Privacy Notice and Cookie Policy
Who we are
What is a privacy notice?
Being transparent and providing accessible information to individuals about how we use personal information is a key element of the Data Protection Act 1998 and the General Data Protection Regulation (Regulation (EU) 2016/679). The most common way to provide this information is in a privacy notice.
A Privacy Notice is a statement by NC Healthcare to ourstaff, locum staff, contractors, visitors, the public and third parties that describes how we collect, use, retain and disclose personal information which we hold. It issometimes also referred to as a Privacy Statement, Fair Processing Statement or Privacy Policy. This privacy notice is part of our commitment to ensure that we process your personal information/data fairly and lawfully.
Data Controller
NC Healthcare is registered as a data controller with the Information Commissioner’s Office. Our registration number Z252817X.
Contact details for NC Healthcare’s data controller are:
Data Controller
NC Healthcare Ltd
166 College Road
Harrow on the Hill
Middlesex
HA1 1BH
Tel: 01908 299180
Email: gdpr@nc-healthcare.co.uk
Why issue a privacy notice?
As a locum provider, NC Healthcare delivers services to the NHS. In order to do this in an effective and efficient way we will need to collect and use personal information about you.
The Data Protection Act 1998 and the EU General Data Protection Regulation ensure that we comply with a series of data protection principles. These principles are there to protect you and they make sure that we:
- Process all personal information lawfully, fairly and in a transparent manner.
- Collect personal information for a specified, explicit and legitimate purpose.
- Ensure that the personal information processed is adequate, relevant and limited to the
purposes for which it was collected. - Ensure the personal information is accurate and up to date.
- Keep your personal information for no longer than is necessary for the purpose(s) for which
it was collected.
NC Healthcare recognises the importance of protecting personal and confidential information in all that we do and takes care to meet its legal and regulatory duties. This notice is one of the ways in which we can demonstrate our commitment to you. The notice outlines and explains what rights you have to control how we use your information.
Consent
What are we governed by?
- Data Protection Act 1998
- Human Rights Act 1998 (Article 8) Access to Health Records Act 1990
- Freedom of Information Act 2000
- The Common Law Duty of Confidentiality
- Information Security Management Standards (ISMS)
- Information Standards (AIS)
- General Data Protection Regulations (GDPR)
Who are we governed by?
We are governed against the NHS framework agreements we deliver. We therefore operate (through these frameworks) to the following standards:
- Department of Health – https://www.gov.uk/government/organisations/department-of- health
- Information Commissioner’s Office – https://ico.org.uk/
- NHS England – https://www.england.nhs.uk/
Our locum staff including doctors, nurses and healthcare professionals are also regulated and governed by professional bodies including numerous royal colleges.
Why and how we collect information
We obtain and hold personal confidential information about you which is needed to meet our legal and framework regulatory requirements to work as a locum.
These records may include (amongst other things):
- Your personal data, such as address, date of birth and next of kin;
- Your work history including places you have worked at and details of the worked carried out;
- Your educational experience and training;
- Your financial details including bank account(s);
- Notes and reports about your health including vaccinations and immunisations you have received;
- Results of any investigations/suspensions with regulatory bodies you may or not have; and
- All relevant information that is required as part of our contractual obligations when working as a locum in NHS and Private sector settings.
It may also include personal sensitive information such as sexuality, race, your religion or beliefs, and whether you have a disability, allergies or health conditions. It is important for us to have a complete picture, as this information supports the provision of high quality services being provided against the frameworks we supply to and also the patients that you will serve as a locum.
Information is collected in a number of ways, including that which is directly given by you, provided by your previous employers, or regulatory/professional bodies.
How we use information
- To help inform decisions that we are able to make in regards to potential employment and locum opportunities we may offer you
- To ensure that you have the requisite training, skills and experience to perform the duties required of you
- To work effectively with other organisations who may require this information, e.g. payroll agencies to process payments on your behalf
- To meet NHS patient safety and safeguarding requirements
- To ensure our services can meet future needs
- To review services you have provides and ensure it is of the highest standard possible
- For research and audit purposes
- To prepare statistics on our organisational performance
- To monitor how we provide services to the NHS
How information is retained and kept safe?
Information is retained in secure electronic and paper records and access is restricted to only those who need to know. It is important that information is kept safe and secure, to protect your confidentiality. There are a number of ways in which your privacy is shielded; by removing your identifying information, using an independent review process, adhering to strict contractual conditions and ensuring strict sharing or processing agreements are in place.
The Data Protection Act 1998 regulates the processing of personal information. Strict principles govern our use of information and our duty to ensure it is kept safe and secure. NCH is registered with the Information Commissioners Office (ICO).
Technology allows us to protect information in a number of ways, in the main by restricting access. Our guiding principle is that we are holding your information in strict confidence.
How do we keep information confidential?
We are committed to protecting your privacy and will only process personal confidential data in accordance with the Data Protection Act 1998, the General Data Protection Regulation (2018), the Common Law Duty of Confidentiality and the Human Rights Act 1998.
NC Healthcare is a Data Controller and under the terms of the Data Protection Act 1998 and the General Data Protection Regulation (2018) we are legally responsible for ensuring that all personal confidential data that we collect and use i.e. hold, obtain, record, use or share about you is done in compliance with this legislation.
All data controllers must notify the Information Commissioner’s Office (ICO) of all personal information processing activities.
