We are each a 'data controller' for the purposes of the General Data Protection Regulations ('GDPR') where we control the purposes for which we process your personal information. Otherwise we are acting as data processors. We take your privacy seriously and we will take all appropriate steps to ensure compliance with the GDPR and any other applicable legislation relating to the protection of your personal data ('Legislation').
We each process personal data (including special category personal data) as defined in the GDPR, so that we can provide recruitment services on behalf of both our clients and candidates. Personal data is any information that can be used to identify a living individual.
Candidates may provide personal details to us directly, such as on an application or registration form or via our website, or we may collect them from another source such as a jobs board.
Clients and suppliers will provide the personal details of their contacts to us further to entering into a contract with us (whether in writing or otherwise).
We will only process your personal data when we have a legal basis to do so. If you are a candidate, we process your personal data for the purposes of providing you with recruitment services and/or information relating to roles relevant to you. We therefore have a contractual basis for holding and processing your personal data when trying to find you suitable roles (albeit we may not have a written agreement with you). If you are a client or supplier we have a contractual basis for processing personal data from you further to our agreement with you or further to the relevant NHS Framework Agreement.
What types of personal information do we collect and what do we do with it?
As a candidate looking for employment, we provide you with recruitment services; short term, long term and permanent work at NHS Trusts, GP Surgeries and with private healthcare providers. On this basis, we collect and use your personal data to offer and provide you with such recruitment services.
The type of personal data that we collect from you includes but is not limited to your name, address, contact details, DOB, nationality and visa details (if appropriate).
We share your personal data with prospective employers or an agent acting on their behalf (our clients) and match your skills and experience against our job opportunities. We may be asked by a
prospective employer for information that you have supplied to us such as your references, GMC status, qualifications or criminal record.
We will always ask for your consent in order for us to process Special Category Personal Data or information regarding criminal records. Special Category Personal Data means information about your racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health or condition or sexual life. The only Special Category data we process is that relating to physical or mental health and equal opportunities data. We also process information about criminal records and we handle such data in accordance with the requirements of the GDPR.
We share this information to the extent that this is appropriate and in accordance with local laws.
We want to provide you with tailored job details and relevant articles to read to help you with your job search. We therefore process your data to ensure that we send you the most appropriate content as part of the recruitment service.
We also use your data for payroll and invoicing where relevant and as necessary for us to comply with the law. If you are a candidate supplied to us through an Umbrella Company we may need to carry out certain compliance and financial checks from time to time in order to verify the legitimacy of the Umbrella Company. We may ask for certain payroll details, including copies of your payslips. This is necessary for our legitimate interests to carry out a financial audit of any Umbrella Company that we engage with and to detect or prevent any fraudulent activity.
Further information about Candidates
We will share your personal data with the following organisations in order to obtain additional personal data and/or Special Category Personal Data about you (and which we may also be required to share with our clients):
- Many of our clients require specialist training relevant to your grade and specialty (for locum work) and we therefore provide you with details of training providers as part of our service offering to you. We also share your contact information with such specialists as we have a legitimate interest to use your data for this reason (Healthier Business UK Ltd: . https://www.hbcompliance.co.uk/services/training and Osmosis Training Ltd: http://www.osmosistraining.co.uk/))
- Criminal Records Agency – We undertake criminal records checks for candidates applying for certain roles, for example in healthcare. This is known as getting a Disclosure and Barring Service (DBS) check. https://www.criminalrecordsagency.co.uk
- Information provided by the candidate enables us to apply for a certificate of fitness from an occupational health provider prior to placement into work. The organisations we currently utilise are: Healthier Business UK Ltd: https://www.hbcompliance.co.uk/; ACI Training and Consultancy Ltd. http://www.acinternational.org.uk/
- Where required, name and email address of a candidate is provided to Nationwide Pathology Limited for candidates to arrange blood tests directly with the organisation. (https://nationwidepathology.co.uk/)
- Trust ID Ltd – Documentation provided by the candidate as part of our registration process, in particular identity and right to work documentation, is scanned and verified by Trust ID (https://www.trustid.co.uk/)
- General Medical Council List of Registered Medical Practitioners confirms that a doctor's registration qualifies them for the work they would like to undertake and provides us with additional information we need to know such as any restrictions on a registration https://www.gmc-uk.org/registration-and-licensing/the-medical-register/a-guide-to-the- medical-register
- B20 Limited is an external payroll company used to process payroll for candidates (http://www.b20ltd.co.uk/)
- E2E Linkers provide our overseas candidates with support on their visa applications (on request by candidates) (http://www.e2elinkers.co.uk/index.php)
- Referee – We source up to date references from previous and current placements as part of the selection process for all appointments in the NHS.
- Appraiser – If a candidate was to connect with our Designated Body (both Holt Doctors and Anaesthetists Agency are Designated Bodies) we will request RO to RO (Responsible Officer) Transfer of Information request relating to the candidate's last appraisal and practice.
- Where you operate through a limited company we undertake a Companies House check of the Company registration: https://www.gov.uk/government/organisations/companies-house
Referees, Appraisers, Responsible Officers and Emergency Contacts of Candidates
If your personal details are provided as an emergency contact, we will only use these details in the case of emergency and such processing is therefore lawful on the basis that it is necessary to protect someone's life.
Personal information about a third party:
Please note that If you give us information on behalf of someone else, (such as an appraiser, referee or emergency contact) you confirm that either;
- the other person has a contractual relationship with you and knows that you will be transferring their personal data to us for specific purposes; or
- knows that you will be transferring their personal data to us for specific purposes and has also agreed that you can:
- give consent on his/her behalf to the processing of his/her personal data
- receive on his/her behalf any data protection notices
- give consent to the processing of his/her Special Category Personal Data (as defined above).
