Occupational Health Privacy Policy

1. Introduction

At Healthier Business UK Ltd, we are committed to protecting and respecting your privacy. This Privacy Policy provides detailed information about the personal information we collect from you, how we use and protect this information, and your rights concerning your data.

We understand the importance of safeguarding your personal data, particularly in the context of occupational health services. We assure you that we take your privacy seriously and are committed to handling your data with the utmost care and transparency.

2. Who Are We?

We are Healthier Business UK Ltd, a provider of remote occupational health screening services to recruitment agencies throughout the UK. Our company is registered with the Information Commissioner’s Office (ICO) to process personal and special categories of information under the Data Protection Act 2018. Our registration number is Z2332395.

Contact Information:

• Main Telephone Line: 0141-889-5522
• Address: Unit 3009, Abbey Mill Business Centre, 12 Seedhill Rd, Paisley, PA1 1JS
• Company Registration Number: 13462064

3. Why We Collect Personal Information About You

Our employees managing your file need to collect and maintain information about your health to provide the best possible advice to your agency regarding your fitness to work. This processing is conducted under the legal basis of legitimate interests and for occupational health purposes as outlined under GDPR. The advice may include assessments of your fitness to work or recommendations for support if your immunisation status needs to be updated.

Healthier Business UK Ltd, on behalf of your agency, collects, stores, and processes personal information about your prospective job application and request for Fitness to Work, ensuring compliance with legal, professional, and industry requirements.

4. What is Our Legal Basis for Processing Your Personal Information?

Legal Basis for Processing Personal Information in Occupational Health

The primary legal basis for processing your personal information by Occupational Health as a private company includes the following:

• Legitimate Interests (Article 6(1)(f) GDPR): Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party. These legitimate interests include providing occupational health services to assess your fitness for work and ensuring compliance with health and safety regulations.
• Special Category Data (Article 9(2)(h) GDPR): We process special category data for the purposes of preventive or occupational medicine, assessing the employee’s working capacity, medical diagnosis, the provision of health or social care or treatment, or the management of health or social care systems or services.

Under these legal bases, candidates’ explicit consent is generally not required to process their personal data if it is for the abovementioned purposes. However, we will seek explicit consent to provide medical opinions or interventions. However, this is done as an additional safeguard and not as the primary legal basis per the guidance from the Faculty of Occupational Medicine (FOM).

5. Special Category Data

Healthier Business UK Ltd processes special categories of personal data per the Data Protection Act (DPA) 2018 Schedule 1 conditions. Specifically, we rely on the following provisions:

• Schedule 1 (Part 1) Conditions Relating to Health or Social Care Purposes:
  • 2(1): Processing is lawful if necessary for health or social care purposes.
  • 2(2): “Health or social care purposes” include:
    • (a) Preventive or occupational medicine
    • (b) The assessment of the working capacity of an employee
    • (c) Medical diagnosis
    • (d) The provision of health care or treatment
    • (e) The provision of social care, or
    • (f) The management of health care or services or social care systems or services.

In line with the UK GDPR and Faculty of Occupational Medicine (FOM) guidance, our processing activities under these conditions are lawful without explicit consent, provided they are necessary for the specified purposes. However, following best practice and ethical standards, we will seek explicit consent when practicable and appropriate, especially for more sensitive or discretionary services.

6. What Personal Information Do We Need to Collect About You?

Your personal information will be collected via our clients, your medical recruitment agency. In certain circumstances, personal data may also be collected from healthcare professionals, such as your GP or treating specialist. However, we will never contact your primary care provider or specialist without your explicit consent.

To carry out our activities and obligations as a service provider, we handle data necessary for occupational health assessments and related services, including:

• Personal demographics (e.g., name, date of birth, occupation, gender)
• Contact details (e.g., names, addresses, telephone numbers, GP contact(s))
• Employment History
• Occupational health information and notes, including medical information (e.g., physical health or mental condition, learning or developmental disabilities), results of any investigations (e.g., x-rays and laboratory tests), and immunisation data.

This data is processed according to the Data Protection Act 2018 and the General Data Protection Regulation (GDPR), relying on the legal bases of legitimate interests and the necessity for preventive or occupational medicine as outlined in Article 9(2)(h) GDPR.

