Privacy notice

How we use your information

This privacy notice tells you what to expect when we collect personal information. It applies to information we collect about:

  • visitors to our website;
  • complainants and other individuals in relation to a data protection or freedom of information complaint or enquiry;
  • people who use our services;
  • job applicants and our current and former employees.

 

Contact details

MediOpus Ltd is the Controller for the personal information we process, unless otherwise stated.

There are many ways you can contact us, including by email and contact form.

Our contact for Data Protection is Simon Mason. You can contact him at data.protection@MediOpus.com

 

How do we get information?

Most of the personal information we process is provided to us directly by you for one of the following reasons:

  • You are making use of our services as an applicant
  • You have made a complaint or enquiry to us
  • You have made an information request to us
  • You have applied for a job with us
  • You are representing your organisation

We also receive personal information indirectly, in the following scenarios:

  • A complainant refers to you in their complaint correspondence
  • An employee of ours gives your contact details as an emergency contact or a referee

If it is not disproportionate or prejudicial, we’ll contact you to let you know we are processing your personal information. ​

 

Your Data Protection Rights

Under data protection law, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information.

  • Your right of access

You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information we process.

  • Your right to rectification

You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies.

  • Your right to erasure

You have the right to ask us to erase your personal information in certain circumstances.

  • Your right to restriction of processing

You have the right to ask us to restrict the processing of your information in certain circumstances.

  • Your right to object to processing

You have the right to object to processing if we are able to process your information because the process is in our legitimate interests.

  • Your right to data portability

This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated.

You are not required to pay any charge for exercising your rights. We have one month to respond to you.

  

Sharing your information

We will not share your information with any third parties for the purposes of direct marketing.

We use data processors who are third parties who provide elements of services for us. We have contracts in place with our data processors. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation apart from us. They will hold it securely and retain it for the period we instruct.

In some circumstances we are legally obliged to share information. For example, under a court order. In any scenario, we’ll satisfy ourselves that we have a lawful basis on which to share the information and document our decision making and satisfy ourselves we have a legal basis on which to share the information.

 

Links to other websites

Where we provide links to websites of other organisations, this privacy notice does not cover how that organisation processes personal information. We encourage you to read the privacy notices on the other websites you visit.

 

Your right to complain

We work to high standards when it comes to processing your personal information. If you have queries or concerns, please contact us at data.protection@MediOpus.com and we’ll respond. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.

If you remain dissatisfied, you can make a complaint about the way we process your personal information to the Information Commissioner’s Office as the UK supervisory authority. Please follow this link to see how to do that.

 

Visitors to our Website

  • Analytics

When you visit www.MediOpus.com, we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out such things as the number of visitors to the various parts of the site. This information is only processed in a way that does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.

If we do collect personal data through our website, we’ll be upfront about this. We’ll make it clear when we collect personal information and we’ll explain what we intend to do with it.

  • Use of cookies by MediOpus Ltd

You can read more about how we use cookies on our Cookies page.

  • WordPress

We use a third-party service, WordPress.com, to publish our website and is hosted by eUKhost.com. We use a standard WordPress service (Jetpack) to collect anonymous information about users’ activity on the site, for example the number of users viewing pages on the site, to monitor and report on the effectiveness of the site and help us improve it. For more information about how WordPress processes data, please see Automattic’s privacy notice.

  • Security and performance

eUKHost hosts our website in the UK and holds traffic information for 12 months

  • People who email us

We use Transport Layer Security (TLS) to encrypt and protect email traffic. If your email service does not support TLS, you should be aware that any emails we send or receive may not be protected in transit.

We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.

  • People who use our contact form

If you use the contact form we will collect your name, email address, IP address and the contents of your message. This information will be retained for one year and will not be shared with any other organisations.

  • Microsoft

We use Microsoft Office 365 for document storage, email and collaboration. In some instances, your personal data may be stored on Office 365 servers, any data stored there is encrypted at rest and is controlled by us.