We may send an email directly to you about certain job vacancies. These will be vacancies for which you have registered your interest and will only be our latest job opportunities based on your skills and expertise. Please inform us if you would like us to stop sending these emails to you. (There is always an unsubscribe option on such emails to enable you to update your communication preferences).
Where you have specifically requested in writing that we seek job opportunities for you overseas, including outside of the European Economic Area (‘EEA’), we will transfer your personal information to clients abroad.
Where we need to transfer personal data outside the EEA because our suppliers or clients are based there we will take steps to ensure that the appropriate legal safeguards are in place. (The EEA comprises the EU member states plus Norway, Iceland and Liechtenstein.)
The LMS system* performs automated profiling to match candidates to jobs. This process is based on information provided by the candidate and may include your work history, grade and speciality, locality, qualifications and availability. However the actual booking of a candidate into a job involves manual intervention and therefore we do not believe that we carry out any automated decision making at either Holt Doctors or the Anaesthetist Agency.
(*The Locum Management System '(LMS') is a tailored recruitment software solution, on which we store your personal data so we can contact you in relation to providing temporary and permanent workforce solutions.)
To ensure that we provide you with a tailored recruitment solution, we store your personal data and personal data of the contacts at your organisation together with all other relevant information on our Locum Management System (LMS) so we can contact you in relation to providing temporary and permanent recruitment solutions.
Our LMS platform enables us to record:
- Job data
- Note records of emails and conversations
- Vacancy and placement data
- Management information
These uses of your data are necessary to fulfil our contractual obligations to you or we have a legitimate business interest to process your personal data in this way in order to provide you with recruitment solutions. See our statement below in relation to our reliance on legitimate business interest as a basis for our processing activities.
LEGITIMATE BUSINESS INTEREST AS A BASIS FOR LAWFUL PROCESSING: Broadly speaking legitimate Interests means that we can process your personal information if we have a genuine and legitimate reason and we are not harming any of your rights and interests.
So, what does this mean? When you provide your personal details to us as a client, supplier or a candidate we are generally using your personal data further to a contract and this is the lawful basis for such use. If we use your information for a reason other than to supply or receive goods/services, then we generally do this on the basis of our legitimate business interests. Before doing this, though, we will always carefully consider and balance any potential impact on you and your rights.
We use and store the personal data of individuals within your organisation in order to facilitate the receipt of goods and/or services from you as one of Holt Doctors' suppliers. We also hold details of our financial transactions which may include personal data, so that we can pay you for your goods and/or services.
Who your information might be shared with
We may disclose candidate personal data to our suppliers (which may include payroll companies, occupational health and training providers etc as described above in the Candidate section) and clients. We may also be required to produce Management Information Reports (MI Reports) for our clients which will include, but not be limited to, details of candidate's names, job positions held, dates and rates of pay.
We do not disclose client or supplier personal data to any third party except sub contractors and suppliers such as LMS.
We only share your personal data with such third parties where they have agreed to comply with the Legislation.
We may disclose any personal data which we hold to law enforcement agencies in connection with any investigation to help prevent unlawful activity such as NHS Counter Fraud and when we are audited by our clients or an agent on its behalf.
Keeping your data secure
Our staff are bound by obligations of confidentiality and trained in the protection of personal data. We comply with the GDPR and use the appropriate technical and organisational measures necessary to safeguard your personal data. As we mention above we only share your personal data with third parties who have agreed to comply with the GDPR.
While we will use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data that is transferred from you or to you via the internet. If you have any particular concerns about your information, please contact us (email: firstname.lastname@example.org).
What can I do to keep my information safe?
If you want detailed information on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.
We will retain your personal data only for as long as is necessary to provide our services or comply with the law. Different laws require us to keep different data for different periods of time.
The Conduct of Employment Agencies and Employment Businesses Regulations 2003, require us to keep candidate records for at least one year from (a) the date of their creation or (b) after the date on which we last provide you with work-finding services.
Some external client bodies including (but not limited to) NHS Crown Commercial Services (CCS), NHS London Procurement Partnership ( LPP), CPP, Health Trust Europe (HTE) and Local authorities require us to retain personal data for a period of 7 years from the expiry or termination of the relevant Framework Agreement for contractual monitoring and audit purposes.
We must also keep payroll records, holiday pay, sick pay and pension’s auto-enrolment records for as long as is legally required by HMRC and associated national minimum wage, social security and tax information.
Where we are relying on your consent as the lawful basis for processing your personal and Special Category Personal Data we will retain it in line with our retention policy (a copy of which is available upon request) or until you ask us to return or destroy it. Upon expiry of that period we will seek further consent from you if we wish to hold that personal data for longer. Where consent is not granted we will return or delete your personal data and Special Category Personal Data.
What rights do you have?
The GDPR provides the following rights for individuals whose personal data is processed:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object to processing
- Rights in relation to automated decision making and profiling (As set out above we do not do this)
If you have any concerns or complaints about how we use your personal data we hope you will alert us to these directly (see the Contact information below). In any event you are entitled to complain to the Information Commissioners Office (ICO) which is the relevant supervisory authority in the UK. Their contact details and the procedure can be found at www.ico.gov.uk
How to contact us
If you wish to contact us about any other matter, please send an email to email@example.com or write to us at Holt Doctors Limited 4th Floor, 1 Belle Vue Square, Broughton Road, Skipton BD23 1FJ.
HOLT DOCTORS LIMITED AND ANAESTHETISTS AGENCY LIMITED