Candidate Privacy Notice
We, MedAccess Guarantee Ltd, are committed to ensuring the security and privacy of your personal information. The purpose of this privacy notice is to set out what information we, as data controller, collect about you as a job applicant, including during the recruitment and pre-employment screening process, how we collect and use it, who we may share this information with and the measures we undertake to protect your personal information in accordance with data protection legislation. Please make sure that you read this notice.
Please ensure the accuracy of the data you provide to us and update us in case of any changes so we can comply with the law and assess your suitability for the position.
What personal data we collect
During your interaction with us as a job applicant, we will collect your information from a variety of sources such as your visit of our website, the information you leave on our website or when you interact with us through various other channels such as phone calls or complete any tests or questionnaires during your application, interview or pre-employment checks. We may obtain this information directly from you or from your former employers or publicly available sources or recruitment agencies you’ve authorised or other sources you’ve referred us to. However, we will not contact third parties without your permission.
Such personal data may include:
- Personal details such as your name, previous names, date of birth, place of birth, gender, diversity and inclusion information, sexual orientation, dietary requirements;
- Information concerning your identity e.g. photo ID, passport information, National Insurance number, National ID card, birth number (or equivalent) and nationality;
- Details including address (and addresses for the past 10 years), email address and telephone number (mobile and landline);
- Information in respect of any qualifications you have and your employment history e.g., your CV and personal statement, university education, professional certifications; details of your qualifications, skills, experience, previous employers;
- Data regarding your health including any medical condition, sickness, disabilities, previous health records;
- Data and content provided by you in any job application, information about your performance in any tests we conduct and/or job applicant surveys conducted by us, contact details of your referees;
- Information from any background verification checks/ vetting and/or your named work references;
- Any other information about you that you provide directly to us, or we may collect through any medium/ channel including your signature, geographic information and any data collected through cookies;
- Any information disclosed during interactions with you, whether face-to-face, over the phone, in writing or in any other form.
Pre-employment screening checks
MedAccess and/or a global third-party screening agency will request, gather (if you are eligible for enhanced vetting), and process your personal data for background screening checks in countries where you have been based. Such checks will be undertaken to validate the information provided by you on your CV and job application including your identity, employment history and qualifications for our legitimate interests to be able to assess our risk in hiring you.
We will typically collect, store, and use the following categories of personal information about you:
- Personal contact details such as name (all legal and alias, current and previous names), title, addresses, telephone numbers, and personal email addresses;
- Date of birth and gender;
- National insurance number or equivalent tax identification number; Location of employment or workplace;
- Recruitment information (including copies of right to work documentation, references and other information included in a cv or cover letter or as part of the application process);
- Information concerning any qualifications you hold e.g., university education, professional certifications;
- Employment records (including job titles, work history, working hours, training records and professional memberships).
Screening checks that we may perform include:
- A right to work check;
- Verification of identity;
- A credit reference check;
- A conduct check, which may include a criminal check (we will only conduct criminal checks where legally permitted or required);
- Upon your declaration of a conflict, a conflicts of interest check in relation to the employment of relatives, any former employment with an external auditor and any external directorships held;
- A search of watch lists or database files provided by third parties, indicating no involvement in activities such as fraud, financial crime, money laundering or breach of sanctions;
- A media research check indicating no involvement in activities such as fraud, financial crime, money laundering, breach of sanctions, terrorism.
We will only use your personal information for the purposes for which we collected it, in conjunction with GDPR, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. Please note also that we may process your personal information without your knowledge or consent, where this is required or permitted by law.
Why we collect and process your personal data
Your personal data may be used for our legitimate interests such as to evaluate your fitness for the position for which you have made an application or for any future positions that may arise. We may need to process your personal data to comply with a legal obligation or if such use is in public interest such as for equal opportunity purposes. We may also use your information where you have consented to such use.
We may use your information for several other reasons including for administrative purposes such as managing the application process and advising you of interview schedules or our decision regarding your application; to tell you about other suitable positions within the organisation, for our compliance with laws, for security, background checks, job applicant surveys, for making an offer of employment and your acceptance of such offer.
How we make decisions about you
You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making.
Who we share your information with
We will only share your personal information with third parties such as any sub-contractors, agents or service providers who work for us or provide services to us or our affiliates companies (including their employees, sub-contractors, service providers, directors and officers) where we or they have a public duty to do so or have a legitimate reason to do so such as confirming your identity or assessing your suitability for the role or where you have provided your consent to share such information. All our third-party service providers are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
How long we will retain your information for
If your application is successful, your personal data will be transferred to your employee file and be treated according to our data protection policy which will be made available to you upon joining. However, if your application is unsuccessful, we will retain your personal information for a period of thirty-six months after we have communicated to you our decision about whether to appoint you to the position. We retain your personal information for that period so that (a) we can show, in the event of a legal claim, that we have not discriminated against candidates on prohibited grounds and that we have conducted the recruitment exercise in a fair and transparent way and (b) to match your information against any other vacancies we may have. We will send you an annual reminder to let you know that we are processing your personal information and give you the opportunity to remove it from our systems. After this period, we will securely destroy your personal information in accordance with our data retention policy.
Under GDPR, you have certain rights in respect of your personal data that we hold.
You have the right to:
- Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal information to another party.
Right to withdraw consent
Upon your application for this role, you have provided your consent for us to process your personal information for the purposes of the recruitment exercise. You have the right to withdraw your consent for processing for that purpose at any time. To withdraw your consent, please contact our data protection officer, Jonathan Hutchins at [email protected]. Once we have received notification that you have withdrawn your consent, we will no longer process your application and, subject to our retention policy, we will dispose of your personal data securely. However, under certain circumstances, we are permitted to continue processing your information despite your request to the contrary.
How we keep your information secure
Your personal data is kept secure through several security measures that we have in place such as encryption of data and other forms of information and cyber security. Our staff is trained and tested on security awareness. We have in place measures to detect malicious activity. Our staff and consultants/ service providers must adhere to information security standards for dealing with any personal information.
For any questions on this Candidate Privacy Notice, please contact our data protection officer, Jonathan Hutchins at [email protected]