Last Updated: September 2022
Our privacy notices help you to understand what we do with your personal data, why we use it, who we share it with, how long we keep it and the rights that you have. For more information on your rights and how to exercise them, head straight to the ‘your rights’ section later in the document.
All our privacy notices will tell you the following:
- Why we can process your information
- What our reason (or purpose) is for processing your information
- Whether you must provide us with information
- Whether your information is shared to others and under what circumstances
- How long we store your information
- Whether we will transfer your information to another country
- Whether we complete any automated decision-making or profiling
- How we protect your information
- How you can get in touch
When does this privacy notice apply?
This privacy notice applies if you:
- Visit our website
- Provide information to us when visiting the website
- Contact us with a query about our services
- Provide personal information to us when contacting with a query outside of the website
- Apply for a job with us
- Attend one of our events
- Receive marketing from us
For clients accessing their portal through the website or for queries relating to currently used products and services, and for users of our services, please select the Privacy Notice for our Products and Services, here:
If you are successful after you have applied for a job, you will be given a further privacy notice as part of your induction.
Changes to this privacy notice:
We make sure that we review our privacy notice from time to time and will update it on the website when we do, so that you can check it regularly. The last updated date is shown at the beginning of the document.
Who are we?
We are Medigold Health Consultancy Limited (“we”, “our”, “us”). This includes its group company, Hampton Knight Limited and any appointed representatives, including medical practitioners acting on its behalf. We are registered with the ICO under number Z7655289.
We will be the data “Controller” or data “Processor” of the personal data provided to us.
What is our purpose and lawful basis?
If you are visiting our website or want to know about our services, our reason for processing; is to provide you with information on any of the services that we have to offer, answer your queries, and to help us improve and develop our services. The lawful basis that we rely on is article 6 (1) (f) and article 9 (2) (h) of the UK GDPR, which relates to our legitimate interest to do so under the provision of an occupational health service.
If you apply for a job with us, then our reason for processing your information is to process your application, assess your suitability for a role you have applied for, assess your suitability for any other roles we may have, and to help us develop and improve our recruitment process. The lawful basis that we rely on is article 6 (1) (b) of the UK GDPR, which relates to processing necessary to perform a contract or to take steps at your request, before entering a contract.
If, when applying for a job, you provide us with any information about reasonable adjustments, you require under the Equality Act 2010 the lawful basis we rely on for processing this information is article 6 (1) (c) to comply with our legal obligations under the Act.
If you choose to opt in to keep up to date with offers and receive information from us when you visit the website, subscribe to one of our mailing lists or attend one of our events, then our reason for processing your information is that you have given your consent for us to do so.
The lawful basis that we rely on is article 6 (1) (a) of the UK GDPR which relates to consent to process your data for a specific purpose, and we will always ask for your explicit permission.
The information we collect and how we use it
Product or Services Enquiries
We collect and use the information that you provide to us directly. For example, when you fill out a form on our website, we will use the details that you have provided to answer any questions you may have. This includes your name, your email address, your phone number, the company you are working for, as well as any additional information you would like us to know so that we can answer your query.
We will keep a record of all communications made in this way so that we know your requests and questions have been answered. Information that we have discussed with you as a result of these communications may also be recorded.
We will also keep records if you prefer to speak to, email, or contact our teams directly rather than completing a website enquiry form.
We may also record calls for quality, training and monitoring purposes.
We will use aggregated, anonymised data to inform our management reporting and improve and develop our services.
We also provide informative blogs on our website that may include links to other websites you may find useful. This privacy notice does not include linked websites and we encourage you to read the privacy statements provided on those websites should you choose to visit them.
When you subscribe to any mailing lists, attend one of our events, and before you submit any form on the website, we will always ask you whether you want to receive information from us such as latest news, special offers, updates, blogs or new products and services. We will only use the information that you have provided directly to communicate with you, and you can unsubscribe at any time.
