Recruitment Privacy Policy

Effective Date: 30th July 2025

Controller: Primary Care Solutions

Contact: hello@primarycaresolutions.co.uk

1. Purpose of This Privacy Policy

This Privacy Policy explains how Primary Care Solutions (“PCS”, “we”, “us”) collects, processes, stores, and shares your personal data in relation to our recruitment, onboarding, and workforce management processes.

We are committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This policy applies to all data submitted by prospective workers (including applicants, locums, contractors, and agency candidates) through our recruitment platform or associated tools (e.g. Typeform, Monday.com, Zapier).

2. What Data We Collect

We collect and process the following categories of personal data:

a. Identity & Contact Data

• First and last name, date of birth, personal and NHS email addresses, phone number, home address

b. Right to Work & Immigration

• Nationality, citizenship, immigration status, proof of right to work in the UK (e.g. passport, visa, BRP)

c. Professional Data

• NHS work history, staff role, clinical system experience (EMIS/S1/AccuRx/Docman), smartcard number, regulator and registration number, indemnity provider and status

d. Availability & Operational Readiness

• Start date, notice period, deployment readiness (e.g. VPN/system access), availability and working preferences

e. Financial & Business Data

• UTR number, bank account details, limited company name and registration number, business address

f. Metadata & System Logs

• Timestamps of form completion, consent logs, technical metadata related to submissions

3. Legal Basis for Processing

PCS processes your personal data lawfully under the following provisions of Article 6(1) and Article 9(2) of UK GDPR:

Assessing suitability for employment; Article 6(1)(b) – Performance of a contract

Verifying right to work & credentials; Article 6(1)(c) – Legal obligation

Maintaining operational readiness; Article 6(1)(f) – Legitimate interests

Processing special category data (e.g. health, immigration); Article 9(2)(b)/(g) – Employment and regulatory obligations

We may also request your explicit consent under Article 6(1)(a) where required (e.g. retention beyond 12 months, or system access provisioning via third-party providers).

4. How We Use Your Data

Your data may be used for the following purposes:

• Verifying your identity and right to work in the UK

• Assessing your qualifications and NHS experience

• Determining your readiness for remote deployment (e.g. tech setup, smartcard, system access)

• Creating payment records and onboarding as a contractor or company

• Allocating technical resources and operational support

• Communicating about roles, availability, and ongoing work

• Meeting legal, contractual, and regulatory requirements

We do not use your data for automated decision-making or profiling.

5. How We Store and Protect Your Data

Your data is stored on secure cloud-based systems (e.g. Typeform, Monday.com) hosted in GDPR-compliant environments. We use strong access controls, encryption in transit, and regular audit logs to protect personal data.

Access is restricted to PCS internal personnel and authorised third-party processors with confidentiality obligations.

6. Data Sharing and Transfers

We may share your data with:

• PCS internal staff involved in recruitment, onboarding, deployment, or compliance

• Technical support providers assisting with VPN, EMIS, or system access (under contract)

• Regulatory bodies (e.g. GMC, NMC, Home Office) where legally required

• Payroll/accounting processors (where applicable)

• IT and security service providers acting as data processors

We do not sell or transfer your data to third parties for marketing or commercial purposes.

If data is ever transferred outside the UK, it will be under valid legal safeguards such as adequacy decisions or Standard Contractual Clauses (SCCs).

7. Data Retention Policy

We retain recruitment and onboarding data:

• For 12 months after the end of the recruitment process, unless extended with your consent

• For as long as required to fulfil legal, tax, or contractual obligations if you are engaged by PCS

• For up to 7 years for financial records involving payment or HMRC compliance

You may request early deletion, unless PCS is legally required to retain your data.

8. Your Rights Under UK GDPR

You have the following rights under the UK GDPR:

• Access – request a copy of your personal data

• Rectification – correct inaccurate or incomplete data

• Erasure – request deletion of your data (“right to be forgotten”)

• Restriction – limit how we process your data

• Objection – to processing based on legitimate interests

• Data portability – request a copy in machine-readable format

• Withdraw consent – at any time, where processing is based on consent

To exercise any of these rights, email: recruitment@pcs.health

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk.

9. Changes to This Policy

We reserve the right to update this privacy policy at any time. Updates will be published on our website with a clear revision date. We may notify you directly where significant changes affect your rights or how we use your data.

10. Contact

For questions about this policy or your data rights, please contact:

hello@primarycaresolutions.co.uk