Careers at medneo UK

Staff Privacy Notice

This information explains how we use your personal data if you are looking to apply for a job at medneo, have currently or have previously been engaged by medneo in an employment capacity, on a voluntary basis, as a trainee or carrying out work experience. For the purposes of this privacy notice, it extends to agency and bank workers.

What information will we collect about you?

Records which we hold about you may include:

Your name, address, date of birth, gender, personal contact details and next of kin or emergency contact;
Your professional contact details e.g. job title, work email, work location, work telephone number;
Information gathered from your application and job interview including your CV, application form, interview notes, test results;
Offer letters and contracts
Security clearance according to your job role and right to work documentation including your passport, visa and screening checks;
Information relating to your performance including probation, personal development, promotions and appraisals;
Occupational health screening and assessments;
Qualifications, skills, professional memberships, training and development records;
References from previous employers;
Bank account details, tax code and national insurance number and any other relevant financial information to include working days, hours, details of other paid or unpaid leave;
Your work pattern, including your days of work, hours worked, job role, work location, salary and expenses;
Details of your vehicle registration and motor insurance, where you are required to drive for business purposes;
Information about a medical or health condition, including details of absence and sick leave, absence management discussions and disabilities;
Information relating to your behaviour from psychometric tools, including your style, preferences, strengths and values;
Details of your pension scheme membership including any additional voluntary contributions;
Details of any available salary sacrifice schemes in which you have volunteered to participate;
Your involvement in matters to which you may be a party or witness such as incidents, grievances, disciplinary procedures, complaints or incidents;
Information relating to protected characteristics as defined by the Equality Act;
Details of facilities provided to you, such as devices, IT access and usage and building access;
Information confirming you have read and understood our policies and procedures;
Images of you e.g. from your identification documents and CCTV;
Correspondence relating to feedback such as staff surveys and exit interviews;
Details of your interactions and treatments you have provided to patients;

Information we collect from other sources

Pinpoint provides us with the facility to link the data you provide to us with other publicly available information about you that you have published on the Internet – this may include sources such as LinkedIn and other social media profiles.

Pinpoint’s technology enables us to search various databases, which may include your personal data, to find possible candidates to fill our job openings. Where we find you in this way we will obtain your personal data from these sources.

How we will use and share your information

We will only share relevant information, internally and externally, on a need-to-know basis and in accordance with the law. We will use your personal data for the following purposes:

To share business related information with you and to enter into, administer your contract of employment, and to support you to carry out your contractual duties;
To allow us to inform your contacts if you are taken ill or have an accident at work;
To allow us to fulfil a range of legal obligations to which we are subject to (for example, obligations imposed on medneo as a healthcare provider, an employer and data protection obligations);
To support occupational health services, supported by our external occupational health provider;
To monitor, support access and enable use of our systems our facilities, supported by our IT providers (including AllTime, Microsoft, providers of clinical systems, Bamboo HR and iPassport);
To protect public health, including sharing of data as necessary with Public Health England;
To pay you, reimburse expenses, make national insurance and tax deductions from your salary and financial reconciliation;
To support your self-awareness, understand your own behaviours, preferences and that of others, to ultimately work more effectively as a team.
To obtain your feedback on your experiences as an employee of medneo and make improvements;
To manage radiation protection obligations under Ionising Radiation Regulations
To manage periods of absence;
Liaising with scheme administrators for example, for your pension, salary sacrifice and payroll arrangements and supported by our Payroll provider, Cintra;
To ensure you have the appropriate registration, skills, knowledge and/or qualifications required for your role;
To monitor use and adherence to policy and procedures;
To manage performance, attendance and appraisals;
Seeking support and advice from our advisors, including legal advisors, compliance and HR advisors;
To facilitate and keep a record of discussions, incidents, grievances, disciplinary procedures, complaints;
Through CCTV, supporting the safety of our staff, patients and visitors and to ensure the security of property and premises and for preventing and investigating crimes. It may also be used to support incident and complaint investigations and litigation against medneo;
For management, monitoring and audit purposes;
To respond to statutory, legal and/or regulatory requests from data subjects, your representatives, courts, regulators or law enforcement agencies, which may include sharing data necessary for the prevention or detection of a crime or apprehension of an offender;
To manage mergers, acquisitions or and divestitures or enforcing or defending our legal rights

Automated decision making / profiling

We may leverage Pinpoint’s technology to help us select appropriate candidates for us to consider based on criteria we have identified. The process of finding suitable candidates is automatic, however, any decision as to who we will engage to fill the job opening will be made by our team.

