Recruitment Privacy Notice

We collect the following personal information about you in of the following ways:

a) Information We collect from you

• Information that you provide when you apply for a role. This includes information provided through an online job site, via email, in person at interviews, via Workable recruitment videos where we send you questions and you record and return your responses and/or by any other method.
• In particular, We process personal details such as name, email address, address, date of birth, qualifications, experience, employment history, interests and other information you choose to state in your application.
• Details of your referees.
• Your nationality and immigration status and information from related documents, such as your passport
• Any disabilities of which we need to be aware, where any adaptations are necessary for example.
• If you contact Us, We may keep a record of that correspondence.
• A record of your progress through any hiring process that we conduct.
• • Details of your visits to Workable’s Website including, but not limited to, traffic data, location data, weblogs and other communication data, the site that referred you to Workable’s Website and the resources that you access

b) Information We collect from other sources

In the circumstances below, We will add to the information We collect from you, with information We receive from other sources. Workable provides Us with the facility to link the data you provide to Us, with other publicly available information about you that you have published on the Internet – this may include sources such as LinkedIn and other social media profiles.

Workable’s technology allows Us to search various databases – some publicly available and others not, which may include your personal data (include your CV or Resumé), to find possible candidates to fill Our job openings. Where We find you in this way we will obtain your personal data from these sources.

We may receive your personal data from a third party who recommends you as a candidate for a specific job opening or for our business more generally.

Other:

• Information about your previous academic and/or employment history, including details of any conduct, grievance or performance issues, appraisals, time and attendance, from references obtained about you from previous employers and/or education providers.
• Confirmations regarding your academic and professional qualifications.
• Information regarding your criminal record, in criminal records certificates and enhanced criminal records certificates (from the Disclosure and Baring Service)

We use the personal information We collect to ensure that We provide you with the best possible support now and in the future. We have appointed a Data Protection Officer to ensure that Our procedures for handling data subject information and requests meet with Our obligations.

We use the personal information that We that We collect from/ about you to:

• to assess your suitability for a role;
• to take steps to enter into a contract;
• for compliance with a legal obligation (e.g. our obligation to check that you are eligible to work in the United Kingdom);
• Communicate with you.

We seek to ensure that our information collection and processing is always proportionate. We will notify you of any changes to information we collect or to the purposes for which we collect and process it.

Ieso works hard to ensure that only the right people have access to your personal data, and information is only shared on a strictly ‘need to know’ basis. Anyone receiving information about you will be under an equal legal duty to keep it confidential. Recruitment information is usually only shared internally between our talent acquisition manager and the hiring manager, although on occasions an internal reviewer or an external consultant may also be granted access.

As set out above, we pass your information to our third-party service providers, including Workable, who use it only in accordance with our instructions and as otherwise required by law.

Where you have applied for a job opening through the Indeed Apply functionality, and where you have consented to this disclosure, We will disclose to Indeed certain personal data that We hold, including but not limited to a unique identifier used by Indeed to identify you, and information about your progress through our hiring process for the applicable job opening, as well as tangible, intangible, visual, electronic, present, or future information that we hold about you, such as your name, contact details and other information involving analysis of data relating to you as an applicant for employment (collectively “Disposition Data”). Indeed’s Privacy Notice in respect of Indeed’s use of the Disposition Data is available on Indeed’s website.

Where you have applied to a job opening through another service provider, we may disclose data similar to the Disposition Data defined above to such service provider. The service provider shall be the data controller of this data and shall therefore be responsible for complying with all applicable law in respect of the use of that data following its transfer by Us.

We may also need to share some of the above categories of personal information with other parties, such as HR consultants and professional advisers. Usually, information will be anonymised, but this will not always be possible. The recipient of the information will be bound by confidentiality obligations.

We do not sell, use or share your personal information for direct marketing or other external promotional purposes.

