GDPR POLICY
OUR COMMITMENT
We are committed to ensuring the security and protection of the personal information that we process, and to provide a compliant and consistent approach to data protection. We have created this privacy statement (together with our Terms & Conditions and any other documents referred to in it) sets out the basis on how we collect, retain and use the information we receive about our clients and employees. Our goal is to demonstrate and communicate our high ethical standards and how we implement appropriate internal controls. We have always had a robust and effective data protection program in place which complies with existing law and abides by the data protection principles. However, we recognise our obligations in updating and expanding this program to meet the demands of the GDPR.
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By accepting this, you are consenting to the practices described in this statement.
We also provide sector specific construction related services. We collect the personal data from the following types of people to allow us to undertake our business services;
- Prospective and employed workers for temporary construction roles on our sites;
- Prospective and live client contacts for regular pricing and quotation activities
- Supplier and subcontractor contacts to support our services;
- Employees, consultants, temporary workers and contractors;
Reachout Medical is a UK registered company, No: 11196377.
Registered office: 869 High Road, London N12 8QA
For the purpose of the General Data Protection Regulation (Regulation (EU) 2016/679) (the GDPR), the data controller is Reachout Medical Ltd. This privacy statement applies to all of our business interests in the UK.
WHAT IS THE PURPOSE OF THIS STATEMENT?
We are committed to protecting the privacy and security of your personal information.
This privacy statement describes how we collect and use personal information about you during and after your working relationship with us, in accordance with the General Data Protection Regulation (GDPR) as updated from time to time. It applies to all clients, employees and contractors. Employees of Reachout Recruit should refer to the Employee Privacy Statement which is available on the intranet.
We will comply with data protection law. This says that the personal information we hold about you must be:
- Used lawfully, fairly and in a transparent way.
- Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
- Relevant to the purposes we have told you about and limited only to those purposes.
- Accurate and kept up to date.
- Kept only as long as necessary for the purposes we have told you about.
- Kept securely.
OUR LEGAL BASIS FOR USING YOUR PERSONAL DATA
Under GDPR, the main grounds that we rely upon in order to process personal information of clients and candidates are the following:
(a) Necessary for entering into, or performing, a contract – in order to perform obligations that we undertake in providing a service to you, or in order to take steps at your request to enter into a contract with us, it will be necessary for us to process your personal data;
(b) Necessary for compliance with a legal obligation – we are subject to certain legal requirements which may require us to process your personal data. We may also be obliged by law to disclose your personal data to a regulatory body or law enforcement agency;
(c) Necessary for the purposes of legitimate interests – either we, or a third party, will need to process your personal data for the purposes of our (or a third party’s) legitimate interests, provided we have established that those interests are not overridden by your rights and freedoms, including your right to have your personal data protected. Our legitimate interests include responding to requests and enquiries from you or a third party, optimising our website and customer experience, informing you about our products and services and ensuring that our operations are conducted in an appropriate and efficient manner;
(d) Consent – in some circumstances, we may ask for your consent to process your personal data in a particular way.
WHAT PERSONAL DATA WILL WE COLLECT FROM YOU?
We will hold, use and disclose your personal information, for our legitimate business purposes including:
- to provide our services to you;
- to maintain our business relationship, where you are a user of our services, a client or worker;
- to enable you to submit your CV for our internal vacancies, to apply for specific jobs. Please see the separate section on your CVbelow which outlines additional uses and disclosures;
- to match your details with vacancies, to assist us in finding a position that is most suitable for you and to send your personal information (including sensitive personal information) to clients in order to apply for jobs;
- to retain your details and notify you about future job opportunities other than the specific role for which you have contacted us;
- to answer your enquiries;
- to direct-market products and services, advise you of news and industry updates, events, promotions and competitions, reports and other information. Before we do so, you will be given an option to opt-out of such communications and an option to unsubscribe will also be provided with each communication;
- to fulfil contractual obligations with our clients;
- to provide further services to you by sharing your personal information with other companies within our Group of companies as well as trusted third parties. Further details about this are set out in the separate section below on Sharing your Personal Information;
- to release personal information to regulatory or law enforcement agencies, if we are required or permitted to do so;
- In order to provide you with personalised content on our website, with more relevant communication in our emails, and with a tailored service from our consultants, we track and record your usage and interaction with our website and emails. We employ a third party service provider to help us record, store and analyse this information to determine how we might best deliver your engagement. We ensure that no personally identifiable attributes are recorded in this database and, other than our chosen service provider, we do not share this information with any other business or affiliate.