7. What Do We Do with Your Personal Information?

Your personal information is used for the following purposes:

• To Contact You for Health Assessments: Our clinicians may use the details you provided to contact you regarding your fitness to practice or for a health assessment.
• To Review Your Occupational Health Questionnaire: We will scrutinise your occupational health questionnaire to assess your suitability for the role you have applied for.
• To Assess Your Immunisation Status: We review your immunisation status to ensure it aligns with the requirements of the post or role you are applying for.
• To Issue Fit to Work Certificates: We provide Fit to Work certificates containing necessary personal information to confirm your eligibility to take the post through your medical recruitment agency.
• To Provide Fitness and Adjustment Advice: We advise your agency regarding your fitness to work and any adjustments or aids needed to support you in the workplace.
• To Offer Immunisation Advice: We provide you and your agency with relevant immunisation advice to ensure your fitness for the role.
• For Training and Education: We may use anonymised or pseudonymised data to help train and educate our staff and ensure we maintain high service standards.
• For Reporting and Improvement: We prepare anonymised reports for your medical recruitment agency and conduct anonymous auditing or service improvements to ensure the quality of our services.
• To Handle Complaints and Legal Reporting: We report and investigate complaints and, when law requires, report events to the appropriate authorities, such as for communicable diseases under RIDDOR.

8. Who Do We Share Your Personal Information with and why?

We will only routinely disclose information about you with your express permission if a legal basis permits or requires us to do so. To enable effective staff administration, with your consent or where legally justified, we will share the information you provide during the new starter health assessment process on our systems.

Any disclosures of personal data are always made on a case-by-case basis, using the minimum personal data necessary for the specific purpose and circumstances and with robust security controls, such as encryption and access restrictions, in place. Personal information is only shared with agencies and bodies with a “need to know” or where you have consented to disclose your data to such persons.

Where possible, we will always look to anonymise/pseudonymise your personal information to protect confidentiality unless a legal basis permits us to use it. We will only ever use/share the minimum information necessary.

However, there are occasions when we are legally required to share information provided to us with other bodies responsible for auditing our clients, such as to prevent and detect fraud. This is done strictly in compliance with legal requirements.

9. Training and Awareness

At Healthier Business UK Ltd, we recognise that safeguarding personal data and maintaining confidentiality are crucial to our operations. To ensure that all personal data is handled in compliance with the General Data Protection Regulation (GDPR) and other relevant data protection laws, we are committed to providing comprehensive training to our employees on data protection and confidentiality.

10. How Do We Maintain Your Records?

Your personal information is stored in electronic forms and retained for specified periods per our internal policies and statutory requirements. These retention periods are designed to comply with relevant legal obligations and industry best practices.

We process and hold your information in strict accordance with the Data Protection Act 2018 and the General Data Protection Regulation (GDPR). Additionally, all personnel within our organisation must adhere to the Common Law Duty of Confidentiality and various national and professional standards, ensuring that your data is treated with the utmost respect and security.

11. For How Long Do We Keep Your Data?

Personal data, including occupational health records, will be retained per statutory guidelines and best practices outlined by the Faculty of Occupational Medicine (FOM). Typically, this data will be retained for the duration of your employment plus six years or until your 75th birthday, whichever is sooner, unless specific legal requirements dictate otherwise. This retention period ensures compliance with regulations and allows for the management of any potential claims or legal obligations that may arise.

In cases where the data controller does not inform us of the end of employment or the transfer of an employee to another agency, we will retain the records for a default period of [insert default period, e.g., seven years] from the last date of contact, per best practices and data protection principles. To further safeguard privacy, we may pseudonymise records after a certain period of inactivity. This approach allows us to retain necessary data for compliance while minimising the risks associated with storing personally identifiable information for extended periods.

Non-medical, non-sensitive special category data will be retained for no longer than necessary, usually two years, following the principles of data minimisation and storage limitation under the GDPR. The retention of such data will be managed under the instruction of the data controller, ensuring that it aligns with the specific purposes for which it was collected and any applicable legal or regulatory requirements.

All personal data is stored securely and processed in compliance with the Data Protection Act 2018 and GDPR. We adhere to strict confidentiality and security protocols, including measures such as encryption, access controls, and regular audits, to protect your data against unauthorised access, loss, or disclosure. We also regularly review data retention policies and procedures to ensure ongoing compliance with legal and professional standards.

