The General Data Protection Regulation (GDPR) will be effective from May 25th 2018. It is a regulation in EU Law regarding personal data protection and privacy for all individuals within the European Union. Its aim is to give control to citizens and residents over their personal data.
Under the GDPR there are six principles regarding personal data and these have been implemented into Poppy Nursing:
- Lawfulness, fairness and transparency – Personal data is processed lawfully, fairly and transparently
- Purpose limitations – Persona data is collected only for specified, explicit and legitimate purposes
- Data minimisation – Personal data is adequate, relevant and limited to what is necessary for the processing of it
- Accuracy – Personal data kept is accurate and kept up to date
- Storage limitations – Personal data is only kept for as long as necessary and most definitely not for ‘just in case’
- Integrity and confidentiality – Personal data is processed in a manner that ensures its security
Personal Data is defined as:
Any representation of data that permits the identity of an individual to whom the data applies to be reasonably inferred by either direct or indirect means. Further, personal data is defined as data: (i) that directly identifies an individual (e.g., name, address, national insurance number or other identifying number or code, telephone number, email address, etc.) These data elements may include a combination of gender, race, birth date, geographic indicator, and other descriptors). This information can be maintained in either paper, electronic or other media.
What this Privacy Notice Covers
This Privacy Notice covers the activities of Poppy Nursing Services.
We are committed to doing the right thing when it comes to how we collect, use and protect your personal data. That’s why we’ve developed this Privacy Notice which:
- sets out the types of personal data that we collect
- explains how and why we collect and use your personal data
- explains when and why we will share personal data within the Booker Group companies and with other organisations; and
- explains the rights and choices you have when it comes to your personal data
Poppy Nursing Services serve a variety of parties in different ways and this notice applies to you if you use our services (referred to in this Notice as “our Services”) as a contractor, employee or client
To use our Services you must be a contractor, employee or other organisation who wishes to use our Services for the purpose of that business or enterprise and not for personal use. Using our Services means being a registered or potential client or contractor of Poppy Nursing Services through one or more of the following mechanisms:
- Registered nurse, carer or other health professional providing a service on behalf of their own limited company for Poppy Nursing Services
- Registered nurse, carer or other health professional providing a service using an umbrella company for Poppy Nursing Services,
- online or otherwise using any of the websites (“our Websites”) where this Notice is posted; or
- being employed directly through Poppy Nursing Services
- An organisation which acts independently or as part of a group, requesting or using services provided
What Personal data do we collect?
This section tells you what type of information we may collect from you when you register to work with Poppy Nursing Services either as a contractor or an employee. The level of information held will depend upon the type of role applied for and the point you are at in the recruitment process.
- Bank details
- Email address
- Telephone numbers
- Next of kin contact details
- NI numbers
- Work history
- DBS numbers
- NMC numbers
- Copies of identity documents (for audit purpose)
- Training and education history
- Race/Gender details
- Companies house information
- Personal preferences
How and why we use personal data
- To comply with NHS recruitment standards
- To Safeguard the patients that we care for
- To comply with HMRC requirements
- To communicate with you about opportunities to work
- To communicate with you about services supplied by the contractor
- To communicate in reference to confirming placement bookings
- To make payments for work carried out
- To create and send invoices for products and services provided
- For future reference in the event of litigation, or clinical investigation
- To issue identity cards, in line with CQC requirements
- To evidence compliance to NMC, CQC and NHS
- To assess suitability to work
- To assess fitness to practice.
- To offer directions and placements based on geographical appropriateness
- To verify NMC registration
- Produce invoices and statements
- To monitor geographical supply and demand
- To identify and engage with candidates who may wish to work with us based on interests, geographical location (social media)
- For audit purposes
Manage and improve our websites, recruitment, and services
Data is used to help us develop and improve our services to both our contractors and our clients. Internal market research helps us to improve information technology systems, understand how and the way we communicate with you.
Detect and prevent fraud or other crime
We have an obligation to ensure that our services are safe and consequently if required, your data may be processed in order to detect to and to prevent fraud, other crimes and the misuse of our services. This ensures that everyone using our services remain safe.
Personalising your experience
Looking at your browsing behaviour allows use to personalise the information that you will see, this mostly applies to enrolment incentives and information about open days etc. We may also monitor the effectiveness of our marketing communications. We may monitor the preferences of contractors to assist with allocating shifts and placements.
We want to ensure that the people that we communicate with receive relevant marketing material and company updates.
Contact and interact with you
We may contact you about our Services, for example by phone, email, text or post or by responding to social media posts that you have directed at us.We want to serve you better as a customer so we use personal data to provide clarification or assistance in response to your communications and to respond to your queries.
Manage promotions, incentives and competitions
Manage any competitions or promotions you take part in, including those we run with our suppliers and other third parties. We need to process your personal data so that we can administer the promotions and competitions you choose to enter.
Changing your preferences
You have the option at any time to change the way we communicate with you. You can, email, text, phone or respond by social media or call into your local branch. We set out below your options when it comes to Cookies, and how we control online behavioural advertising.
