This Privacy Policy is divided into a short-form quick reference section,
and a long-form more detailed section on the website. It describes how we
collect, use and process your personal data, and how we comply with our legal
obligations and regulatory requirements.
We keep our
Privacy Policy under regular review and we encourage you to periodically review
this page for the latest information on our privacy practices.
1.
What is Personal
Data?
Personal data is defined by the DPA 2018 and the GDPR
2018 as ‘any information relating to an identifiable person who can be directly
or indirectly identified, in particular by reference to an identifier’.
In simpler terms, personal data is any information
about you that enables you to be identified (either on its own or when combined
with other data we may hold on you). Personal data covers obvious information
such as your name and contact details, but it also covers information such as
identification numbers, electronic location data, and other online identifiers.
2. Our Legal Bases for processing your data
Depending on the type of personal
data in question and the grounds on which we are processing it, should you
decline to provide us with such data or ask us to stop processing it, we may
not be able to fulfil our contractual requirements or, in extreme cases, may
not be able to continue with our relationship or may have to bring that
relationship to a close (i.e. because we cannot continue it without personal
data about you).
·
Legitimate Interest
In the course of providing work-finding services to our clients and
work-seekers, where RSS acts as a Data Controller, it will be necessary, and in
our legitimate interest to process personal data, as defined by
the DPA 2018 and the GDPR 2018.
We will process contact data as part of the Refer a Friend schemes
on the grounds of legitimate interests. This is where referrals are made on
behalf of work-seekers by members of their social group. Each referral is
processed on the basis that there is a legitimate interest in us helping to
find work for the referred individual.
·
Establishing, Exercising or Defending Legal claims
Sometimes it will be
necessary for us to process personal data and, where appropriate and in
accordance with our legal obligations and regulatory requirements, sensitive
personal data in connection with exercising or defending legal claims.
The DPA 2018 and GDPR 2018 allows
this where the processing "is necessary for the establishment, exercise
or defence of legal claims or whenever courts are acting in their judicial
capacity".
This will arise for example
where we need to take legal advice in relation to legal proceedings or are
required by law to preserve or disclose certain information as part of the
legal process.
·
To Exercise our Rights or Carry out our Employment and
Social Security Legal Obligations
For some Candidates, Temporary Workers and individuals it will
sometimes be necessary for us to process your sensitive/special category
personal data, for the purpose of ensuring compliance with our legal
obligations and regulatory requirements.
For example, we may process your medical data to enable us to provide
you with adequate support if you suffer from a health condition or disability,
for example by sharing medical information about you with an occupational
health specialist, in order to determine prognosis and return to work
arrangements, and to assess your working capacity more generally.
The DPA 2018 and the GDPR 2018 allows us to do this where the processing
is "necessary for the purposes of carrying out the obligations and
exercising [our or your] specific rights… in the field of
employment and social security and social protection law", as long as
this is allowed by law.
·
Where processing your personal data is necessary for us to
carry out our obligations under our Contract with you, to ensure that you are
properly fulfilling your obligations to us, and to ensure that we are
fulfilling our obligations to others.
The DPA 2018 and the GDPR
2018 applies where processing of personal data "is necessary for the
performance of a contract to which [you are] party or in order
to take steps at [your] request … prior to entering into a
contract".
·
Where processing your personal data is necessary for us to
carry out our Legal Obligations
In relation to the
employment or engagement of Temporary Workers directly by us, as well as our
obligations to you under our contract, we also have other legal obligations
that we need to comply with. The DPA 2018 and the GDPR 2018 states that we
can process your personal data where this processing "is necessary for
compliance with a legal obligation to which [we] are
subject".
An example of a legal
obligation that we need to comply with is our obligation to co-operate with tax
authorities, including providing details of your remuneration and tax paid.
Electronic marketing
In addition to the DPA 2018
and the GDPR 2018 requirement for a lawful basis, where we send unsolicited
electronic marketing to you we may also require either an opt-in consent or
opt-out consent under the Privacy and Electronic Communication Regulations 2003
(“PECR”). That means we are permitted to market products or services to you
which are related to the recruitment services we provide to you as long as you
do not actively opt-out from these communications.