We may process, in accordance with local regulations, certain sensitive personal data (known as special category data in GDPR) where you include it in information you send to us e.g. if you include information about your health, religion or ethnic origin in the CV you send to us. We may also be required to conduct a criminal records check against your details. We have processes in place to limit our use and disclosure of such sensitive data other than where permitted by law.
HOW WE SHARE YOUR PERSONAL INFORMATION
In certain circumstances we will share your personal information with other parties. Details of those parties are set out below along with the reasons for sharing it.
Other Companies within our Group within the EEA
Where you are registered as a worker, we may share your personal information with our clients who are based in the European Economic Area (“EEA“).
We will share your personal information as above for any or all of the following purposes:
- to provide you with job opportunities;
- for Health & Safety reasons including training information
- for business development;
- for systems development and testing;
- for development and marketing of other products and services;
- to improve our customer service and to make our services more valuable to you; and/or
- to tailor our website and the websites of other companies in our Group when you log on to make them relevant to you personally.
Other companies within our Group outside the EEA
In the event you require us to explore job opportunities for you outside the EEA, we will notify you that we intend to pass your personal information to, or allow access to such information by, other companies within our Group of companies worldwide so they can use it for the purposes set out above.
If you would like details of the particular companies within our Group which can access your personal information, please contact us using the details in the Contact sectionbelow.
We apply equal rigour to the security of data held and processed across our company. Each company within our Group of companies outside the EEA with access to data in the UK, enters into a specific data protection agreement with Reachout Recruit LTD thereby undertaking to meet the same standards of data security and to act in accordance with data protection principles applicable under the strict European data protection laws. This agreement is based on the Model Clauses as approved by the EU Commission
Clients
We disclose your personal information to clients who have vacancies for jobs in which you are relevant.
Trusted Third Parties
We will share your personal information and, where necessary, your sensitive personal information with trusted third parties where we have retained them to provide services that you or our clients have requested, such as:
- employment reference checking;
- qualification checking;
- criminal reference checking (as required);
- verification of details you have provided from third party sources; and/or
- psychometric evaluations or skills tests.
- Online Training
We will also share your personal information with third parties who perform functions on our behalf and provide services to us such as:
- professional advisors;
- Payroll companies;
- data analytics providers;
- IT consultants carrying out testing and development work on our business technology systems;
- research and mailing houses; and/or
- function co-ordinators.
We require minimum standards of confidentiality and data protection from such third parties. To the extent that any personal information is provided to third parties outside the EEA, or who will access the information from outside the EEA, we will ensure that approved safeguards are in place, such as the approved Model Clauses or the EU/US Privacy Shield.
Regulatory and Law Enforcement Agencies
As noted above, if we receive a request from a regulatory body or law enforcement agency, and if permitted under GDPR and other laws, we may disclose certain personal information to such bodies or agencies.
WHERE IS YOUR PERSONAL DATA STORED?
All company storage locations which holds personal information are encrypted to the highest standard. This includes our CRM database; file locations and remote access. All cloud data is secured by Microsoft Azure Active Directory.
We will do our best to protect your personal data, although as the transmission of information via the internet is not completely secure we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access, misuse or loss.
If you suspect any unauthorised access to or misuse or loss of your data, please contact us immediately using our contact details within the ‘How can you contact us?’ section lower down on this web page.
HOW LONG DO WE KEEP YOUR PERSONAL DATA?
