Recruitment Privacy Policy

HOW WE USE YOUR DATA FOR RECRUITMENT

Background

This privacy policy covers how we collect, use, store and protect the data that is supplied to NHUC by
job applicants and agencies.

Our Commitment to Job applicants

At NHUC, we promote an environment where equality, diversity, and inclusion are valued. We are
committed to providing fair and equitable opportunities to all applicants, and a culture where
everyone can thrive and contribute their best.

We deliver clear, accurate, and comprehensive information about each role, ensuring every applicant
has a full and honest understanding of what to expect.

We are committed to managing your personal information securely and in accordance with the UK
General Data Protection requirements.

The information we collect may include:
• Contact information (name address, phone number and email address)
• Information from CV or application form or covering letter (education, skills and qualifications)
• Health records, where required as part of the role.
• Occupational health report (Higher level screening required for role) with Access to medical
Records consent being given by the applicant
• Disclosure and Barring Record where a requirement for the role
• References from the named referees that the applicant provides and only with the applicant’s
consent.
• Visa and proof of the right to work in the UK documents
• Employment records (including job titles, work history, working hours, training records and
professional memberships).
• Salary, annual leave, pension and benefits information.

We may also collect, store and use “special categories” of more sensitive personal data which require
a higher level of protection such as Information about your race or ethnicity, religious beliefs, sexual
orientation and information about criminal convictions and offences.

Purpose of collection

The purpose of collecting this information is to ensure the suitability of candidates to fulfil a specific
role within North Hampshire Urgent Care and TalkPlus, and to check entitlement to legally work in the
UK. Your information will be passed to the HR team, the Recruiting Manager and where appropriate,
the Interview panel, to be considered for the vacancy. We collect personal information directly from
candidates or from an employment agency and or job board, including but not limited to NHS Jobs.

Where appropriate, NHUC will collect information about criminal convictions as part of the
recruitment process. We do this to meet our legal and ethical responsibilities as a safe and responsible
employer.

How the information is held

All information, whether transmitted by email or provided in paper format is scanned and stored onto
the secure NHUC SharePoint. We use NHS Mail for all email communications and our cloud-based file
storage system is encrypted.

The information provided is only accessible to authorised staff who have received training and
understand the importance of keeping personal data secure.

Our computer systems are protected by multiple layers of advanced security measures. We employ
industry-leading antivirus software and maintain strict protocols for regularly updating and changing
security passwords. In addition, our networks are secured with robust firewalls to prevent
unauthorized access. All sensitive data is safeguarded through strong encryption, and multi-factor
authentication (MFA) is implemented to add an extra layer of protection.

Any paper based files are securely shredded at the time of uploading onto the NHUC SharePoint. The
information on candidates for specific roles will be retained for a period of no longer than 6 months
in line with CIPD recommended best practice and NHUC’s Records Management Policy (record
retention schedules). Only when we have asked and you have given your consent for the data to be
held beyond this period will the above not apply.

Disclosure

We may share your information with relevant parties for the purpose it was collected, typically
recruiting managers and referees. Where further details are required, your information may also be
disclosed to the Disclosure and Barring Service, your GP, or an Occupational Health professional, but
only with your explicit consent.

You have specific rights in relation to your personal information, including the right to:
• Request access to the personal information we hold about you
• Request correction of any inaccurate or incomplete information
• Request erasure of your personal information, where appropriate
• Object to the processing of your information where we rely on legitimate interests
• Request restriction of processing in certain circumstances
• Request the transfer of your personal information to another party
• Withdraw your consent at any time, where processing is based on consent

Complaints

Privacy complaints are taken very seriously and if you believe that we have breached your privacy you
should write to the HR department (nhuc@hrdept.co.uk) in the first instance, stating the details of
your complaint. The complaint will then be passed to the appropriate individual to investigate. We
would ask that you provide the team with as much detail as possible to allow a thorough investigation.

Your complaint will be acknowledged within 24 hours and we aim to resolve any complaint within 5
working days. However, depending on the complexity of the complaint and availability of clients or
external agencies it may on occasions take longer.

We take privacy complaints very seriously. If you believe your privacy has been breached, please
contact the HR department at nhuc@hrdept.co.uk, providing full details of your complaint. The team
will investigate the matter thoroughly and professionally.

To support this process, we ask that you include as much relevant information as possible. You will
receive an acknowledgment within 24 hours, and we aim to resolve all complaints within five working
days. In some cases, resolution may take longer depending on the complexity of the issue and the
involvement of clients or external agencies.

Should your complaint show that we have breached our duty of care we will report the breach to the
Information Commissioner’s Office (ICO)

If you are not satisfied with our response, you may raise a complaint directly with the Information
Commissioner’s Office (ICO), which oversees data protection in the UK. However, we encourage you
to contact us first so we can try to resolve your concerns promptly.

You can reach the ICO using the following details:
• Website: www.ico.org.uk
• Telephone: 0303 123 1113
• Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire,
SK9 5AF