Introduction
Prime Healthcare Recruitment operates as both an employment agency and an employment business in accordance with the Conduct of Employment Agencies and Employment Businesses Regulations 2003.
We are dedicated to safeguarding the privacy and security of your personal data. This Privacy Policy explains the types of information we collect, how we use it, the measures we take to protect it, and the rights and options available to you regarding your personal information.
In this document, references to the Data Protection Act 2018 (DPA 2018), the General Data Protection Regulation (EU) 2016/679 (GDPR), and the Privacy and Electronic Communications (EC Directive) Regulations 2003 include any related legislation enacted under or alongside these laws.
Where personal data is processed by a data controller or processor based within the European Union, or where it relates to individuals located in the European Union, this also includes compliance with the EU General Data Protection Regulation (EU GDPR), as well as any future legislation that replaces or updates it.
This Privacy Policy should be read in conjunction with our Cookie Policy, which is available on our website.
Scope of This Privacy Policy
This Privacy Policy applies, where relevant, across the countries in which our international network operates. As data protection laws vary between jurisdictions, we have created country-specific versions of this Privacy Policy where necessary.
What Does This Privacy Policy Cover?
This Privacy Policy explains how Prime Healthcare Staffing handles your personal data if you are:
The Policy includes both a summary (short-form) section and a more detailed (long-form) version available on our website. It outlines how we collect, use, store, and process personal data, as well as how we meet our legal and regulatory responsibilities.
We review this Privacy Policy regularly and encourage you to revisit this page periodically to stay informed about any updates to our privacy practices.
What Is Personal Data?
Under the Data Protection Act 2018 (DPA 2018) and the General Data Protection Regulation (GDPR), personal data is defined as any information relating to an identifiable individual who can be identified directly or indirectly, particularly by reference to an identifier.
In simple terms, personal data is any information that can identify you, either on its own or when combined with other information we hold. This includes clear identifiers such as your name and contact details, as well as identification numbers, location data, and online identifiers.
Legal Bases for Processing Personal Data
The lawful basis for processing your personal data will depend on the nature of the information and the reason for processing it. If you choose not to provide certain personal data, or request that we stop processing it, we may be unable to fulfil our contractual obligations. In some cases, this may affect our ability to continue our relationship with you.
Legitimate Interests
When providing recruitment and work-finding services, Prime Healthcare Staffing may act as a Data Controller. In doing so, it is sometimes necessary to process personal data where it is in our legitimate interests, as permitted under the DPA 2018 and GDPR.
For example, we may process contact details under our “Recommend a Colleague” scheme. Referrals are often made by individuals within a work-seeker’s social circle, and we process this information on the basis that there is a legitimate interest in assisting the referred individual in securing employment.
Establishing, Exercising, or Defending Legal Claims
There may be occasions when we need to process personal data, and where appropriate, sensitive personal data, in connection with legal proceedings.
The DPA 2018 and GDPR permit processing where it is necessary for the establishment, exercise, or defence of legal claims, or where courts are acting in their judicial capacity.
For example, this may occur when we seek legal advice regarding proceedings or when we are legally required to retain or disclose specific information as part of a legal process.
Exercising Legal Rights and Meeting Employment and Social Security Duties
In certain situations involving Candidates, Temporary Workers, or other individuals, we may need to handle sensitive or special category personal information. This processing is carried out to ensure we meet our statutory and regulatory responsibilities.
For instance, we might use medical information to make sure appropriate support is provided if you have a medical condition or disability. This could involve sharing relevant health details with an occupational health professional to evaluate your condition, determine your fitness for work, consider return-to-work plans, and assess your overall work capability.
Under the Data Protection Act 2018 (DPA 2018) and the General Data Protection Regulation (GDPR), such processing is permitted where it is necessary to fulfil obligations or exercise specific rights in relation to employment, social security, or social protection law, provided this is legally authorised.
We may also process your personal data when it is required to meet obligations under a contract with you, to confirm that you are meeting your responsibilities to us, and to ensure that we are meeting our commitments to others. The DPA 2018 and GDPR allow processing where it is necessary to perform a contract to which you are a party, or to take steps at your request before entering into a contract.