·
Consent
In certain circumstances,
we are required to obtain your consent to the processing of your personal data
in relation to certain activities. Depending on exactly what we are doing with
your information, this consent will be opt-in consent under the DPA 2018 and
GDPR 2018, or soft opt-in consent (PECR).
The DPA 2018 and the GDPR
2018 states that (opt-in) consent is "any freely given, specific,
informed and unambiguous indication of the data subject's wishes by which he or
she, by a statement or by a clear affirmative action, signifies agreement to
the processing of personal data relating to him or her". In plain
language, this means that:
o
you have to be in a position to give us your consent freely, without us
putting you under any type of pressure to give or refuse that consent;
o
you have to know what you are consenting to – so we will make sure we
give you enough information;
o
where consent is required, you should have control over which processing
activities you consent to and which you don’t; and
o
you need to take positive and affirmative action in giving us your
consent – we are likely to provide a tick box for you to check so that this
requirement is met in a clear and unambiguous fashion. We will keep records of
the consents that you have given in this way.
You
have the right to withdraw your consent to these activities. You can do so at
any time by contacting dpo@rssglobal.com.
3.
What Are My Rights?
One of the DPA 2018 and
GDPR 2018’s main objectives is to protect and clarify the rights of EU and UK
citizens and individuals in the EU and UK with regards to data privacy. This
means that you retain various rights in respect of your data, even once you
have given it to us. These are described in more detail below.
To get in touch about these
rights, please email dpo@rssglobal.com. We will seek to deal with
your request without undue delay, and in any event within one month (subject to
any extensions to which we are lawfully
entitled). Please note that we will, where necessary, keep a record of your
communications to help us resolve any issues which you raise.
·
Right to object:
This right enables you to object to us processing
your personal data where we do so for one of the following four reasons:
(i) our legitimate interests;
(ii) to enable us to perform a task in the public
interest or exercise official authority;
(iii) to send you direct marketing materials; and
(iv) for scientific, historical, research, or
statistical purposes.
The "legitimate
interests" and "direct marketing" categories above are the ones
most likely to apply to our Website Users, Candidates, Temporary Workers, Clients and Suppliers.
If your objection relates
to us processing your personal data because we deem it necessary for your
legitimate interests, we must act on your objection by ceasing the activity in
question unless:
o
we can show that we have compelling legitimate grounds for processing
which overrides your interests; or
o
we are processing your data for the establishment, exercise or defence
of a legal claim.
If your objection relates
to direct marketing, we must act on your objection by ceasing this activity.
·
Right to withdraw consent:
Where we have obtained your consent to process your personal
data for certain activities, you may withdraw this consent at any time, and we
will cease to carry out the particular activity that you previously consented
to unless we consider that there is an alternative reason to justify our
continued processing of your data for this purpose in which case we will inform
you of this condition.
·
Data Subject Access Requests (DSAR):
You
may ask us to confirm what information we hold about you at any time, and request
us to modify, update or delete such information.
We
may ask you to verify your identity and for more information about your
request.
If
we provide you with access to the information we hold about you, we will not
charge you for this unless your request is "manifestly unfounded or
excessive".
If
you request further copies of this information from us, we may charge you a
reasonable administrative cost where legally permissible.
Where
we are legally permitted to do so, we may refuse your request. If we refuse
your request, we will always tell you the reasons for doing so.
·
Right to erasure:
You
have the right to request that we erase your personal data in certain
circumstances. Normally, the information must meet one of the following
criteria:
o
the data are no longer necessary for the purpose for which we originally
collected and/or processed them;
o
where previously given, you have withdrawn your consent to us processing
your data, and there is no other valid reason for us to continue processing;
o
the data has been processed unlawfully (i.e., in a manner which does not
comply with the DPA 2018 and the GDPR 2018);
o
it is necessary for the data to be erased in order for us to comply with
our legal obligations as a data controller; or
o
if we process the data because we believe it necessary to do so for our
legitimate interests, you object to the processing and we are unable to
demonstrate overriding legitimate grounds for our continued processing.