How we collect your information

We may collect information:

Directly from you
From your previous employers or employment agencies
From referees
From security clearance providers
From occupational health and other health providers
From pension administrators and other government departments, e.g. HM Revenue and Customs, the Department for Work and Pensions, the UK Visas and Immigration
Our customers, including patients and healthcare organisations
From your trade union or other third party which you may have chosen to represent you
From providers of staff benefits
From CCTV images
Anyone you have appointed to represent you

Depending on the processing activity, we rely on the following lawful basis for processing your personal data:

Article 6(1)(b) which relates to processing necessary for the performance of a contract.
Article 6(1)(c) so we can comply with our legal obligations.
Article 6(1)(d) in order to protect your vital interests or those of another person.
Article 6(1)(f) for the purposes of our legitimate interest.

Where the information we process is special category data, for example your health data, the additional bases for processing that we rely on are:

Article 9(2)(b) which relates to carrying out our obligations and exercising our rights in employment and the safeguarding of your fundamental rights.
Article 9(2)(c) to protect your vital interests or those of another person where you are incapable of giving your consent.
Article 9(2)(f) for the establishment, exercise or defense of legal claims.
Article 9(2)(h) for the purposes of preventative or occupational medicine

In addition we rely on the processing condition at Schedule 1 part 1 paragraph 1 of the DPA 2018. This relates to the processing of special category data for employment purposes.

Once information that we hold has been identified for destruction it will be securely destroyed.

How we store your personal data

Security

We take appropriate measures to ensure that all personal data is kept secure including security measures to prevent personal data from being accidentally lost, or used or accessed in any unauthorised way. We limit access to your personal data to those who have a genuine business need to view it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted through any online means, therefore any transmission remains at your own risk.

Securing your information

We take the upmost care to secure your information. We will ensure it is only accessible to individuals/organisations who have a justified need to access your information. Additionally, we ensure:

that all of our suppliers operate under contractual agreements which have appropriate regard to data protection, confidentiality and security
Anyone working for or on behalf is bound by the Common Law Duty of Confidentiality through employment contracts and/or professional codes of conduct
We use secure systems to store your information and ensure that your information is protected from unauthorised access
We carry out regular auditing of our services to ensure that information is being protected and secured to the appropriate standard
All of our staff receive regular training on how to handle information confidentially and securely
We have adopted a privacy by design and default approach and implement appropriate physical and technical security measures to our processing activities

Where we store your personal data

The data that we collect from you and process using Pinpoint’s Services will be transferred to and stored at one of several datacentre locations in Amsterdam (Netherlands) and may be synchronised to one of several datacentre locations in London (United Kingdom) for backup and redundancy purposes. By submitting your personal data, you agree to this transfer, storing or processing.

How long we keep your personal data

We retain all candidate data for a period of 48 months from the time of application. Your personal information will be deleted on one of the following occurrences:

Deletion of your personal information by you via the Manage Your Data tool or
Receipt of a written request by you to us.

International Transfers of Personal Data

Where we transfer your personal data to a third country or international organisation, we will ensure adequate safeguards and measures are in place to protect your personal data from unlawful use and uphold your fundamental privacy rights. We would usually achieve this by:

Only transferring personal data to countries that have been deemed to provide an adequate level of protection; or
Using specific contracts known as Standard Contractual Clauses; and
Implementing technical, organisational and contractual measures where required

In certain situations, it may be possible to legitimise the transfer by relying on a derogation. For example, if:

You have explicitly consented to the proposed transfer; or
The transfer is necessary for the performance of a contract.

Your rights

Under data protection law, you have a number of rights available to you. These include;

Your right of access: You have the right to ask us for copies of your personal data
Your right to rectification: You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete
Your right to be informed: You have the right to be told about the collect and use of your information
Your right to erasure: In certain circumstances, you have the right to ask us to erase your personal information
Your right to restriction of processing: In certain circumstances, you have the right to ask us to restrict the processing of your information
Your right to object to processing: In certain circumstances, you have the right to object to the processing of your personal data
Your right to data portability: In certain circumstances, you have the right to ask that we transfer the information you gave us to another organisation, or to you

In most circumstances, you will not be required to pay any charge for exercising your rights. If you make a request, we will respond to you within 1 calendar month. If a situation occurs whereby we need to extend the timeframe or a fee is applicable, we will contact you and provide you with an explanation.

If you would like to exercise any of those rights, please either:

utilise the Manage Your Data tool provided or
contact us using our contact details below, ensuring we have enough information to identify you, proving your identity and address and confirming which information to which your request relates

How to complain

We hope that we can resolve any query or concern you raise about our use of your information.

The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred.

We have appointed a Data Protection Officer

Our DPO can be contacted by post or email:

155-157 Great Portland Street, London, United Kingdom, W1W 6QP.

E dpo@medneo.co.uk

Please mark all correspondence ‘Private and Confidential FAO Data Protection Officer’

Where you apply for an opportunity posted by us, these Privacy Notice provisions will apply to our processing of your personal information, in addition to our other Privacy Notice which is available on our website.