Company Name: HealthHireUK Ltd.

Company Registration Number: 15454323

Last Updated: [21.09.2024]

Introduction

HealthHireUK Ltd. is committed to ensuring the privacy and protection of all personal data

that we collect, store, and process in compliance with the UK General Data Protection

Regulation (GDPR) and the Data Protection Act 2018. This policy outlines how we manage

personal data and protect the privacy rights of individuals.

1. Scope

This policy applies to all personal data processed by HealthHireUK Ltd., including data

from employees, contractors, customers, suppliers, and other stakeholders. It covers data

processed throughout the whole of our business operations.

2. Data Controller

HealthHireUK Ltd. is the data controller for personal data processed in connection with

our business. We are responsible for determining the purposes and methods for

processing the personal data we collect.

3. Lawful Basis for Processing

We only process personal data where there is a lawful basis under the GDPR, including:

• Consent: Where individuals have provided their clear and informed consent.

• Contractual necessity: When processing is required to fulfill a contract.

• Legal obligation: When processing is necessary to comply with a legal

requirement.

• Legitimate interests: Where processing is necessary for our legitimate business

interests, provided these are not overridden by individuals' rights.

4. Data Collection and Usage

Personal Data We Collect:

HealthHireUK Ltd. collects and processes the following types of personal data:

• Employees and contractors: Name, address, contact information, employment

history, qualifications, references, health information (where applicable), and

payroll data.

• Clients and customers: Contact details, personal details required for production

of CV’s and any relevant documents, company information, and relevant

communication records.

Purposes for Data Collection:

• Managing employment contracts, payroll, and HR functions.

• Complying with legal obligations, such as health and safety, tax, and employment

laws.

• Providing services to clients (primarily CV writing) and managing business

operations.

5. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it

was collected or to meet legal, regulatory, or contractual obligations. Retention periods

are periodically reviewed, and data is securely deleted or anonymized when no longer

needed.

6. Data Security

We implement appropriate technical and organizational measures to safeguard personal

data, including:

• Encryption of sensitive data.

• Regular security audits and risk assessments.

• Access control to ensure that only authorized personnel can access personal data.

• Secure disposal or deletion of personal data when no longer required.

7. Data Sharing and Transfers

HealthHireUK Ltd. may share personal data with third parties in the following

circumstances:

• With service providers who assist with our business operations, such as payroll or IT

services.

• To comply with legal obligations or in response to lawful requests by public

authorities.

• When required by clients or customers for business purposes, under contractual

agreements.

We ensure that any third parties we share data with adhere to GDPR standards. If data is

transferred outside the UK or EEA, we ensure appropriate safeguards are in place, such as

Standard Contractual Clauses or other lawful transfer mechanisms.

8. Data Subject Rights

Individuals whose personal data we process have the following rights:

• Right to access: Request access to the personal data we hold about them.

• Right to rectification: Request corrections to inaccurate or incomplete data.

• Right to erasure: Request deletion of personal data, subject to legal or contractual

obligations.

• Right to restrict processing: Request limitations on the processing of their

personal data.

• Right to data portability: Request transfer of their personal data to another service

provider in a structured, commonly used format.

• Right to object: Object to processing based on legitimate interests or direct

marketing.

• Right not to be subject to automated decision-making: Request human

intervention if they are subject to decisions made solely by automated means.

To exercise these rights, individuals may contact us at the details provided below.

9. Data Breach Management

In the event of a data breach, HealthHireUK Ltd. will:

• Notify the Information Commissioner's Office (ICO) within 72 hours if the breach is

likely to result in a risk to individuals' rights and freedoms.

• Inform affected individuals without undue delay if the breach poses a high risk to

their privacy rights.

• Investigate and take immediate action to contain and mitigate the breach.

10. Updates to This Policy

We may update this GDPR policy from time to time to reflect changes in our data practices

or legal requirements. Any updates will be communicated through our website or other

appropriate channels.

11. Contact Information

For any questions, concerns, or requests regarding this GDPR policy or the processing of

personal data, please contact us via email:

Info@healthhireuk.com

Alternatively, you can contact the UK Information Commissioner's Office (ICO) if you are

unsatisfied with our response to your data protection concerns.