TFS Healthcare Principles on Personal Data
Our principles of data protection

Our approach to data protection is built around four key principles. They’re at the heart of everything we do relating to personal data.

Transparency: We process personal data in an open, honest and transparent way.

Enablement: We use data to enable connections between individuals and employers, finding the right role for the right person.

Security: We ensure security through good organizational practice as well as technical measures, this is at the heart of what we do

Accountability: We promote the practice of good governance, and responsibility that comes with processing personal data.

You can find out more information about the ‘GDPR’ here: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/

This Privacy Notice is intended to set out your rights and answer any queries you may have about your personal data. If you need more information, please contact:
privacy@tfshealthcare.co.uk

Who We Are

TFS Healthcare (ICO registration Z7888292) (“TFS”) is a specialist healthcare recruitment company based at Two London Bridge, London SE1 9RA. Where we act as a Data Controller, we are responsible for determining what personal data is processed and for what purpose. You have rights about how we process your data which are listed in the section “Your Privacy Rights” below. You can always contact us at privacy@tfshealthcare.co.uk

What information do we collect?

From the moment you contact us, whether it be via email, telephone, visiting www.tfshealthcare.co.uk (“Our Website”), or some other means, we start collecting information about you. In some cases this is done when you provide information to us directly, but in other times it may be collected automatically.

When visiting Our Website

Data Types we Collect

When you visit Our Website your personal information may be automatically collected by our web servers and/or cookies.  This information could include your IP address, the date and the pages that you visit.

Cookies

Our Website uses cookies to distinguish you from other users.  This helps to provide a good experience when you browse Our Website and also allows us to improve it.

By continuing to browse Our Website, you are agreeing to the use of cookies in accordance with this Policy.

Cookies are small text files that are placed on your computer or mobile device by websites that you visit.   They are widely used in order to make websites work and to improve the useability of those sites; for example remembering an individual’s preferences, and counting the number of people looking at a website.

Where websites allow users to log in to services, authentication cookies are the most common method used by webservers to know whether a user is logged in or not.

The law allows for a distinction between ‘strictly necessary’ cookies, such as those which enable websites to operate properly, and those which are not strictly necessary, such as tracking cookies, or cookies used for the purpose of web analytics.

IP addresses

Our webservers themselves may also log IP addresses as part of their normal function.

How and why we use the data

Our use of Cookies

On Our Website we use the following cookies:

Strictly necessary cookies: These cookies are essential in order to enable you to move around Our Website and use its features, such as accessing secure areas of Our Website.  They are necessary for the safety, security and integrity of the site.   These cookies only last for a single browsing session.  When you leave Our Website they are deleted automatically.

Performance or Analytical cookies: These cookies allow us to collect information about how visitors use Our Website; they allow us to recognise and count the number of visitors and to see how visitors move around Our Website when they are using it.  This helps us to improve the way Our Website works.

Functionality cookies: These are used to recognise you when you return to Our Website.  This enables us to personalise our content for you, greet you by name and remember your preferences.

Targeting cookies: These cookies record your visit to Our Website, the pages you have visited and the links you have followed. We will use this information to make Our Website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.

You can find more information about the main third party platforms and cookies we use and the purposes for which we use them below:

Platform: Google Analytics

Purpose: These cookies are used to allow us to better understand the kind of people who visit Our Website and what content they are reading. This allows us to make better decisions about content and offers. Occasionally, we will compile aggregate statistics about the number of visitors the website receives and browsers being used. No personally identifying data is included in this type of reporting.

 

Platform: Google Ads

Purpose: Google uses cookies for advertising, including serving and rendering ads, personalised ads, limiting the number of times an ad is shown to a user, muting ads you have chosen to stop seeing, and measuring the effectiveness of ads.

More information: Further information can be found at Google Privacy Policy

Platform: Facebook

Purpose: The Facebook pixel provides insights from ads, helping us to interact with people who have already taken some kind of action on Our Website.

More Information: Further information can be found at Facebook Cookie Policy

Platform: LinkedIn Insight Tag

Purpose: This conversion tracking gathers insights into post-click and view-through conversions of our LinkedIn ads campaigns, giving us the ability to measure the impact and ROI of our ads.

