At Plan B Healthcare Plc (“Plan B”) we are committed to ensuring the privacy of data we receive. This is for our candidates, clients and those who use our website. We will endeavour to make sure that the information you submit to use is only processed for reasons outlined in this Privacy Notice.
The General Data Protection Regulations (GDPR) (Regulation (EU) 2016/1679) is a new regulation which replaces the Data Protection Regulation (Directive 95/46/EC). The Regulation aims to harmonise data protection legislation across EU member states, enhancing privacy rights for individuals and providing a strict framework within which commercial organisations can legally operate.
Even though the UK has expressed its intention to leave the EU in March 2019, the GDPR will be applicable in the UK from 25 th May 2018. The government intends for the GDPR to continue in UK law post “Brexit” and has also introduced a Data Protection Bill to replace the current Data Protection Act.
Your new rights under the GDPR are set out in this notice but will only apply once the GDPR becomes law on 25 th May 2018. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
Who we are and what we do
Plan B Healthcare Plc are a recruitment agency and recruitment business as defined in the Employment Agencies and Employment Business Regulations 2003. We provide additional services of training and consultancy on occasion. We collect the personal data of the following types of people to allow us to undertake our business:
- Prospective and placed candidates for permanent, temporary or contract roles
- Prospective and live client contacts
- Supplier contacts to support our services
- Employees, consultants and temporary workers
Who controls your data
The data controller is Plan B Healthcare Plc, a company registered in the UK at Hygeia Building, 66-68 College Road, Harrow, Middlesex, HA1 1BE (registered company number 06816791 ). Our data protection officer is Christopher Coyle and our nominated representative is Anna Cooper / email@example.com / 07718658386. Plan B Healthcare Plc are registered with the Information Commissioner’s Office (ICO) under certificate number Z1843472.
Information we collect
About you: This is information about you that you give us by filling in application forms, through emails or telephone correspondence, by registering online, entering our database, entering a competition or reporting a problem with our site.
The information may include the below. Please note this list is not exhaustive and may be changed:
- Name and address
- Email address and telephone number
- Financial information
- Right to work information and proof of National Insurance
- Date of birth and emergency contact details
- Job history and qualifications
- Health records and DBS (where applicable)
Via our website: This is information that is automatically collected each time you visit our website
This information may include the below. Please note this list is not exhaustive and may be changed:
- The Internet Protocol (IP) address used to connect your computer to the internet
- Log in information if applicable
- Browser type and version (browser plug in types and versions)
- Operating system and platform
- Full Uniform Resource Locators (URL)
- Clickstream to, through and from our site including date and time
- Products viewed or searched for
- Page response times and download errors
- Lengths of visits
- Page interaction information
- Methods used to browse away from the page
- Telephone number used to call us
These cookies are used to collect information about how visitors use our website. This is used to generate reports to help understand which pages of our website are popular and effective, and which areas could use improvement.
For further information please visit:
These cookies are set by the system running the website. They are strictly necessary for the correct functioning of the site.
From other sources: This is information about you that we obtain from other sources. If we obtain data from these sources we will send you this Privacy Notice within 30 days of collecting your data so that you are aware that we have your data. We will also inform you of the source that the data originates from and the reason why we intend to keep your data.
Other sources that we may get your data from are listed below. Please note this list is not exhaustive and may be changed:
- You i.e. emailing your CV directly to us
- Online job boards
- A referral from another candidate
- The public domain
- Social media i.e. LinkedIn
- Conversations on the telephone
Processing your data
This is how we will use your data once we have obtained it. The below list is not exhaustive and may be changed:
- Collecting and storing your data in both electronic and paper forms
- Using your data to contact you about prospective roles and to send to clients when you have accepted a job
- Using your data to administer payroll
- Assessing and reviewing your data to ensure it is suitable for job roles
- Altering your data when we are informed that it needs changing
- Erasing your data when requested – please note we are legally required to hold certain information (see the section on retention of data)
- Retaining records of our dealings with candidates and clients
- To provide information to regulatory authorities and statutory bodies along with our legal providers and insurers where necessary
- Sending information to third parties where we have/intend to enter in to recruitment relevant arrangements
Purposes of processing your data
There are many purposes for why we need to process the data that is held about you. Our legal base for processing personal data is our legitimate business interests which will be described in more detail below but we will also rely on contract, legal obligations and consent for specific uses of data.