Sharing of Personal Data
Poppy Nursing Services is committed to protecting your personal information. We will not share your data with any third party for any commercial reasons. However, we may share personal data with other organisations in the following circumstances:
- If the law or a public authority says we must share the personal data; e.g. some information is required to be shared with clients to evidence compliance and competency in line with CQC requirements;
- If we need to share personal data in order to establish, exercise or defend our legal rights (this includes providing personal data to others for the purposes of preventing fraud and reducing credit risk);
- To an organisation, we sell or transfer (or enter into negotiations to sell or transfer) any of our businesses or any of our rights or obligations under any agreement we may have with you too. If the transfer or sale goes ahead, the organisation receiving your personal data can use your personal data in the same way as us;
- Any company within our parent company’s group of companies;
- To any other successors in title to our business.
We work with carefully selected Service Providers that carry out certain functions on our behalf. These include, for example, companies that help us with technology services, storing and combining data, processing payments, credit checking and those who provide services on our behalf such as delivering orders to your premises, erecting signage, sending communications on our behalf or market research. We only share personal data necessary to enable our Service Providers to provide their services.
How we protect personal data
We know how important it is to protect and manage your personal data. This section sets out some of the measures we have in place.
- We use computer safeguards such as firewalls, data encryption, a private network and we enforce physical access controls to our buildings and files to keep this data safe. We only authorise access to employees who need it to carry out their job responsibilities.
- We protect the security of your information, while it is being transmitted to Third Party Suppliers and Service Providers, using secure SSL/TLS with AES 128-bit encryption. Your data is then encrypted again for storage with AES 256-bit. This is to prevent hackers from seeing your information.
- We enforce physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of personal data. We may occasionally ask for proof of identity before we share your personal data with you.
However, whilst we take appropriate technical and organisational measures to safeguard your personal data, please note that we cannot guarantee the security of any personal data that you transfer over the internet to us.
When we send any data to any third party we will take steps to ensure the safety of your data.
The personal data that we collect from you may be transferred to and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by companies operating outside the EEA who work for us or for one of our service providers. We will put in place appropriate protection to make sure your personal data remains adequately protected and is treated in line with this Notice.
Marketing and Market Research
This section explains the choices you have when it comes to receiving marketing communications and taking part in market research.
We will send you relevant offers and news about our services in a number of ways including by email, but only if you have previously agreed to receive these marketing communications. When you register with us we will ask if you would like to receive marketing communications, and you can change your marketing choices online, in branch, over the phone or in writing at any time.
We also like to hear your views to help us to improve our services, so we may contact you for market research purposes. You always have the choice about whether to take part in our market research.
Cookies and Similar Technologies
Cookies are small data files that allow a website to collect and store a range of data on your desktop computer, laptop or mobile device.
Improve the way our Websites work
Cookies allow us to improve the way our Websites and Mobile Apps work so that we can personalise your experience and allow you to use many of their useful features.
Improve the performance of our Websites
Cookies can help us to understand how our Websites and Mobile Apps are being used, for example, by telling us if you get an error messages as you browse.
These Cookies collect data that is mostly aggregated and anonymous.
Deliver relevant online advertising
Measuring the effectiveness of our marketing communications, including online advertising
Cookies can tell us if you have seen a specific advert or message, and how long it has been since you have seen it. This information allows us to measure the effectiveness of our online advertising campaigns and control the number of times you are shown an advert.
Your choices when it comes to Cookies
You can use your browser settings to accept or reject new Cookies and to delete existing Cookies. You can also set your browser to notify you each time new Cookies are placed on your computer or another device. You can find more detailed information about how you can manage Cookies at the All about Cookies and Your Online Choices websites.
If you choose to disable some or all Cookies, you may not be able to make full use of our Websites.
Destroying and Archiving personal Information
If you have enquired or applied with Poppy Nursing Services and we haven’t heard from you
After a period of six months, we will destroy any personal information we hold by shredding any paper files and deleting any electronic information we have. It is important that you inform us if you don’t wish for this to happen, as it could mean that you need to begin the application process again, which may incur costs.
If you have previously been employed directly by Poppy Nursing Services
Unless working in a clinical capacity, after two years of employment being discontinued we will destroy any personal information we hold, either by shredding or deleting electronic files, unless there is any ongoing dispute or litigation. You will need to contact us if you wish for this to not happen.
If you have worked in a clinical capacity
Your data will be archived for seven years following your last shift with Poppy Nursing. We do this as we may need to supply information as part of a clinical, professional or criminal investigation during this period. Please see the “How we protect your data” section of this document, for further information on storing your information. After seven years any data we hold on paper will be shredded and any electronic files will be deleted. We will not send notification prior to destroying files but you may contact us if you wish for this not to happen.
If you are a client or organisation
We will store any information we hold for up to one year after your last booking with us. Due to agency supply being ad-hoc and sporadic we keep information for reasons of productivity and efficiency. After this time we will make contact with you to ensure that the information we hold is up to date and to ensure you are happy for us to hold that information.
Under the General Data Protection Regulation, you have the right to see the personal data we hold about you. This is called a Subject Access Request.
If you would like a copy of the personal data we hold about you, please write to:
Claire Woodman, Alton Business Centre, Unit 3, Valley Ln, Ipswich IP9 2AX
We want to make sure that the personal data we hold about you is accurate and up-to-date. If any of the details are incorrect, please let us know and we will amend them.
We reserve the right to make changes to this Privacy Notice from time to time, so please take the time to review periodically.
Last reviewed May 2018