We would only be entitled
to refuse to comply with your request for one of the following reasons:
o
to exercise the right of freedom of expression and information;
o
to comply with legal obligations or for the performance of a public
interest task or exercise of official authority;
o
for public health reasons in the public interest;
o
for archival, research or statistical purposes; or
o
to exercise or defend a legal claim.
When complying with a valid
request for the erasure of data we will delete the relevant data.
·
Right to restrict processing:
You
have the right to request that we restrict our processing of your personal data
in certain circumstances. This means that we can only continue to store your
data and will not be able to carry out any further processing activities with
it until either:
(i)
one of the circumstances listed below is resolved;
(ii)
you consent; or
(iii)
further processing is necessary for either the establishment, exercise
or defence of legal claims, the protection of the rights of another individual,
or reasons of important UK, EU or Member State public interest.
The circumstances in which
you are entitled to request that we restrict the processing of your personal
data are:
·
where you dispute the accuracy of the personal data that we are
processing about you. In this case, our processing of your personal data will
be restricted for the period during which the accuracy of the data is verified;
·
where you object to our processing of your personal data for our
legitimate interests. Here, you can request that the data be restricted while
we verify our grounds for processing your personal data;
·
where our processing of your data is unlawful, but you would prefer us
to restrict our processing of it rather than erasing it; and
·
where we have no further need to process your personal data, but you
require the data to establish, exercise, or defend legal claims.
If
we have shared your personal data with third parties, we will notify them about
the restricted processing unless this is impossible or involves
disproportionate effort. We will, of course, notify you before lifting any
restriction on processing your personal data.
·
Right to rectification:
You
also have the right to request that we rectify any inaccurate or incomplete
personal data that we hold about you. If we have shared this personal data with
third parties, we will notify them about the rectification unless this is
impossible or involves disproportionate effort. Where appropriate, we will also
tell you which third parties we have disclosed the inaccurate or incomplete
personal data to. Where we think that it is reasonable for us not to comply
with your request, we will explain our reasons for this decision.
·
Right of data portability:
If
you wish, you have the right to transfer your personal data between data
controllers. In effect, this means that you are able to transfer your RSS
account details to another online platform.
To
allow you to do so, we will provide you with your data in a commonly used
machine-readable format that is password-protected so that you can transfer the
data to another online platform.
Alternatively,
we will directly transfer the data for you. This right of data portability
applies to:
(i)
personal data that we process automatically (i.e., without any human
intervention);
(ii)
personal data provided by you; and
(iii)
personal data that we process based on your consent or in order to
fulfil a contract.
·
Right to lodge a complaint with supervisory authority:
You also have the right to lodge a
complaint with the Information Commissioners Office (‘ICO’).
Phone: 0303 123 1113
Email: casework@ico.org.uk
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
If you would like to
exercise any of these rights, or withdraw your consent to the processing of
your personal data (where consent is our legal basis for processing your
personal data), please email dpo@rssglobal.com
Please note that we will,
where necessary, keep a record of your communications to help us resolve any
issues which you raise.
You may ask to unsubscribe
from job alerts and other marketing communications from us either by
unsubscribing where prompted on any relevant communication from us, or at any
time by emailing dpo@rssglobal.com
It is important that the
personal information we hold about you is accurate and current. Please keep us
informed if your personal information changes during the period for which we
hold your data.
4.
What Data do you collect about me and how; and how
do you use it, share it and retain it?
The short-form information below can be
found in more detail in our long-form section by clicking on the link relevant
to what type of data subject you are on the website.
Data Subject Type
|
What kind of personal data
do we collect?
|
How do we collect your
personal data?
|
How do we use your
personal data?
|
Who do we share your
personal data with?
|
Candidates
|
In order
to provide employment opportunities tailored specifically to you, we need to
process certain information about you.
