Privacy Notice for Job Applicants

In accordance with the General Data Protection Regulation (GDPR), we have implemented this privacy notice to inform you, as prospective employees of our Company, of the types of data we process about you. We also include within this notice the reasons for processing your data, the lawful basis that permits us to process it, how long we keep your data for and your rights regarding your data.

A) DATA PROTECTION PRINCIPLES

Under GDPR, all personal data obtained and held by us must be processed according to a set of core principles. In accordance with these principles, we will ensure that:
a) processing is fair, lawful and transparent
b) data is collected for specific, explicit, and legitimate purposes
c) data collected is adequate, relevant and limited to what is necessary for the purposes of processing
d) data is kept accurate and up to date. Data which is found to be inaccurate will be rectified or erased without delay
e) data is not kept for longer than is necessary for its given purpose
f) data is processed in a manner that ensures appropriate security of personal data including protection against unauthorised or unlawful processing, accidental loss, destruction or damage by using appropriate technical or organisation measures
g) we comply with the relevant GDPR procedures for international transferring of personal data

B) TYPES OF DATA HELD

We keep several categories of personal data on our prospective employees in order to carry out effective and efficient processes. We keep this data in recruitment files relating to each vacancy and we also hold the data within our computer systems, for example, recruitment logs.
Specifically, we hold the following types of data:
a) personal details such as name, address, phone numbers;
b) name and contact details of your next of kin;
c) your photograph;
d) your gender, marital status, information of any disability you have or other medical information;
e) right to work documentation;
f) information on your race and religion for equality monitoring purposes;
g) information gathered via the recruitment process such as that entered into a CV or
included in a CV cover letter;
h) references from former employers;
i) details on your education and employment history etc;
j) driving licence;
k) criminal convictions.

C) COLLECTING YOUR DATA

You provide several pieces of data to us directly during the recruitment exercise.
In some cases, we will collect data about you from third parties, such as employment agencies,
former employers when gathering references or credit reference agencies.
Should you be successful in your job application, we will gather further information from you,
for example, your bank details and next of kin details, once your employment begins.

The information below categorises the types of data processing we undertake and the lawful
basis we rely on.

Activity requiring your data

Carrying out checks in relation to your right to work in the UK

Making reasonable adjustments for disabled employees

Making recruitment decisions in relation to both initial and subsequent employment e.g. promotion

Making decisions about salary and other benefits

Making decisions about contractual benefits to provide to you

Assessing training needs

Dealing with legal claims made against us

Preventing fraud

Lawful basis

Legal obligation

Legal obligation

Our legitimate interests

Our legitimate interests

Our legitimate interests

Our legitimate interests

Our legitimate interests

Our legitimate interests

D) SPECIAL CATEGORIES OF DATA

Special categories of data are data relating to your:
a) health
b) sex life
c) sexual orientation
d) race
e) ethnic origin
f) political opinion
g) religion
h) trade union membership
i) genetic and biometric data.

We carry out processing activities using special category data:
a) for the purposes of equal opportunities monitoring
b) to determine reasonable adjustments, Most commonly, we will process special categories of data when the following applies:
a) you have given explicit consent to the processing
b) we must process the data in order to carry out our legal obligations

E) FAILURE TO PROVIDE DATA

Your failure to provide us with data may mean that we are unable to fulfil our requirements for entering into a contract of employment with you. This could include being unable to offer you employment, or administer contractual benefits.

F) CRIMINAL CONVICTION DATA

We will only collect criminal conviction data where it is appropriate given the nature of your role and where the law permits us. This data will usually be collected at the recruitment stage, however, may also be collected during your employment. We use criminal conviction data to determine your suitability, or your continued suitability for the role. We rely on the lawful basis of Legal Obligations to process this data

G) YOUR RIGHTS

You have the following rights in relation to the personal data we hold on you:
a) the right to be informed about the data we hold on you and what we do with it;
b) the right of access to the data we hold on you. We operate a separate Subject Access.

Request policy and all such requests will be dealt with accordingly;
c) the right for any inaccuracies in the data we hold on you, however they come to light, to be corrected. This is also known as ‘rectification’;
d) the right to have data deleted in certain circumstances. This is also known as ‘erasure’;
e) the right to restrict the processing of the data;
f) the right to transfer the data we hold on you to another party. This is also known as ‘portability’;
g) the right to object to the inclusion of any information;
h) the right to regulate any automated decision-making and profiling of personal data.

In addition to the above rights, you also have the unrestricted right to withdraw consent, that you have previously provided, to our processing of your data at any time. Withdrawing your consent means that we will stop processing the data that you had previously given us consent
to use. There will be no consequences for withdrawing your consent. However, in some cases, we may continue to use the data where so permitted by having a legitimate reason for doing so.
Withdrawing consent may also mean that we are unable to continue with your employment process through our agency.

If you wish to exercise any of the rights explained above, please contact your dedicated consultant.