Compliance with Legal Requirements
Beyond our contractual responsibilities, we may also need to process your personal data to meet other legal duties that apply to us, including in situations where Temporary Workers are employed or engaged directly by us. The DPA 2018 and GDPR permit processing where it is necessary to comply with a legal obligation.
For example, we may be required to share information with tax authorities, including details about your earnings and taxes deducted, in order to meet statutory reporting requirements.
Electronic Marketing
When sending you electronic marketing communications, we must not only rely on a lawful basis under the DPA 2018 and GDPR, but may also need to comply with the Privacy and Electronic Communications Regulations 2003 (PECR). Depending on the circumstances, this may require either your prior opt-in consent or a soft opt-in option.
This means we may contact you about products or services connected to the recruitment services we provide, provided you have not opted out of receiving such communications.
Consent
In some cases, we must obtain your permission before processing your personal data for specific purposes. Depending on the activity involved, this consent may be explicit opt-in consent under the DPA 2018 and GDPR, or soft opt-in consent under PECR.
The DPA 2018 and GDPR define consent as a freely given, specific, informed, and unambiguous indication of your agreement to the processing of your personal data, expressed through a clear affirmative action.
In practical terms, this means:
You must be able to decide freely, without pressure, whether to give or withhold consent.
You must clearly understand what you are agreeing to, and we will provide sufficient information to ensure this.
Where consent is required, you should be able to choose which activities you agree to and which you decline.
You must actively indicate your agreement, such as by ticking a box. We will keep a record of any consent you provide.
You may withdraw your consent at any time by contacting dpo@rssglobal.com
.
What Are My Rights?
One of the key aims of the DPA 2018 and GDPR is to safeguard and clarify the data protection rights of individuals in the UK and EU. Even after you provide us with your personal data, you continue to hold important rights regarding how it is used.
To exercise any of these rights, please contact dpo@rssglobal.com
. We aim to respond without undue delay and, in any case, within one month, subject to any lawful extensions. Where necessary, we may retain records of correspondence to assist in resolving your request.
Right to Object
You have the right to object to the processing of your personal data in the following circumstances:
Where processing is based on our legitimate interests.
Where it is necessary for performing a task in the public interest or exercising official authority;
For direct marketing purposes;
For scientific, historical, research, or statistical purposes.
The grounds most likely to apply to Website Users, Candidates, Temporary Workers, Clients, and Suppliers are legitimate interests and direct marketing.
If you object to processing based on legitimate interests, we must stop the activity unless:
We can demonstrate compelling legitimate grounds that override your interests; or
The processing is required for the establishment, exercise, or defence of legal claims.
If your objection relates to direct marketing, we will cease sending such communications.
Right to Withdraw Consent
Where processing is based on your consent, you may withdraw that consent at any time. Once withdrawn, we will stop the relevant processing activity unless another lawful basis applies, in which case we will inform you.
Data Subject Access Requests (DSARs)
You have the right to request confirmation of the personal data we hold about you and to ask for corrections, updates, or deletion where appropriate.
We may request proof of identity and further details to help us respond to your request.
Access to your data will normally be provided free of charge unless the request is manifestly unfounded or excessive. If you request additional copies, we may charge a reasonable administrative fee where permitted by law.
In certain circumstances, we may be legally entitled to refuse your request. If this occurs, we will explain the reasons.
Right to Erasure
You may request that we delete your personal data in certain circumstances, for example where the data is no longer necessary for the purpose for which it was collected, where you withdraw consent and no other lawful basis applies, or where processing is unlawful.
We will assess each request in accordance with applicable data protection laws and inform you of the outcome.
For certain Candidates, Temporary Workers, and other individuals, we may need to process sensitive or special category personal data to meet our legal and regulatory responsibilities.
For instance, we may process medical information to provide appropriate workplace support if you have a health condition or disability. This could include sharing relevant information with an occupational health professional to assess prognosis, return-to-work plans, or overall fitness for work.