We will only ask you for details that will assist us, such as your
name, age, contact details, education details, employment history, emergency
contacts, immigration status, financial information (for the purposes of
processing financial background checks), and social security number, and any
other relevant information you choose to share with us.
Where
appropriate and only in accordance with a statutory obligation or to ensure
that any employment rights are respected, we will also collect sensitive and special category data related to
your health, diversity information or details of any criminal convictions.
|
From you; or third parties;
or we collect it automatically.
Data
you provide to us may include:
1)
submission of your CV either in branch, at a job fair or online;
2)
photos or videos uploaded by you to recruitment platforms;
3)
applying for a job via an aggregator that then redirects you to the RSS Global brand webpage,
Data
provided by a third party may include:
1)
references from referees;
2)
clients, suppliers and other candidates may share your data with us; 3) if
you like us on Facebook or Twitter we may receive your personal data from
those sites;
4)
if you were referred to us via an RPO or MSP they may share your personal
data with us;
5)
the Home Office may provide us with nationality and immigration status data
where necessary and required;
6)
Government databases may provide us with financial sanction and criminal
records checks data where necessary and required
|
We generally use Candidate data in
five ways:
Recruitment Activities;
Marketing Activities;
Equal
Opportunities Monitoring;
To help us to establish, exercise
or defend legal claims;
In
appropriate circumstances, we may also use Candidate data in psychometric
assessments.
|
Where appropriate and in accordance with our legal obligations and regulatory
requirements, we will share your personal data, in various ways and for
various reasons.
Some
services that we provide require the involvement of third parties.
We have
carefully selected these third parties and taken steps to ensure that your Personal
Data is adequately protected.
The third
parties may include our clients, suppliers of IT services, pay-rolling
services or vetting services.
|
Prospective Candidates
|
If your information is made available online and we
feel we can match it to the services we provide, we will collect and use this
information about you to assess how we might be able to help with your job
search and to get in touch with us.
|
We collect
your personal data from third parties (for example via social media,
professional networking, referral from a member of your social group, job
aggregators and job site providers, and RPO or MSP suppliers where they
refer you to us).
|
We use Prospective
Candidate information in order to work out
whether you might be interested in, or might benefit from, our services, and
if so, to assess whether and how we may be able to help you out.
If we think we can help you, we will use your information to get in
touch with you about our services.
|
Where we have identified you as a Prospective
Candidate we may share your information with any
of our group companies and associated third parties such as our service
providers in order to get in touch with you about our services.
|
Someone who assists us with one of our Candidates
|
We require a referee's contact
details (name, email address and telephone number) to enable us to confirm
certain details provided by the Candidate or prospective employee, to
facilitate the employment process.
Emergency contact information (a
name, email address and telephone number) is required in case of an emergency
where we would need to contact someone on your behalf.
|
We collect your contact details only where
a Candidate or a member of our Staff puts you down as their emergency contact
or dependent or where a Candidate gives them to us in order for you to serve
as a referee.
|
We use referees’ personal data to help our Candidates to find employment which is suited to them.
If we are able to verify their details and qualifications, we can make
sure that they are well matched with prospective employers.
Where a referee is being asked to give a reference based on their
professional experience of a Candidate, and where we think that they may be interested
in becoming a Client of ours, we may also use their details to
reach out to get in touch in that alternative capacity.
We use the personal details of a Candidate or Staff member's emergency contacts in the case of an accident or
emergency affecting that Candidate or member of Staff.
