Privacy Policy - Updated May 2018

 

At SwiftLocum (“we”, “us”, “our platform” and “our App”), we take your privacy extremely seriously. SwiftLocum’s registered address is iCentrum, Holt Street, Birmingham, B7 4BP. This policy, along with the documents it refers to, outlines:

 

  • What information you provide to us

  • Information about you we get from other sources

  • Information we collect from your interaction with the SwiftLocum App

  • Information we collect from your interaction with the SwiftLocum website - use of cookies

  • Data collected from the submission of timesheets

  • Lawful basis for processing personal information

  • Lawful basis for processing sensitive information

  • How this information is used

  • Who we share this information with

  • Where this information is stored

  • How this information is secured and protected

  • The amount of time we store this information

  • Your right to withdraw consent

  • Your rights with regards to this information

  • Any changes we make to this policy

  • How to contact us

 

What information you provide to us

This includes information you may pass onto us through correspondence with us over the phone, in person, when you register on the App or via email.

Information you will provide us through your interaction with the SwiftLocum App includes your:

  • Name

  • Personal and/or work email address (required for 2-factor verification)

  • Date of birth (as part of NHS employers’ requirements)

  • National insurance number (to enable timely payment)

  • GMC number (used to cross-reference information with the GMC database as part of confirming your identity)

  • Driver’s license (as part of NHS employers’ requirements)

  • Passport (as part of NHS employers’ requirements)

  • Visa (if necessary, as part of NHS employers’ requirements)

  • DBS certificate (as part of NHS employers’ requirements)

  • Telephone number (as part of the signup process)

  • Employment history (to help organisations confirm you have the right experience for any jobs you apply for through the Application)

  • Qualification certificates (as part of NHS employers’ requirements, and to confirm you have the requisite qualification for certain jobs you may apply for on the App)

  • Photograph (optional)

  • Username (this is normally your email address)

 

The sensitive information you will provide to us is your occupational health record (this is required as part of NHS employers requirement).

 

If you are signing a timesheet we only collect your name and signature.

 

Information about you we get from other sources

We have obtained the General Medical Council (GMC) register of medical practitioners from the GMC. This is a publicly available register that contains your full name, GMC registration number, year and university of graduation and details of any specialist register you are a part of.

 

Your employer may also share with us your unique assignment number to help assist with streamlining payments.

 

Occasionally your employing organisation may pass on your personal and sensitive data to us. Your employing organisation will obtain your consent to pass on this information to us. The information they will pass on to us will be the information you will ordinarily input into the Application yourself, including your name, personal and/or work email address, date of birth, national insurance number, GMC number, driver’s license, passport, visa (if necessary), DBS certificate, telephone number, employment history, qualification certificates. The sensitive information they will provide to us is your occupational health records. This will be the information you have already shared with your employing organisation to go through your pre-employment checks.

 

Information about your location and IP address when interacting with our website is provided to us from our third party web hosting service. Their privacy policy can be found here https://www.wix.com/about/privacy.

 

Information we collect from your interaction with the SwiftLocum App

We collect the following information - your job application history, including shifts you have applied for, regardless of if you have been successful or unsuccessful in obtaining the shift, the rates paid and the final timesheets.

We will also collect technical information, including your Internet protocol (IP) address, your International Mobile Equipment Identity (IMEI) number, application version, the device you use, operating system, version of App, time zone, types of plugin, and the times of your interaction with the application.

 

Information we collect from your interaction with the SwiftLocum website - use of cookies

Our website uses cookies. A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.

Cookies may be either "persistent" cookies or "session" cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.

Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.

We use both session and persistent cookies on our website.

SwiftLocum use cookies to recognise when a user visits our website, track users as they navigate the website, improve our software and future versions of our software, prevent fraud and improve security across our software platforms, target advertisements which may be of particular interest to specific users or validate authenticated users sessions.

Most browsers allow you to refuse to accept cookies; for example:

(a) in Internet Explorer (version 11) you can block cookies using the cookie handling override settings available by clicking "Tools", "Internet Options", "Privacy" and then "Advanced";

(b) in Firefox (version 47) you can block all cookies by clicking "Tools", "Options", "Privacy", selecting "Use custom settings for history" from the drop-down menu, and unticking "Accept cookies from sites"; and

(c) in Chrome (version 52), you can block all cookies by accessing the "Customise and control" menu, and clicking "Settings", "Show advanced settings" and "Content settings", and then selecting "Block sites from setting any data" under the "Cookies" heading.

Blocking all cookies will have a negative impact upon the usability of our website and will be detrimental to the quality of data that we collect from our users. This will have a negative impact on improvements to future versions of our software, including both the website and mobile phone application.
 

If you block cookies, you will not be able to use all the features on our website.

You can delete cookies already stored on your computer; for example:

(a) in Internet Explorer (version 11), you must manually delete cookie files (you can find instructions for doing so at http://windows.microsoft.com/en-gb/internet-explorer/delete-manage-cookies#ie=ie-11);

(b) in Firefox (version 47), you can delete cookies by clicking "Tools", "Options" and "Privacy", then selecting "Use custom settings for history" from the drop-down menu, clicking "Show Cookies", and then clicking "Remove All Cookies"; and

(c) in Chrome (version 52), you can delete all cookies by accessing the "Customise and control" menu, and clicking "Settings", "Show advanced settings" and "Clear browsing data", and then selecting "Cookies and other site and plug-in data" before clicking "Clear browsing data".

