At Medical 24 (“Medical 24”) we are committed to ensuring the privacy of data we receive. This is for our candidates, clients and those who use our website. We will endeavour to make sure that the information you submit to use is only processed for reasons outlined in this Privacy Notice.
The General Data Protection Regulations (GDPR) (Regulation (EU) 2016/1679) is a new regulation which replaces the Data Protection Regulation (Directive 95/46/EC). The Regulation aims to harmonise data protection legislation across EU member states, enhancing privacy rights for individuals and providing a strict framework within which commercial organisations can legally operate.
Even though the UK has expressed its intention to leave the EU in March 2019, the GDPR will be applicable in the UK from 25 th May 2018. The government intends for the GDPR to continue in UK law post “Brexit” and has also introduced a Data Protection Bill to replace the current Data Protection Act.
Your new rights under the GDPR are set out in this notice but will only apply once the GDPR becomes law on 25 th May 2018. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
Medical 24 are a recruitment agency and recruitment business as defined in the Employment Agencies and Employment Business Regulations 2003. We provide additional services of training and consultancy on occasion. We collect the personal data of the following types of people to allow us to undertake our business:
The data controller is Medical 24, a company registered in the UK at Hygeia Building, 66-68 College Road, Harrow, Middlesex, HA1 1BE (registered company number 08741677 ). Our data protection officer is Christopher Coyle and our nominated representative is Anna Cooper / email@example.com / 07718658386. Medical 24 are registered with the Information Commissioner’s Office (ICO) under certificate number ZA070704.
About you: This is information about you that you give us by filling in application forms, through emails or telephone correspondence, by registering online, entering our database, entering a competition or reporting a problem with our site.
The information may include the below. Please note this list is not exhaustive and may be changed:
Via our website: This is information that is automatically collected each time you visit our website
This information may include the below. Please note this list is not exhaustive and may be changed:
These cookies are used to collect information about how visitors use our website. This is used to generate reports to help understand which pages of our website are popular and effective, and which areas could use improvement.
For further information please visit:
These cookies are set by the system running the website. They are strictly necessary for the correct functioning of the site.
From other sources: This is information about you that we obtain from other sources. If we obtain data from these sources we will send you this Privacy Notice within 30 days of collecting your data so that you are aware that we have your data. We will also inform you of the source that the data originates from and the reason why we intend to keep your data.
Other sources that we may get your data from are listed below. Please note this list is not exhaustive and may be changed:
This is how we will use your data once we have obtained it. The below list is not exhaustive and may be changed:
There are many purposes for why we need to process the data that is held about you. Our legal base for processing personal data is our legitimate business interests which will be described in more detail below but we will also rely on contract, legal obligations and consent for specific uses of data.
As a recruitment agency we introduce candidates to clients for temporary employment. Permanent employment or independent professional contracts. The exchange of personal data of our client contacts and candidates is essential and is a fundamental part of this process. In order to support our candidates career aspirations and our clients resourcing needs we require a database of candidate and client personal data containing historical information as well as current resourcing requirements.
To maintain, expand and develop our business we need to record the personal data of prospective candidates and client contacts. In order for our business to help candidates progress in their career we need to keep personal data to ensure they are qualified for the role. We need to keep financial information of a candidate to ensure they are paid correctly and we need personal information to add people to our database and to be able to contact both candidates and clients regarding our recruitment arrangements.
If we are negotiating, or have entered into a placement agreement with you or your organisation, or if we have any other contract to provide services to you or receive services from you or your organisation, we will process our data on the basis that the processing is necessary for the performance of the contract.
We are legally obliged to retain certain information of yours to fulfil statutory requirements. This includes the Conduct of Employment Agencies and Employment Business Regulations 2003, which require us to (amongst other things):
We may need to process your data under circumstances where we are relying on your consent to process it. Consent can be taken orally, by email or via an online process and your consent response will be recorded on our system to enable us to ensure our records are accurate.
You may withdraw your consent to our processing of your personal information at any stage. You can do this by emailing firstname.lastname@example.org or by writing to us at Data Protection Team, Medical 24, Hygeia Building, 66-68 College Road, Harrow, Middlesex HA1 1BE. You can also complete the form on our website and submit it to us. Please note that if consent is withdrawn we may continue to retain your personal information where we have a legal or contractual obligation do to so, or if we need to retains data to abide by statutory retention periods.
Sensitive Personal Data (SPD)
Sensitive personal data is completely personal to you and can include things such as your race and ethnicity, health data, political and religious views and sexual orientation. We request that you do not provide us with any sensitive personal data unless it is necessary. For example we may need to ask you for some health data to ensure you are suitable for a specific role i.e. if the role involves heavy lifting we would ask for health data to ensure you are able to lift the objects.
