We are obliged to process your personal data for various reasons, which we will explain below. These reasons include processing of your data for legal, regulatory and contractual purposes in order for us to enter into an employment or consulting services contract with you, as well as for our legitimate interests in the way we control the security of our offices and IT systems.
2. Personal information that we collect
In order to be considered for employment you will be asked to provide us with personal information. The types of personal information that we may collect and use include:
- Address, and evidence of you living at your given address
- Contact details
- Regulatory information, such as National Insurance Number and other forms of identification
- Personal legal information, such as date of birth and gender
- Data around your employment history, such as your CV and references from former employers
- Education history
- Information relating to employment and tax status (current and requested remuneration, and any relevant tax matters)
- Aptitude testing of cognitive abilities through psychometric testing
- Public legal information, such as criminal convictions (as applicable)
- Background checks, via a third-party specialist provider, including visa status, the need for sponsorship, the right to work in the UK, proof of current address, criminal activity, current and previous employment, academic verification, international sanctions and credit history
Should you visit our offices at King Charles House in Oxford as part of your recruitment process, in order to maintain the safety of our team and to ensure the security of our company (both physical and virtual), we have implemented various security procedures. Those procedures will collect the following types of information about you:
- Your arrival and departure times from the office
- Any biometric data used to gain access to the office, including fingerprint or facial ID
- Your facial temperature to gain access to the office
- CCTV footage of your activity within the office
- Data relating to your activity in our IT networks
When providing us with this information, you represent that such information is accurate, complete, up to date and true and you acknowledge that it is supplied for the sole purpose of seeking employment or contracting vacancies.
3. Special Category information that we collect
The data protection laws define certain pieces of personal information as being “Special Category” information. This is data that reveals the following information about you: race, ethnicity, political opinion, religious / philosophical beliefs, trade union membership, genetic, biometric, health data, sex life and sexual orientation.
We have identified various types of Special Category data that we may collect and use:
- Health data, in relation to:
- any relevant health matters or disabilities that may have an impact on how you may work for us (obtained only at offer stage and through our Occupational Health provider, who will act as a separate data controller for that purpose)
- facial temperature measurements related to entry into our offices
- Biometric data: in relation to potential facial and fingerprint ID entry to our offices
- Nationality and ethnicity
Osler is an equal opportunities employer and does not in any way discriminate against any individual who provides information in line with Equal Opportunity categories, should you choose to provide this. Such information provided is only used for reporting on the diversity of our candidate base across the organisation.
4. Where your personal information comes from
Most of the personal information that we hold about you is provided by you. In addition, we may collect data from:
- Official authorities (for financial, tax, immigration and criminal history)
- Your previous employers
- Your attended education institutions
- The recruitment agency who introduced you to us, if applicable
- Cookies installed on our websites to improve the user experience
- Monitoring of your activity in our IT networks
5. What we do with your personal information
We carefully look after your information; giving access only to appropriate individuals who have a need to know. We store it in digital locations that are verified as being appropriately secure and we protect the data in our networks with advanced monitoring systems to make sure that it stays under our control. We review it for accuracy on a periodic basis, and finally, when we do not need your information anymore, we have policies to ensure that it is appropriately destroyed.
Generally, your information is used to assess and administer your application for employment at Osler, in the following ways:
- Contacting you as a potential candidate
- Conducting interviews
- Assessing the suitability of you as a potential candidate
- Doing background checks
- Preparing your employment contract for signature
- Internal procedures to onboard you as an employee or contractor
- Monitoring and reviewing Osler’s resourcing practices
6. Why we collect your information and the lawful basis for us doing so
The majority of the information collected about you is provided by you, and is therefore provided with your consent in order to ultimately enter into a contract of employment or a contractor’s service agreement. Such information includes your contact details, NI number, personal background, criminal convictions, health requirements, employment history, emergency contact details and other relevant information to initiate your contract.
Some information collected is because we have a legitimate interest in that information. This data, and the reason for collecting it is as follows:
- CCTV image data at our office – in order to ensure site safety and security
- Arrival and departure times at our office - in order to ensure site safety and security
- Biometric data (i.e. fingerprint / facial recognition at the door to the office) - in order to ensure site safety and security
- Activity in our IT networks – in order to protect our IT systems and valuable company information from both intentional and unintentional, internal and external, data loss or other cyber-threats
In some circumstances where we have a legal obligation to process special categories of data, we will do so without asking for consent. In other cases we will ask for you to give specific consent, where applicable.
In exceptional cases, we may process your data for the protection of a vital interest of yourself or another person.
7. Sharing your personal information with other parties
We share your information with other parties to help us to run our business effectively, and we also make use of certain third parties as a means of storing and securing your information. Given the fact that we leverage global resources, this means that we make use of such businesses to help process or store your data who may be based either outside of the UK or outside of the EU.
We ensure that we have appropriate contractual arrangements in place with all of our key suppliers. Our contacts ensure that our suppliers establish appropriate levels of data security and allow the supplier the right to receive, process and store the data as we so direct.
We also disclose your information to the following types of third parties:
- Outsourced organisations supporting the recruitment process (including background checking, psychometric assessments, video interviewing, and recruitment process managers)
- Third party providers who facilitate discussions with current employees to enable you to talk about working for Osler
For recruitment purposes, your data may also be shared with the hiring managers and relevant senior members of the hiring team.
8. How long we keep your personal information
We assess each item of data stored and develop a specific policy to govern how long the information is going to be retained. Each policy takes into account any statutory reason for retaining information (such as the statute of limitations), any events that would identify data for subsequent destruction (such as an unsuccessful recruitment outcome), and any reasonable timeframe for holding data for digital or physical security reasons.
9. Your rights on your personal information
Data protection legislation gives you the following rights in relation to your personal information held:
- you can ask what personal information is held and be provided with a copy of it;
- if personal information held about you is incorrect, you can ask for it to be corrected;
- you can ask for your personal information to be deleted or for the processing of your personal information to cease in certain circumstances;
- you can request that certain types of personal information held about you is sent to you or another organisation, in a format that can be read electronically;
- you can withdraw your consent for us to process your personal information, in circumstances where that processing is based on having received your consent;
- you can make a request to restrict the processing of your personal information in certain circumstances.
Exercising your rights is subject to certain restrictions under data protection legislation. For further information about exercising your rights, or to exercise your rights, you should write to us using the contact details in section 12.
10. Security measures
We take data security very seriously indeed and we apply appropriate security measures to protect your privacy and your data as follows:
- We limit the amount and type of data collected and processed to what is absolutely necessary for the required purpose of having the data
- We ensure that data is stored, transferred and disclosed using secure means, and where applicable with suitable levels of encryption
- We have contractual agreements with third party data processors, who we have vetted to ensure that they handle and store the data appropriately, and who are contractually required to adhere to appropriate security standards and policies
- Where appropriate, we use anonymization and pseudonymisation
- We follow our established data retention, accuracy and destruction policies
- We have active monitoring and information security safeguards on the Osler IT networks to prevent, detect and address any potential security threat
If you are unhappy at any stage with how Osler is using your personal information, you have the right to contact Osler's Data Protection Officer in the first instance or to lodge a complaint with the Information Commissioner's Office (ico.org.uk).
12. Contact us
If you have any questions about how your personal information is used, please feel free to contact us at the following address:
Paul Dixon (Data Protection Officer)
Osler Diagnostics Limited
King Charles House
Park End St
If you are dissatisfied with the way in which Osler has processed your personal data, you can contact our supervisory body, the Information Commissioner's Office. Please write to the following address:
Information Commissioner's Office
Telephone: 01625 545 745
Join us and build a better future.