For further information on this guidance, please visit:

• gov.uk: This website provides comprehensive information on UK legislation, including the Data Protection Act 2018 and other relevant laws that govern data protection and privacy.
• Faculty of Occupational Medicine (FOM) Guidance on GDPR: The Faculty of Occupational Medicine offers detailed guidance on applying GDPR to occupational health, helping organisations understand their responsibilities and ensure compliance with data protection laws.

12. How Do We Dispose of Your Data?

We are committed to ensuring that all personal data is disposed of securely and complies with relevant data protection regulations. Our data disposal procedures are designed to protect your confidentiality and prevent unauthorised access or misuse of your information.

12.1 Electronic Data Disposal

• Non-Sensitive Data: All non-sensitive electronic data that has been inactive for two years—meaning it has not been accessed or used during this period—is archived and scheduled for secure deletion. This policy applies to data that is not under specific retention requirements, such as occupational health records.
• Sensitive Data: We follow a stringent process to ensure the secure deletion of sensitive data, including occupational health records. All data is securely purged from our systems following our data retention policy. This includes ensuring that data stored on computer assets, such as hard drives, tapes, and disks, is irreversibly deleted before the assets are disposed of.
• Disposal of Computer Assets: All computer assets, including removable media like tapes and disks, are disposed of following our IT Service Provider’s confidential waste disposal procedures, which comply with industry standards. If secure deletion (data purging) is not possible, a certified technical waste service provider physically destroys the equipment or media to ensure that all data is irrecoverable.

12.2 Paper Record Disposal

• Confidential Destruction: All paper records, including those not under specific retention requirements, such as non-sensitive information, are confidentially destroyed using secure methods. This typically involves shredding, either in-house or through a professional service provided by an accredited and certified company.
• Accredited Shredding Services: We use only certified shredding services to ensure that the destruction of paper records complies with data protection regulations and industry best practices. These services provide documentation confirming the secure destruction of records, which we retain as part of our compliance records.

Our data disposal procedures are regularly reviewed and updated to align with best practices and legal requirements, ensuring that we protect your personal information even at the end of its lifecycle.

13. What Are Your Rights?

If we need to use your information for any reasons beyond those stated above, we will discuss this with you and seek your explicit and informed consent. The Data Protection Act 2018 grants you several rights regarding your personal data, including:

• Right to Be Informed: You have the right to be informed about how your personal data is collected and used.
• Right of Access: You have the right to access and request a copy of the personal data we hold about you.
• Right to Rectification: You can request the correction of any inaccurate or incomplete data we hold about you.
• Right to Erasure: You have the right to request the deletion of your data when it is no longer necessary for the purposes for which it was collected or when you withdraw your consent.
• Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data in certain circumstances.
• Right to Data Portability: You can request the transfer of your data to another provider in a structured, commonly used, and machine-readable format.
• Right to Object: You have the right to object to processing your personal data in certain circumstances, such as for direct marketing.
• Rights Related to Automated Decision-Making and Profiling: You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal effects or significantly affect you.

For further information or to exercise any of these rights, please get in touch with us:

• Telephone: 0141-889-5522
• Address: Healthier Business UK Ltd, Unit 3009, Abbey Mill Business Centre, 12 Seedhill Rd, Paisley, PA1 1JS

14. Information Commissioner’s Office

The Information Commissioner’s Office (ICO) is the body that regulates Healthier Business UK Ltd under Data Protection and Freedom of Information legislation. If you are not satisfied with our response or believe we are processing your personal data not following the law, you can complain to the ICO at:

Information Commissioner’s Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF

• Telephone: 0303 123 1113 (local rate) or 01625 545 745 (national rate)
• Fax: 01625 524 510
• Email: casework@ico.org.uk
• Website: https://ico.org.uk/

15. Policy Review

We will review this policy annually and when legislation dictates a requirement.

Training Privacy Policy

1. Introduction

At HB Compliance, we are dedicated to protecting and respecting your privacy. This Privacy Policy outlines the personal information we collect from you, how we use and protect it, and the rights you have concerning your data.