We use the personal data of the dependants or
other beneficiaries of Staff to allow that Staff member to access certain benefits or employment rights.
|
Unless you specify otherwise, we will share your information with any
of our group companies and associated third parties such as our service
providers and organisations to whom we provide services.
|
Client
|
If you are a
client of RSS’s we need to collect and use information about you, or
individuals at your organisation, in the course of providing you or offering
you services such as: (i) finding the right Candidates for you or your
organisation; (ii) providing you with a Managed Service Provider (‘MSP’)
programme (or assisting another organisation to do so); (iii) providing you
with Recruitment Process Outsourcing (‘RPO’) services (or assisting
another organisation to do so).
|
We collect your personal
data either:
From you; or
From third parties (e.g.
our Candidates or Temporary Workers) and other limited
sources (e.g. online and offline media).
|
The main reason for using information about Clients is to enable us to introduce ourselves to
you and to ensure that the contractual arrangements between us can properly
be implemented so that the relationship can run smoothly. This will involve:
identifying Candidates who we think will be the right fit for you
or your organisation;
providing you with an MSP
programme (or assisting
another organisation to do so);
providing you with RPO
services (or assisting another organisation to do so); and/or
providing services to your employees, such as training courses.
The more information we have, the more bespoke we can make our
service.
|
We will share your data:
primarily to ensure that we provide you with a suitable pool of Candidates;
to provide you with an MSP
programme (or assist
another organisation to do so);
to provide you with RPO
services (or assist another organisation to do
so); and/or
to provide services to your employees, such as training courses.
Unless you specify otherwise, we will share your information with any
of our group companies and associated third parties such as our service
providers to help us meet these aims.
|
Supplier
|
We need a
limited amount of information from our Suppliers to enable the provision of
your services to us and the fulfilment of our contractual obligations between
us.
Such details
may include contact details of relevant individuals at your organisation so
that we can communicate with you, and bank details so that we can pay for the
services you provide.
|
We collect your personal data during the course of our work with you.
|
The main reasons for using your personal data are to ensure that the
contractual arrangements between us can properly be implemented so that the
relationship can run smoothly, and to comply with legal requirements.
|
|
Temporary Worker
|
If we employ
or engage you directly as a Temporary Worker, we need to process certain
extra information (in addition to the information collected from Candidates).
We only
collect important information such as start dates, bank details and details
of previous remuneration, pensions and benefit arrangements.
Where
appropriate and in accordance with legal obligations and requirements, we may
also collect, by inference, information related to trade union membership,
sexual orientation and childcare or carer arrangements when you provide us
with information about deductions from your salary for trade union membership
or childcare vouchers or details about your emergency contact.
|
We collect
your personal data either:
From you; or
From third
parties.
|
If we employ or engage you directly as a Temporary Worker, the main
reason for using your personal details is to
ensure the smooth running of our Temp Relationship, and
to comply with our contractual and other duties
to each other, and
to our Clients, as part of our Temp
Relationship, and
our duties to third parties such as tax authorities and government
agencies.
|
If we employ or engage you directly as a Temporary Worker, we may
share your personal data with a number of additional parties in order to
ensure the smooth running of our Temp
Relationship.
For example, we may share your personal data
with appropriate colleagues within RSS (this may include colleagues in
overseas offices), with a Client and, if appropriate, medical professionals such as your GP or an
occupational health specialist.
|
Permanent Worker
|
As per
Temporary Workers above
|
As per Temporary Workers
above
|
As per Temporary Workers
above
|
As per Temporary Workers
above
|
Website User
|
To the
extent that you access our website or click through any links in an email
from us, we will collect certain data from you.
We collect a limited amount of data
from our Website Users which we use to help us to improve your
experience when using our website and to help us manage the services we
provide.
This includes information such as
how you use our website, the frequency with which you access our website, and
the times that our website is most popular.
We collect your IP address,
information from social media activity (such as likes, shares and tweets)
when you interact with us on social media, information you provide if you
report a problem with our website or services, and any additional information
which you provide voluntarily and/or which we may ask from you to better
understand you and your interests.
Information we collect via cookies
or similar technology stored on your device (find out more about cookies and
how we use them in our Cookie Policy.
|
We collect your data automatically via cookies when you visit our
website, in line with cookie settings in your browser.
If you would like to find out more about cookies, including how we use
them and what choices are available to you, please refer to our cookie
policy.