Deleting cookies will have a negative impact on the usability of many websites.

 

Data collected from the submission of timesheets

 

This section applies only to healthcare professionals who sign off timesheets. We only collect your name and signature, on the lawful basis that this personal information is a legitimate interest. We only share this information with your employing organisation. They will already have your name and signature, so you won’t be providing any new information to them. We simply need your signature to sign off timesheets - just like paper timesheet.

 

Lawful basis for processing personal information

Our lawful basis for processing your information is to carry out the tasks set out in the contract between SwiftLocum and you.

It is necessary to process all of the personal information you provide in order to pass this information on to the organisations at which you have applied for work, so they are able to appropriately vet you as per NHS employer requirements. They will also use this information to ensure that you are appropriately qualified and experienced for the shift(s) you have applied for.

These requirements come under the six NHS employment standards (more regarding these standards can be found via the following link http://www.nhsemployers.org/your-workforce/recruit/employment-checks)

 

The lawful basis for collecting information when signing timesheets is legitimate interest.

 

Lawful basis for processing sensitive information

Our lawful basis for processing your sensitive information is as per article 9(2)(h) of the GDPR - processing is necessary for the assessment of the working capacity of the employee.

 

How this information is used

The information we collect will be used in order to execute the contract as described above. When you apply for a shift via SwiftLocum we will share your personal and sensitive information with that organisation so they are able to appropriately screen you for the shift.

If you are already a part of the staff bank within that organisation, they will use the information you upload to cross-reference their own records in order to confirm this.

 

The information from signed timesheets is used to confirm that users have worked the times and hours that have worked. This is just like a normal paper timesheet, the only difference is it is completed online and saved onto our secure servers.

 

Who we share this information with

We will only share your personal and sensitive information with those organisations at which your apply to work at. Once you have applied to their staff bank your information will remain with them for a minimum of one year. You can apply to the organisation to delete your information from their records, or you can contact us to delete your information from the SwiftLocum servers. You can also delete any information you uploaded to the application from your mobile phone, giving you greater control of your personal data.

 

In the case of signing timesheets, the information will only be shared with the organisation you work in. They will already have your name and signature, so you aren’t providing them with any new information they wouldn’t already have. We just need your signature to confirm the doctor has worked the times and hours on the timesheet, just like a paper timesheet.


 

Where this information is stored

The information you provide will be stored on a secure public cloud server based in the UK. Your data may be transferred and stored outside of the European Economic Area (“EEA”) where equivalent Data Protection Laws may not exist.

 

If your data is transferred outside of the EEA, SwiftLocum will ensure that all reasonable steps are taken to safeguard your data. This includes adhering to a recognised legal adequacy mechanism, and ensuring that your data is processed securely and in line with this privacy policy.

 

How this information is secured and protected

Information is held on a secure server. Information can also be accessed via your application, and we ask that you use a secure password, password protect your phone, and never share those details with anyone else.

 

We will use all reasonable efforts to ensure that your personal data is not disclosed to regional or national institutions and authorities, unless required by law or other regulations.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

 

There may be external links on our App or website. Such sites will have their own privacy policies and procedures, and as such, we are not responsible for how they process and store your data.

 

The amount of time we store this information

The length of time we store your data is equivalent to how long you hold an account with us and for six years after that. This is in order to fulfil our contractual obligations with you, ensure that any issues regarding your data can be identified in future, and resolve any legal disputes. Beyond this time, we may hold composite data to enable us to improve SwiftLocum. Any retained composite data is completely non-identifiable.

 

Your rights with regards to this information

Under certain circumstances, your have the right to:

  • Request that all of your data held by us is erased or rectified;

  • Be given a copy of your data held by us;

  • Request restriction on the processing of your data;

  • Request that we no longer process your data;

  • Request that your data is transferred to a third party.

 

Your right to withdraw consent

If the processing of your personal data is based on consent, you may withdraw that consent at any time by contacting us directly. This will be without detriment to you.

 

In order to exercise the rights listed in this policy, you may contact us at any time by emailing admin@swiftlocum.co.uk.

 

If we are unable to resolve your request satisfactorily, you may contact your local data authority. Please follow the following link for further information: http://ec.europa.eu/newsroom/article29/document.cfm?action=display&doc_id=50061. In the UK, the Information Commissioner is the authority that may provide more information regarding your rights and our duties when it comes to processing your personal data, including the provision of complaints.

 

Any changes we make to this policy

If we make any changes to our privacy policy will be reflected on the online version on our website, and in the case of significant changes you will be notified via email.

 

How to contact us

You can contact us via our website (www.swiftlocum.co.uk), or email admin@swfitlocum.co.uk. You can also write to us - letters should be addressed to:

SwiftLocum

iCentrum

Holt Street

Birmingham

B7 4BP

 

SwiftLocum is registered as a data controller with the UK Information Commissioner's Office. Our data protection registration number is ZA291332

© 2018 Intellimed Limited