Platform: UTM code – Urchin Tracking Module (UTM)

Purpose: UTM codes are snippets of code attached to the end of a URL used to measure the effectiveness of our digital marketing campaigns. They are also used to pinpoint specific sources of traffic to our website.

Consent to use cookies and changing settings

We will ask for your consent to place cookies or other similar technologies on your device, except where they are essential for us to provide you with a service that you have requested.  You can withdraw any consent to the use of cookies by clicking on the [ ] icon at the bottom of any page of the site.

As set out below under “you can manage your browser cookies” you can set your browser to refuse all or some browser cookies, however please note if you decide to disable or refuse cookies we may not be able to offer you certain services and some parts of the website may become inaccessible or the website may not perform as expected.

Third Parties who have access to this information

Cookies

Cookies we use for our self to enable functionality on site – often referred to as ‘first party cookies’ are never shared with third parties.

Please note that third parties (including, for example, providers of external services like web traffic analysis services) may also use cookies, over which TFS Healthcare have no control. These cookies (likely to be analytical/performance cookies or targeting cookies) should operate subject to the relevant third party’s cookie policy.

IP addresses

IP addresses on webserver logs are never shared with third parties unless in response to an incident or if requested through a valid legal request.

 

Links to sites provided by others

If you follow a link from Our Website to another website, please be aware that the owner of the other website will have their own privacy and cookie policies for their site.  We recommend you read their policies as we are not responsible or liable for what happens at their site.

The lawful basis for holding this information

IP addresses may be retained in other logs from our webserver. These are not shared with any third parties and held under the lawful basis of Legitimate Interest. This is because we have a legitimate interest to ensure potential cyber-attacks against our website are logged. The data is retained for 1 month unless an incident occurs in which case we may assess a longer retention period.

When registering or logging into our website

You can register on our website to share and receive information with us. When you register on the website, you may supply additional information in accordance with the conditions on the registration page.

Data Types we collect

We may hold the additional following information categories:

  • Contact Details
  • Data that can identify you
  • Location
  • Employment Information
  • CV
  • Cookies with your user ID

How and why we use the data

We hold the information you send us in order to assess job opportunities for you, and to allow you to log in securely to our website.  We will not share this information with third parties without contacting you first and asking for your written consent.

The lawful basis for holding this information

To create an account or login to our website, we must set some ‘first party session’ cookies which could be used to identify you. As identified above these are strictly necessary to enable the functionality of the website and are exempt from requiring consent.

If you upload additional personal information such as your CV, then you may reasonably expect TFS Healthcare to evaluate your skills and employment record to find suitable positions for your consideration. This personal data is therefore processed on the basis of a contract regardless of whether a position is found. We retain the information you provide for a period of 4 years after your last job placement with us. If you wish us to remove your information, please read the section below under ‘Your Privacy Rights’.

We may use an external third party provider for the purpose of performing our services by processing, posting and tracking job applications.  Such service provider may have access to your personal data to the extent this is necessary for processing any job application you may apply for. All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

When You ‘Refer a Friend’

If you recommend a friend, we will contact that person to gain their consent to hold and process their information, and we use your name as a reference in the introduction. If the person refuses consent, their details will be deleted from our systems.

Data Types we collect

The information we request from you may include:

  • Your name and contact details
  • Your friends name and contact details
  • Your friend’s employment information
  • Your location
  • Your friend’s location

How and why we use the data

We hold this information to contact the friend you have referred to us and gain their consent to continue to hold their data. If we cannot contact your friend within 1 month, or if they refuse to give consent, then we delete their data.

Third Parties who have access to this information

At the stage where we are gathering consent from your friend, we do not share this information with any third parties.

The lawful basis for holding this information

The Legal basis for processing this information is Legitimate Interest when it is provided to us, and then Consent if your friend agrees to us processing their data.

Your Privacy Rights

You have rights over how we store and process your data.

You can choose not to provide us with personal data

If you choose not to provide us with personal data, you can use our website, but we cannot create an account for you, or interact with you online, including about potential jobs.

You can manage your browser cookies

You can choose to block use of cookies using your browser settings. If you choose to disable session cookies, then you will be unable to register or login to our site. You can disable cookies used for analytics without any functional effect on your experience.  You can find out more about managing and switching off cookies at the independent website www.allaboutcookies.org.

