1. Introduction and Purpose of this privacy notice
This privacy notice gives you information on how ID-Medical collects, processes and protects your personal data through your registration on and use of this website. It is important that you read this privacy notice together with any other privacy notice or fair processing notice we may provide so that you are fully aware of how and why we are collecting and using your data.
We can only provide our services fully if the personal data we hold about you is accurate and up to date. Please keep us informed or update your details if your situation changes.
Our website is not intended for children and we do not knowingly collect data relating to children.
ID-Medical ID House - 1 Mill Square - Wolverton Mill South - Milton Keynes - MK12 5ZD – Company Number: 3829536 is the Data Controller and responsible for your personal data (collectively referred to as ‘ID Medical’, ‘we’, ‘us’ or ‘our’ in this privacy notice).
2. What information we hold about you
We collect personal information about you when you register or apply for a job through our website. The information you provide is treated in accordance with current UK data protection legislation. The information collected includes:
- Identity Data e.g. name, username, , date of birth, gender
- Contact Data e.g. address, email address, phone number(s)
- Financial Data e.g. bank account
- Technical Data e.g. IP address, log in details, browser type, operating system
- Profile Data e.g. profession, grade, specialty, CV, compliance documents, RTW, qualifications, DBS
- Marketing Preferences Data e.g. notification and communication preferences regarding our other products and services
3. Consent and Communications
You can withdraw or amend your consent for us to contact you regarding suitable assignments or our other products and services at any time via our website or by contacting us using the contact details below. Please note that some consent is required to fulfil the purpose of securing suitable employment contracts.
By referring other individuals to us, you consent to us sharing your name with that individual. The individual(s) referred will be contacted by us for the purposes of work placement and their consent requested to retain their personal data.
We would also like to contact you from time to time regarding our other products and services and you can opt-in to receive this information via our website or the contact details below.
Preferences regarding the specific communications you receive from us can be managed in your ‘Preference Centre’ found on our website.
4. How and when we use your personal data
We will only use your personal data where we have a legal basis to do so i.e.
- Where we need to fulfil a contract we have entered into with you. This would typically be when securing you a contract of employment
- Where it is necessary for our legitimate interest and your rights do not override these interests. This would typically be where we are searching for a suitable contract of employment for you, prior to commencement
- Where we need to comply with legal or regulatory obligations. This would typically be to fulfil HMRC or framework requirements
- Where we have obtained your consent to use it
5. Data Sharing
We may share your personal information with a member of our group, which means subsidiaries, and any ultimate holding company and its subsidiaries, as defined in section 1159 of the United Kingdom Companies Act 2006.
We may share your information with selected third parties including:
- Business partners, suppliers, NHS hospital Trusts and sub-contractors for the performance of any contract we enter into with you.
- Aggregate, anonymous information about our users to advertisers and advertising networks to select and serve relevant adverts to you and others. This information does not identify you as an individual. We may also make use of the personal data we have collected from you to enable us to comply with our advertisers' wishes by displaying their advertisement to a target audience.
- Aggregate, anonymous information about our users to analytics and search engine providers that assist us in the improvement and optimisation of the website.
We may disclose your personal information to third parties:
- In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
- If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply these notices, terms and other agreements; or to protect the rights, property or safety of those with whom we do business, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
We may also disclose aggregate, anonymous statistics about visitors to the website (users and transactions) in order to describe our services to prospective partners (advertisers, sponsors) and other reputable third parties and for other lawful purposes, but these statistics will include no personally identifiable information.
6. Third Party Links and International Transfers
The website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check the policies of these websites before you submit any personal data.
ID-Medical does not transfer or store any personal data outside the European Economic Area (EEA). Your personal data may be processed by ID Medical (India) LLP operating outside the EEA. ID Medical (India) LLP staff log into UK based servers and are required to adhere to the same data protection protocols as our UK based staff. ID Medical (India) LLP operates as a Data Processor within strict operational requirements as detailed in a Data Processor agreement.
7. Your Rights
You have a number of rights as outlined below. When exercising these rights we will need to validate your identity to ensure the request is from you. This is a security measure to ensure personal data is not disclosed to an unauthorised third party. You may exercise your rights by contacting us via the contact details below.