The DPA 2018 and GDPR permit such processing where it is necessary to fulfil obligations or exercise rights in the field of employment, social security, or social protection law, provided it is legally authorised.
Performance of a Contract
We may process your personal data where it is necessary to fulfil a contract with you, to take steps at your request before entering into a contract, to ensure you meet your obligations to us, or to enable us to meet our obligations to third parties.
The DPA 2018 and GDPR allow processing where it is necessary for the performance of a contract or to take steps prior to entering into one.
Compliance with Legal Obligations
We may also process your personal data where it is necessary to comply with our legal obligations.
Right to Erasure
You are entitled to request the deletion of your personal information in specific circumstances. Generally, one of the following conditions must apply:
The information is no longer required for the purpose for which it was originally collected or processed.
You have withdrawn your consent (where consent was previously relied upon), and there is no alternative lawful basis for continuing the processing.
The data has been handled unlawfully, meaning it was processed in breach of applicable data protection legislation.
Deletion is necessary for us to meet a legal obligation as a data controller.
We processed the data on the basis of our legitimate interests, you have objected to that processing, and we cannot demonstrate overriding legitimate grounds to continue.
We may decline a request for erasure only where one of the following exceptions applies:
To protect the right to freedom of expression and information;
To comply with a legal duty or carry out a task in the public interest or under official authority;
For public health purposes in the public interest;
For archiving, research, or statistical purposes where deletion would seriously impair those objectives; or
For the establishment, exercise, or defence of legal claims.
Where a valid request is accepted, we will remove the relevant personal data accordingly.
Right to Restrict Processing
You have the right to ask us to limit how we use your personal data in certain situations. If processing is restricted, we may continue to store your information but will not process it further unless:
The issue giving rise to the restriction has been resolved;
You provide consent for further processing; or
Additional processing is necessary to establish, exercise, or defend legal claims, to protect another person’s rights, or for important public interest reasons within the UK, EU, or a Member State.
You may request restriction where:
You contest the accuracy of your personal data. In this case, processing will be limited while we verify its accuracy.
You object to processing based on our legitimate interests. We will restrict processing while we assess whether our grounds override your objection.
The processing is unlawful, but you prefer restriction instead of deletion.
We no longer need the data, but you require it for legal claims.
If we have disclosed your data to third parties, we will inform them of any restriction unless doing so is impossible or would require disproportionate effort. We will also notify you before lifting any restriction.
Right to Rectification
You have the right to request correction of any personal data we hold that is inaccurate or incomplete. Where your data has been shared with others, we will inform them of any corrections unless this is not feasible or would involve disproportionate effort. If appropriate, we will also inform you which third parties received the incorrect or incomplete information.
If we believe we have legitimate grounds not to comply with your request, we will explain our reasoning.
Right to Data Portability
You have the right to request that your personal data be transferred to another data controller. In practical terms, this enables you to move your RSS account details to another service provider.
To facilitate this, we will provide your data in a widely used, machine-readable format that is password-protected, allowing you to transfer it securely. Alternatively, where technically feasible, we can transmit the data directly to another organisation on your behalf.
This right applies only to:
Right to Lodge a Complaint
You have the right to raise concerns with the Information Commissioner’s Office (ICO) if you believe your data protection rights have been infringed.
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 0303 123 1113
Email: casework@ico.org.uk
If you would like to exercise any of these rights, or withdraw consent where consent forms the legal basis for processing, please contact us at
info@primehealthcarerecruitment.com
Where necessary, we will retain records of correspondence to assist in addressing any issues raised.
You may opt out of job alerts or marketing communications at any time by using the unsubscribe option included in our messages or by contacting inquiry@primenursinginstitue.com.
Finally, it is important that the personal data we hold about you remains accurate and up to date. Please inform us promptly of any changes to your information while we continue to process it.
What information do you collect about me and how is it collected; and how is it used, shared, and stored?
A brief overview is provided below. More detailed information is available in the full section of our website, which you can access by clicking the link that corresponds to your specific type of data subject.