Some of our emails contain a snippet of code, invisible to the naked
eye, called a tracking pixel that allows us to understand which of our
messages are being opened. If you would prefer that this information was not
collected, please disable automatic download of images in your email software
or service.
|
We use your
data to help us to improve your experience of using our website, for example
by analysing your recent job search criteria to help us to present jobs to
you that we think you'll be interested in.
If you are
also a Candidate or Client of RSS,
we will use data from your use of our websites to enhance other aspects of
our communications with, or service to, you.
If you would like to find out more about cookies, including
how we use them and what choices are available to you, please refer to our
Cookie Policy.
Please
note that communications to and from RSS's Staff including emails
will be reviewed as part of internal or external
investigations or litigation where necessary.
|
Unless you specify otherwise, we will share your information with
providers of web analytics services, marketing automation platforms and
social media services to make sure any advertising you receive from us is
targeted to you.
|
7.
How do we store and transfer your personal data internationally?
In order to provide you
with the best service and to carry out the purposes described in this
Privacy Policy; your data will be transferred:
o
between and within RSS
entities globally;
o
to third parties (such as advisers or other Suppliers to the RSS business);
o
to overseas Clients where applicable;
o
to Clients within your country, where applicable, who may, in
turn, transfer your data internationally;
o
to a cloud-based storage provider.
We want to make sure that
your data are stored and transferred in a way which is secure. We will
therefore only transfer data outside of the UK, European Economic Area or EEA
(i.e. the Member States of the European Union, together with Norway, Iceland and
Liechtenstein) where it is compliant with data protection legislation and the
means of transfer provides adequate safeguards in relation to your data, for
example:
o
by way of data transfer agreement, incorporating the current standard
contractual clauses adopted by the European Commission for the transfer of
personal data by data controllers in the EEA to data controllers and processors
in jurisdictions without adequate data protection laws; or
o
transferring your data to a country where there has been a finding of
adequacy by the European Commission in respect of that country's levels of data
protection via its legislation; or
o
where it is necessary for the conclusion or performance of a contract
between ourselves and a third party and the transfer is in your interests for
the purposes of that contract (for example, if we need to transfer data outside
the EEA in order to meet our obligations under that contract if you are a
Client of ours); or
o
where you have consented to the data transfer.
To ensure that your
personal information receives an adequate level of protection, we have put in
place appropriate procedures with the third parties we share your personal data
with to ensure that your personal information is treated by those third parties
in a way that is consistent with, and which respects the law on data
protection.
We are aware of the recent
Schrems II ruling and its implications on the U.S.-E.U. Privacy Shield. We are diligently reviewing our privacy
practices in light of this, but nevertheless remain devoted to handling your
data in an ethical manner, including:
·
Mandating by contract that all sub-processors adhere to data protection
legislation requirements;
·
Ensuring that any data transfers are encrypted in transit;
·
Storing your data on encrypted servers and networks;
·
Undergoing yearly security audits;
We will continue to monitor
guidance from authorities and stay closely aligned with these developments
including adjusting our practices accordingly.
8.
Who is responsible for processing your personal
data when you access the RSS website?
You can find out which RSS Global Group entity is responsible for processing your personal data and where it
is located within Annex 1
9.
Cookies and similar technologies
A “cookie” is a piece of
information that is stored on your computer’s hard drive and which records your
navigation of a website so that when you revisit website, it can present
tailored options based on the information stored about your last visit. Cookies can also be used to analyse traffic
and for advertising purposes.
Cookies are used by nearly
all websites and do not harm your system. If you want to check or change what
types of cookies you accept, this can usually be altered within your browser settings,
or you can change your preferences within our Cookie Settings. We also provide information about this within
our Cookie Policy.
10. Security of your personal data
We have implemented
appropriate technical and organisational controls to protect your personal data
against misuse, loss, or unauthorised access. These include measures to deal
with any suspected data breach.