Privacy Policy: https://products.office.com/en-US/legal/docid23

  • Purpose and legal basis for processing

The purpose for implementing all of the above is to maintain and monitor the performance of our website and to constantly look to improve the site and the services it offers to our users. The legal basis we rely on to process your personal data is article 6(1)(f) of the GDPR, which allows us to process personal data when its necessary for the purposes of our legitimate interests.

  • What are your rights?

As we are processing your personal data for our legitimate interests as stated above, you have the right to object to our processing of your personal data. There are legitimate reasons why we may refuse your objection, which depend on why we are processing it.

 

People who make a complaint to us

  • Purpose and legal basis for processing

Our purpose is to investigate and take action, where necessary, on any complaint.

The legal basis we rely on to process your personal data is article 6(1)(f) of the GDPR, which allows us to process personal data when necessary for the purposes of the legitimate interests pursued by the controller.

  • What we need

We need information from you to investigate your complaint properly, so our complaint forms are designed to prompt you to give us everything we need to understand what’s happened.

When we receive a complaint from you, we’ll set up a case file. This normally includes your contact details and any other information you have given us about your complaint.

  • Why we need it

We need to know the details of your complaint so we can investigate it fully and fulfil any obligations to you.

  • What we do with it

We will use your personal information to investigate your complaint and check on our level of service.

No third parties have access to your personal information unless the law allows them to do so. However, if you have made a complaint about an individual, we usually have to disclose your identity to them. This is so we can clearly explain to them what you think has gone wrong and if necessary advise them how to put it right. This also means we may receive information about you from them.

If you don’t want information that identifies you to be shared with the individual you want to complain about, we’ll try to respect that. However, it is not always possible to handle a complaint on an anonymous basis, so we’ll contact you to discuss this.

If you are acting on behalf of someone making a complaint, we’ll ask for information to satisfy us of your identity and if relevant, ask for information to show you have authority to act on someone else’s behalf.

  • What are your rights?

You have the Right to erasure and the Right to object. There are legitimate reasons why we may refuse your objection, which depend on why we are processing it.

 

People who use our services

MediOpus Ltd offers various services to the public. We have to hold the details of the people who have requested the service in order to provide it. However, we only use these details to provide the service the person has requested and for other closely related purposes.

Further information relating to this can be found in our Applicant Terms of Service and our Client Terms of Business.

 

Job applicants, current and former MediOpus Ltd employees

  • Purpose and legal basis for processing

Our purpose for processing this information is to assess your suitability for a role you have applied for.

The legal basis we rely on for processing your personal data is article 6(1)(b) of the GDPR, which relates to processing necessary to perform a contract or to take steps at your request, before entering a contract. The legal basis we rely on to process any information you provide as part of your application which is special category data, such as health, religious or ethnic information is article 9(2)(b) of the GDPR, which also relates to our obligations in employment and the safeguarding of your fundamental rights and article 9(2)(h) for assessing your work capacity as an employee, and Schedule 1 part 1(1) and (2)(a) and (b) of the Data Protection Act 2018 which relates to processing for employment, the assessment of your working capacity and preventative or occupational medicine.

  • What will we do with the information you provide to us?

All of the information you provide during the process will only be used for the purpose of progressing your application, or to fulfil legal requirements if necessary.

We will not share any of the information you provide during the recruitment process with any third parties for marketing purposes or store any of your information outside of the European Economic Area. The information you provide will be held securely by us whether the information is in electronic or physical format.

We will use the contact details you provide to us to contact you to progress your application. We will use the other information you provide to assess your suitability for the role you have applied for.

  • What information do we ask for, and why?

We do not collect more information than we need to fulfil our stated purposes and will not retain it for longer than is necessary.

The information we ask for is used to assess your suitability for employment. You don’t have to provide what we ask for, but it might affect your application if you don’t.