We also use social media (LinkedIn, Twitter, Instagram, and Facebook) to provide information, answer your questions and to interact with you. If you have liked a post or followed us, the details you make available on the platform will be known to us and may be used to communicate with you. Any personal data that you put into any social media platform will be used by the platform provider for their own purposes. Your use is subject to their terms and conditions, and we encourage you to read their privacy notices.
The information we share and why
We do not share information provided directly by you with third parties unless you have given us permission, or where we rely on the use of a third parties to provide our systems. For example, we use a third party based in the UK to manage and host our website who support us in maintaining our website. We have contracts in place with all suppliers that help us to ensure security and privacy of your personal information in accordance with UK GDPR and they may not use your information for any other purpose.
Where you have applied for a job and we need to check your right to work in the UK or complete a criminal record check due to the position that you are applying for, we will need to share your details with a third party who are authorised to complete those checks.
How long do we store your information?
We keep your personal information for as long as is required in order to fulfil the relevant purposes that have been explained in this privacy notice.
If you apply for a job and your application is unsuccessful, we will retain your information for six months, unless you prefer us to keep your information on file in case more opportunities become available.
Telephone recordings made as part of the enquiry process are retained for 120 days.
Where do we process your information?
We process your information within the UK, we do not send or store any personal data outside of the United Kingdom, unless it is necessary to complete a right to work check or criminal record check when you apply for a job. If you have lived, studied, or worked abroad this will mean checks will need to be carried out in those countries and therefore necessary data will be shared outside of the UK by our authorised third-party for the purpose of completing those checks only.
How do we protect your information?
We design our systems with your security and privacy in mind. We work to protect the security of your personal information during any communications with you using secure communication methods and secure software procedures. We maintain physical, electronic, and procedural safeguards in connection with storage and disclosure of your personal information. Our security procedures mean that we may ask you to verify your identity before we disclose personal information to you.
UK GDPR gives you certain rights when it comes to your personal data.
For users of our products and services there is further information on how these rights apply to you and under what circumstances you can exercise your rights contained within the Products and Services Privacy Notice.
- Right of access – this means that you have the right to request a free copy of the personal data held about you
- Right to rectification – if you think that any of your personal information that we hold is inaccurate or incomplete you can request it is updated. We may ask you for evidence to show that it is inaccurate
- Right to erasure – this is also known as the right to be forgotten. You can request that your personal data is erased, however, this right is not absolute. If you can exercise this right, then we will keep a note of your name linked to your request and restrict access to that information.
- Right to restrict processing – when you have contested the accuracy of your personal data your right to restrict processing will be automatically implemented. That means we will hold your personal data on file, but we will not process it.
- Right to data portability – you have the right to ask us to electronically move, copy or transfer your personal information in a machine-readable format.
- Right to object – you have the right to object to the processing of your personal data at any time. This right only applies in certain circumstances.
- Right to withdraw consent – where we are relying on your consent for processing you can withdraw your consent at any time.
In some circumstances your rights may be limited. For example, if you ask us to delete information which we are required to have by law, if we have a legitimate interest to keep it, or it would reveal personal information about another person. We will let you know if this is the case, and we will then only use your information for these purposes. If you want us to stop processing your personal information, you may be unable to continue using our products or services.
If you wish to exercise any of your rights, please contact us at email@example.com
We will ask for information to verify your identity, so that we make sure we protect your information. The lawful basis that we rely on is article 6 (1) (c) of the UK GDPR, which relates to our legal obligation to comply with the law. We will only keep verification information for as long as it is necessary to process your request.
Data Protection Officer contact details and your right to complain
We work to the highest standards when it comes to processing your personal information. If you have any questions about your personal information, or how we use it, you can contact our Data Protection Officer, Isobel Watkins at firstname.lastname@example.org, or by writing to us at our registered office at Medigold House, Queensbridge, Northampton, NN4 7BF.
We encourage you to contact us if you have any concerns about how we use your personal information, however, if you are not satisfied with our response or believe we are processing your personal information incorrectly and not in accordance with UK GDPR, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at www.ICO.org.uk.