We keep your personal data in accordance with the following data retention periods:
Candidate personal data – 5 years since the last contact with you, where contact means addition of your personal data to our database, placement into a role or there is a record of verbal or written communication with you. Candidates includes applicants for all vacancies we advertise, including permanent, part-time and temporary positions with any of our clients. This also includes individuals put forward by any of our clients.
Contractor financial data – 7 years following the last payment made. Contractors includes any worker who we have put into work and made a payment to.
We will endeavour to permanently erase your personal data once it reaches the end of its retention period or where we receive a valid request from you to do so. However some of your data may still exist within our systems. For our purposes, this data will be put beyond use, meaning that while it still exists on a system, it cannot be readily accessed by operational systems, processes or staff.
Use of automated profiling tools
We do not carry out any automated profiling in our recruitment process.
Your duty to inform us of changes
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.
YOUR RIGHTS ON INFORMATION WE HOLD ABOUT YOU
You have certain rights in relation to personal information we hold about you. Details of these rights and how to exercise them are set out below. We will require evidence of your identity before we are able to act on your request.
Right of Access
You have the right at any time to ask us for a copy of the personal information about you that we hold. Where we have good reason, and if the GDPR permits, we can refuse your request for a copy of your personal information, or certain elements of the request. If we refuse your request or any element of it, we will provide you with our reasons for doing so.
Right of Correction or Completion
If personal information we hold about you is not accurate, out of date or incomplete, you have a right to have the data rectified, updated or completed. You can let us know by contacting us using any of the methods in the Contact section below.
Right of Erasure
In certain circumstances, you have the right to request that personal information we hold about you is erased e.g. if the information is no longer necessary for the purposes for which it was collected or processed or our processing of the information is based on your consent and there are no other legal grounds on which we may process the information.
Right to object to or restrict processing
In certain circumstances, you have the right to object to our processing of your personal information by contacting us using any of the methods in the Contact sectionbelow. For example, if we are processing your information on the basis of our legitimate interests and there are no compelling legitimate grounds for our processing which override your rights and interests. You also have the right to object to use of your personal information for direct marketing purposes.
You may also have the right to restrict our use of your personal information, such as in circumstances where you have challenged the accuracy of the information and during the period where we are verifying its accuracy.
Right of Data Portability
In certain instances, you have a right to receive any personal information that we hold about you in a structured, commonly used and machine-readable format.
You can ask us to transmit that information to you or directly to a third party organisation.
The above right exists only in respect of personal information that:
- you have provided to us previously; and
- is processed by us using automated means.
While we are happy for such requests to be made, we are not able to guarantee technical compatibility with a third party organisation’s systems. We are also unable to comply with requests that relate to personal information of others without their consent.
You can exercise any of the above rights by contacting us using any of the methods in the Contact section below.
Most of the above rights are subject to limitations and exceptions. We will provide reasons if we are unable to comply with any request for the exercise of your rights.
CONSENT
To the extent that we are processing your personal information based on your consent, you have the right to withdraw your consent at any time. You can do this by contacting us using the details in the Contact section below.
COMPLAINTS
If you are dissatisfied about any aspect of the way in which your data is processed you may, in the first instance refer the matter to: info@rechoutmedical.co.uk. This does not affect your right to make a complaint to Reachout Medical : https://ico.org.uk
CHANGES TO OUR PRIVACY POLICY
In the event that we change or alter in some way our disclaimer or privacy policy, such changes will be posted here automatically for you to view. If, at any time you have any questions or concerns regarding this or any other matter, please do not hesitate to contact us.
If you wish to receive a copy of the information we hold about you, write to us:
Reachout Medical LTD – info@reachoutmedical.co.uk
SECURITY
Our database is protected with a variety of security measures to ensure that data you provide is not lost, misused, or altered inappropriately.
CONTENT OF THE WEBSITE
All information on the database is for general information purposes only and may be altered at any time by Reachout Medical LTD without notice.
This was created in England. Any interpretation of its content, claims or disputes (of whatever nature and not limited to contractual issues) shall be subject to the exclusive jurisdiction of the English Courts under English law.
If you have any enquires you can contact us at: info@reachoutmedical.co.uk or by writing to us.