Our Legitimate Business Interests
As a recruitment agency we introduce candidates to clients for temporary employment. Permanent employment or independent professional contracts. The exchange of personal data of our client contacts and candidates is essential and is a fundamental part of this process. In order to support our candidates career aspirations and our clients resourcing needs we require a database of candidate and client personal data containing historical information as well as current resourcing requirements.
To maintain, expand and develop our business we need to record the personal data of prospective candidates and client contacts. In order for our business to help candidates progress in their career we need to keep personal data to ensure they are qualified for the role. We need to keep financial information of a candidate to ensure they are paid correctly and we need personal information to add people to our database and to be able to contact both candidates and clients regarding our recruitment arrangements.
Entering into a Contract
If we are negotiating, or have entered into a placement agreement with you or your organisation, or if we have any other contract to provide services to you or receive services from you or your organisation, we will process our data on the basis that the processing is necessary for the performance of the contract.
Compliance with Legal Obligations
We are legally obliged to retain certain information of yours to fulfil statutory requirements. This includes the Conduct of Employment Agencies and Employment Business Regulations 2003, which require us to (amongst other things):
- Verify your identity
- Assess your suitability for an external job role
- Maintain records for specific periods
We may need to process your data under circumstances where we are relying on your consent to process it. Consent can be taken orally, by email or via an online process and your consent response will be recorded on our system to enable us to ensure our records are accurate.
You may withdraw your consent to our processing of your personal information at any stage. You can do this by emailing firstname.lastname@example.org or by writing to us at Data Protection Team, Plan B Healthcare, Hygeia Building, 66-68 College Road, Harrow, Middlesex HA1 1BE. You can also complete the form on our website and submit it to us. Please note that if consent is withdrawn we may continue to retain your personal information where we have a legal or contractual obligation do to so, or if we need to retains data to abide by statutory retention periods.
Sensitive Personal Data (SPD)
Sensitive personal data is completely personal to you and can include things such as your race and ethnicity, health data, political and religious views and sexual orientation. We request that you do not provide us with any sensitive personal data unless it is necessary. For example we may need to ask you for some health data to ensure you are suitable for a specific role i.e. if the role involves heavy lifting we would ask for health data to ensure you are able to lift the objects.
If we are provided with sensitive personal data we will only process it for particular purposes including the below:
- We have explicit consent to do so
- For assessing your suitability for roles or working capacity
- Where processing is necessary for the purpose of obligations or rights under employment, social security or social protection law
- To maintain records of our dealings to address any later disputer or to exercise or defend any legal claims
Retention of data
If we engage you to work, either as a direct employee or as a temporary worker via a client we understand our legal duty to retain accurate data and only retain personal data for as long as is required for statutory purposes, our legitimate interests and that you are happy for us to do so. In most circumstances your data will not be retained for more than 6 years from the last point at which we provided any services or otherwise engaged with you. The following sets out the lengths of time we are required by law to retain your data or certain elements of your data:
- For 12 months from the date we last provided our recruitment services to you for the purposes of providing evidence of the recruitment services we provided to you (Regulation 29 of the Conduct of Employment Agencies and Employment Businesses Regulations 2003).
- For 2 years from the end of your last period of engagement of employment for the purposes of providing evidence that right to work checks were carried out under The Immigration (Restrictions of Employment) Order 2007.
- For 3 years from the end of the relevant year for the purposes of any parental/adoption leave records or statutory maternity or paternity pay (The Statutory Maternity Pay (General) Regulations 1986 (SI 1986/1960) as amended).
- For 6 years from the end of each tax year for the purposes of retaining payroll records under the Income Tax (Employment and Pensions) Act 2003.
- For 6 years from the end of each tax year for the purposes of keeping VAT records for any VAT registered limited company contractors
- For 3 years for accident books and accident records and reports under the Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 1995 (RIDDOR) and Limitation Act 1980.
- For 6 years for wage and salary records including bonuses, overtime and expenses under the Taxes Management Act 1970.
- For 2 years from the date on which they were made for records relating to Working Time under The Working Time Regulations 1998 (SI1998/1833).
We have a form on our website ( www.planbhealth.co.uk ) on which you can submit a request to rectify any data or action any of your rights (please see the section below “Your Rights”).