If you suspect any misuse
or loss of or unauthorised access to your personal information, please let us
know immediately by emailing dpo@rssglobal.com
Data Security is of great
importance to RSS and to protect your data we have put in place suitable
physical, electronic and managerial procedures to safeguard and secure your
collected data.
We take security measures
to protect your information including:
·
Limiting access to our buildings to those that we believe are entitled
to be there by use of passes;
·
Implementing access controls to our information technology;
·
We use appropriate procedures and technical security measures (including
strict encryption, anonymization and archiving techniques) to safeguard your
information across all our computer systems, websites and offices.
11. Automated Decision Making or Profiling
We do not undertake
automated decision making or profiling,
We do use our computer
systems to search and identify personal data in accordance with parameters set
by a person. A person will always be involved in the decision-making process.
Some of our brands may
offer the opportunity for candidates to undertake a psychometric assessment.
This is entirely optional and is used solely to help match candidates more
closely to suitable job roles.
ANNEX 1 - RSS Group Companies:
The
list below is subject to amendment and update
European Legal Entity
|
Trading Name (if different)
|
Location
|
Blue Arrow Limited
|
|
United Kingdom
|
Career Teachers Limited
|
|
United Kingdom
|
Chadwick Nott Limited
|
|
United Kingdom
|
Chrysalis Community Care Group Limited
|
|
United Kingdom
|
Global & Medical Recruitment Consultancy Inc
|
|
Canada
|
Global Medics Limited
|
|
United Kingdom
|
Global Medics PTY Limited
|
|
Australia
|
Global Medics NZ Limited
|
|
New Zealand
|
Healthlink New Zealand Group Limited
|
|
New Zealand
|
Litmus Workforce Solutions Limited
|
|
United Kingdom
|
Litmus Workforce Solutions Limited
|
|
Ireland
|
Litmus Workforce Solutions Pty
Limited
|
|
Australia
|
Medacs Global Group Limited (Ireland)
|
|
Ireland
|
Medacs Global Group Limited
|
|
United Kingdom
|
Medacs Healthcare Australasia Group Limited
|
|
United Kingdom
|
Medacs Healthcare Australia Pty Limited
|
|
Australia
|
Medacs Healthcare Limited
|
|
New Zealand
|
Medacs Healthcare plc
|
|
United Kingdom
|
Medacs Healthcare Pty Limited
|
|
Australia
|
PRN Recruitment Limited
|
Fast Response Healthcare
|
United Kingdom
|
Tate Recruitment Limited
|
|
United Kingdom
|
ANNEX 2 – Retention Periods
|
Retention Period (up to)
|
All types of Candidates with whom we have had no contact
|
6 months - If no contact made
|
Candidates we have had meaningful contact with but not placed
|
1 year from the later of:
Candidate registration;
Consent to represent received (for Conduct Regs purposes) (which is separate from any consent given for data protection purposes)
Last meaningful contact.
|
Temporary Workers we have placed
|
6 years from the later of:
End of last assignment; or
1 year after last meaningful contact.
|
Permanent Workers we have placed
|
2 years from the later of:
placement date; or
1 year after last meaningful contact.
|
Our Own Permanent Employees or Direct Hire Temps
|
Not Hired - 1 year from registration or consent if not placed.
Hired - 6 years from end of employment
|
All Others
|
6 months - If no contact made; or
2 years- from last meaningful contact.
|
Medacs Global Group Exceptions:
Items
|
Proposed Retention Period (up to)
|
Comment
|
Justification
|
DBS Searches
|
Two years from creation
|
|
Must be retained for audit for NHS Framework Agreements
|
Documents to support Revalidation service for doctors
|
Five years from submission
|
|
Required by GMC to evidence revalidation for past 5 years
|
- Medical records under the Control of Asbestos at Work Regulations.
