Privacy Notice

At Pathfinder Health Solutions, safeguarding the confidentiality and safety of your personal details is our priority.  This Privacy Notice details what personal data we collect and how we use it.

Revisions to This Privacy Notice

We continually review our Privacy Notice and update it as needed. If significant changes are made to our policy, we will contact you to provide notification. This is version 1.1 and was last updated in August 2023.

Our Contact details:

Pathfinder Health Solutions Ltd

Regus Manchester Business Park

3000 Aviation Way

Manchester

M22 5TG

Tel. 0161 521 6860

info@pathfinderhealthsolutions.co.uk

Scope

As a provider of healthcare solutions, we process personal data pertaining to the following categories of individuals to facilitate our operations:

  • Prospective and placed subcontractors.
  • Prospective and active client contacts.
  • Supplier contacts assisting our services.
  • Employees, consultants, and temporary staff.
  • Patients utilising services provided by our staff.
  • Patients of NHS clients for whom we offer services.

We collect data about you to conduct our primary business and auxiliary tasks.

If you are a potential or active contractor, employee, consultant, or temporary worker, kindly refer to the staff privacy notice for more details.

Information we may process about you

This is information about you that you provide to us by phone, email, our website, or alternative methods. It includes information provided during website registration, database entry, subscription to our services, enrolment as a potential contractor, and reporting website issues.

The data we gather, or you provide may involve your name, address, personal and corporate email addresses, phone number, financial data, compliance documents, reference checks for verifying qualifications and experience, your eligibility to work in the UK, CV, photograph, and links to your professional profiles on public platforms like LinkedIn, Twitter, business Facebook, or corporate websites.

With each visit to our site, we automatically collect the following information: login details if applicable, browser type and version, and country.

Information acquired from other sources

This is data obtained from sources such as LinkedIn, corporate websites, job boards, online CV libraries, your business card, personal recommendations, and others. In such cases, we will inform you of our possession of your personal data within 30 days of its collection, along

with its source and purpose for retention and processing. We will also send you a copy of this privacy notice.

We work with with third parties, including companies within our Group, business partners, sub-contractors for technical, professional, payment, and other services, advertising networks, analytics providers, search information providers, credit reference agencies, legal consultants, professional advisers, and others. Information received from them supports our recruitment and supplementary services.

Processing purposes and legal basis for processing

We use your held information for the following purposes:

  • Fulfilment of contracts between you and us, and provision of requested information, products, and services, pertinent to your career or organisation’s interests.
  • Primarily, we offer healthcare professionals and project management services to clients.
  • The processing of personal data is based on our legitimate business interests, as elaborated below. We also rely on contract, legal obligation, and consent are considered for specific data utilisation.

We will rely on contract when negotiating or have entered in an agreement with you or your organisation, or any other contract to provide services to you or receive services from you or your organisation.

We will rely on legal obligation if we are legally required to hold information on you to fulfil our legal obligations.

In some instances, consent serves as the lawful basis for processing your data, for example if you are a candidate, obtaining permission to introduce you to a client. In these instances, we will ask you for your specific consent.

We process patient health data only as a data processor, adhering to the data controller’s requirements and do not set the legal basis for this type of processing.

We gather patient feedback, subject to explicit consent, using a form on our website to monitor and improve our service.

Our Legitimate Business Interests

Our legitimate interests in collecting and retaining your personal data is described below:

  • Provision of medical support to hospitals and trusts, as part of our due diligence we need to check the credentials of subcontractors, doctors, and support staff that we use. This includes personal data, qualifications, DBS checks, blood test results, references, etc. We hold these details securely and are only shared with client(s) with your permission.

Consent

We do not need your consent if we use your personal information in accordance with our written policy to carry out our legal obligations or exercise specific rights in the field of employment law. In limited circumstances, we may approach you for your written consent to allow us to process certain particularly sensitive data. If we do so, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent.

Other uses of your data:

Use of our website:

  • Notification of website changes.
  • Ensuring our website content is displayed most effectively on your computer/mobile phone.

We will use this information for:

  • Site administration and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes.
  • Enhancement of site content and user experience.
  • Support your use of interactive service features, when you wish to use these.
  • Site security maintenance.
  • Measuring or understanding the effectiveness of advertising we provide you and others, and to provide relevant advertising to you;
  • Making suggestions and recommendations to you and other users of our site about goods or services that may interest you.

We do not undertake automated decision making or profiling. We do use our computer systems to search and identify personal data in accordance with parameters set by a person. A person will always be involved in the decision-making process.

All staff receive General Data Protection Regulation (GDPR) training to uphold your personal data obligations.

Cookie Policy

This site uses cookies – small text files that are placed on your machine to help the site provide a better user experience. In general, cookies are used to retain user preferences, store information for things like shopping baskets, and provide anonymised tracking data to third party applications like Google Analytics. As a rule, cookies will make your browsing experience better. However, you may prefer to disable cookies on this site and on others. The most effective way to do this is to disable cookies in your browser. We suggest consulting the Help section of your browser.

Change of purpose

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Sharing information with third parties

We may have to share your data with third parties, including third-party service providers. We require third parties to respect the security of your data and to treat it in accordance with the law. We will share your personal information with third parties where:

  • required by law;
  • it is necessary to administer the working relationship with you; and
  • we have a legitimate interest in doing so.

All our third-party service providers are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions. Any third parties with whom we might share your personal information and the basis on which we do so are detailed in the Schedule to this notice.

Data Security

Appropriate security measures have been put in place by us to guard against unauthorised access or use, alteration, or disclosure. Access to your data is limited to employees, agents, contractors and other third parties who have a business need to access your data. They will only process your personal information on our instructions, and they are subject to a duty of confidentiality. We have procedures in place to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Data Retention

We understand our legal duty to retain accurate data and only retain personal data for as long as we need it for our legitimate business interests. Accordingly, we have a data retention notice and run data routines to remove data that we no longer have a legitimate business interest in maintaining. Our current retention notice is available upon request.

Your rights in connection with personal information: Under certain circumstances, the law grants you specific rights. These are summarised below. Please note that your rights may be limited and subject to restrictions in certain situations:

Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.

Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.

Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).

Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.

Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.

Request the transfer of your personal information to another party. If you want to review, verify, correct or request erasure of your personal

information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact us at info@pathfinderhealthsolutions.co.uk

You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

In any circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact us at info@pathfinderhealthsolutions.co.uk

Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

Transferring data outside of the UK/EEA.

The data that we collect from you may/will be transferred to, and stored at, a destination outside the UK or the European Economic Area (”EEA”). It may be transferred to third parties outside of the UK/EEA for the purpose of our recruitment services. It may/will also be processed by staff operating outside the EEA who work for us or for one of our suppliers. This includes staff engaged in, among other things, our recruitment services and the provision of support services.

Your Right to Lodge a Complaint with the ICO.

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. You can lodge a complaint with the Information Commissioners Office via email icocasework@ico.org.uk or by writing to:

Customer Contact

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire.

SK9 5AF

Or by telephone on 0303 123 1113