Privacy policy


Our privacy policy – How we use your personal information

We are providing you with this privacy policy to help you understand how we collect, store and use your personal information during our recruitment activities.

In this Privacy Policy references to "we" or "us" or "Osler" are to Osler Diagnostics Limited. We act as a “Data Controller” for your personal data relating to your potential employment with us or your potential services to us as a contractor. We may also share your data with other companies, “Data Processors”, who help us in the processing and storage of that information, as is reasonably required for us to carry out our business. 

We take the privacy and security of your personal data very seriously.

1. Personal information that we collect

In order to be considered for employment you will be asked to provide us with personal information. The types of personal information that we may collect and use include:

  • Name
  • Address, and evidence of you living at your given address
  • Contact details
  • Regulatory information, such as National Insurance Number and other forms of identification
  • Personal legal information, such as date of birth, gender, marital status and nationality
  • Data around your employment and recruitment history, such as your CV and references from former employers, interview notes, test results, evidence of skills and qualifications, job application, right to work information etc.
  • Education history
  • Information relating to employment and tax status (current and requested remuneration, and any relevant tax matters)
  • Aptitude testing of cognitive abilities through psychometric testing
  • Public legal information, such as criminal convictions (as applicable)

  • Security clearance details including basic checks and higher security clearance details according to the requirements of your role

  • Background checks, via a third-party specialist provider, including visa status, the need for sponsorship, the right to work in the UK, proof of current address, criminal activity, current and previous employment, academic verification, international sanctions and credit history

In order to comply with our legal obligations, for equal opportunities monitoring, and to ensure the health, safety and wellbeing of our employees and visitors to our offices we may collect and use the following types of information:

  • Health, wellbeing or disability information of relevance, either declared by you or obtained from sources such as any recruitment agency involved in your potential employment

When providing us with any of the information listed above, you represent that such information is accurate, complete, up to date and true to the best of your knowledge, and that you will inform of us of any changes required to the information we may hold should any subsequent change be required.

2. Special Category information that we collect

The data protection laws define certain pieces of personal information as being “Special Category” information. This is data that reveals the following information about you: race, ethnicity, political opinion, religious / philosophical beliefs, trade union membership, genetic, biometric, health data, sex life and sexual orientation. We treat these categories of information (should such data be collected) with extra special care, and with greater levels of protection, because of their sensitive nature and so that we do not inadvertently interfere with your fundamental rights and freedoms. We will only process such types of data where we are legally allowed to do so (under the conditions allowed by Article 9 of the UK GDPR / Schedule 1 of the Data Protection Act 2018). 

We have identified various types of Special Category data that we may collect and use:

  • Your health data, in relation to any relevant health matters or disabilities that may have an impact on: 

    • how we can make reasonable adjustments to support you during the recruitment process

    • how you may work for us (obtained only at offer stage and through our Occupational Health provider, who will act as a separate data controller for that purpose), or

    • any visit you make to our offices

  • Your nationality and ethnicity 

Osler is an equal opportunities employer and does not in any way discriminate against any individual who provides information in line with Equal Opportunity categories, should you choose to provide this. Such information provided is only used for reporting on the diversity of our recruitment candidate base across our Company.

3. Criminal Offence information that we collect

The data protection laws give extra protection to the personal data of offenders or suspected offenders in the context of criminal activity, allegations, investigations, and proceedings. We carefully collect information about Criminal Offences (being criminal convictions and cautions) principally during the latter stages of our recruitment process. Because of the sensitive nature of this type of data we treat the information with extra special care and we will only process such types of data where we are legally allowed to do so (under the conditions allowed by Schedule 1 of the Data Protection Act 2018). We will collect the following information:

  • Any information that you voluntarily disclose to us

  • Public legal information, such as any criminal convictions

  • Background checks, via a third-party specialist provider, which identifies all relevant criminal records (convictions and criminal cautions that are considered to be unspent) and any international sanctions

  • Details of convictions and conditional cautions that are considered to be unspent under the terms of the Rehabilitation of Offenders Act (ROA) 1974, non-conviction information supplied by relevant police forces, and whether entries exist on the DBS Barred lists

4. Where your personal information comes from

Most of the personal information that we hold about you is provided by you. In addition, we may collect data from:

  • Official authorities, such as the HMRC, security clearance providers, or other government agencies

  • Your previous employers and from your indicated referees

  • Your attended education institutions

  • The recruitment agency who introduced you to us, if applicable

  • Our background checking agency

  • Cookies installed on our websites to improve the user experience

  • Monitoring of your activity in our IT networks, and

  • CCTV images from our offices

5. What we do with your personal information

We carefully look after your information; giving access only to appropriate individuals who have a need to know. We store it in digital locations that are verified as being appropriately secure and we protect the data in our networks with advanced monitoring systems to make sure that it stays under our control. We review it for accuracy on a periodic basis, we store only as much as we need, (we don’t do any profiling or automated decision making by the way), and finally, when we do not need your information anymore, we have policies to ensure that it is appropriately destroyed.

Generally, your information is used to assess and administer your application for employment at Osler, in the following ways:

  • Contacting you as a potential candidate
  • Conducting interviews
  • Assessing the suitability of you as a potential candidate
  • Doing background checks
  • Preparing your employment contract for signature
  • Internal procedures to onboard you as an employee or contractor
  • Monitoring and reviewing Osler’s resourcing practices

6. Why we collect your information and the lawful basis for us doing so

Some of the information collected about you is used to legally fulfil your prospective employment contract / contracting service at Osler, and so we can comply with our legal obligations as a prospective employer. Examples of such data include your contact details, bank details, NI number, personal background, criminal convictions and employment history.

