We ask that you read this privacy notice carefully as it contains important information on who we are, how and why we collect, store, use and share personal information, your rights in relation to your personal information and on how to contact us and other organisations in the event you have a complaint. Please see the section on ‘Your rights’ for more information.

Introduction

We are Plinth 2000 Limited and Plinth Medical Limited (referred to jointly as “Plinth”) In order to identify, select and recruit new employees we need to collect and process your personal information.

Personal information means any information about you from which you can be identified, but it does not include information where your identity has been removed (anonymous data).

As the ‘controller’ of personal information, we are responsible for how that data is managed. The General Data Protection Regulation (“GDPR”), which applies in the United Kingdom and across the European Union, sets out our obligations to you and your rights in respect of how we manage your personal information.

As the ‘controller’ of your personal information, we will ensure that the personal information we hold about you is:

1. used lawfully, fairly and in a transparent way.
2. collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
3. relevant to the purposes we have told you about and limited only to those purposes.
4. accurate and kept up to date.
5. kept only as long as necessary for the purposes we have told you about.
6. kept securely.

If you have any questions about this privacy notice or would like further explanation as to how your personal information is managed then please contact us (see ‘How to contact us’ below).

This document provides the information as required by GDPR under your right to be informed.

Purposes of processing your personal information

We will use you data for the following purposes:

• Screening of applications
  • To receive and record applications, contact details or CVs received via phone or email from interested candidates or recruitment consultants.
  • To review and make informed decisions on whether to proceed the recruitment process
• Interview and selection
  • To communicate, schedule, plan, run, document and review interviews.
  • To make recruitment decisions based on the interviews.
• To take up references
  • We will use the information you provide us to take up references
  • To check the veracity of information you provided as part of your application process
• To make a job offer
  • If successful we’ll use the information you have provided to make and document a job offer formally.

Personal data we process

• Name
• Contact details
• Qualifications
• Employment history
• Other CV contents

Certain information that we process is classed as ‘special category data’. It is sensitive by nature. We have a higher duty of care in how we process this:

• Ethnicity
• Disability details
• Unspent Criminal Convictions

Who has access to your personal data

In order to operate our business and run our recruitment we rely on third parties to provide specialist support to us. To provide this support they will have access to, or a duty of care over your personal information. These providers are:

• IT Support company – to ensure the safe, secure and resilient operation of our IT infrastructure including computers, servers, phones and mobile devices.
• Software support companies – to provide specialist support and resolve issues with the software that we run, for example the systems we use to store and manage your recruitment progression
• Recruitment consultancies – where you have been introduced through a recruitment consultant.
• Referees – to confirm character and employment details

International transfer

All your personal data is stored and processed on systems that are within the European Economic Area (EEA) and offer the same level of legal protection and rights over your data.

In certain situations we transfer your personal information to the following countries which are located outside the European Economic Area (EEA):

• A country where you are resident or located in temporarily

This will be for the purposes of communicating with you about your recruitment process when you are based in a third country.

This international transfer is under Article 49(1)(b) – the transfer is necessary for the performance of a contract between the data subject and the controller

Retention schedule

Type of data	Retention period
Application details for successful candidates	These become part of your employee file and are retained in line with the information in our employee privacy notice.
Application details for unsuccessful candidates	These are destroyed automatically after 12 months unless earlier at your request. If you wish us to keep your details on record for longer you must request this in writing.

Legal basis for processing

We rely on the following grounds within the GDPR:

• Article 6(1)(b) – processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
• Article 6(1)(c) – processing is necessary for us to demonstrate compliance with the law or regulatory frameworks

GDPR recognises that additional care is required when processing special category (sensitive) data such as your health, religious views . We process this under the following grounds within GDPR

• Article 9(2)(b) – Legal obligations under employment or social benefit law

Your rights

Under the GDPR you have important rights free of charge. In summary, those include rights to:

• fair processing of information and transparency over how we use your use personal information;
• access to your personal information and to certain other supplementary information that this Privacy Notice is designed to address;
• require us to correct any mistakes in your information which we hold;
• require the erasure (i.e. deletion) of personal information concerning you, in certain situations. Please note that if you ask us to delete any of your personal information which we believe is necessary for us to comply with our contractual or legal obligations, we may no longer be able to provide care and support services to you;
• receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations;
• object at any time to processing of personal information concerning you for direct marketing;
• object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you;
• object in certain other situations to our continued processing of your personal information;
• otherwise restrict our processing of your personal information in certain circumstances;
• claim compensation for damages caused by our breach of any data protection laws;

For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation.

How to complain

We hope that we can resolve any query or concern you raise about our use of your information.

The GDPR also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone: 0303 123 1113.

Data controller details

Plinth Medical Limited & Plinth 2000 Ltd, Barric Lane, Occold, Suffolk, IP23 7PX

How to contact us

• Email – privacy@plinthmedical.com
• Post –FAO: Data Controller, Plinth Medical, Barric Lane, Occold, Suffolk, IP23 7PX
• Telephone – 01449 767887