H) MAKING A COMPLAINT

If you think your data rights have been breached, you are able to raise a complaint with the Information Commissioner (ICO).
You can contact the ICO at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF or by telephone on 0303 123 1113 (local rate) or 01625 545 745.

More information can be found on each of these rights in our separate policy on employee rights under GDPR.

A) RESPONSIBILITIES

In order to protect the personal data of relevant individuals, those within our business who must process data as part of their role have been made aware of our policies on data protection. We have also appointed employees with responsibility for reviewing and auditing our data protection systems.

B) LAWFUL BASES OF PROCESSING

We acknowledge that processing may only be carried out where a lawful basis for that processing exists and we have assigned a lawful basis against each processing activity. Where no other lawful basis applies, we may seek to rely on the employee’s consent in order to process data.
However, we recognise the high standard attached to its use. We understand that consent must be freely given, specific, informed and unambiguous. Where consent is to be sought, we will do so on a specific and individual basis where appropriate. Employees will be given clear instructions on the desired processing activity, informed of the consequences of their consent and of their clear right to withdraw consent at any time.

C) ACCESS TO DATA

As stated above, employees have a right to access the personal data that we hold on them. To exercise this right, employees should make a Subject Access Request. We will comply with the request without delay, and within one month unless, in accordance with legislation, we decide that an extension is required. Those who make a request will be kept fully informed of any decision to extend the time limit. No charge will be made for complying with a request unless the request is manifestly unfounded, excessive or repetitive, or unless a request is made for duplicate copies to be provided to parties other than the employee making the request. In these circumstances, a reasonable charge will be applied. Further information on making a subject access request is contained in our Subject Access Request policy.

D) DATA DISCLOSURES

The Company may be required to disclose certain data/information to any person.
The circumstances leading to such disclosures include:
a) any employee benefits operated by third parties;
b) disabled individuals – whether any reasonable adjustments are required to assist them at work;
c) individuals’ health data – to comply with health and safety or occupational health obligations towards the employee;
d) for Statutory Sick Pay purposes;
e) HR management and administration – to consider how an individual’s health affects his or her ability to do their job;
f) the smooth operation of any employee insurance policies or pension plans;
g) to assist law enforcement or a relevant authority to prevent or detect crime or prosecute offenders or to assess or collect any tax or duty. These kinds of disclosures will only be made when strictly necessary for the purpose.

E) DATA SECURITY

All our employees are aware that hard copy personal information should be kept in a locked filing cabinet, drawer, or safe. Employees are aware of their roles and responsibilities when their role involves the processing of data. All employees are instructed to store files or written information of a confidential nature in a secure manner so that are only accessed by people who have a need and a right to access them and to ensure that screen locks are implemented on all PCs, laptops etc when unattended. No files or written information of a confidential nature are to be left where they
can be read by unauthorised people. Where data is computerised, it should be coded, encrypted or password protected both on a local hard drive and on a network drive that is regularly backed up. If a copy is kept on removable storage media, that media must itself be kept in a locked filing cabinet, drawer, or safe.
Employees must always use the passwords provided to access the computer system and not abuse them by passing them on to people who should not have them. Personal data relating to employees should not be kept or transported on laptops, USB sticks, or similar devices, unless prior authorisation has been received.

Where personal data is recorded on any such device it should be protected by:
a) ensuring that data is recorded on such devices only where absolutely necessary.
b) using an encrypted system — a folder should be created to store the files that need extra protection and all files created or moved to this folder should be automatically encrypted.
c) ensuring that laptops or USB drives are not left where they can be stolen.

Failure to follow the Company’s rules on data security may be dealt with via the Company’s disciplinary procedure. Appropriate sanctions include dismissal with or without notice dependent on the severity of the failure.

F) THIRD PARTY PROCESSING

Where we engage third parties to process data on our behalf, we will ensure, via a data processing agreement with the third party, that the third party takes such measures in order to maintain the Company’s commitment to protecting data.

G) INTERNATIONAL DATA TRANSFERS

The Company does not transfer personal data to any recipients outside of the EEA.

H) REQUIREMENT TO NOTIFY BREACHES

All data breaches will be recorded on our Data Breach Register. Where legally required, we will report a breach to the Information Commissioner within 72 hours of discovery. In addition, where legally required, we will inform the individual whose data was subject to breach. More information on breach notification is available in our Breach Notification policy.

I) TRAINING

New employees must read and understand the policies on data protection as part of their induction. All employees receive training covering basic information about confidentiality, data protection and the actions to take upon identifying a potential data breach. The nominated data controller/auditors/protection officers for the Company are trained appropriately in their roles under the GDPR. All employees who need to use the computer system are trained to protect individuals’ private data, to ensure data security, and to understand the consequences to them as individuals and the Company of any potential lapses and breaches of the Company’s policies and procedures.

J) RECORDS

The Company keeps records of its processing activities including the purpose for the processing and retention periods in its HR Data Record. These records will be kept up to date so that they reflect current processing activities.

Candidates

Employers

Health & Social Care

Dentistry

GP Locums

Terms of Services

Privacy Policy