Recruitment Privacy Notice

Introduction

‍

This notice explains what personal data (information) Ieso Digital Health (“We”, “Us”) will hold about you, how We collect it, and how We will use and share information about you during the application process. We are required to notify you of this information, under data protection legislation.Please ensure that you read this notice and any other similar notice We provide to you from time to time when We collect or process personal information about you. These Privacy Notices reflect legal requirements, regulations, and best practice.

For the purposes of data protection legislation, Ieso DigitalHealth Ltd and Ieso Digital Health (UK) Ltd are Data Controllers registered with the Information Commissioner (Z5383093 and ZA239229 respectively).

By applying to work for Us as an employee or affiliated therapist or PWP, processing your personal data becomes necessary ‘in order to take steps … prior to entering into a contract’. This forms the lawful basis for the processing of your information, covered under Article 6(1)(b) –Contract – of the GDPR. Any special category data processed for this process is lawful under Article 9(2)(b) – Employment. (If you are successful for an employed role at Ieso you will be issued with an Employment Contract, and once signed become an employee; if successful for a role as an affiliated therapist you will be issued with a therapist Agreement to work with us on a self-employed basis; if successful as a PWP, you will be issued with a contract from Umbrella Company Limited and be able to work on the Ieso project through them. At this time, We need to process other personal data for other purposes, so you will be supplied with a different set of Privacy Notices.)

We use Workable, an online application provided by Workable Software Limited, to assist with Our recruitment process. We use Workable to process personal information as a data processor on Our behalf. Workable is only entitled to process your personal data in accordance with Our instructions

Where you apply for a job opening posted by Us, these Privacy Notice provisions will apply to Our processing of your personal information. 

If you apply for a job through an online job board, such as LinkedIn, we rely on your consent, which is freely given by you during the application process, to disclose your personal data to that job board as your application progresses, such as to contact you.

‍

‍Purposes of processing

We use information held about you in the following ways:

·      To consider your application in respect of a role for which you have applied.

·      To communicate with you in respect of the recruitment process.

·      To enhance any information that we receive from you with information obtained from third party data providers.

·      To find appropriate candidates to fill job openings.

·      To help our service providers (such as Workable and its processors and data providers) and Partners (such as the job sites through which you may have applied) improve their services.

We understand that the privacy and confidentiality of all the personal information you provide and that We handle, is important to you, and Our internal policies and procedures reflect this and the need to share the minimum information necessary.

We reserve the right to change these Privacy Notices from time to time and when We do so We will revise the effective data at the top of the statement and notify you via the Workable site.

‍

1. Information we collect before making a final decision to recruit

‍

We collect the following personal information about you in of the following ways:

‍

‍a) Information We collect from you

‍

·      Information that you provide when you apply fora role. This includes information provided through an online job site, via email, in person at interviews, via Workable recruitment videos where we send you questions and you record and return your responses and/or by any other method.

·      In particular, We process personal details such as name, email address, address, date of birth, qualifications, experience, employment history, interests and other information you choose to state in your application.

·      Details of your referees.

·      Your nationality and immigration status and information from related documents, such as your passport (Which you provide via TrustID)

·      Any disabilities of which we need to be aware, where any adaptations are necessary for example.

·      If you contact Us, We may keep a record of that correspondence.

·      A record of your progress through any hiring process that we conduct.

·      Details of your visits to Workable’s Website including, but not limited to, traffic data, location data, weblogs and other communication data, the site that referred you to Workable’s Website and the resources that you access.

‍

‍b) Information We collect from other sources

‍

In the circumstances below, We will add to the information We collect from you, with information We receive from other sources.

Workable provides Us with the facility to link the data you provide to Us, with other publicly available information about you that you have published on the Internet – this may include sources such as LinkedIn and other social media profiles.

Workable’s and LinkedIn's technology allows Us to search various databases – some publicly available and others not, which may include your personal data (include your CV or Resumé), to find possible candidates to fill Our job openings. WhereWe find you in this way we will obtain your personal data from these sources.

We may receive your personal data from a third party who recommends you as a candidate for a specific job opening or for our business more generally. 

Other:

·      Information about your previous academic and/or employment history from references obtained about you from previous employers and/or education providers.

·      Confirmations regarding your academic and professional qualifications.

·      Information regarding your criminal record, in criminal records certificates and enhanced criminal records certificates (from the Disclosure and Baring Service).

‍

2. How we use collected information

‍

We use the personal information We collect to ensure that We provide you with the best possible support now and in the future. We have appointed a Data Protection Officer to ensure that Our procedures for handling data subject information and requests meet with Our obligations.

We use the personal information that We collect from/ about you to:

·      to assess your suitability for a role;

·      to perform pre-employment checks;

·      to take steps to enter into a contract;

·      for compliance with a legal obligation (e.g. our obligation to check that you are eligible to work in the United Kingdom);

·      Communicate with you.

If you apply for a role and we don’t think you’re suitable for that role at this current time, but we believe you may be suitable for a similar role in the future, we may contact you for up to 12 months following your application. 

We seek to ensure that our information collection and processing is always proportionate. We will notify you of any changes to information we collect or to the purposes for which we collect and process it.

‍

3. Disclosure of your information

‍

ieso works hard to ensure that only the right people have access to your personal data, and information is only shared on a strictly ‘need to know’ basis. Anyone receiving information about you will be under an equal legal duty to keep it confidential. Recruitment information is usually only shared internally between our talent acquisition manager, the hiring team and HR, although on occasions an internal reviewer or an external consultant may also be granted access.