Our e-learning platform provides mandatory training courses to individuals, typically through arrangements with recruitment agencies. We take your privacy seriously and are committed to handling your data carefully and transparently, ensuring compliance with legal and regulatory requirements.

2. Who Are We?

We are HB Compliance, an e-learning platform that provides mandatory training courses. Recruitment agencies typically contract our services, and trainee data is input into our system. We are registered with the Information Commissioner’s Office (ICO) to process personal and special categories of information under the Data Protection Act 2018. Our registration number is ZA917285.

Contact Information:

• Main Telephone Line: 0141-889-5522
• Address: Unit 3009, Abbey Mill Business Centre, 12 Seedhill Rd, Paisley, PA1 1JS
• Company Registration Number: 12938010

3. Why We Collect Personal Information About You

We collect personal information about you to provide, manage, and support the training courses you are enrolled in. This data allows us to track course progress, issue certificates upon completion, and comply with legal, regulatory, and contractual obligations. Typically, the data we process is provided by the recruitment agencies that engage with our services on your behalf.

4. What is Our Legal Basis for Processing Your Personal Information?

Our legal basis for processing your personal information includes:

• Contractual Obligations (Article 6(1)(b) GDPR): Processing is necessary for the performance of a contract with your recruitment agency.
• Legitimate Interests (Article 6(1)(f) GDPR): Processing is necessary for our legitimate interests in delivering and improving our training services, provided your rights and interests do not override those interests.
• Legal Obligations (Article 6(1)(c) GDPR): Processing may also be necessary for compliance with a legal obligation to which we are subject.

5. Cookies—Do We Use Them?

Yes,

• Session Cookies: These cookies enable visitors to log into the site and manage their connection to the services while logged in. Session cookies are set automatically and are required to access the system. They are essential for the functionality of our website and are deleted when you close your browser.
• Google Analytics Cookies: These cookies monitor visitor interactions with our site. The information gathered by this service is anonymised and does not identify or track individual visitors in any way. The data collected cannot be linked with other information to identify or track individual visitors. This helps us understand how visitors use our site, allowing us to improve the user experience.

6. What Personal Information Do We Need to Collect About You?

The personal information we collect includes:

• Personal Identifiers: Name, email address, contact information.
• Employment Details: Job role, employer details, training requirements.
• Training Records: Courses taken, progress, completion status, certification.

This information is typically provided by the recruitment agencies that enrol you in our courses. We do not collect your personal information unless required for technical support or customer service.

7. What Do We Do with Your Personal Information?

Your personal information is used for the following purposes:

• To Deliver Training Services: We use your data to provide access to your enrolled courses, monitor your progress, and issue certificates upon completion.
• To Communicate with You: We may contact you with information about your courses, including reminders and support services.
• For Compliance and Reporting: We maintain records of your training progress and completion to meet your legal and contractual obligations with your recruitment agency.
• For Service Improvement: We may use anonymised or aggregated data to improve our services and develop new training offerings.

8. Who Do We Share Your Personal Information with, and why?

We share your personal information with the recruitment agency that enrolled you in our training services. We may also share data with third-party service providers who assist us in delivering our services, such as IT support or platform hosting, under strict confidentiality agreements.

We will not share your information with any third party for marketing purposes. We only share your data with external parties when legally required or when necessary to fulfil our contractual obligations.

9. Training and Awareness

At HB Compliance, we recognise that safeguarding personal data and maintaining confidentiality are crucial aspects of our operations. To ensure that all personal data is handled in compliance with the General Data Protection Regulation (GDPR) and other relevant data protection laws, we are committed to providing comprehensive training to our employees on data protection and confidentiality.

10. How Do We Maintain Your Records?

Your personal information is stored securely on our systems. We implement strict security measures, including encryption and access controls, to protect your data from unauthorised access, loss, or misuse.

11. For How Long Do We Keep Your Data?

We retain your personal information for as long as necessary to fulfil the purposes for which it was collected, typically 3-5 years after course completion, in line with industry standards and best practices. This retention period is managed under the instruction of the data controller (the recruitment agency) and is reviewed regularly to ensure compliance with legal and regulatory requirements.

12. How Do We Dispose of Your Data?

We dispose of your data securely per our data retention policy:

• Electronic Data: Non-sensitive data inactive for 3-5 years is archived and scheduled for secure deletion. We ensure secure deletion processes for sensitive data, including data purging and certified destruction of storage devices when necessary.
• Paper Records: Any paper records related to your training are confidentially destroyed using accredited shredding services, ensuring compliance with data protection regulations.

