Privacy Policy for Xpress Health and Group Companies
Overview
This privacy notice is issued on behalf of Xpress Health (IE and UK) and all its group companies. If you require a printed copy of this privacy notice or our group companies, please contact us using the details below.
When we mention “we”, “us” or “our” in this privacy notice, we are referring to any company in Xpress Health that uses your personal data.
The controller for your personal data is Xpress Health.
This privacy notice applies to you when you visit any of our websites across Xpress Health.
All data collected is stored within the UK or Irish Servers.
Please contact us using the details below if you have any questions about this privacy notice or personal data we hold about you:
• by email to: [email protected]; or
• by writing to: Data Protection Officer, Xpress Health, Park West Enterprise Centre, Dublin, Ireland or Xpress Health, 121, Forsyth House, Belfast, UK.
If you have any concerns about the personal data we use about you, you have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues, by contacting them at www.ico.org.uk. We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please feel free to contact us in the first instance.
We regularly review this privacy notice and will update it where necessary. We do recommend you regularly review this privacy notice to make sure you have the most up-to-date information. This privacy notice was last updated on 10/10/2023.
1. When will this privacy notice apply?
This privacy notice will apply to personal data that we collect from you when you:
• visit one of our websites across Xpress Health;
• make an initial job application on one of our websites;
• register as a job seeker on one of our websites;
• request a new password for an online account as a job seeker;
• recommend a friend via one of our websites;
• request a call back via one of our websites (please note when we call you back this may be on a recordable line, as we record our calls for quality and monitoring purposes).
We are committed to ensuring that your privacy is protected. If you provide us with personal data, you can be assured that it will only be used in accordance with this privacy notice.
2. What is the lawful basis for using your personal data?
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data for the purposes below. These are commonly called the lawful basis for processing.
• Legitimate Interests – processing is necessary for the purpose of the legitimate interests pursued by Xpress Health or a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data.
• Consent – you have given your consent to the processing of your personal data for the processing detailed in this privacy notice.
We will only use your personal data for the purposes for which we collected it unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose in this privacy notice.
3. What personal data must you provide to us to enable us to contact you or register your details for an account?
We require certain personal data from you. Without this personal data, we would not be able to fulfill your request to contact you or for you to register an account with us for the purposes of us finding you certain job opportunities. These fields have been marked with an “*”.
4. Why is your personal data shared across Xpress Health companies?
The personal data that you provide will be shared within Xpress Health, to enable us to provide our services to you, increase the number of job opportunities available to you, and improve the services of the Group.
5. Which third parties is your personal data shared with?
We will share your personal data with the third parties who provide operational services for us, for example, IT platforms and software providers.
We require all third parties to respect the security of your personal data and to treat it in accordance with data protection laws. Where we share your personal data with third parties who provide operational services to us, we only permit them to process your personal data for specified purposes in accordance with our instructions. The personal data stored in the local servers is also accessible by third-party support services such as “Xpress Global” amongst other suppliers.
6. How long do we keep your personal data?
We will only keep your personal data for as long as is necessary for the purposes for which it was collected. In order to determine the appropriate retention period for your personal data, we consider the amount, nature, and sensitivity of your personal data and the likelihood of a suitable job opportunity arising.
7. Will we transfer your data outside of the European Economic Area?
As an international organization, we may transfer your personal data globally within Xpress Health. Additionally, we may transfer your personal data to third parties who are outside of the European Economic Area (EEA).
Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
• We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission;
• Where we use third parties outside of the EEA, we may use specific contracts approved by the European Commission, these are sometimes known as standard contractual clauses which give personal data the same protection it has in the EEA;
If you would like more information about the methods used to transfer your personal data outside of the EEA, please contact us at [email protected].
8. How do we safeguard your personal data?
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed. In addition, we limit access to your personal data to only those employees, agents, contractors, and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
9. How do we use cookies?
Information about how you use our website is collected automatically using “Cookies”. Cookies are small files that are sent to your device when you visit a website or app. They stay on your device and are sent back to the website or app they came from when you visit it again. For more information about cookies please visit www.allaboutcookies.org. You can control and delete cookies through your browser settings for more information on how to do this please visit www.allaboutcookies.org/manage-cookies.
10. Who is responsible for external links on our websites?
Our website may contain links to other websites provided by third parties not under our control. When following a link and providing personal data via that link please be aware that we are not responsible for the information provided by that third-party. When you click on links to other websites you should read their privacy notices.
11. What rights do you have in relation to your personal data?
You have the following data protection rights when we use your personal data:
a. Your right to request access to your personal data – this enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
b. Your right to request correction of the personal data that we hold about you – this enables you to have any incomplete or inaccurate personal data we hold about you corrected, though we may need to verify the accuracy of the new personal data you provide to us.
c. Your right to request the erasure of your personal data – this enables you to ask us to delete or remove personal data where there is no good reason for us to continue to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to the processing under Section (d) where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
d. – this enables you to object to the processing of your personal data where we are relying on legitimate interests (or those of a third party) and there is something about your situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
e. Your right to request restriction of processing of your personal data – This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the personal data is unlawful but you do not want us to erase it; (c) where you need us to hold the personal data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your personal data but we need to verify whether we have to override legitimate grounds to use it.
f. Your right to withdraw consent – this right arises at any time when we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
g. Your right to data portability – You have the right to ask that we transfer the personal data you gave us to another organization, or to you, in certain circumstances.
If you would like to exercise any of these rights, please email [email protected] . In most cases, we will deal with your request as soon as possible and at the latest within one calendar month of the request. If we need to extend the time period for responding to your request, we will let you know within the one-month period. We do not charge a fee for any such requests unless there are exceptional circumstances.