We can only provide our services fully if the personal data we hold about you is accurate and up to date. Please keep us informed or update your details if your situation changes.
Our website is not intended for children and we do not knowingly collect data relating to children.
- What information we hold about you
We collect personal information about you when you register or apply for a job through our website. The information you provide is treated in accordance with current UK data protection legislation. The information collected can include:
- Identity Data e.g. name, username, date of birth, gender
- Contact Data e.g. address, email address, phone number(s)
- Financial Data e.g. bank account
- Technical Data e.g. IP address, log in details, browser type, operating system
- Profile Data e.g. profession, speciality, CV, supporting documents
- Consent and communications
You can amend your consent regarding the way we contact you regarding suitable assignments at any time via our website / Candidate Engagement Hub or by contacting us using the contact details below. Please note that consent to contact you via at least one method is required to fulfil the purpose of securing suitable employment.
By referring other individuals to us, you consent to us sharing your name with that individual. The individual(s) referred will be contacted by us for the purposes of work placement and their consent requested to retain their personal data.
- How and when we use your personal data
We will only use your personal data where we have a legal basis to do so i.e.
- Where we need to fulfil a contract we have entered into with you. This would typically be when securing you a contract of employment
- Where it is necessary for our legitimate interest and your rights do not override these interests. This would typically be where we are searching for a suitable contract of employment for you, prior to commencement.
- Where we need to comply with legal or regulatory obligations.
- Where we have obtained your consent to use it
- Data sharing
We may share your personal information with a member of our group, which means subsidiaries, and any ultimate holding company and its subsidiaries, as defined in section 1159 of the United Kingdom Companies Act 2006.
We may share your information with selected third parties including:
- Our clients (e.g. medical communications agencies, pharmaceutical companies, health consultancies etc.) business partners, and sub-contractors (e.g. nominated agents of our clients) for the performance of any contract we enter into with you.
- analytics and search engine providers that assist us in the improvement and optimisation of the website where we share only aggregated, anonymous information about our users
We may disclose your personal information to third parties:
- In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
- If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply these notices, terms and other agreements; or to protect the rights, property or safety of those with whom we do business, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
We may also disclose aggregate, anonymous statistics about visitors to the website (users and transactions) in order to describe our services to prospective partners and other reputable third parties and for other lawful purposes, but these statistics will include no personally identifiable information.
- Third party links and international transfers
The website may, from time to time, contain links to and from the websites of our partner networks and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check the policies of these websites before you submit any personal data.
MedComms People does not transfer or store any personal data outside the European Economic Area (EEA).
- Your rights
You have a number of rights as outlined below. When exercising these rights we will need to validate your identity to ensure the request is from you. This is a security measure to ensure personal data is not disclosed to an unauthorised third party. You may exercise your rights by contacting us via the contact details below.
7.1 Right to be informed
- concise, transparent, intelligible and easily accessible;
- written in clear and plain language, and
- free of charge.
7.2 Right to restrict processing
You have the right to ask us not to process your personal data for e.g. marketing purposes. We will inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us at firstname.lastname@example.org
7.3 Right of access
You have the right to access the information we hold about you. An access request is free of charge unless considered repetitive or excessive when a small admin charge may be made. A request for access can be made via the contact details below.
7.4 Right of rectification
You are entitled to have your personal data corrected if it is inaccurate or completed if incomplete. If the personal data in question has been disclosed to third parties, we will inform them of the rectification where possible and confirm with you which third parties the data has been disclosed to.
7.5 Right to erasure
You have the right to request the deletion of personal data where there is no compelling reason for its continued processing. There are some circumstances where this right may not be met and a request refused e.g. to comply with a legal obligation such as HMRC or Terms of Business retention requirements (see Data Retention below for more details).
7.6 Right to data portability
The right to data portability allows you to obtain and reuse your personal data. It allows you to move, copy or transfer personal data easily in a safe and secure way, without hindrance to usability.
The right to data portability applies to personal data:
- provided by you;
- where you have provided consent for processing or the processing is for the performance of a contract; and
- when processing is carried out by automated means.
7.7 Right to object
You have the right to object to processing based on the performance of a task in the public interest or processing based on a legitimate interest e.g. direct marketing. An objection must be based on your particular circumstances and processing must cease unless there are compelling reasons otherwise e.g. defence of legal a claim.
7.8 Rights relating to automated decision making and profiling
Data protection legislation provides safeguards for individuals against the risk that a potentially damaging decision is taken solely based on automated processing i.e. without human intervention.
MedComms People employs no fully automated processes that result in particular individuals being impacted.
- Data security
We have in place appropriate security measures to prevent your data being accidentally lost, used, accessed in an unauthorised way, altered or disclosed. Access to your personal data is strictly limited to specific authorised individuals who require access to perform their roles.
All data collected and processed by MedComms People is stored on servers in the EEA.
Internal policies and procedures are in place and reviewed regularly to identify and notify of any breaches of these procedures.
- Data retention
We will only retain your data for as long as necessary to fulfil the purposes it was collected for and satisfy any legal, accounting or reporting requirements. For example when you complete a contract we need to retain your details for 6 years to satisfy HMRC requirements. If you have worked with us at any point, on a contract basis therefore, we will normally securely retain your details for 6 years.
If we have found you permanent employment or have submitted your CV for consideration with one of our clients, we also have to retain your data to satisfy Terms of Business (TOB) which we have in place with our clients so typically we will retain your data for 2 years in case of any claims.
Prior to completing a contract or securing a permanent job through us, by registering your details on our website we will, typically, retain your details for a period of three years unless you request that they be deleted. During this time we will continue to alert you to suitable jobs as they arise until you advise us otherwise.
- Contact us
Contact via the website or by email is encrypted and none of the data you supply will be stored by the website or passed to or processed by a 3rd party processor.
To contact us, please visit our website: www.medcommspeople.com or e-mail to: email@example.com or telephone: +44 (0)1932 797999
Should you have cause to make a complaint or express dissatisfaction with MedComms People, a member of its staff or processes, please email or telephone our team: firstname.lastname@example.org / +44 (0)1932 797999. A member of our management team will address your concerns as appropriate.
Should you feel that your concern has not been resolved satisfactorily you also have the right to direct your complaint to the supervisory authority – contact details below.
- Supervisory authority and data breaches
The relevant supervisory authority for data protection legislation in the UK is the Information Commissioners Office (ICO). Their contact details are:
Information Commissioner’s Office
MedComms People has designed the protection and security of data protection into its systems, processes and staff knowledge. In the event that a breach of data protection is identified, the circumstances are logged and appropriate actions taken including informing the individuals concerned and the supervisory authority. Each case is considered separately and depends on the risk to the rights and freedoms of the individual(s) impacted.