General Data Protection Regulations (GDPR)
This notice (together with our terms of and any other documents referred to on it) sets out the basis on which any personal data the Company collects from you, or that you provide to us, will be processed.
The Company complies with the principles of GDPR. The six overall guiding principles are:
- Lawfulness, transparency and fairness
- Purpose Limitation
- Data Minimisation
- Storage limitation
- Confidentiality and integrity
Your privacy and security is of the utmost importance to us. We will always follow these principles and ask you how you would like us (or our partners) to communicate with you. The Information Commissioner regulates compliance with GDPR.
Who is the Data Controller?
When you provide personal information to HCRG or any HCRG Subsidiaries, the data controller is the Company.
If another company is the data controller, this will be made clear when you provide your personal information.
The Company has a lawful basis for processing your personal data under the provisions of GDPR 6 (1) a, b, and c. These provisions allow for processing your personal data based on your consent and/or that your data is necessary for the performance of a contract (i.e. employment or temporary/locum work) or to take steps to entering into a contract and/or for the legal obligation we have in relation to providing you with suitable employment or providing our clients with a suitable employee.
Information we may collect from you
We may collect and process the following data about you:
- Information that you provide by filling in forms on this site. This includes information provided at the time of registering to use our site, subscribing to our service, posting material or requesting further services. We may also ask you for information when you enter a competition or promotion and when you report a problem with our site.
- If you contact us, we may keep a record of that correspondence.
- We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
- Details relating to our recruitment services and the supply of your services to our clients.
- Details of your visits to our site including, but not limited to, traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise and the resources that you access.
How We Use Personal Data
The data controller will use your information together with other information for administration (including providing any goods, services or information you have requested), marketing, customer services.
By returning or submitting a form with your personal information to us, you consent to the Company:
- Processing your sensitive personal data for the above purposes;
- Transferring your information to countries which do not provide the same level of data protection as the UK if necessary for the above purposes and where you have indicated a preference for overseas work. If we do make such a transfer, we will put a contract in place to ensure your information is protected.
When you give us your personal information, we will give you the opportunity to opt out of receiving communications by post or telephone from the Company but remember that this will preclude you from receiving any of our special offers or promotions in future. We will also give you the opportunity to opt in to receive such information by e-mail or SMS and will only send it to you if you do opt in or if you are an existing client and the information relates to similar goods or services to those which you have previously requested from us.
You may also exercise your right to opt out of the use of your information for marketing purposes at any time by contacting us using the methods explained at the end of this notice.
Your personal information will be disclosed where we are obliged or permitted by law to do so. If you post or send offensive or objectionable content anywhere on or to any of our websites or otherwise engage in any disruptive behaviour on any of our websites, we can use whatever information that is available to us about you to stop such behaviour. This may involve informing relevant third parties such as your employer and law enforcement agencies about the content and your behaviour.
IP Addresses and Cookies
We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information to our advertisers. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual.
When you visit one of our websites, we may send you a cookie. A cookie is a small file that can be placed on your computer’s hard disk for record keeping purposes and we may use them to do a number of things.
Cookies help us to recognise you when you next visit one of our websites and note the content displayed to you. This allows us to tailor the content we provide to your preferences. We may use the services of third-party ad servers for this purpose.
Cookies may be used to compile anonymous statistics related to the take up or use of services, or to patterns of browsing. Cookies contain information that is transferred to your computer’s hard drive. They help us to improve our site and to deliver a better and more personalised service. They enable us:
- To estimate our audience size and usage pattern.
- To store information about your preferences, and so allow us to customise our site according to your individual interests.
- To speed up your searches.
- To recognise you when you return to our site.
A third party collects such data on our behalf to measure web site performance. Information collected is aggregated for reporting purposes. No personally identifiable information is collected by this service. The use of this service assists us in measuring and improving the structure and ease of use of our web sites.
Under GDPR, there are new rights for individuals and existing rights have been strengthen, are very clear and can be found here:
You have the right to ask us not to process your personal data for marketing purposes. We will ask you to opt in (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You have the right to opt out of receiving marketing communication at any time.
Please note the Company’s site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. You are advised to check these policies before you submit any personal data to these websites
Under GDPR, individuals have the right to confirm if their data is being processed and the right to access their personal data and other supplementary information. Individuals must be able to verify their identity through reasonable means. There is no charge for this information under the regulation but a fee can be charged if the request is manifestly unfounded, excessive or repetitive or if at the extreme of these reasons, this request can be refused. This fee is based on the administrative cost of providing the information. Under such a subject request we have to provide this information within 30 days but where information is complex or numerous this period can be extended by a further 60 days by informing you of this within the initial month. If a request is refused for the reasons above and explanation must be given and you have the right to complain to the supervisory authority
Rectification and Erasure
You have a right to have any inaccurate or incomplete data rectified. Similar to the access requests the Company will respond within 30 days and this can be extended by an extra 60 days in complex cases. This can also be refused but a reason must be given and you have the right to complaint to a supervisory authority. You also have the right to be forgotten, however this request can be refused where data is required to comply with legal obligations, for public health purposes or for the defence or exercise of legal claims. More information can be found here [https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-erasure/].
Third parties where your personal data has been disclosed also have to be informed of this erasure.
When you give us information about another person, you confirm that they have appointed you to act for them, to consent to the processing of their personal data, including sensitive personal data and to the transfer of their information abroad and to receive on their behalf any data protection notices.
Disclosure of your Information
- We may disclose your personal information to any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
We may disclose your personal information to third parties:
- In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
- If the Company or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
Notification of changes