You can request that we don’t use your data for marketing to you

We may also contact you with surveys or to invite you to events. If we intend to share your information with third parties, we’ll let you know. You can opt-out from marketing by sending us an email at privacy@tfshealthcare.co.uk

You have the right to access the information we hold on you

If you wish to know what information we hold on you, please email us at privacy@tfshealthcare.co.uk and within one month we will send you information we may hold on you, for example:

  • The categories of data
  • The reason or purpose we are using your data
  • How long we plan to hold your data for
  • The categories of any third parties we may disclose your data to
  • Your rights on our use of your data

In some cases, there may be a conflict whereby providing your data infringes the rights and freedoms of another party, or an outstanding legal matter, which means that some of the data cannot be shared with you. In that case, we will tell you that we can’t meet your request for this reason.

You have the right to object to, or restrict the processing of your data

If you don’t want us to delete your data, but you wish for processing of some or all of it to be stopped, then you can request us to restrict the processing.

Data Portability

Data Portability applies when you have provided information in electronic means that is automatically processed. The functionality of our website does not include such systems.

You have the right to have all your data erased

You have the right to request that we erase all the information we have about you.  Contact privacy@tfshealthcare.co.uk to find out how we can do this for you. There are sometimes limitations, for example during a legal dispute where TFS may be required to retain information, or where the information is still necessary in the performance of a contract that TFS has.

You can complain

You have a right to complain about the way we process your data to the ICO, which is the UK’s Supervisory Authority. If you have a complaint, we’d like to ask if you would contact us first to see if we can resolve your concern. Otherwise, the ICO has a helpline https://ico.org.uk/global/contact-us/helpline/

We do not transfer data outside the EU

The data you provide to us on this website does not get transferred outside of the EU.

 

Data Security

TFS website uses encrypted communications across the entire site. Password credentials are required for secure areas, and data stored on our servers are in a physically secure data centre, backed up, and encrypted.

All systems will have some weakness that a dedicated and skilled hacker can exploit, but we review our security measures regularly and ensure that identified risks are dealt with promptly.

TFS Healthcare is a Limited Company registered in England and Wales; registration number 07351100 – registered office address 1 Vincent Square, London, SW1P 2PN.

https://www.tfshealthcare.co.uk/gdpr/

Changes to this Policy

We may revise this Privacy and Cookie Policy from time to time.  Any changes we may make in the future will be posted on this page.

PRIVACY NOTICE

What is the purpose of this section?

TFS HEALTHCARE LIMITED is a “data controller”. This means that we are responsible for deciding how we hold and use personal information about you. You are being sent a copy of this privacy notice because you are applying for work with us (whether as an employee, worker or contractor). It makes you aware of how and why your personal data will be used, namely for the purposes of the recruitment exercise, and how long it will usually be retained for. It provides you with certain information that must be provided under the General Data Protection Regulation ((EU) 2016/679) (GDPR).

Data protection principles

We will comply with data protection law and principles, which means that your data will be:

  • Used lawfully, fairly and in a transparent way.
  • Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
  • Relevant to the purposes we have told you about and limited only to those purposes.
  • Accurate and kept up to date.
  • Kept only as long as necessary for the purposes we have told you about.
  • Kept securely.

The kind of information we hold about you

In connection with your application for work with us, we will collect, store, and use the following categories of personal information about you:

  • The information you have provided to us in your curriculum vitae and covering letter.
  • The information you have provided on our application/ registration form, including name, title, address, telephone number, personal email address, date of birth, gender, employment history, qualifications.
  • Any information you provide to us during an interview and/ or training/ shadowing day.
  • Test results, where applicable.

We may also collect, store and use the following “special categories” of more sensitive personal information:

  • Information about your race or ethnicity, religious beliefs, sexual orientation and political opinions.
  • Information about your health, including any medical condition, health and sickness records.
  • Information about criminal convictions and offences.

How is your personal information collected?

We collect personal information about candidates from the following sources:

  • You, the candidate.
  • Recruitment agencies, from which we collect the following categories of data: References, Training Verification
  • Trust I.D & Home Office -background check provider, from which we collect the following categories of data: Passports and Right to Work Compliance
  • Disclosure and Barring Service in respect of criminal convictions.
  • Your named referees, from whom we collect the following categories of data: Employment Dates, Clinical Skills, Band Level,
  • The following data from third parties is from a publicly accessible source – CV, Contact Details, Employment History, Qualifications, Skills.

