|
Purpose of Data Processing |
Type of Personal Data |
Lawful Basis for Processing |
|
To ensure the Digital Properties work as intended and remains secure (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) |
|
|
|
For Facilities, to help and assist you in filling open shifts with qualified physicians, advanced practice and other healthcare professionals. |
|
Condition for any special category personal data:
|
|
Operating, evaluating, developing, promoting, and growing our business. This may include evaluating, entering into, and performing corporate transactions (including those involving raising capital, whether equity or debt, mergers and acquisitions, joint ventures, the sale, transfer, or merger of all or parts of our business or our assets). |
|
Condition for any special category personal data:
|
|
Purpose of Data Processing |
Type of Personal Data |
Lawful Basis for Processing |
|
Complying with legal and regulatory obligations, including:
|
|
Condition for any special category personal data:
|
|
Preparing for and addressing investigations and disputes (including those involving Affiliates, Professional Advisors, Governmental Authorities) |
|
Condition for any special category personal data:
|
|
Responding to Data Subjects who request such contact |
|
|
|
Providing services to Facilities and Business Partners, including:
|
|
|
|
Purpose of Data Processing |
Type of Personal Data |
Lawful Basis for Processing |
|
Managing and protecting our business, employees and staff from risks and threats, including identifying and preventing virtual threats such as cyber-attacks. |
|
|
|
Sending electronic marketing and promotional materials to Data Subjects in a business-to-business context and enabling Data Subjects to complete surveys |
|
|
If a Data Subject has provided consent to processing and subsequently withdraws that consent, we may still process that Data Subject’s personal data where we have another lawful basis for doing so, provided that the Data Subject has not expressly asked us to stop processing their personal data in accordance with Section 6 (Data Protection Rights).
Where we need to collect personal data by law or under the terms of a contract that we have with a Data Subject and the Data Subject fails to provide that personal data when requested, we may not be able to perform the contract we have with the Data Subject or with her/his relevant employer.
4. SHARING OF PERSONAL DATA
We may share Data Subjects’ information with the following third parties (as defined in Part C of Schedule 1):
Affiliates, including the Aya Entities
Business Partners
Governmental Authorities
Professional Advisors
Service Providers
Please see Section 5 (International Data Transfers) below for information on international transfers to such third parties. We require all our data processors and any other third party that we provide Data Subjects’ personal data to respect the security of Data Subjects’ personal data and to treat it in accordance with applicable law.
5. INTERNATIONAL DATA TRANSFERS
Your personal data may be transferred to, stored in, or accessed within the UK or transferred to, stored in or accessed from countries outside the UK (including to the United States) in connection with the purposes described in this Notice. For transfers to countries outside the UK, the data protection regime may be different than in the country in which the Data Subject is resident and may not provide the same level of data protection. We will rely on EU Standard Contractual Clauses and equivalent UK international data transfer agreements when we transfer personal data out of the UK (collectively, the “SCCs”).
To the extent that we undertake any onward transfers of personal data to any third parties, such transfers shall only be to the third parties listed in Section 4 (Sharing of Personal Data) above and for the purposes described in Section 3 (How Do We Use Your Personal Data?) above. SCCs (or an alternate approved mechanism) shall be relied upon to make any onward transfers of personal data outside of the UK.
6. DATA PROTECTION RIGHTS
If you are a Data Subject, you may relative to the personal data we process about you:
Request access to such personal data;
Request correction of such personal data;
Request erasure of such personal data;
Object to processing of such personal data;
Request restriction of processing of such personal data;
Request the transfer of such personal data to you or to a third party; or
Withdraw consent at any time where we are relying on consent to process such personal data; or
Obtain a copy of any SCCs we use to transfer such personal data outside of the UK.
To exercise any of the rights set out above, please contact us using the contact details provided in Section 9 (How to Contact Us) below. There are exceptions and exemptions that apply to some of the rights, which we will apply in accordance with the applicable data protection laws. Where you have any such rights under applicable laws, we will respond to any such rights that you want to exercise within one month of receiving the request, unless the request is complex, in which case it may take longer. In addition to the above rights, you have the right to lodge a complaint with the relevant supervisory authority in the EEA member state or the UK, based on where you reside.
We may need to request specific information from you to help us confirm your identity and your right to access the personal data (or to exercise any of the other rights).
