In order for OSA HEALTHCARE RECRUITMENT to provide services in recruitment and professional development we are required to collect and handle peoples personal data.
OSA HEALTHCARE RECRUITMENT only collect and store the minimum amount of information on individuals that we need to find them job roles or professional development opportunities as well as to contact them with further opportunities or to provide information about our company. We ensure all data is accurate and kept up to date. We keep individuals informed about, and gain permission for, the data we keep. As well as how it is shared and how long we keep information.
OSA HEALTHCARE RECRUITMENT is registered with the Information Commissioner’s Office (ICO) and is aware of our responsibilities under General Data Protection Regulations (GDPR).
The data we hold is only the information that is given to us in application forms and CVs/Cover letters sent by individuals directly or taken from approved CV sharing sites such as indeed. All information is kept securely and treated in confidence. Personal data is destroyed from all our systems when we no longer need the information, no information is kept for longer than necessary or without permission from the individuals, due to the nature of the work we are doing we work on an opt out basis and will keep information gathered unless candidates specifically ask to be removed. All personal data is kept, shared and destroyed in safe and secure ways.
This data is then stored on our secure, password protected recruitment site that is accessible only to staff who need to work with and see the information.
Employees and agency staff- For employees of and agency staff working for OSA HEALTHCARE RECRUITMENT we will keep documentation including name and payment records for HMRC using the legal basis of ‘legal obligation’. We keep this information both online and in paper format and we are required to retain this information by HMRC for 6 years, after which time they are deleted and destroyed.
Sharing information with third parties- We only share information on a need to know basis and we restrict what information we send until it is essential to do so. Candidates information is shared with companies who also follow strict GDPR procedures. We share using secure emails and do not hold the information shared in our email system once it has been sent. We gain individuals full permission and make it clear to individuals who their information is shared with. These companies will not retain the data we provide unless the candidates application is successful. If the candidate is successful or the company seeks candidates permission to hold personal details for future roles then we no longer have responsibility for the information they store and candidates should read the companies policies and procedures for privacy and GDPR.
Individuals have the right to ask for information held to be withdrawn and have all their personal data destroyed from our systems at any time. This is called the ‘right to erasure’ in GDPR. However, if we need to keep information because it is legally required then exceptions to the ‘right to erasure’ apply.
Individuals have the right to access all their information and have changes made at any time.
Anyone who we hold data on has the :
- Right to be informed
- Right to access
- Right to rectification
- Right to erasure
- Right to restriction of processing
- Right to objection
- Right to data portability
- Right to lodge a complaint with the Supervisory Authority.
Individuals can exercise these rights at anytime by emailing us their request to: katiem@osahealthcarerecruitment.co.uk
OSA HEALTHCARE RECRUITMENT will grant requests to destroy data with 48 working hours and will amend data and/or provide candidates with a free, electronic copy of their own personal data within 30 days.
If you have any complaints with the way you feel we have handled any of your personal data, please speak to me in the first instance so that we can resolve the complaint. You have the right to complain to the Information Commissioners Officer (ICO) if you feel we have not resolved the complaint to your satisfaction
We will be obligated to notify the ICO of a data breach within 72 hours of becoming aware of the breach. We understand the huge fines in place for failing to follow correct procedures for a breach in data.