Everyone working for NC Healthcare has a legal duty to keep information about you confidential. All identifiable information that we hold about you will be held securely and confidentially. We use administrative and technical controls to do this. We use strict controls to ensure that only authorised staff are able to see information that identifies you. Only a limited number of authorised staff have access to information that identifies you where it is appropriate to their role and is strictly on a need- to-know basis. Information provided in confidence will only be used for the purposes to which you consent to, unless there are other circumstances covered by the law.
All of our staff, and Senior Management Team receive appropriate and ongoing training to ensure they are aware of their personal responsibilities and have contractual obligations to uphold confidentiality, enforceable through disciplinary procedures. All staff are a l s o trained in data protection, confidentiality, IT/cyber security, with additional training for specialist(s), such as records, data protection/IT staff to ensure they understand how to recognise and report an incident ensuring that the organisation’s procedure for investigating, managing and learning lessons from incidents.
The Data Protection Act 1998 regulates the processing of personal information. Strict principles govern our use of information and our duty to ensure it is kept safe and secure. NCH is registered with the Information Commissioners Office (ICO).
Technology allows us to protect information in a number of ways, in the main by restricting access. Our guiding principle is that we are holding your information in strict confidence.
What are the Retention Periods?
Your information will not be sent outside of the European Economic Area (EEA) where the laws do not protect your privacy to the same extent as the law in the UK. We will never sell any information about you.
Who will the information be shared with?
To provide best possible service, sometimes we will need to share information about you with others. We may share your information with NHS organisations and regulatory bodies. You may be contacted by any one of these organisations for a specific reason (e.g. taking up the offer of a locum appointment); they will have a duty to tell you why they have contacted you. Information sharing is governed by specific rules and law.
Sharing with non-NHS organisations
To ensure that the NC Healthcare provides an efficient and effective service we will sometimes need to share your information with different organisations that help us deliver our service and also meet NHS patient safety standards. For example these may include:
- Regulatory bodies such as GMC,NMC and GDC (amongst others);
- Suppliers and service providers we work with, such as Umbrella and Payroll Agencies;
- Universities and Higher Education Authorities; and
- Government agencies such as HMRC, DWP and Police
However, we will not disclose any information to third parties without your explicit consent, unless there are exceptional circumstances, such as when the health or safety of others is at risk or where the law requires the disclosure of information.
We may also be asked to share basic information about you, such as your name and parts of your address, which does not include sensitive information. Generally, we would only do this to assist them to carry out their statutory duties (such as national audits). In these circumstances, where it is not practical to obtain your explicit consent, we are informing you through this Privacy notice.
We will also need to supply your information to organisations we have been contracted to provide a service to such as NHS organisations. We will only ever share your information if we are satisfied that our partners or suppliers have sufficient measures in place to protect your information in the same way that we do.
Cookies
Most websites you visit will use cookies in order to improve your user experience by enabling that website to ‘remember’ you. Cookies do lots of different jobs, like letting you navigate between pages efficiently, storing your preferences and generally improving your experience of a website. Cookies make the interaction between you and the website faster and easier.
Cookies may be set by the website you are visiting or they may be set by other websites who run content on the page you are viewing.
What is in a Cookie?
A cookie is a simple text file that is stored on your computer or mobile device by a website’s server and only that server will be able to retrieve or read the contents of that cookie. Each cookie is unique to your web browser. It will contain some anonymous information such as a unique identifier and the site name and some digits and numbers. It allows a website to remember things like your preferences or login.
What to do if you don’t want Cookies to be set
Some people find the idea of a website storing information on their computer or mobile device a bit intrusive, particularly when this information is stored and used by a third party without them knowing. Although this is generally quite harmless you may not, for example, want to see advertising that has been targeted to your interests. If you prefer, it is possible to block some or all cookies, or even to delete cookies that have already been set; but you need to be aware that you might lose some functions of that website. If you have any concerns about cookies, please let us know.
Your right to withdraw consent for us to share your personal information
You have the right to refuse/withdraw consent to information sharing at any time. We will fully explain the possible consequences to you, which could include delays in you being placed as a locum.
Contacting us about your information
NCH has a senior person responsible for protecting the confidentiality of your information and enabling appropriate sharing. If you have any questions or concerns regarding the information we hold on you, the use of your information or would like to discuss further, please contact the Data Protection Team.
Data Protection Team Interchange House Howard Way Newport Pagnell MK16 9PY
Tel: 01908 299180
Email: gdpr@nc-healthcare.co.uk
Can I access my information?
Under the Data Protection Act 1998 a person may request access to information (with some exemptions) that is held about them by an organisation. For more information on how to access the information we hold about you please contact;
Data Protection Team Interchange House Howard Way Newport Pagnell MK16 9PY
Tel: 01908 299180
Email: gdpr@nc-healthcare.co.uk
Contacting us if you have a complaint, comment or compliment
We try to meet the highest standards when collecting and using personal information. We encourage people to bring concerns to our attention and we take any complaints/comments we receive very seriously. You can submit a complaint by writing to:
Data Protection Team Interchange House Howard Way Newport Pagnell MK16 9PY
Tel: 01908 299180
Email: gdpr@nc-healthcare.co.uk
If you remain dissatisfied with NC Healthcare’s decision following your complaint, you may wish to contact: The Information Commissioner
Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF
Phone: 08456 30 60 60
Their web site is at www.ico.gov.uk The Information Commissioner will not normally consider an appeal until you have exhausted your rights of redress and complaint to NC Healthcare.