The Company operates both as a recruitment business and a recruitment agency, offering work-finding services to both clients and job seekers. In order to deliver these services, the Company needs to process personal data, including sensitive information, and acts as the data controller when doing so.

Your personal details may be provided to the Company directly, for instance, through an application or registration form, or via our website. Alternatively, we may collect your information from other sources, such as job boards. The Company will only process your personal data when there is a valid legal reason to do so. For the purpose of offering you work-finding services or sharing relevant role information, we will ensure that your personal data is used in accordance with the terms outlined in the following statement.

 We are committed to protecting the privacy and confidentiality of personal data and ensuring compliance with the General Data Protection Regulation (GDPR). This policy outlines our commitment to data protection and the steps we take to ensure that all personal data is processed lawfully, transparently, and securely.

Data Controller and Data Protection Officer

NexHire Medical is the data controller for all personal data processed as part of our recruitment services. This means that we determine the purposes and means of processing personal data.

For any questions or concerns regarding data protection or our GDPR compliance, you can contact our Data Protection Officer (Omar Dawood) at:

Email: management@nexhiremedical.com

Data Collection and Processing

We collect and process personal data to facilitate our recruitment activities. The types of personal data we may collect include:

Basic Identifying Information: Full name, contact details (email address, phone number, address).

Employment Data: CVs, references, employment history, job preferences.

Sensitive Data: Immunisation records, health data (where necessary), National Insurance number, and other sensitive personal data necessary for compliance with legal or contractual obligations.

Identification Documents: Passport, driver’s license, or residence permit.

Educational and Professional Qualifications: Certificates and qualifications relevant to healthcare roles.

Client Information: Health and safety policies and other related documents required by healthcare clients.

We will only collect and process personal data that is relevant, necessary, and proportional to the purposes for which it is collected.

Legal Basis for Processing

We process personal data under the following lawful bases as set out in the GDPR:

Consent: We may ask for your consent to process certain sensitive personal data (such as health information) when required.

Contractual Necessity: We process personal data to fulfill contractual obligations when engaging with candidates and clients for healthcare roles.

Legitimate Interests: We process personal data for recruitment activities where it is in our legitimate interest to do so, ensuring the provision of our recruitment services to clients and work-seekers.

Legal Obligation: We may process personal data to comply with legal obligations (e.g., tax reporting, compliance with immigration laws, employment law).

Vital Interests: In some cases, we may process data to protect the vital interests of a candidate or other individuals (e.g., immunisation records for healthcare workers).

Purpose of Data Processing

We process personal data for the following purposes:

Recruitment Services: Matching candidates to job opportunities, verifying qualifications, conducting interviews, and other recruitment-related tasks.

Client Requirements: Sharing necessary personal data with healthcare clients for job placement and compliance with their health and safety requirements.

Communication: Keeping candidates and clients informed of available roles, relevant recruitment updates, and other related communications.

Legal Compliance: Ensuring compliance with healthcare regulations, including health and safety and safeguarding requirements.

Data Retention

Personal data will be retained for no longer than necessary for the purposes for which it was collected:

·       During the period of engagement with the candidate or client.

·       The company will retain data only for as long as necessary. Different laws require us to keep different data for different periods of time, for purposes of record-keeping, compliance, and potential future engagement.

After this period, personal data will be securely destroyed or anonymised unless otherwise required by law.

Data Subject Rights

As a data subject, you have the following rights under the GDPR:

Right to Access: You may request a copy of the personal data we hold about you.

Right to Rectification: If your personal data is incorrect or incomplete, you can request it be corrected.

Right to Erasure: You may request the deletion of your personal data when it is no longer necessary for the purposes for which it was collected, subject to legal exceptions.

Right to Restriction of Processing: You may request the restriction of processing under certain conditions.

Right to Data Portability: You can request a copy of your personal data in a structured, commonly used, and machine-readable format.

Right to Object: You have the right to object to processing based on legitimate interests or direct marketing purposes.

Right to withdraw consent at any time.

To exercise these rights, please contact our Data Protection Officer at the contact details provided.

Automated decision-making

The company does not carry out an Automated decision-making.

Data Security

We implement appropriate technical and organizational measures to ensure that personal data is protected from unauthorised access, disclosure, alteration, or destruction. These measures include:

Encryption of sensitive data both at rest and in transit.

Access Control: Limiting access to personal data to authorised personnel only, based on their role and necessity.

Regular Training for employees on data protection and privacy practices.

Data Sharing and Third Parties

Personal data may be shared with the following categories of third parties:

Clients: To provide services, we share necessary candidate data with healthcare clients as part of the recruitment process.

Sub-processors: We may engage third-party service providers to assist with services like payroll, IT support, and data storage. All such service providers will be required to enter into data processing agreements to ensure compliance with data protection laws.

Regulatory Authorities: We may need to share personal data with regulatory bodies, such as HMRC or other public authorities, in order to comply with legal obligations.

International Data Transfers

We do not transfer personal data outside the United Kingdom or European Economic Area (EEA) unless specific legal safeguards are in place (such as Standard Contractual Clauses or Binding Corporate Rules) to protect your data.

Data Processing Agreement (DPA)

We will ensure that any third-party data processors with whom we share personal data will comply with GDPR requirements through a formal Data Processing Agreement (DPA). This agreement will stipulate the obligations of third parties regarding data security, confidentiality, and processing activities.

Breach Notification

In the event of a data breach, we will notify the Information Commissioner’s Office (ICO) within 72 hours of becoming aware of the breach, where required. If the breach poses a risk to individuals’ rights and freedoms, affected individuals will also be notified without undue delay.

Training and Awareness

We are committed to educating our staff on GDPR requirements and ensuring all employees understand the importance of data protection. Regular training sessions will be provided to all employees who handle personal data.

Changes to This Policy

We reserve the right to update this policy from time to time to reflect any changes in our practices, legal requirements, or technological developments. We will inform all relevant parties of any significant changes. The latest version of this policy will always be available on our website.

Contact Us

If you have any questions, concerns, or complaints about our GDPR compliance or how we handle your personal data, please contact us at:

Omar Dawood (Data Protection Officer and Director)

Email: management@nexhiremedical.com

Address: 71-75 Shelton Street, Covent Garden , WC2H 9JQ