Recruitists – Privacy Notice
for Locums and Other Candidates
Who we are
We are Recruitists. For the purposes of this notice, the term 'we' encompasses all those employed by us to carry out our business, either directly or as external contractors.
Our Contact Details
hardeep.heer@live.com
Privacy laws
The processing of your personal data is governed by the General Data Protection Regulations (GDPR), enacted in the UK by the Data Protection Act 2018.
The capacities in which we process data
In providing you with our services, we will be acting as a controller of personal data (as defined by Article 4(7) GDPR) with respect to any processing for which we determine the purpose and means. This includes data that we obtain from you in order to facilitate the administration of our business relationship and the fulfilment of our contract with you.
The purposes of this privacy notice are;
This notice is designed for individuals who register with us with the purpose of either;
- obtaining professional engagements with third-party organisations in the capacity of medical locum, or;
- seeking employment opportunities in any other capacity.
It is intended to provide information about the processing of your data in accordance with the 'transparency' requirement of Article 13 GDPR.
The types of personal data we collect
Contact data: name, address, email, home/mobile telephone numbers.
Biographic & professional: references, certifications, qualifications, authorisations.
Any criminal convictions you declare to us.
Name, home address, date of birth, gender, photographic ID.
Terms and conditions of any contract with us.
We may also collect Special Category Personal Data:
- Personal identification documents that may reveal race or ethnic origin, possibly biometric data;
- Information provided to us by you in the course of a professional relationship.
How we collect the personal data
We may collect this information in a variety of ways. For example, data might be collected through:
- online web forms completed by you;
- correspondence with you; or
- through interviews and meetings.
We may also obtain personal data indirectly from sources such as public registers or previous employers.
Providing your personal data
We will tell you if providing some personal data is optional, including if we ask for your consent to process it. In all other cases, we need you to provide your personal data so we can provide professional services to you.
📢 Prominent disclosure & consent – unexpected data collection
Our app may request access to certain device features (such as camera, microphone, or precise location) only when necessary to facilitate a specific locum or employment engagement (e.g., identity verification, virtual interview, or timesheet confirmation). We will always ask for your explicit consent before collecting any such data, and a clear explanation will be provided at the point of request. You may withdraw consent at any time via your device settings or by contacting us. We do not collect sensitive data (like background location) without your affirmative permission.
For any data collection that falls outside what is necessary for our core service, we obtain consent in advance and provide an easy opt-out. This complies with Google Play’s prominent disclosure requirements.
What we use your personal data for
Fulfilment of contract
- Providing professional services at your request and as defined in correspondence or contracts between us, and taking steps to fulfil your wishes prior to entering such a relationship.
Other business purposes
- Legitimate interests: fulfil business commitments to provide locum resources
- Good governance, accounting, managing and auditing
- Surveys of client experience and quality
- Monitor emails, calls, other communications
- Market research, surveys, developing statistics
To comply with a legal obligation
- When you exercise your rights under data protection law
- Compliance with legal and regulatory requirements
- Establishment and defence of legal rights
- Prevention, detection and investigation of crime
- Investigate complaints, legal claims and data protection incidents
The legal bases for processing
In providing you our services, we will process your personal data under Article 6 (1)b GDPR (performance of a contract).
In addition, we may process on these legal bases:
- Consent – Article 6 (1)(a)
- Legal obligation – Article 6 (1)(c)
- Vital interests – Article 6 (1)(d)
- Public interest – Article 6 (1)(e)
- Legitimate interests – Article 6 (1)(f)
Where we process special category data, we do so on the basis of Article 9(1)(g) – substantial public interest and Article 9(1)(h) – the provision of healthcare, in respect of determining competence and authority to act in a medical capacity.
Sharing of your personal data
Subject to applicable data protection laws we may share your personal data with:
- Organisations with professional relationship for locum/employment
- Sub-contractors and other persons who help us to provide services
- Legal and other professional advisors, auditors
- Fraud prevention agencies, credit reference, debt collection
- Government bodies (HMRC, ICO) and overseas regulators
- Courts, to comply with legal requirements
- In an emergency or to protect your vital interests
- To protect security/integrity of our business
- When we restructure, merge or sell business/assets
- Any other party with your consent or as required by law
Use of your personal data for marketing purposes
With your consent, and subject to your communications preferences, we may use your contact details to send you emails containing information on services which we think may be of interest to you. We will not share your data with any external party for marketing purposes.
You are free at any time to change your mind and withdraw your consent by contacting us using the details given at the top of this Notice. This will not affect the services we provide to you.
How long do we keep your data?
- Tax records: minimum six years from the end of the tax year in which relationship ended or last service provided.
- Other information: minimum five years from termination or last service.
- Longer periods: in case of queries, possible claims, or other legal/regulatory requirements.
🗑️ Data deletion & account removal
Your right to erasure (‘right to be forgotten’): If you have registered with us (whether as a locum, candidate, or user), you may request deletion of your personal data and account at any time. To exercise this right, contact us using the details at the top of this Notice or, where available, use the in-app account deletion feature.
Upon receiving a verified deletion request, we will delete your personal data from our active systems within 30 days, unless we are required to retain certain information to comply with legal obligations (such as HMRC record-keeping, as noted in our retention section). Any retained data will be held securely and only for the permitted purpose.
If you have any questions about the deletion process, please contact Hardeep Heer using the details above.
Your rights under applicable data protection law
- Right to be informed
- Right to access
- Right to rectification
- Right to erasure
- Right to restrict processing
- Right to data portability
- Right to object
- Rights related to automated decision-making
You may exercise these rights by contacting us using the details given at the top of this Notice. You are not required to pay any charge. We will respond within one month.
How to complain
If you have any concerns about our use of your personal information, you can make a complaint to us using the details given at the top of this Notice.
You can also complain to the Information Commissioner's Office:
Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF
Helpline number: 0303 123 1113
The data we process under 2(b) above will consist of data provided to us by you as its controller, in order that we may carry out processes specified by you. Where such data relates to other data subjects (your employees or contractors) we will process it on the understanding of your compliance with the provisions of the GDPR and, in particular, that;
- You have met the transparency requirements of Article 13 GDPR in respect of informing those data subjects about your sharing of their data with us and our processing of it, and;
- You have established and documented legal bases for the processing of their data and, in particular, any special category data. Where such legal bases include the consent of the data subject, you have obtained, and documented, informed and freely given consent.
In acting as a data processor on your instructions, we confirm that we shall respect the privacy rights and freedoms of those data subjects whose data you share with us. In particular, and in accordance with the requirements of Article 28 GDPR, we shall;
- Only act on your documented instructions, unless required by law to act without such instructions or it is in the vital interests of the data subject to do so;
- Ensure that people processing the data are subject to a duty of confidence;
- Take appropriate measures to ensure the security of processing;
- Only engage a sub-processor with your prior authorisation and under a written contract which contains all of the technical and organisational measures necessary to ensure compliance with these stipulations and any other GDPR requirement relevant in the circumstances;
- Take appropriate measures to assist you to respond to requests from individuals to exercise their rights under GDPR;
- Taking into account the nature of processing and the information available, assist you in meeting GDPR obligations in relation to the security of processing, the notification of personal data breaches and data protection impact assessments;
- Delete or return all personal data to you (at your choice) at the end of the contract, unless the law requires its storage; and
- Submit to audits and inspections.