaints and investigations
  • Requests for information from official authorities or your representatives
  • Your records if the service is transferring to us under contract or if you are moving out of area
  • The prevention and detection of crime
  • Funding requests or payments
  • Integrated care initiatives
  • Legal advice or proceedings
  • Responding to legal requests and court orders
  • Public health notifications

Our partners and other recipients:

  • We work in partnership with commissioners, other health and care providers such as primary care services, local authorities, NHS trusts, pathology providers etc
  • Prison service relating to prison healthcare
  • Local Safeguarding Boards
  • Regulators
  • We may use trusted providers to host our IT, archiving, email and texting services and surveys
  • We may use corporate teams within Sugarman Health and Wellbeing Group who provide ‘back office’ support on behalf of services within our group such as communications and marketing, information governance, clinical governance and IMT.

Legal basis for processing your personal information:

  • Legitimate interestsof providing and managing health and social cares services to our patients service users and clients
  • Performance of a task carried out in the public interest or in the exercise of official authority
  • Necessary for a legal obligation
  • Necessary for reasons in the area of public health

Legal basis for processing special categories “sensitive” personal information:

  • We need to use the data in order to provide medical diagnosis, health and social care treatment services to you
  • Social protection law for safeguarding purposes
  • Where it is necessary to protect your vital interests when you are physically or legally incapable of providing consent


We provide newsletters and other information to a wide range of groups within our service including individual involved with our Citizens’ Panels, Carers Groups and volunteer networks.

In these circumstances we provide each group with detailed privacy notices about how their information will be used with options for changing preferences and fully opting out.

Opt out and preference change links are on all email contacts we send you.

Legal basis

  • We will generally rely on your consent to receive our newsletters and information about our services
  • On occasions it may be in our legitimate interests to

National Data Opt Out:

How the NHS and care services use your information

Whenever you use a health or care service, such as attending Walk in Centres or using Community Care services, important information about you is collected in a patient record for that service. Collecting this information helps to ensure you get the best possible care and treatment. The information collected about you when you use these services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with:

  • improving the quality and standards of care provided
  • research into the development of new treatments
  • preventing illness and diseases
  • monitoring safety
  • planning services

This may only take place when there is a clear legal basis to use this information. All these uses help to provide better health and care for you, your family and future generations. Confidential patient information about your health and care is only used like this where allowed by law.

Most of the time, anonymised data is used for research and planning so that you cannot be identified in which case your confidential patient information isn’t needed. You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt out your confidential patient information will still be used to support your individual care.

To find out more or to register your choice to opt out, please visit  On this web page you will:

  • See what is meant by confidential patient information
  • Find examples of when confidential patient information is used for individual care and examples of when it is used for purposes beyond individual care
  • Find out more about the benefits of sharing data
  • Understand more about who uses the data
  • Find out how your data is protected
  • Be able to access the system to view, set or change your opt-out setting
  • Find the contact telephone number if you want to know any more or to set/change your opt-out by phone
  • See the situations where the opt-out will not apply

You can also find out more about how patient information is used at: (which covers health and care research); and (which covers how and why patient information is used, the safeguards and how decisions are made)

You can change your mind about your choice at any time.

Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement.

Health and care organisations had until September 2020 to put systems and processes in place so they can be compliant with the national data opt-out and apply your choice to any confidential patient information they use or share for purposes beyond your individual care. Our organisation is compliant with the national data opt-out policy.

Candidates and Employee information

We have separate privacy notices held in our careers section.  These are also issued to you if you apply for a vacancy or are successfully recruited into a role.

Information retention

We keep your information in accordance with the national guidance: Records Management Code of Practice for Health and Social Care 2016, after which records and confidential information are securely destroyed in line with this code of practice

Your rights

Data Protection laws provides you with the following rights:

The right to be informed As a data controller, we are obliged to provide understandable and transparent information about the way we process your data (this is provided by our privacy policy).
The right of access You are entitled to request a copy of the personal data we hold about you. Information about how to access your records can be found on our Legally Required Information page on our website
The right to rectification You are entitled to request changes to information if it is inaccurate or incomplete
The right to erasure Where no overriding legal basis or legitimate reason continues to exist for processing personal data, you may request that we delete the personal data.
The right to restrict processing Under certain circumstances, you may ask us to stop processing your personal data. We will still hold the data, but will not process it any further.
The right to data portability Subject to certain conditions, you may request a copy of your personal data to be transferred to another organisation.
The right to object to processing You have the right to object to our processing of your data where§  Processing is based on legitimate interest;

  •   Processing is for the purpose of direct marketing;
  •   Processing is for the purposes of scientific or historic research;
  •   Processing involves automated decision-making and profiling.

Please note that the above rights may not apply in all circumstances but we will respond within a month of any requests. If you have any questions or concerns about the information we hold on you, please contact our Data Protection Officer by one of the following options:


Tel:       01928 242942

Post:    Data Protection Officer

Sugarman Health and Wellbeing

33 Soho Square



If you are not happy about the way your information is handled, you have the right to lodge a complaint with a supervisory authority.  In the UK, this is the Information Commissioners Office (ICO).

Changes to our privacy notice

We will update this privacy notice from time to time to reflect any changes to our ways of working. Please contact our data protection officer if you would like more information.