Medical examination certificates.
|
|
Records held by Occupational Health team relating to tests performed on staff of clients.
|
Control of Asbestos at Work Regulations
|
Medical records and details of medical tests under the Control of Noise at Work Regulations 2005
|
- 40 years from the date of the last entry.
|
Records held by Occupational Health team relating to tests performed on staff of clients.
|
Control of Noise at Work Regulations
|
Records relating to care of children and young adults
|
Until the subject reaches the age of 21 (ie 18 plus 3 years)
|
|
Limitation Act 1980
|
ANNEX 4 – Glossary
Candidates – refers to applicants (and those subsequently engaged on temporary assignments, directly or indirectly, by Impellam and/or one of its subsidiary companies) for any roles advertised by or through Impellam and/or one of its subsidiary companies, whether permanent or temporary positions, whether as freelancers, contractors, flexible employees or through third parties including Suppliers; as well as people who have submitted a speculative CV to Impellam and or one of its subsidiary companies.
Clients – covers organisations which engage with Impellam and/or one of its subsidiary companies for it to provide recruitment or other services.
Data Controller – is a person, company, or other body that determines the purpose and means of personal data processing.
Data Processor – processes personal data only on behalf of the Data Controller.
Data Protection Act 2018 - updates data protection laws in the UK. It is a national law which complements the European Union's General Data Protection Regulation (GDPR) and replaces the Data Protection Act 1998.
Employees – includes employees engaged directly by Impellam (or who have accepted an offer to be employed) as well as certain other workers engaged in the business of providing services to Impellam and/or one of its subsidiary companies. This includes employees engaged to work on client premises under the terms of managed service agreements or equivalent.
General Data Protection Regulation (GDPR) – A European Union statutory instrument which aims to harmonise European data protection laws. It has an effective date of 25 May 2018, and any references to it should be construed accordingly to include any related national data protection legislation.
The EU GDPR applies to all 27 member countries https://europa.eu/european-union/about-eu/countries_en of the European Union (EU). It also applies to all countries in the European Economic Area (the EEA), and includes Iceland, Norway, and Liechtenstein.
The UK withdrew from the European Union on 31 December 2020, and the GDPR has now been enshrined under UK GDPR. The UK is expected to substantially follow the GDPR after Brexit but this Policy will be updated to reflect any changes where necessary.
Information Commissioners Office (ICO) - is the UK's independent body and supervisory authority set up to uphold information rights.
Managed Service Provider (MSP) Programmes– Clients’ outsourcing of the management of external staff (including freelance workers, independent contractors and temporary employees) to an external recruitment provider.
Meaningful Contact - When we refer to "meaningful contact", we mean, for example, communication between us (either verbal or written), or where you are actively engaging with our online services.
Privacy and Electronic Communication Regulation (PECR) – sit alongside the Data Protection Act and GDPR to give people specific privacy rights in relation to electronic communications.
Prospective Candidates –individuals with whom Impellam and/or one of its subsidiary companies has not had prior contact but whom Impellam and/or one of its subsidiary companies reasonably considers would be interested in our services and, in particular, in being considered for any roles advertised or promoted by Impellam and/or one of its subsidiary companies, including permanent, part-time and temporary positions and freelance roles with Impellam and/or one of its subsidiary companies Clients.
Recruitment Process Outsourcing (RPO) Services – full or partial outsourcing of the recruitment process for permanent employees to a recruitment provider.
Special Category or Sensitive Personal Data - the GDPR defines special category data as Personal Data revealing: (1) Racial or Ethnic Origin; (2) Political Opinions; (3) Religious or Philosophical Beliefs; (4) Trade Union Membership; (5) Genetic Data; (6) Biometric Data (where used for identification purposes); (7) data concerning Health; (8) data concerning a person’s Sex Life; (9) data concerning a person’s Sexual Orientation. This does not include personal data about criminal allegations, proceedings or convictions, as separate rules apply.
Suppliers – covers supplier companies (including sole traders), vendors, umbrella companies, partnerships and limited company contractors who provide services to Impellam and/or one of its subsidiary companies including as sub-contractors. Suppliers should ensure their employees and workers are made aware of the provisions of this Privacy Policy as applicable.