If we are provided with sensitive personal data we will only process it for particular purposes including the below:
If we engage you to work, either as a direct employee or as a temporary worker via a client we understand our legal duty to retain accurate data and only retain personal data for as long as is required for statutory purposes, our legitimate interests and that you are happy for us to do so. In most circumstances your data will not be retained for more than 6 years from the last point at which we provided any services or otherwise engaged with you. The following sets out the lengths of time we are required by law to retain your data or certain elements of your data:
We have a form on our website ( www.directhealthcareplc.co.uk ) on which you can submit a request to rectify any data or action any of your rights (please see the section below “Your Rights”).
We segregate our data so that we keep different types of data for different time periods. The criteria we use to determine whether we should retain your personal information includes:
We may archive part or all of your personal data or retain it on our financial systems only, deleting all or part of it from our main Customer Relationship Manager (CRM) System. We may pseudonymise parts of your data, particularly following a request for suppression or deletion of your data, to ensure that we do not re-enter your personal data on to our database unless requested to do so. For your information, Pseudonymised Data is created by taking identifying fields within a database and replacing them with artificial identifiers or pseudonyms.
Other uses of your data may include use of our website, to notify you about changes to our service and to ensure that content from our site is presented in the most effective manner for you and for your computer. We will use this information for the below reasons. Please note this list is not exhaustive and may be changed:
We do not undertake automated decision making or profiling. We do use our computer systems to search and identify personal data in accordance with parameters set by a person. A person will always be involved in the decision making process.
We will share your personal information with a selection of people in order to maintain the running of our recruitment business. We may share your personal information with any member of our group of companies. Our Group means our subsidiaries, our ultimate holding company and its subsidiaries, our associated companies as defined in Section 1159 of the UK Companies Act (2006).
We may also share your personal data with selected third parties including those listed below. Please note this list is not exhaustive and may be paid.
There are certain times and reasons why we would disclose your personal information to a selected third party as per the below list. Please note this list is not exhaustive and may change.
As with the company directly, there are lawful bases for third party processing of your personal data and these will include:
All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted (using SSL technology). Where you have chosen (or where we have given you) a password which enables you to access certain parts of our site you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Medical 24 will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy notice. Unfortunately the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
The GDPR provides you with a number of rights. These are listed below:
Any changes we make to this privacy notice will be updated on our website so please check back frequently to see if there have been any updates or changes made.
Questions, comments and requests regarding this privacy notice are welcomed and should be addressed to Data Protection Team, Medical 24, Hygeia Building, 66-68 College Road, Harrow, Middlesex HA1 1BE or by emailing email@example.com .
As an organisation using AccessNI to help assess the suitability of applicants for positions of trust, Medical 24 complies fully with AccessNI’s Code of Practice regarding the correct handling, use, storage retention and disposal of Disclosure Applications and Disclosure information. We also comply fully with obligations under the Data Protection Act 2018 and other relevant legislative requirements with regards to the safe handling, storage, retention and disposal of Disclosure Information.
As we no longer receive a copy certificate from AccessNI, written consent will be obtained from the applicant when requesting and retaining a (copy of a) Disclosure certificate.
Storage and Access
Disclosure information is be kept securely, in lockable, non-portable, storage containers with access strictly controlled and limited to those who are entitled to see it as part of their duties.
In accordance with section 124 of the Police Act 1997, Disclosure information is only passed to those who are authorised to receive it in the course of their duties. We maintain a record of all those to whom Disclosures or Disclosure information has been revealed. We recognise it is a criminal offence to pass this information to anyone who is not entitled to receive it.
Disclosure information is only used for the specific purpose for which it was requested and for which the applicant’s full consent has been given.
Once a recruitment (or other relevant appointment, regulatory or licensing) decision has been taken, we do not keep Disclosure information for any longer than is necessary. We comply with AccessNI’s Code of Practice requirement to ensure that it is not retained longer than is required for the specific purpose of taking a decision on the applicant’s suitability. Disclosure certificates will be returned to the applicant once a decision, recruitment or otherwise has been made and will be be retained no longer than the agreed period.
Once the retention period has elapsed, we will ensure that any Disclosure information is immediately destroyed by secure means ie by shredding, pulping or burning. While awaiting destruction, Disclosure information will not be kept in any unsecured receptacle (eg wastebin or confidential sack). We will not keep any photocopy or other image of the Disclosure or any copy or representation of the contents of a Disclosure or any other relevant nonconviction information supplied by police. However, despite the above, we may keep a record of the date of issue of a Disclosure, the name of the subject, the type of Disclosure requested, the position for which the Disclosure was requested, the AccessNI unique reference number of the Disclosure Certificate and the details of the recruitment decision.