Some information is collected with your consent – such as any medical information so we know how to look after you (and others) on site should a medical emergency or accident happen; and for the cookies on our websites.

Some information collected is because we have a legitimate interest in that information. This data, and the reason for collecting it is as follows:

  • Contact details – so we can get in touch with you when we need to

  • Gender, neurodivergency and disability data – in order to help us create the optimum inclusive working environment through implementation of good policy and process, and building Equity, Diversity and Inclusion (“ED&I”) awareness in our teams

  • CCTV image data at our office – in order to ensure site safety and security

  • Arrival and departure times at our office - in order to ensure site safety and security

  • Activity in our IT networks – in order to protect our IT systems and valuable company information from both intentional and unintentional, internal and external, data loss or other cyber-threats 

Where the information we process is classified as Special Category data (for example your health data - see section 2, above), the additional bases for processing that we rely on are either where processing is necessary for reasons of substantial public interest (equality of opportunity or treatment), or with your explicit consent. In addition we also rely on the processing condition at Schedule 1 part 1 paragraph 8 of the DPA 2018, relating to equality of opportunity or treatment.

Where we process information about criminal convictions and offences, the lawful basis on which we rely to process this data is for the performance of our prospective employment contract, and in addition we rely on the processing condition at Schedule 1 part 1 paragraph 1 of the DPA 2018, in relation to employment, social security and social protection.

7. Sharing your personal information with other parties

We share your information with other parties to help us to run our business effectively, and we also make use of certain third parties as a means of storing and securing your information. Given the fact that one of our delivery principles as a Company is to leverage global resources, this means that we make use of such businesses to help process or store your data who may be based either outside of the UK or outside of the EU.

The following list represents the key suppliers with whom we share certain types of data, and why: 

  • IT providers for the purposes of system development, technical support and website optimisation

  • Outsourced organisations supporting the recruitment process (for psychometric assessments, video interviewing, and recruitment process managers)

  • Third party providers who facilitate discussions with current employees to enable you to talk about working for Osler

  • Our solicitors, legal advisors or counsel, and

  • Government agencies and external auditors

In all these cases, we have ensured that we have appropriate safeguards in place with all of the above third parties. These safeguards include, where relevant:

  • Completing due diligence checks on the supplier’s general GDPR posture
  • Assessing the supplier’s cyber-security posture, including ensuring appropriate levels of data security
  • Understanding the destination of the data transfer and putting appropriate safeguards in place for any ‘restricted transfers’ outside of the UK; including checks of adequacy regulations, transfer risk assessments and International Data Transfer Agreements, as applicable
  • Assessing any sub-processing activities carried out by the supplier, and the associated risk
  • Establishing appropriate rights to receive, process and store the data as we so direct, through the implementation of suitably robust contractual arrangements

8. How long we keep your personal information 

We are careful to only keep your personal information for as long as reasonably necessary to fulfil the relevant purposes set out in this Privacy Policy and to comply with our legal and regulatory obligations.

We assess each item of data stored and develop a specific policy to govern how long the information is going to be retained. Each policy takes into account any statutory reason for retaining information (such as the statute of limitations), any events that would identify data for subsequent destruction (such as an unsuccessful recruitment outcome), and any reasonable timeframe for holding data for digital or physical security reasons. 

9. Your rights on your personal information

Data protection legislation gives you the following rights in relation to your personal information held:

  • You can ask what personal information is held and be provided with a copy of it

  • If personal information held about you is incorrect, you can ask for it to be corrected

  • You can ask for your personal information to be deleted or for the processing of your personal information to cease in certain circumstances

  • You can request that certain types of personal information held about you is sent to you or another organisation, in a format that can be read electronically

  • You can withdraw your consent for us to process your personal information, in circumstances where that processing is based on having received your consent, and

  • You can make a request to restrict the processing of your personal information in certain circumstances

Exercising your rights is subject to certain restrictions under data protection legislation. For further information about exercising your rights, or to exercise your rights, you should write to us using the contact details in section 12.

10. Security measures

We take data security very seriously indeed and we apply appropriate security measures to protect your privacy and your data as follows:

  • We limit the amount and type of data collected and processed to what is absolutely necessary for the required purpose of having the data

  • We ensure that data is stored, transferred and disclosed using secure means, and where applicable with suitable levels of encryption

  • We have contractual agreements with third party data processors, whom we have vetted to ensure that they handle and store the data appropriately, and who are contractually required to adhere to appropriate security standards and policies

  • If personal data is transferred overseas we ensure that we comply with UK GDPR, ensuring appropriate safeguards are in place

  • Where appropriate, we use anonymization and pseudonymisation

  • We follow our established data retention, accuracy and destruction policies

  • We have active monitoring and information security safeguards on the Osler IT networks to prevent, detect and address any potential security threat

11. Complaints

If you are unhappy at any stage with how Osler is using your personal information, you have the right to contact Osler's Data Protection Officer in the first instance or to lodge a complaint with the Information Commissioner's Office. We will endeavour to reply to you within 30 days and we will handle your complaint without delay.

12. Contact us

If you have any questions about how your personal information is used, or to exercise your rights, please feel free to contact us at the following address:

Data Protection Officer
Osler Diagnostics Limited
King Charles House
Park End St
Oxford 
OX1 1JD
Email: dpo@oslerdiagnostics.com

If such a request places Osler or our affiliates in breach of our obligations under applicable laws, regulations or codes of practice, then we may not be able to comply with your request, but you may still be able to request that we block (i.e. your right to object) the use of your personal information for further processing.

If you are dissatisfied with the way in which Osler has processed your personal data, you can contact our supervisory body, the Information Commissioner's Office, using the following contact details:

Information Commissioner's Office 
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 0303 123 1113

Join us and build a better future.