13. What Are Your Rights?

• Right to Be Informed: You have the right to be informed about how your personal data is collected and used.
• Right of Access: You have the right to access and request a copy of the personal data we hold about you.
• Right to Rectification: You can request the correction of any inaccurate or incomplete data we hold about you.
• Right to Erasure: You have the right to request the deletion of your data when it is no longer necessary for the purposes for which it was collected or when you withdraw your consent.
• Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data in certain circumstances.
• Right to Data Portability: You can request the transfer of your data to another provider in a structured, commonly used, and machine-readable format.
• Right to Object: You have the right to object to processing your personal data in certain circumstances, such as for direct marketing.
• Rights Related to Automated Decision-Making and Profiling: You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal effects or significantly affect you.

For further information or to exercise any of these rights, please get in touch with us:

• Telephone: 0141-889-5522
• Address: Healthier Business Group (HB Compliance), Unit 3009, Abbey Mill Business Centre, 12 Seedhill Rd, Paisley, PA1 1JS

14. Information Commissioner’s Office

The Information Commissioner’s Office (ICO) is the body that regulates Healthier Business UK Ltd under Data Protection and Freedom of Information legislation. If you are not satisfied with our response or believe we are processing your personal data not following the law, you can complain to the ICO at:

Information Commissioner’s Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF

• Telephone: 0303 123 1113 (local rate) or 01625 545 745 (national rate)
• Fax: 01625 524 510
• Email: casework@ico.org.uk
• Website: https://ico.org.uk/

15. Policy Review

We will review this policy annually when there is a legal obligation to do so and when legislation dictates a requirement.

Clinical Appraisal Service Privacy Policy

1. Introduction

At HB Compliance, we are dedicated to protecting and respecting your privacy. This Privacy Policy outlines the personal information we collect from you, how we use and protect it, and the rights you have concerning your data.

We take your privacy seriously and are committed to handling your data carefully and transparently, ensuring compliance with legal and regulatory requirements.

2. Who Are We?

HB Compliance is a service provider offering a range of compliance-related services, including the Clinical Appraisal Service, which supports healthcare professionals in fulfilling their appraisal requirements. We are registered with the Information Commissioner’s Office (ICO) to process personal and special categories of information under the Data Protection Act 2018. Our registration number is ZA917285.

Contact Information:

• Main Telephone Line: 0141-889-5522
• Address: Unit 3009, Abbey Mill Business Centre, 12 Seedhill Rd, Paisley, PA1 1JS
• Company Registration Number: 12938010

3. What Information Do We Collect?

To provide our Clinical Appraisal Service, we may collect the following types of personal data:

• Personal Identifiers: Name, General Medical Council (GMC) number, Nursing Midwifery Council (NMC) number, and contact information (such as email address and telephone number).
• Professional Information: Employment history, appraisal records, professional development activities, feedback from colleagues or patients, and evidence of clinical practice.
• Appraisal Documentation: Information and documents submitted as part of the appraisal process, including self-assessments, reflective accounts, and feedback summaries.

4. Why Do We Collect This Information?

The personal data we collect is necessary to:

• Facilitate the Appraisal Process: We gather and review the required documentation to ensure you meet the standards for your clinical appraisal.
• Provide Guidance and Support: We use the information to offer personalised assistance and support throughout your appraisal process.
• Ensure Compliance: We collect and process this data to help you fulfil the requirements set by regulatory bodies, such as the GMC, and to maintain your professional standing.

5. What is Our Legal Basis for Processing Your Personal Information?

Our legal basis for processing your personal information includes:

• Contractual Obligations (Article 6(1)(b) GDPR): Processing is necessary for the performance of a contract, such as facilitating your clinical appraisal.
• Legal Obligations (Article 6(1)(c) GDPR): Processing is required to comply with legal obligations under the guidelines of regulatory bodies like the GMC.