Type of Person Concerned | What types of personal information do we collect? | How is your personal data collected? | How is your personal data used? | Who do we share your personal data with? | How long do we keep your personal data for? |
Candidates | To provide employment opportunities that are specifically suited to you, we need to process certain information about you. We will only request details that help us in this process, such as your name, age, contact information, education, work history, emergency contacts, immigration status, financial information (for background checks), social security number, and any other relevant information you choose to share.
Where necessary, and only to comply with legal requirements or to protect employment rights, we may also collect sensitive or special category data, including information about your health, diversity, or any criminal convictions. | We may collect your personal data from you directly, from third parties, or automatically.
Data you provide to us may include:
1. Your CV submitted in person, at a job fair, or online.
2. Photos or videos you upload to recruitment platforms.
3. Job applications submitted via aggregators that redirect you to our website.
Data we may receive from third parties includes:
1.References from your referees. 2. Information shared by clients, suppliers, or other candidates. 3. Personal data obtained from social media platforms if you interact with us there, such as liking us on Facebook or Twitter. 4.Data shared by Recruitment Process Outsourcing (RPO) or Managed Service Providers (MSP) if you were referred to us. 5.Nationality and immigration status information provided by the Home Office, where necessary and required. 6. Financial sanctions or criminal records data obtained from government databases, when necessary and required. | We typically use candidate data for five main purposes:
-Recruitment-related activities
-Marketing initiatives
-Monitoring and promoting equal opportunities
-Establishing, enforcing, or defending legal rights
-Where applicable, conducting psychometric assessments | When necessary and in line with legal and regulatory requirements, we may share your personal data for different purposes.
Some of our services involve third-party providers.
We carefully select these third parties and take measures to ensure your personal data is properly protected.
These third parties may include our clients, IT service providers, payroll providers, or background-check services. | Candidates with no contact: Data is retained for 6 months.
Candidates we have contacted but not placed: Data is retained for 1 year from the later of:
Candidate registration
Receipt of consent to represent for Conduct Regulations purposes (separate from data protection consent)
Last meaningful contact |
Potential candidates | If your information is publicly available online and we determine it is relevant to our services, we may collect and use it to evaluate how we can support your job search and to contact you. | We collect your contact information only if a candidate or staff member lists you as an emergency contact or dependent, or if a candidate provides it for you to act as a referee. | We use information from prospective candidates to determine whether our services may be relevant or beneficial to you. If we believe we can assist, we will use your information to contact you about how we can help. | If we have identified you as a prospective candidate, we may share your information with our group companies and relevant third-party service providers so that we can contact you about our services. | Data is retained for 6 months if no contact is made, or for 1 year from the date of the last meaningful contact.
For prospective candidates referred to us by someone in your social circle, we will delete your data 7 days after the first contact attempt if no response is received. |
Someone providing assistance on behalf of a candidate | We ask for a referee’s contact information (name, email, and phone number) so we can verify details provided by a candidate or prospective employee and support the recruitment process.
Emergency contact details (name, email, and phone number) are collected to allow us to reach someone on your behalf in case of an emergency. | We only collect your contact information if a candidate or staff member lists you as an emergency contact or dependent, or if a candidate provides it for you to act as a referee. | We use referees’ personal information to support candidates in finding suitable employment. Verifying referees’ details and qualifications helps us match candidates with the right employers.
When referees provide references based on their professional experience with a candidate, and if they may be interested in our services, we might also contact them in that capacity.
We use the personal data of emergency contacts for candidates or staff members in case of an accident or emergency.
The personal data of staff dependants or other beneficiaries is used to help staff access certain benefits or employment rights. | Unless you indicate otherwise, we may share your information with our group companies and relevant third parties, including service providers and organizations we work with. | Data is retained for 6 months if no contact is made, or for 2 years from the date of the last meaningful contact. |
Client | If you are one of our clients, we need to collect and use information about you or people in your organization to provide or offer our services. These services may include:
1.Identifying suitable candidates for you or your organization. 2.Delivering a Managed Service Provider (MSP) program or supporting another organization in doing so. 3.Providing Recruitment Process Outsourcing (RPO) services or assisting another organization with these services. | We collect your personal data either:
Directly from you, or
From third parties (such as our candidates or temporary workers) and other limited sources, including online and offline media. | The primary purpose of using client information is to introduce ourselves and to ensure that any contractual arrangements are properly managed, allowing the relationship to run smoothly. This may include:
Identifying candidates who are a good fit for you or your organization.