We segregate our data so that we keep different types of data for different time periods. The criteria we use to determine whether we should retain your personal information includes:
- The nature of the personal data
- Its perceived accuracy
- Our legal obligation
- Whether an interview or placement has been arranged
- Our recruitment expertise and knowledge of the industry by country, sector and job role
We may archive part or all of your personal data or retain it on our financial systems only, deleting all or part of it from our main Customer Relationship Manager (CRM) System. We may pseudonymise parts of your data, particularly following a request for suppression or deletion of your data, to ensure that we do not re-enter your personal data on to our database unless requested to do so. For your information, Pseudonymised Data is created by taking identifying fields within a database and replacing them with artificial identifiers or pseudonyms.
Other uses of your data
Other uses of your data may include use of our website, to notify you about changes to our service and to ensure that content from our site is presented in the most effective manner for you and for your computer. We will use this information for the below reasons. Please note this list is not exhaustive and may be changed:
- To administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes.
- To improve our site to ensure that content is presented in the most effective manner for you and for your computer.
- To allow you to participate in interactive features of our service when you choose to do so.
- As part of our efforts to keep our site safe and secure.
- To measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you.
- To make suggestions and recommendations to you and other users of our site about goods or services and may interest you or them.
We do not undertake automated decision making or profiling. We do use our computer systems to search and identify personal data in accordance with parameters set by a person. A person will always be involved in the decision making process.
Disclosure of your information
We will share your personal information with a selection of people in order to maintain the running of our recruitment business. We may share your personal information with any member of our group of companies. Our Group means our subsidiaries, our ultimate holding company and its subsidiaries, our associated companies as defined in Section 1159 of the UK Companies Act (2006).
We may also share your personal data with selected third parties including those listed below. Please note this list is not exhaustive and may be paid.
- Clients – for the purpose of introducing candidates to them
- Candidates – for the purpose of arranging interviews and engagements
- Clients, business partners, suppliers and sub-contractors – for the performance and compliance obligations of any contract we enter with them or you
- Subcontractors – including email marketing specialists, event organisers, payment and other financial service providers
- Analytics and search engine providers – to assist us in the improvement of our site
- Credit reference agencies, our insurance broker, compliance partner and other sub-contractors – to help assess your suitability for a role where this is a condition of us entering in to a contract with you
There are certain times and reasons why we would disclose your personal information to a selected third party as per the below list. Please note this list is not exhaustive and may change.
- In the event that we buy or sell any business assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets
- If Plan B Healthcare Plc or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets
As with the company directly, there are lawful bases for third party processing of your personal data and these will include:
- Their own legitimate business interests in processing your personal data, in most cases to fulfil their internal resourcing needs
- Satisfaction of their contractual obligations to us as our data processor
- For the purpose of a contract in place or in contemplation
- To fulfil their legal obligations
Storing your data
All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted (using SSL technology). Where you have chosen (or where we have given you) a password which enables you to access certain parts of our site you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Plan B Healthcare Plc will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy notice. Unfortunately the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
The GDPR provides you with a number of rights. These are listed below:
- The right to request correction – of the personal information we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected. We will change these details within 30 days of your request.
- The right to request erasure – of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing. Please note we will still need to keep certain information when we have a statutory reason to do so (please see the section above “Retaining Your Data”). Any information that we can erase will be done so within 30 days.
- The right to object to processing – of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- The right to restrict processing – of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- The right to request transfer – of your personal information to another party in certain formats, if practicable. If you request this will we transfer the data as soon as is reasonably possible.
- The right not to be the subject of automated decision making including “profiling”.
- The right to make a complaint – to a supervisory body which in the UK is the Information Commissioner’s Office (ICO). The ICO can be contacted at https://ico.org.uk/concerns or on 03031231113
- The right to access – The Data Protection Act 1998 and the GDPR give you the right to access information held about you. We also encourage you to contact us to ensure your data is accurate and complete. Your rights of access can be exercised in accordance by submitting a subject access request to email@example.com . We will acknowledge your request as soon as we can and we will send you your information within 30 days unless the request is excessive.
Any changes we make to this privacy notice will be updated on our website so please check back frequently to see if there have been any updates or changes made. Questions, comments and requests regarding this privacy notice are welcomed and should be addressed to Data Protection Team, Plan B Healthcare Plc, Hygeia Building, 66-68 College Road, Harrow, Middlesex HA1 1BE or by emailing firstname.lastname@example.org .