6. Who Do We Share Your Personal Information with and Why?

We may share your personal information with the following parties:

• Appraisers: Appraisers assigned to your case may receive relevant data to conduct your appraisal and provide accurate assessments.
• Regulatory Bodies: With your consent, we may share appraisal information with regulatory bodies such as the GMC to confirm your compliance with their requirements.
• Your Employer: With your consent, we may share appraisal information with your employer, especially if they support or fund your appraisal process.

All data sharing is conducted strictly with GDPR and other relevant data protection laws to ensure your confidentiality is always maintained.

7. How Do We Maintain and Protect Your Records?

Your personal information is stored securely on our systems. We employ strict security measures, including encryption and access controls, to protect your data from unauthorised access, loss, or misuse. We also regularly review and update our security protocols to ensure ongoing compliance with data protection regulations.

8. How Long Do We Keep Your Data?

We retain personal data related to the Clinical Appraisal Service for the duration necessary to complete the appraisal process and for a period required to demonstrate compliance with regulatory requirements. Typically, this information is retained for a minimum of six years following the completion of your appraisal, which is in line with professional standards and best practices.

9. How Do We Dispose of Your Data?

We securely dispose of your data once it is no longer required for the purposes for which it was collected:

• Electronic Data: We ensure that all electronic data is securely deleted or anonymised when it is no longer needed. This includes the secure purging of data from our systems and destroying any storage devices that hold this data.
• Paper Records: Any physical documentation is destroyed using accredited and certified shredding services to ensure your personal information is irretrievably destroyed.

10. Training and Awareness

At HB Compliance, we recognise that safeguarding personal data and maintaining confidentiality are crucial aspects of our operations. To ensure that all personal data is handled in compliance with the General Data Protection Regulation (GDPR) and other relevant data protection laws, we are committed to providing comprehensive training to our employees on data protection and confidentiality.

11. What Are Your Rights?

Under the Data Protection Act 2018, you have several rights regarding your personal data, including:

• Right to Be Informed: You have the right to be informed about how your personal data is collected and used.
• Right of Access: You have the right to access and request a copy of the personal data we hold about you.
• Right to Rectification: You can request the correction of any inaccurate or incomplete data we hold about you.
• Right to Erasure: You have the right to request the deletion of your data when it is no longer necessary for the purposes for which it was collected, or when you withdraw your consent.
• Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data in certain circumstances.
• Right to Data Portability: You can request the transfer of your data to another provider in a structured, commonly used, and machine-readable format.
• Right to Object: You have the right to object to the processing of your personal data in certain circumstances, such as for direct marketing.
• Rights Related to Automated Decision-Making and Profiling: You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal effects or significantly affect you.

For further information or to exercise any of these rights, please get in touch with us:

• Telephone: 0141-889-5522
• Address: Healthier Business Group (HB Compliance), Unit 3009, Abbey Mill Business Centre, 12 Seedhill Rd, Paisley, PA1 1JS

12. Information Commissioner’s Office

The Information Commissioner’s Office (ICO) is the body that regulates Healthier Business UK Ltd under Data Protection and Freedom of Information legislation. If you are not satisfied with our response or believe we are processing your personal data not following the law, you can complain to the ICO at:

Information Commissioner’s Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF

• Telephone: 0303 123 1113 (local rate) or 01625 545 745 (national rate)
• Fax: 01625 524 510
• Email: casework@ico.org.uk
• Website: https://ico.org.uk/

12. Policy Review

We will review this policy annually when there is a legal obligation to do so and when legislation dictates a requirement.

Nurse Revalidation Confirmer Privacy Policy

1. Introduction

At HB Compliance, we are dedicated to protecting and respecting your privacy. This Privacy Policy outlines the personal information we collect from you, how we use and protect it, and the rights you have concerning your data.

We take your privacy seriously and are committed to handling your data carefully and transparently, ensuring compliance with legal and regulatory requirements.

2. Who Are We?

We are HB Compliance, a service provider that offers a range of compliance-related services, including the Nurse Revalidation Confirmer Service. Our services are designed to support nurses in meeting the requirements set by the Nursing and Midwifery Council (NMC) for revalidation. We are registered with the Information Commissioner’s Office (ICO) to process personal and special categories of information under the Data Protection Act 2018. Our registration number is ZA917285.