7.1 Right to be informed
Your ‘Right to be Informed’ encompasses the right to be provided with ‘fair processing information’ to ensure transparency over how your personal data is used. This is included in this Privacy Notice and our Terms and Conditions. The information provided should be:
- concise, transparent, intelligible and easily accessible;
- written in clear and plain language, and
- free of charge.
7.2 Right to Restrict Processing
You have the right to ask us not to process your personal data for e.g. marketing purposes. We will inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us at email@example.com
7.3 Right of Access
You have the right to access the information we hold about you. An access request is free of charge unless considered repetitive or excessive when a small admin charge may be made. A request for access can be made via the contact details below.
7.4 Right of Rectification
You are entitled to have your personal data corrected if it is inaccurate or completed if incomplete. If the personal data in question has been disclosed to third parties, we will inform them of the rectification where possible and confirm with you which third parties the data has been disclosed to.
7.5 Right to Erasure
You have the right to request the deletion of personal data where there is no compelling reason for its continued processing. There are some circumstances where this right may not be met and a request refused e.g. to comply with a legal obligation such as HMRC or framework retention requirements (see Data Retention below for more details).
7.6 Right to Data Portability
The right to data portability allows you to obtain and reuse your personal data. It allows you to move, copy or transfer personal data easily in a safe and secure way, without hindrance to usability.
The right to data portability applies to personal data:
- provided by you;
- where you have provided consent for processing or the processing is for the performance of a contract; and
- when processing is carried out by automated means.
7.7 Right to Object
You have the right to object to processing based on the performance of a task in the public interest or processing based on a legitimate interest e.g. direct marketing. An objection must be based on your particular circumstances and processing must cease unless there are compelling reasons otherwise e.g. defence of legal a claim.
7.8 Rights Relating to Automated Decision Making and Profiling
Data protection legislation provides safeguards for individuals against the risk that a potentially damaging decision is taken solely based on automated processing i.e. without human intervention.
ID-Medical employs no fully automated processes that result in particular individuals being impacted
8. Data Security
We have in place appropriate security measures to prevent your data being accidentally lost, used, accessed in an unauthorised way, altered or disclosed. Access to your personal data is strictly limited to specific authorised individuals who require access to perform their roles.
All data collected and processed by ID-Medical is stored on servers in the UK.
Internal policies and procedures are in place and reviewed regularly to identify and notify of any breaches of these procedures.
9. Data Retention
We will only retain your data for as long as necessary to fulfil the purposes it was collected for and satisfy any legal, accounting or reporting requirements. For example when you complete a contract we need to retain your details for 6 years to satisfy HMRC requirements and some frameworks recommend retaining details for 21 years in case of any long term emerging personal injury claims. If you have worked with us at any point, therefore, we will normally securely retain your details for 21 years.
Prior to completing a contract with us, by registering your details on our website we will, typically, retain your details for a period of three years unless you request that they be deleted. In this instance we will anonymise your data so that it cannot be associated with you and retained securely for statistical research purposes.
10. Contact us
We have appointed a Data Protection Officer who is responsible for overseeing questions relating to this privacy notice. If you have questions about this privacy notice including requests to exercise your legal rights, please contact the DPO using the contact details below.
Contact via the website or by email is encrypted and none of the data you supply will be stored by the website or passed to or processed by a 3rd party processor.
To contact us, please visit our website: www.id-medical.com
or e-mail as follows:
Or telephone: (0)1908 552 820
Should you have cause to make a complaint or express dissatisfaction with ID-Medical, a member of its staff or processes, please email or telephone our Complaints Team at: firstname.lastname@example.org
/ 01908 552820. A member of our Complaints team will address your concerns as appropriate.
Should you feel that your concern has not been resolved satisfactorily you also have the right to direct your complaint to the supervisory authority – contact details below.
12. Supervisory Authority and Data Breaches
The relevant supervisory authority for data protection legislation in the UK is the Information Commissioners Office (ICO). Their contact details are:
Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF
Tel: 0303 123 1113 (local rate)
ID-Medical has designed the protection and security of data protection into its systems, processes and staff knowledge. In the event that a breach of data protection is identified, the circumstances are logged and appropriate actions taken including informing the individuals concerned and the supervisory authority. Each case is considered separately and depends on the risk to the rights and freedoms of the individual(s) impacted.