Scots Gap Medical Group

01670 774216

Stamfordham Surgery

01661 886203

Privacy Notice – Recruitment

This privacy notice relates specifically to personal data collected in relation to recruitment. It details how the practice will collect personal data about you, how it will be processed and stored, who will have access to it and how long this information will be retained. As part of any recruitment process, the practice collects and processes personal data relating to any job applicant and is committed to being transparent about how it collects and uses that data in line with data protection legislation.

Who is the Data Controller

We are registered as a data controller under the Data Protection Act 1998. Our registration number is Z6742300. The registration can be viewed online in the public register at:

http://ico.org.uk/what_we_cover/register_of_data_controllers

What information does the practice collect during the recruitment process?

The practice collects a range of information about you. This includes:

  • your name, address and contact details, including email address and telephone number;
  • details of your qualifications, skills, experience and employment history;
  • information about your current level of remuneration, including benefit entitlements;
  • whether or not you have a disability for which the practice needs to make reasonable adjustments during the recruitment process;
  • information about your entitlement to work in the UK; and
  • equal opportunities monitoring information, including information about your ethnic origin, sexual orientation, health and religion or belief
  • vaccine & immunisation status The practice collects this information in a variety of ways, such as:
  • Application forms;
  • CVs or resumes;
  • Copies of your passport other identity documents;
  • Information collected through interviews or other forms of assessment .

The practice will also collect personal data about you from third parties, such as:

  • References supplied by former employers and from other nominated referees;
  • Information from employment background check providers and information from criminal records checks;
  • The practice may seek information from third parties only once a job offer to you has been made and will inform you that it is doing so. Data will be stored in a range of different places, including:
  • Your application record;
  • HR management systems;
  • IT systems (including email).

Why does the practice process personal data?

The practice needs to process data to take steps at your request prior to entering into a contract with you. It also needs to process your data to enter into a contract with you.

The practice needs to process data to ensure that it complies with its legal obligations such as being required to check a successful applicant’s eligibility to work in the UK before employment starts.

The practice has a legitimate interest in processing personal data during the recruitment process and for keeping records of the process. Processing data from job applicants allows the practice to:

  • Manage the recruitment process;
  • Assess and confirm a candidate’s suitability for employment;
  • Decide to whom to offer a job;
  • Respond to and defend against legal claims.

Where the practice relies on legitimate interests as a reason for processing data, it will consider whether or not those interests are overridden by the rights and freedoms of applicants, employees or workers.

The practice will process health information if it needs to make reasonable adjustments to the recruitment process for candidates who have a disability. This is to carry out its obligations and exercise specific rights in relation to employment. Where the practice processes other special categories of data, such as information about ethnic origin, sexual orientation, health or religion or belief, this is for equal opportunities monitoring purposes.

The practice is obliged to seek information about criminal convictions and offences in line with NHS Employers guidelines on criminal records checks, which you can read at: http://www.nhsemployers.org/your-workforce/recruit/employment-checks/criminal-record-check.

How do we lawfully use your data?

We need to know your personal, sensitive and confidential data in order to employ you. Under the General Data Protection Regulation we will be lawfully using your information in accordance with:

  • Article 6, (b) Necessary for performance of/entering into contract with you
  • Article 9(2) (b) Necessary for controller to fulfil employment rights or obligations in employment

This notice applies to the personal data of our candidates applying for work at Scots Gap Medical Group.

Who has access to data?

Your information will be shared internally for the purposes of the recruitment exercise. This includes:

  • Interviewers and partners involved in the recruitment process

The practice will not share your data with third parties, unless your application for employment is successful and it makes you an offer of employment. The practice will then share your data you’re your nominated referees including former employers so to obtain an a reference for you, employment background check providers to obtain necessary background checks, the Disclosure and Barring Service to obtain necessary criminal records checks and the practices Occupational Health provider if deemed appropriate.

The practice will not transfer your data outside the European Economic Area.

How does the practice protect data?

We are committed to protecting your privacy and will only use information collected lawfully in accordance with:

We will only ever use or pass on information about you to others who have a genuine need for it. We will not disclose your information to any third party without your permission unless there are exceptional circumstances (i.e., life or death situations) or where the law requires information to be passed on.

Our policy is to respect the privacy of our candidates and to maintain compliance with the UK General Data Protection Regulation (UK GDPR) and all UK specific Data Protection Requirements. Our policy is to ensure all personal data will be protected.

All employees and sub-contractors engaged by Scots Gap Medical Group are asked to sign a confidentiality agreement. The organisation will, if required, sign a separate confidentiality agreement if the client deems it necessary. If a sub-contractor acts as a data processor for Scots Gap Medical Group an appropriate contract (art 24-28) will be established for the processing of your information.

Internal policies and controls are in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees in the proper performance of their duties.

For how long does the practice keep data?

If your application for employment is unsuccessful, the practice will hold your data on file for no longer than one year after the end of the relevant recruitment process. At the end of that period or once you withdraw your consent (where this applies), your data will be deleted or destroyed using the practice confidential shredding service.

If your application for employment is successful, personal data gathered during the recruitment process will be transferred to your personnel file. Your personal data will be retained by the practice in accordance with the retention schedule outlined in the Records Management Code of Practice for Health and Social Care 2016.

Your rights

As a data subject, you have a number of rights. You can:

  • access and obtain a copy of your data on request;
  • require the practice to change incorrect or incomplete data;
  • require the practice to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing;
  • object to the processing of your data where the practice is relying on its legitimate interests as the legal ground for processing; and
  • ask the practice to stop processing data for a period if data is inaccurate or there is a dispute about whether or not your interests override the practice’s legitimate grounds for processing data.

If you would like to exercise any of these rights, please contact the Practice Manager.

If you believe that the practice has not complied with your data protection rights, you can complain to the Information Commissioner – details are listed below under Further Information.

What if you do not provide personal data?

You are under no statutory or contractual obligation to provide data to the practice during the recruitment process. However, if you do not provide the information, the practice may not be able to process your application properly or at all.

Automated decision making

Employment decisions are not based on automated decision-making

Further information

If you have any questions about this privacy notice or are unclear about how we process or use your personal information or have any other issue regarding your personal and healthcare information, then please contact the Practice Manager.

For further guidance concerning the General Data Protection Regulation and Subject Access Requests in general, please contact:

The Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Tel: 0303 123 1113 or 01625 545745

Or please see the Information Commissioner’s Office website (www.ico.org.uk).

 

Date published: 14th July, 2025
Date last updated: 14th July, 2025