  • Application stage

We ask you for your personal details including name and contact details. We will also ask you about your previous experience, education, referees and for answers to questions relevant to the role you have applied for. Our recruitment team will have access to all this information.

You will also be asked to provide equal opportunities information. This is not mandatory information – if you don’t provide it, it will not affect your application. This information will not be made available to any staff outside of our recruitment team, in a way which can identify you. Any information you do provide will be used only to produce and monitor equal opportunities statistics.

  • Shortlisting

Staff shortlisting applications for interview will not be provided with your contact details or with your equal opportunities information if you have provided it.

  • Unsuccessful Applications

If you are unsuccessful at any stage of the recruitment process, we may ask if you would like your details to be retained in our database for a period of six months. If you say yes, we would proactively contact you should any further suitable vacancies arise.

  • Conditional offer

If we make a conditional offer of employment we will ask you for information so that we can carry out pre-employment checks. You must successfully complete pre-employment checks to progress to a final offer. We are required to confirm the identity of our staff, their right to work in the United Kingdom and seek assurance as to their trustworthiness, integrity and reliability.

You will therefore be required to provide:

  • Proof of your identity – you will be asked to attend our office with original documents, we will take copies.
  • Proof of your qualifications – you will be asked to attend our office with original documents, we will take copies.
  • You will be asked to complete a criminal records declaration to declare any unspent convictions.
  • We will provide your email address to the Government Recruitment Service who will contact you to complete an application for a Basic Criminal Record check via the Disclosure and Barring Service which will verify your declaration of unspent convictions.
  • We will contact your referees, using the details you provide in your application, directly to obtain references
  • We will also ask you to complete a questionnaire about your health. This is to establish your fitness to work. This is done through a data processor (please see below).

If we make a final offer, we will also ask you for the following:

  • Bank details – to process salary payments
  • Emergency contact details – so we know who to contact in case you have an emergency at work

You are able to ask about decisions made about your application by speaking to your contact within our recruitment team or by emailing recruitment@MediOpus.com

  • Your rights

Under the Data Protection Act 2018, you have rights as an individual which you can exercise in relation to the information we hold about you.

You can read more about these rights here – https://ico.org.uk/your-data-matters/

 

Make an information request

You have the right to find out if an organisation is using or storing your personal data. This is called the right of access. You exercise this right by asking for a copy of the data, which is commonly known as making a ‘subject access request’.

  • Purpose and legal basis for processing

Our purpose for processing your personal data is so we can fulfil your information request to us.

The legal basis for this is article 6(1)(c) of the GDPR, which relates to processing necessary to comply with a legal obligation to which we are subject.

If any of the information you provide us in relation to your information request contains special category data, such as health, religious or ethnic information the legal basis we rely on to process it is article 9(2)(a) of the GDPR, which relates to processing where your explicit consent has been given.

  • What we need and why we need it

We need information from you to respond to you and to locate the information you are looking for. This enables us to comply with our legal obligations under the legislation we are subject to – General Data Protection Regulations (2016) & Data Protection Act (2018)

  • What we do with it

When we receive a request from you, we’ll set up an electronic case file containing the details of your request. This normally includes your contact details and any other information you have given us. We’ll also store on this case file a copy of the information that falls within the scope of your request.

If you are making a request about your personal data or are acting on behalf of someone making such a request, then we’ll ask for information to satisfy us of your identity. If it’s relevant, we’ll also ask for information to show you have authority to act on someone else’s behalf.

We’ll use the information supplied to us to process your information request.

If the request is about information we have received from another organisation – regarding a complaint, for example – we’ll routinely consult the organisation/s concerned to seek their view on disclosure of the material.

  • Your rights

Under the Data Protection Act 2018, you have rights as an individual which you can exercise in relation to the information we hold about you.

You can read more about these rights here – https://ico.org.uk/your-data-matters/

 

Changes to this privacy notice

We keep our privacy notice under regular review. This privacy notice was last updated on 21 August 2018.