Delivering a Managed Service Provider (MSP) program or supporting another organization in doing so.
Providing Recruitment Process Outsourcing (RPO) services or assisting another organization with these services.
Offering services to your employees, such as training courses.
The more information we have, the more tailored and effective we can make our services. | We may share your data to:
Ensure we provide you with a suitable pool of candidates.
Deliver a Managed Service Provider (MSP) program or assist another organization in doing so.
Provide Recruitment Process Outsourcing (RPO) services or support another organization with these services.
Offer services to your employees, such as training courses.
Unless you tell us otherwise, your information may also be shared with our group companies and relevant third-party service providers to help us achieve these objectives. | Data is retained for 6 months if no contact is made, or for 2 years from the date of the last meaningful contact. |
Supplier | We require a small amount of information from our suppliers to deliver your services and meet our contractual obligations.
This may include contact details for key individuals at your organization, so we can communicate with you, and bank details to process payments for the services you provide. | We collect your personal data as part of our work with you. | We use your personal data mainly to ensure our contractual arrangements are properly carried out and to comply with the law. | Data is retained for 6 months if no contact is made, or for 2 years from the date of the last meaningful contact | |
Temporal Worker | If we hire or engage you directly as a Temporary Worker, we will need to process some additional information beyond what we collect from Candidates. This includes essential details such as your start date, bank information, and records of previous pay, pensions, and benefits arrangements.
Where relevant and in line with legal obligations, we may also infer certain information—such as trade union membership, sexual orientation, or childcare or caregiving arrangements. This may occur when you provide details related to salary deductions for trade union fees or childcare vouchers, or when you share information about your emergency contact. | We obtain your personal data either directly from you or from third-party sources. | If we employ or engage you directly as a Temporary Worker, we primarily use your personal information to support the effective management of our temporary working relationship. This includes fulfilling our contractual and mutual obligations, meeting our responsibilities to our Clients as part of that relationship, and complying with our legal duties to third parties such as tax authorities and government bodies. | If we employ or engage you directly as a Temporary Worker, we may share your personal data with certain additional parties to support the effective management of our temporary working relationship. For instance, your information may be shared with relevant colleagues within RSS (including those in overseas offices), with our Clients, and, where necessary, with medical professionals such as your GP or an occupational health specialist. | Six years from the later of the following:
-the end of your most recent assignment, or
-one year after the last meaningful contact. |
Permanent Worker | Following the same approach as described for Temporary Workers above. | Following the same approach as described for Temporary Workers above. | Following the same approach as described for Temporary Workers above. | Following the same approach as described for Temporary Workers above. | Two years from whichever is later:
the date of your placement, or
one year after the last significant contact. |
Visitors to our website | When you visit our website or click links in our emails, we collect certain information from you. We gather a limited amount of data from Website Users to enhance your experience on our site and to help us manage the services we offer.
This includes details such as how you navigate the website, how often you visit, and the times when the site is most active.
We may collect your IP address, data from your social media interactions (like likes, shares, and tweets), information you provide when reporting issues with our website or services, and any additional information you voluntarily share or that we request to better understand your preferences and interests.
We also gather information through cookies or similar technologies stored on your device—more details on this and our usage can be found in our Cookie Policy. | We automatically gather certain data through cookies when you access our website, according to your browser’s cookie settings. For more information about cookies, how we use them, and your available options, please see our Cookie Policy.
Additionally, some of our emails include an invisible tracking pixel, which helps us see which messages are opened. If you do not want this information to be collected, you can disable automatic image downloads in your email program or service. | We use your data to improve your experience on our website—for instance, by analysing your recent job search activity to show you roles that may be of interest.
For more details about cookies, how we use them, and the options available to you, please see our Cookie Policy.
Please note that communications with our staff, including emails, may be reviewed as part of internal or external investigations or legal proceedings when necessary. |
