Healthperm are committed to protecting and respecting data privacy.
This website is operated by Healthperm and where we use the ‘Company’ ‘we’; ‘us’; and ‘our’ this refers to Healthperm. We are responsible for the security of the personal data that you supply to us and for complying with the General Data Protection Regulations (GDPR) regarding your data. Please read this policy carefully so you can understand our practices.
We keep this policy under regular review and we place updates on this webpage which become effective immediately. Our details are as follows:
Our Information Commissioners Office (‘ICO’) Registration number is: ZA178660 until the 13th April 2019.
Our UK office is at: Churchill House, 1 London Road, Slough, Berkshire, SL3 7FJ.
If you have any queries about this policy or any other data privacy or protection matter, please contact us on: email@example.com.
We refer to ‘you’ or ‘your’ in this policy to help you understand which information is relevant to you and the services you have accessed.
When you access our website for any reason we will collect information about your visit please see section 3 below. By using our website www.healthperm.com you are
accepting and consenting to the practices described in this policy. This policy was last updated on the 25th May 2018.
2. Our Legal Basis for Processing your Personal Data
Healthperm will collect your personal data (which may include sensitive personal data) and will process your data depending on the services we provide to you at your request or the reason you have accessed our website. We use your data to do the things you would expect from us as a recruitment business.
In providing personal data to us you have a right to be informed of the legal basis we use to process your data which includes the following.
- Performance of, or entry into a contract: data processing is necessary for us to establish a contract with you, or you have asked us to take specific steps before entering into a contract.
- Compliance with legal obligations that we are subject to: data processing is necessary to comply with legislation that the Company has identified as the legal basis for processing.
- Vital interests: data processing is necessary to protect life and will only be used in emergency situations where you have not been able to give explicit consent.
- Public task: the processing is necessary as the Company must perform a task in the public interest or as part of our official function and there is a clear basis in law.
- Legitimate interest: the processing is necessary for the Company’s or third parties’ legitimate business interests.
Where processing personal sensitive data or ‘special category data’ as defined by the GDPR we may use the following legal bases.
- Explicit consent where we use this legal basis we will explain at the time we collect your data and obtain your consent that you may withdraw that consent at any time by contacting us on: firstname.lastname@example.org.
- Carrying out obligations and rights in the field of employment, social security and social protection law.
- Vital interest (as above).
- Management of health and the capacity for employment.
- Establishment, exercise or defence of legal claims.
3. Data Collection and Processing
Data Collection and Processing - Clients
We collect and process personal data to provide recruitment, placement and support services to our clients who are public and private hospitals based in the United Kingdom and Republic of Ireland.
- If you are accessing our services as a client, we will collect and use information about your organisation and individuals in your organisation to meet our contractual obligations to you.
- We collect client contact details to raise invoices and the names, telephone numbers and email addresses of individual contacts for queries or to ensure the smooth operation of our business relationship as defined by our contract with you.
- We may hold general information about your organisation that you have chosen to share with us or is publicly available.
Data Collection and Processing - Client Job Applicants and Candidates
We collect and process personal data to provide recruitment, placement and support services to job applicants and candidates who are interested in applying for professional health care roles with our clients.
- Healthperm advertises vacancies on behalf of our clients by posting on professional and social networking sites. You as a job applicant view and apply for these vacancies through our assessment process conducted by our experienced recruitment team. We do not use any element of profiling or automatic decision making as part of this process.
- If successful you will be offered the most suitable role that you are qualified to undertake with one of our clients. Healthperm will then support your move to the UK or Ireland if this is required.
- To fulfil our service offering to you we necessarily need to collect and process certain personal and personal sensitive data. In all case we will follow GDPR guidelines to decide on our legal basis for processing. Section 2 details the legal bases that we rely on.
- Much of the data collected is supplied by you and what you choose to share with us and includes:
- Personal information about you such as your name and contact details.
- Employment and job application details, e.g. date and place of birth, identity and visa details, employment history, qualifications, licences, professional memberships, photographic identification and video footage, the results of pre-employment checks and emergency contact details.
- In certain circumstances yours and others’ signature, financial information, tax information and social security numbers.
- Health and welfare information and special category data as defined by the GDPR.
- Information to process expenses and any security clearances.
- During the selection, offer and placement process your personal data will be processed by Healthperm using our recruitment management system which is provided by our data processor Job Adder. To understand their data privacy practices please refer to their website https://jobadder.com.
Data Collection and Processing - Healthcare Professionals who wish to keep in touch with Healthperm
- If you have indicated through that you want to keep in touch. We may periodically send you information by email that may be of interest to you for example network events.
- We may contact you by email to ask if you will help us connect with potential job applicants.
- If you do not wish to remain in contact with us by email, please unsubscribe by following the link in our email to you.
Data Collection and Processing – Healthperm Job Applicants and Candidates
- Healthperm advertises internal Company vacancies by posting on professional and social networking sites and through recruitment agencies. You as a job applicant view and apply for these vacancies through our assessment process. We do not use any element of profiling or automatic decision making throughout this process.