How we will use information about you

We will use the personal information we collect about you to:

  • Assess your skills, qualifications, and suitability for the work OR role.
  • Carry out background and reference checks, where applicable.
  • Communicate with you about the recruitment process.
  • Keep records related to our hiring processes.
  • Comply with legal or regulatory requirements.

It is in our legitimate interests to decide whether to appoint you to role / work since it would be beneficial to our business to appoint someone to that role/ work.

We also need to process your personal information to decide whether to enter into a contract of employment or “Agreement For Work finding Services” with you.

Having received your CV and covering letter OR your application/ registration form and the results from the test which you took (if applicable), we will then process that information to decide whether you meet the basic requirements to be shortlisted for the role. If you do, we will decide whether your application is strong enough to invite you for an interview. If we decide to call you for an interview, we will use the information you provide to us at the interview to decide whether to offer you the role OR work. If we decide to offer you the role OR work, we will then take up references AND/OR carry out a criminal record AND/OR carry out ANY OTHER checks before confirming your appointment.

If you fail to provide personal information

If you fail to provide information when requested, which is necessary for us to consider your application (such as evidence of qualifications or work history), we will not be able to process your application successfully. For example, if we require a credit check or references for this role and you fail to provide us with relevant details, we will not be able to take your application further.

How we use particularly sensitive personal information

We will use your particularly sensitive personal information in the following ways:

  • We will use information about your disability status to consider whether we need to provide appropriate adjustments during the recruitment process, for example whether adjustments need to be made during a test or interview.
  • We will use information about your race or national or ethnic origin, religious, philosophical or moral beliefs, or your sexual life or sexual orientation, to ensure meaningful equal opportunity monitoring and reporting.

Information about criminal convictions

We envisage that we will process information about criminal convictions.

We will collect information about your criminal convictions history if we would like to offer you the work/ role (conditional on checks and any other conditions, such as references, being satisfactory). We may be required to carry out a criminal record check in order to satisfy ourselves that there is nothing in your criminal convictions history which makes you unsuitable for the role. In particular:

  • Where we are legally required by a supplier Framework Agreement, we will carry out criminal record checks for those carrying out the role / work.
  • If the role is one which is [listed on the Rehabilitation of Offenders Act 1974 (Exceptions) Order 1975 (SI 1975/1023)] or specified in the Police Act 1997 (Criminal Records) Regulations (SI 2002/233)], it is eligible for a standard OR enhanced check from the Disclosure and Barring Service.
  • If the role requires a high degree of trust and integrity- we would like to ask you to seek a basic disclosure of your criminal records history.

We have in place an appropriate policy document and safeguards which we are required by law to maintain when processing such data.

Automated decision-making

You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making.

Data sharing

Why might you share my personal information with third parties?

We will only share your personal information with the following third parties for the purposes of processing your application:  Internal Database, I.T Providers. All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

Data security

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need-to-know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality. Details of these measures may be obtained from Callum Orr.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Data retention

How long will you use my information for?

We will retain your personal information for a period of 10 years after we have communicated to you our decision about whether to appoint you to role OR work. We retain your personal information for that period so that we can show, in the event of a legal claim, that we have not discriminated against candidates on prohibited grounds and that we have conducted the recruitment exercise in a fair and transparent way. After this period, we will securely destroy your personal information in accordance with our data retention policy.

Rights of access, correction, erasure, and restriction

Your rights in connection with personal information

Under certain circumstances, by law you have the right to:

  • Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
  • Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
  • Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
  • Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your personal information to another party.

If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact Compliance Manager in writing.

Right to withdraw consent

When you applied for this role, you provided consent to us processing your personal information for the purposes of the recruitment exercise. You have the right to withdraw your consent for processing for that purpose at any time. To withdraw your consent, please contact our privacy team on privacy@tfshealthcare.co.uk. Once we have received notification that you have withdrawn your consent, we will no longer process your application and, subject to our retention policy, we will dispose of your personal data securely

Data protection officer

We have appointed a data privacy manager to oversee compliance with this privacy notice. If you have any questions about this privacy notice or how we handle your personal information, please contact Callum Orr. You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.