Contact Information:

• Main Telephone Line: 0141-889-5522
• Address: Unit 3009, Abbey Mill Business Centre, 12 Seedhill Rd, Paisley, PA1 1JS
• Company Registration Number: 12938010

3. What Information do we Collect?

We collect personal information about you to provide, manage, and support the training courses you are enrolled in. This data allows us to track course progress, issue certificates upon completion, and comply with legal, regulatory, and contractual obligations. Typically, the data we process is provided by the recruitment agencies that engage with our services on your behalf.

4. Why Do We Collect This Information?

The personal data we collect is used to:

• Facilitate the Revalidation Process: We review and verify the necessary documentation to ensure that you meet the NMC’s revalidation criteria.
• Provide Support and Guidance: We use the information to offer personalised assistance and guidance throughout the revalidation process.
• Ensure Compliance: We collect and process this data to comply with the NMC’s revalidation requirements and to support your professional standing.

5. What is Our Legal Basis for Processing Your Personal Information?

Our legal basis for processing your personal information includes:

• Contractual Obligations (Article 6(1)(b) GDPR): Processing is necessary for the performance of a contract, such as facilitating your revalidation process.
• Legal Obligations (Article 6(1)(c) GDPR): Processing is required to comply with legal obligations under the NMC’s revalidation framework.

6. Who Do We Share Your Personal Information with and Why?

We may share your personal information with the following parties:

• NMC: As part of the revalidation process, we may share relevant data with the NMC to confirm your compliance with their revalidation standards.
• Your Employer: With your consent, we may share revalidation information with your employer, especially if they are involved in supporting or funding your revalidation process.

All data sharing is conducted in strict accordance with GDPR and other relevant data protection laws to ensure your confidentiality is maintained at all times.

7. How Do We Maintain and Protect Your Records?

Your personal information is stored securely on our systems. We employ strict security measures, including encryption and access controls, to protect your data from unauthorised access, loss, or misuse. We also regularly review and update our security protocols to ensure ongoing compliance with data protection regulations.

8. How Long Do We Keep Your Data?

We retain personal data related to the Nurse Revalidation Confirmer Service for the duration necessary to complete the revalidation process and for a period necessary to demonstrate compliance with NMC requirements. Typically, this information is retained for a minimum of six years following the completion of your revalidation, in line with professional standards and best practices.

9. How Do We Dispose of Your Data?

We securely dispose of your data once it is no longer required for the purposes for which it was collected:

• Electronic Data: We ensure that all electronic data is securely deleted or anonymised when it is no longer needed. This includes the secure purging of data from our systems and the destruction of any storage devices that hold this data.
• Paper Records: Any physical documentation is destroyed using accredited and certified shredding services to ensure that your personal information is irretrievably destroyed.

10. What Are Your Rights?

Under the Data Protection Act 2018, you have several rights regarding your personal data, including:

• Right to Be Informed: You have the right to be informed about how your personal data is collected and used.
• Right of Access: You have the right to access and request a copy of the personal data we hold about you.
• Right to Rectification: You can request the correction of any inaccurate or incomplete data we hold about you.
• Right to Erasure: You have the right to request the deletion of your data when it is no longer necessary for the purposes for which it was collected, or when you withdraw your consent.
• Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data in certain circumstances.
• Right to Data Portability: You can request the transfer of your data to another provider in a structured, commonly used, and machine-readable format.
• Right to Object: You have the right to object to the processing of your personal data in certain circumstances, such as for direct marketing.
• Rights Related to Automated Decision-Making and Profiling: You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal effects or significantly affect you.

For further information or to exercise any of these rights, please get in touch with us:

• Telephone: 0141-889-5522
• Address: Healthier Business Group (HB Compliance), Unit 3009, Abbey Mill Business Centre, 12 Seedhill Rd, Paisley, PA1 1JS

11. Information Commissioner’s Office

The Information Commissioner’s Office (ICO) is the body that regulates Healthier Business UK Ltd under Data Protection and Freedom of Information legislation. If you are not satisfied with our response or believe we are processing your personal data not following the law, you can complain to the ICO at:

Information Commissioner’s Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF

• Telephone: 0303 123 1113 (local rate) or 01625 545 745 (national rate)
• Fax: 01625 524 510
• Email: casework@ico.org.uk
• Website: https://ico.org.uk/

12. Policy Review

We will review this policy annually when there is a legal obligation to do so and when legislation dictates a requirement.