We will always seek your permission ahead of disclosing any information that identifies you directly to any other person or organisation, or, for any other reason not set out in this policy unless We have an overriding legal duty to do so.

Transferring data outside the UK

The data that We collect from you and process using Workable’s Services may be transferred to, and stored at, a destination outside the European Economic Area ("EEA"). It may also be processed by staff operating outside the EEA who work for Us or for one of our suppliers. We have appropriate technical and organisational measures in place to seek to ensure that information is processed security and data subject rights are not diminished. By submitting your personal data, you agree to this transfer, storing and/or other processing.

In particular, your data may be accessible to i) Workable’s staff in the USA or ii) may be stored by Workable’s hosting service provider on servers in the USA as well as in the EU. The USA does not have the same data protection laws as the United Kingdom and EEA. A Data Processor Agreement has been signed between Workable Software Limited and its overseas group companies, and between Workable Software Limited and each of its data processors. These data processor agreements are designed to help safeguard your privacy rights and give you remedies in the unlikely event of a misuse of your personal data. Workable have self-certified for the Privacy Shield. If you would like further information, please contact Us (see ‘Your questions and how to contact us’ below).

We place great importance on the security of personal identifiable information. We have put controls in place to safeguard your personal information, applying physical, technical and procedural measures against unauthorised access, loss, misuse and alteration of personal information under Our control.

We limit access to your personal data to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where We are legally required to do so.

We have achieved the International Standard certification for information security (ISO 27001) and maintain the Cyber Essentials Plus certification.

Unfortunately, the transmission of information via the internet is not completely secure. Although We will do Our best to protect your personal data, We cannot guarantee the security of your data transmitted through any online means, therefore any transmission remains at your own risk.

If your application to become a PWP working on the Ieso project, an Affiliated Therapist or an Ieso employee is unsuccessful or you withdraw from the process, We retain your details for 6 months from the date of this decision.

(If you are successful for a role at Ieso you will be issued with an Employment Contract, and once signed become an employee; if successful for a role as an affiliated therapist, you will be issued with a therapist Agreement to work with us on a self employed basis; if successful as a PWP, you will be issued with a contract from Umbrella Company.

Limited and be able to work on the Ieso project through them. At this time We need to process other personal data for other purposes, so you will be supplied with a different set of Privacy Notices with different retention periods.) Our data retention practices are reviewed at least annually in conjunction with industry standards and best practice.

Data protection law provides you with rights that Ieso Digital Health is committed to supporting you with:

• access to your personal data and to certain other supplementary information that this Privacy Notice is already designed to address
• require Us to correct any mistakes in your information which We hold
• require the erasure of personal data concerning you in certain situations
• receive the personal data concerning you which you have provided to Us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations
• object at any time to processing of personal data concerning you for direct marketing
• object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
• otherwise restrict our processing of your personal data in certain circumstances

For more detailed information on your rights visit the ICO website

If you would like to exercise any of these rights, please:

• contact us using our contact details below
• let Us have enough information to identify you,
• let Us have proof of your identity and address, and
• let Us know the information to which your request relates.

If you need any assistance in these areas, please write to:

The Data Protection Officer
Ieso Digital Health (UK) Limited
Jeffreys Building
Cowley Road
Cambridge CB4 0DS

Or by email, For the Attention Of the Data Protection Officer, to info@iesohealth.com

You have the right to make complaints and request investigations into the way your information is used. Please contact Our Data Protection Officer in the first instance.

If you remain unhappy with a response you receive, you can also refer the matter to the Information Commissioner's Office.

You can call the ICO on 0303 123 1113 or write to them at:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Additionally, you also have a right to seek to enforce your rights through the courts.

If you have any questions or comments about these notices, please let us know:

By email: info@iesohealth.com
By telephone: on 01223 608760
Or by post to:
Jeffreys Building, Cowley Road, Cambridge, CB4 0DS

To reach Our Data Protection Officer please use the above details and flag your communication for the attention of: Helen Simpson

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.