GDPR Privacy Notice
How we use your information!
Last Updated 25/05/2018
This Privacy Notice is intended to inform you about how Hallam Medical Limited will process the personal information about you which is collected, handled and processed as part of your registration as a temporary agency worker. Within the regulations set out by the GDPR, the Data Controller is Hallam Medical Limited of City Gate, St Mary’s Gate, Sheffield S1 4LW. Any personal data that you provide during your time with Hallam Medical will be processed in accordance with all applicable data protection laws as described by the General Data Protection Regulations (“GDPR”) which came into force on the 25th May 2018.
Information that we may collect
The following is a summary regarding the information about you we may collect, hold and process: –
(A) Information collected and processed for finding you a suitable role is as follows:
• Your name
• Your address
• Your email address
• Your telephone number
• CV/work history
• Job preferences including role, geographical areas and salary
• Education and/or training certificates *
• Professional Registrations **
• Medical Indemnity Insurance *
• DBS Clearance *
• Occupational Health Clearance *
• References *
(B) Information in respect to individuals that have worked for us previously or may work forus is as follows:
• Passport / Identification Documents
• Documents pertaining to your right to work in the UK
• Date of Birth (DOB)
• National insurance number
• Full details of job offers and placements
• Financial information (including but not limited to payroll details and terms, HMRC data, pension scheme details, court orders and statutory payments)
• A log of our communications with you by email and telephone
This information will have been provided, or will be provided, by you or a third party who we work with, such as a Job Board Company or another employment business or agency. In the case of references, these will be from your previous employers as provided by you during your registration. Occupational Health Clearance (OHC) will be provided by our OHC providers with the information you provide during your registration including your immunisation history. The outcome of criminal record checks will be supplied by the Disclosure and Barring Service (DBS) or other external company applicable to the placement.
How we use the information
The above information is used to provide our services to you in our capacity as an employment business / agency to find you suitable work whether on a temporary or permanent basis based on your requirements as set out below.
The information under A above may be used as follows:
• To match your skill sets with job vacancies to assist in finding you the positions that most suit you
• To put forward your details to our clients for you to be considered for vacancies
• To place you with our clients and prospective employers
• To keep you informed of available opportunities as they arise
• To keep you informed of the services offered by us
The information under B above may be used as follows:
• To establish that you have the right to work
• To put in place contractual arrangements required under your registration with
Hallam Medical in line with the Conduct of Employment Agencies and Businesses Regulations 2003.
• To pay you or your umbrella payroll provider/limited company during your assignments
How we hold your information
All the personal data that we collect from you is securely stored on our recruitment database & IT Servers in the UK.
Disclosure of your information
By registering with Hallam Medical you also are acknowledging any Personal Data, including but not limited to references, professional registrations and qualifications, occupational health and training certificates may be shared with any of our Clients***, Managed Service Partners, NHS Framework Operators and third-party Auditing bodies as part of Hallam Medical’s on-going audit requirements for providing assignments to the Agency Worker. *** In all instances prior to your details being submitted to a potential client, your approval will be sought, and you will be informed of the identity of the client on each occasion your details are submitted.
Other trusted third parties that we may share your data with are as follows: HM Revenue and Customs, respective industry regulators, pension scheme providers, legal advisors and our financial auditors.
What is the legal basis for processing the information?
We will rely on your consent to process the information shown above which is collected at the beginning of your registration with Hallam Medical and in some in instances is renewed on an annual basis (*) or monthly basis (**) following your registration date.
Information and documentation to establish your right to work is processed by us as we are legally obliged to do so. Information in relation to DBS checks, which will be relevant for all positions offered by Hallam Medical, will be processed on the basis that it is necessary for us to comply with the law or consent will be obtained, if required.
Once a position has been found for you, we will further process your personal data, including financial information to enable us to pay you or your third-party payroll provider or limited company, depending on the specific contractual arrangements and circumstances of IR35. For the purposes of paying you under our PAYE scheme or via a third-party intermediary, where relevant, we are legally obliged to provide information to HMRC. Once a placement has been secured, we may also process your data on the basis of our legitimate interests i.e. for administrative purposes.
You have the right at any time to ask for a copy of the information about you that we hold by submitting a Subject Access Request, however where information can also identify a third party (such as employment references) then Hallam Medical may be unable to provide such information if originally provided in confidence from the other third party. Hallam Medical will respond to a Subject Access Request within one-month of receipt of the request in writing. If you would like to make a request for information please email firstname.lastname@example.org.
Withdrawal of consent
If you have provided us with your consent to process your data, for the purpose of registering with Hallam Medical for us to find you suitable temporary work, you have the right to withdraw this at any time. In order to do so you should contact us by emailing email@example.com.
Right to be Informed
Under your right to be informed, Hallam Medical will inform you about whether your data is being processed, including about who, what and why the data is processed Right to Data Portability Under your right to data portability you will be able to receive and transmit the personal data you have previously provided to Hallam Medical in a structured, commonly used and machine-readable format to another Data Controller. This will only apply to the following information: –
• Personal Data provided by you
• Personal Data that is processed with your consent or on the basis of a contract
Right to Object
As an individual you have the right to object to the processing of your personal data where that processing is based on public interest, the exercise of official authority or a legitimate interest. Hallam Medical will then stop the processing of that personal data unless the Hallam Medical data controller demonstrates compelling legitimate grounds for continuing the processing which overrides the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of a claim.
Rights in relation to automated decision making and profiling The GDPR provides that an individual has a ‘right not to be subject to a decision based solely on automated processing; including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her’. Hallam Medical does not operate any automated decision-making and profiling systems that fall within the scope of the GDPR.
Rights to Rectification of Incorrect or Incomplete Data
By registering with Hallam Medical you will have the right to request that a data controller rectifies any inaccurate data. You will also have the right to request that incomplete personal data be completed. Hallam Medical will request that you make such requests in writing from your own personally registered email address or by letter.
Right to Erasure (to be forgotten)
Under the GDPR, you will have the right to have your personal data erased without showing that damage or distress has been caused by the data. You essentially have a ‘right to be forgotten’. However, the right to erasure is not an absolute right and will only apply in the following circumstances:
• The personal data is no longer necessary with regards to the reason or purpose for which it is collected or otherwise processed;
• The individual withdraws his/her consent;
• The individual objects to the processing of the personal data and there are no overriding legitimate grounds for the processing;
• The individual objects to the processing of their personal data for direct marketing purposes;
• The personal data has been unlawfully processed;
• The personal data was collected in relation to the offer of information society services to a child; or
• The personal data has to be erased due to a legal obligation to which the data controller is subject.
However, your data can be retained under certain legal circumstances despite you submitting a request for erasure. The Right to Erasure is not an absolute right and Hallam Medical may be required under certain legislation and regulations to retain your details for a further period of time, details of this can be found within our GDPR Policy and Agency Worker Handbook.
If you have a concern about the way we are collecting or using your personal data, you should raise your concern with us in the first instance or directly to Information Commissioners Office at https://ico.org.uk/concerns
Please address any questions, comments and requests regarding our data processing practices to firstname.lastname@example.org
Changes to the Privacy Notice
This Privacy Notice may be changed by us at any time in line with changes to the GDPR.