As set out above, we pass your information to our third-party service providers, including Workable, who use it only in accordance with our instructions and as otherwise required by law.

Where you have applied for a job opening through the Indeed Apply functionality, and where you have consented to this disclosure, We will disclose to Indeed certain personal data that We hold, including but not limited to a unique identifier used by Indeed to identify you, and information about your progress through our hiring process for the applicable job opening, as well as tangible, intangible, visual, electronic, present, or future information that we hold about you, such as your name, contact details and other information involving analysis of data relating to you as an applicant for employment (collectively “Disposition Data”). Indeed’s Privacy Notice in respect of Indeed’s use of the Disposition Data is available on Indeed’s website.

Where you have applied to a job opening through another service provider, we may disclose data similar to the Disposition Data defined above to such service provider. The service provider shall be the data controller of this data and shall therefore be responsible for complying with all applicable law in respect of the use of that data following its transfer by Us.

If you are successful in the recruitment process, we will pass your name to a qualifications checking company who will obtain the rest of the information they require directly from you.

 We may also need to share some of the above categories of personal information with other parties, such as HR consultants and professional advisers. Usually, information will be anonymised, but this will not always be possible. The recipient of the information will be bound by confidentiality obligations.

We do not sell, use or share your personal information for direct marketing or other external promotional purposes.

We will always seek your permission ahead of disclosing any information that identifies you directly to any other person or organisation, or, for any other reason not set out in this policy unless We have an overriding legal duty to do so.

Transferring data outside the UK

The data thatWe collect from you and process using Workable’s Services may be transferred to, and stored at, a destination outside the European Economic Area("EEA"). It may also be processed by staff operating outside the EEA who work for Workable or for one of their suppliers. In particular, your data may be accessible to i) Workable’s staff in the USA or ii) may be stored byWorkable’s hosting service provider on servers in the USA as well as in the EU.The USA does not have the same data protection laws as the United Kingdom andEEA, so where any such member of the Workable group of companies is outside theUK or the EU a personal data transfer will be on the basis of a contract including the Model Contractual Clauses in accordance with the Data ProtectionLaws, and accompanied by associated technical and organisational measures to seek to ensure that information is processed securely and data subject rights are not diminished. A Data Processor Agreement has been signed between WorkableSoftware Limited and its overseas group companies, and between WorkableSoftware Limited and each of its data processors. These data process or agreements are designed to help safeguard your privacy rights and give you remedies in the unlikely event of a misuse of your personal data, and Workable have self-certified for the Privacy Shield.

By submitting your personal data, you agree to this transfer, storing and/or other processing.

‍

4. How we secure your information

‍

We place great importance on the security of personal identifiable information. We have put controls in place to safeguard your personal information, applying physical, technical and procedural measures against unauthorised access, loss, misuse and alteration of personal information under Our control.

We limit access to your personal data to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where We are legally required to do so.

We have achieved the International Standard certification for information security (ISO 27001) and maintain the Cyber Essentials Plus certification.

Unfortunately, the transmission of information via the internet is not completely secure. Although We will do Our best to protect your personal data, We cannot guarantee the security of your data transmitted through any online means, therefore any transmission remains at your own risk.

‍

5. How long do we keep your information

‍

Your information is retained on Workable for 12 months.

(If you are successful for a role at Ieso you will be issued with an Employment Contract, and once signed become an employee; if successful for a role as an affiliated therapist, you will be issued with a therapist Agreement to work with us on a self-employed basis; if successful as a PWP, you will be issued with a contract from Umbrella Company Limited and be able to work on the Ieso project through them. At this time We need to process other personal data for other purposes, so you will be supplied with a different set of Privacy Notices with different retention periods.)

Our data retention practices are reviewed at least annually in conjunction with industry standards and best practice.  

6. Your data protection rights

‍

Data protection law provides you with rights that Ieso Digital Health is committed to supporting you with:

·      access to your personal data and to certain other supplementary information that this Privacy Notice is already designed to address

·      require Us to correct any mistakes in your information which We hold

·      require the erasure of personal data concerning you in certain situations

·      receive the personal data concerning you which you have provided to Us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations

·      object at any time to processing of personal data concerning you for direct marketing

·      object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you

·      otherwise restrict our processing of your personal data in certain circumstances

For more detailed information on your rights visit https://ico.org.uk/for-the-public/.

If you would like to exercise any of these rights, please:

·      contact us using our contact details below

·      let Us have enough information to identify you,

·      let Us have proof of your identity and address, and

·      let Us know the information to which your request relates.

If you need any assistance in these areas, please write to:

The Privacy Team,

Ieso Digital Health (UK) Limited,

Jeffreys Building

Cowley Road

Cambridge CB4 0DS

Or by email, For the Attention Of The Privacy Team, to privacy@iesohealth.com

7. Complaints

‍

You have the right to make complaints and request investigations into the way your information is used. Please contact our Privacy Team in the first instance.

If you remain unhappy with a response you receive, you can also refer the matter to the Information Commissioner's Office

You can call the ICO on 0303 123 1113 or write to them at:

InformationCommissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Additionally, you also have a right to seek to enforce your rights through the courts.

8. Your questions and how to contact us

‍

If you have any questions or comments about these notices, please let Us know:

By email: privacy@iesohealth.com

By telephone: on 01223 608760

Or by post to:

Jeffreys Building, Cowley Road, Cambridge, CB4 0DS

To reach our Privacy Team please use the above details and flag your communication for the attention of: The Privacy Team.

‍

9. Changes to your personal data

‍

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

‍