7. AUTOMATED PROCESSING AND DECISION MAKING
We do not make any decisions regarding Data Subjects solely using automated processes (including profiling) based on Data Subjects’ personal data where such decision produces legal effects concerning the Data Subject or similarly affects the Data Subjects.
8. RETENTION OF PERSONAL DATA
We will only retain a Data Subject’s personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, regulatory requirements, the potential risk of harm from unauthorized use or disclosure of the personal data, the purposes for which we process the personal data and whether we can achieve those purposes through other means, and the applicable legal or regulatory requirements. Details of retention periods for personal data are available from us on request using the contact details at Section 9 (How to Contact Us).
9. HOW TO CONTACT US
Should you wish to exercise your data protection rights relating to the personal data processed under this Notice, we suggest that you contact us and we will coordinate the response to your request.
Should you have any questions regarding this Notice or wish to exercise any of your rights, please contact us using the following contact details:
Our Data Protection Officer and UK Representative can be contacted using the following contact details:
Address: 72 Great Suffolk Street, London, SE1 0BL
Email: ahmed@locumenest.co.uk
10. COOKIE NOTICE
Cookies are small text files that are placed on your computer by websites or software applications that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the digital properties. We use certain cookies on our Digital Properties. We will deploy cookies (which are not “strictly necessary”) on your device only with your consent. Please see our cookie banner on our Digital Properties and our Cookie Policy (https://locumsnest.co.uk/cookie-policy/) for more details.
11. AMENDMENTS TO THIS NOTICE
This Notice may be revised from time to time, including where we add new features and services, as laws or regulations change, and as industry privacy and security best practices evolve. We display a “Last Updated” date in at the top of this Notice so it is clear when there has been a change. If we make any material change to this Notice regarding use or disclosure of personal data, we will notify you of such change.
|
TYPE OF PERSONAL DATA |
DETAILS |
|
Anti-Money Laundering and Know Your Customer Data (“AML/KYC Data”) |
|
|
Contact and Professional Data |
|
|
Cookie and Technical Data |
|
|
Geolocation Data |
|
|
Government Issued Data |
|
|
Marketing and Communications Data |
|
|
Profile Data |
|
|
Usage Data |
|
|
Voluntarily Provided Data |
|
|
LAWFUL BASIS |
DESCRIPTION |
|
Compliance with a Legal Obligation |
We may process personal data to the extent necessary for us for us to comply with applicable laws. |
|
Consent |
We may process personal data where the Data Subject has provided consent for us to do so. |
|
Legitimate Interests |
We may process personal data for our legitimate interests as a business or those of a third party where our processing does not prejudice the Data Subject’s rights so as to override our legitimate interest. We have provided examples where applicable in Section 3 (How do we use personal data?). |
|
Performance of a Contract |
We may process personal data where it is necessary for us to do so in order to exercise our rights or satisfy our obligations under a contract we have with the Data Subject. |
|
THIRD PARTY |
DESCRIPTION |
STATUS OF THIRD PARTY |
|
Affiliates |
Refers to our affiliates, subsidiaries, or entities, if any, under common management or subject to common control as us. |
Joint controller with our other Affiliates. |
|
Business Partners |
Refers to current or prospective business partners (i) involving investments from us and/or (ii) with which we undertake commercial, corporate, or other business transactions (involving mergers, acquisitions, equity, debt, or credit), includes transactional counterparties, banks, lenders, and financial institutions; and (iii) hospitals and healthcare providers, including NHS hospital trusts. |
Independent controller. |
|
Governmental Authorities |
Refers to governmental authorities in the UK, Europe, or other countries, including law enforcement agencies, tax authorities, and supervisory authorities, and regulators. |
Independent controller. |
|
Aya Entities |
Aya Healthcare, Inc. and its affiliates, which may include, but is not limited to, Qualivis, LLC, Bespoke Workforce, LLC, Vaya Workforce Solutions, LLC and Symmetry Workforce Solutions, LLC. |
Joint Controller |
|
Professional Advisors |
Refers to current or prospective professional advisors including lawyers, solicitors, attorneys, accountants, investment and merchant bankers, brokers, auditors, and insurers. |
Independent controller. |
|
Service Providers |
Refers to current or prospective party providers of services such as IT services, hosting services, and other business process and marketing services. |
Typically, data processors. However, Service Providers who are independently regulated will be independent controllers. |