- To process your job application, we necessarily need to collect and process certain personal and personal sensitive data. In all case we will follow GDPR guidelines to decide on our legal basis for processing. Section 2 details the legal bases that we currently rely on.
- Much of the data collected through the recruitment process is supplied by you and what you choose to share with us and includes:
- Personal information about you such as your name and contact details.
- Employment and job application details, e.g. date and place of birth, identity and visa details, employment history, qualifications, licences, professional memberships, photographic identification and video footage, the results of pre-employment checks, emergency contact details.
- In certain circumstances yours and others’ signatures, financial information, tax information and social security numbers.
- Health information and special category data as defined by the GDPR.
Data Collection and Processing – Service Providers
- We will collect and use information about your organisation and individuals in your organisation in order to facilitate the receipt of services from you to Healthperm.
- We may hold general information about your organisation for contractual and payment purposes. For example: the name of your organisation, Company registration number, address, email, telephone contact, banking details and signatures.
- We may also collate limited personal data to enable us to follow up any queries we may have regarding the service you provide to us under contract. For example: names, telephone numbers and email addresses of relevant employees.
Data Collection and Processing - Current and Former employees
- The Healthperm Data Protection Policy describes the data we collect and use about employees and workers and the legal basis for processing that data.
- A copy of the Data Protection Policy is available on our Company intranet Egnyte or if you are an ex-employee directly from email@example.com.
Data Collection and Processing - Website Users
- We register your visits to our website including, but not limited to, traffic data, weblogs, operating system and browser usage.
- We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration. This is statistical data about your browsing actions and patterns and does not identify any individual and we will not collect personal information in this way.
- We may obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive or mobile device.
4. Data Controller and Data Processors
In collecting and processing personal data and sensitive personal data the Company acts as a data controller. We also work with data processors and other third parties who provide elements of our service on our behalf; assist us to run our business or fulfil our contractual obligations to you.
We have contracts in place with our data processors and third parties and will only share your personal data where necessary and in compliance with GDPR.
Examples of third parties include:
- our bank;
- professional advisors; IT and other business support organisations, such as auditors and accountants;
- tax authorities;
- external accreditation/examination bodies;
- training organisations;
- travel organisations.
5. Access to Information, Withdrawal of Consent, Rectification of Data & Right of Erasure
Under GDPR you have certain rights and control over the data we process about you as follows:
- You can access information held about you. Your right of access can be exercised by raising a ‘Subject Access Request’.
- At any time, you can withdraw your explicit consent to us holding personal or personal sensitive data or having recruitment or networking information sent to you.
- You can also object to processing depending on the legal basis we are using for processing.
- Request your data be rectified where you identify that your personal data is incorrect, or incomplete, you can request correction, deletion, or modification of your personal data.
- Request that your data is erased in certain circumstances.
If you wish to exercise any of the above rights, please send an email to: firstname.lastname@example.org requesting which of the above rights you wish to exercise, and we will advise you accordingly.
We will follow the process set out under GDPR including advising you of our decision, and any recourse you may have to complain. We will ask you for proof of identity before sharing your personal information to prevent unauthorised access.
6. Data Portability
If you have shared information through our services, you may wish your data to be transferred to another organisation either by you receiving the data and transferring it, or by the data being transferred directly.
This right to data portability only applies where the data processing is based on your consent or because of ours, or others, legitimate business interests. Where the processing has been carried out by automated means it will only be transferred where it is technically feasible to do so.
If you wish to understand if you can exercise this right, please send an email to: email@example.com and we will advise you accordingly. We will ask you for proof of identity before sharing your personal information to prevent unauthorised access.
7. Data Retention
We will retain your personal data only for as long as reasonably necessary for us, our data processors or other third parties to provide a service to you as described in Section 3 above.
We will also keep your personal data for certain periods after we have concluded providing services to you. In determining this period, we take into account our legal obligations, the expectations of regulators or to defend our legal rights as a business.
We have policies and procedures in place to ensure we delete your personal information when it is no longer needed.
8. Overseas Transfers of Personal Data
The UK and other European Economic Area (*EEA) countries provide a high standard of data protection and privacy.
However, we may run services from other centres outside the EEA and in doing so may transfer information you provide to us, or we collect about you to fulfil our contractual obligations.
Under these circumstances we will take steps to ensure adequate protections are in place to ensure the security of your data that is consistent with your data protection rights. This may include putting contractual commitments in place with third parties, obtaining your express consent or other security measures.
In addition, your data may be shared confidentially with other companies in our Group and in line with this policy.
*(‘EEA’ comprises the EU member states plus Norway, Iceland and Liechtenstein)
9. Complaints or Queries
If you have a query or wish to complain about this privacy notice or any of the procedures set out in it, please send an email to firstname.lastname@example.org the person with the most appropriate level of expertise regarding your query will reply to you.
You also have the right to raise concerns with the Information Commissioner’s Office on 0303 123 1113 or at https://ico.org.uk/concerns/, or any other relevant supervisory authority should your personal data be processed outside of the UK if you believe that your data protection rights have not been adhered to.