HSCRecruit - Privacy Notice


Introduction

The HSC Recruit website is owned and used by all HSC employers:

  • Belfast HSC Trust
  • Business Services Organisation
  • Health & Social Care Board
  • Northern HSC Trust
  • Northern Ireland Ambulance Service
  • Northern Ireland Blood Transfusion Service
  • Northern Ireland Guardian Ad Litem Agency
  • Northern Ireland Practice Education Council
  • Northern Ireland Social Care Council
  • Northern Ireland Medical & Dental Agency
  • Patient Client Council
  • Public Health Agency
  • Regional Quality Improvement Agency
  • Southern HSC Trust
  • South Eastern HSC Trust

The above list will be collectively referred to as ‘the HSC’ in this document.

The website is hosted on a server in the Business Services Organisation (BSO) and links directly to a recruitment administration system called E-recruitment which is part of the HSC Human Resources Payroll Travel & Subsistence (HRPTS) system. This system is managed by the provider HCL.

There are also links in the HSCrecruit.com site to other websites which are the responsibility of the relevant host organisation. You are therefore advised to read the privacy statements of each website you visit which collects personal information.

This Privacy Notice provides a summary of how the information you submit on hscrecruit.com is used. To ensure that we process your personal information fairly and lawfully we are required to inform you of:

  • What personal information we collect
  • Why we need personal information
  • How it will be used
  • Who it will be shared with
  • How long it will be kept for

Legal Framework

The HSC recognises the importance of protecting personal and confidential information in all that we do, and takes care to meet its legal duties. Key legislation includes:

  • the General Data Protection Regulations (GDPR), (EU) 2016/679,
  • the Freedom of Information Act (2000) (FOI),
  • the Human Rights Act 1998 (HRA),
  • relevant health service legislation, and the
  • common law duty of confidentiality
  • the Northern Ireland Act 1998 (NIA)

What Personal Information is Collected on HSCrecruit.com?

As a website to advertise job vacancies in the HSC and process applications, this site facilitates you in:

  • searching for advertised posts
  • viewing advertised posts and downloading associated documents,
  • Registering on HSCrecruit.com
  • Creating a profile to aid your application process
  • Submitting an Application form for advertised posts
  • Communication with you during the recruitment process
  • Receiving automated email alerts from the system about relevant job advertisements

You can view and search the site for advertised posts without providing any personal information.

If you wish to be notified of advertised posts, you will need to register and set up your ‘Job Agent’.

Once registered you can complete your profile, if desired, in advance of deciding to apply for a post.

If you decide to make application you will be asked for a range of personal information, including:

  • Name;
  • National Insurance Number;
  • Contact Details, including address, email address and telephone number(s);
  • Work Experience;
  • Referees names and Contact Details;
  • Professional Qualifications / Registration Status;
  • Residency / Immigration Status;
  • Date of Birth, Gender, Marital Status;
  • Sensitive Data – Community Background, Religious Belief, Ethnic Group, Nationality, Caring Responsibilities, Disability, Sexual Orientation, Political Opinion;
  • Details of how you meet the Personnel Specification for the post including experience and qualifications.

We may also collect non-personally identifiable information about your visit to www.hscrecruit.com through the use of cookies. This information helps us to better manage and develop www.hscrecruit.com

How Do We Collect Your Personal information?

If you choose to apply for a post within the HSC, you are required to complete an application form. We encourage online applications although some HSC organisations continue to accept applications in hard copy. In both instances this information as detailed in the section above will be submitted to the relevant recruitment team with responsibility for administering the Recruitment & Selection Process.

Why Do We Need Your Personal information?

The application form, which contains your personal information, is required to allow your interest in a vacant post to be considered and to facilitate associated communications / correspondence.

As part of this process, the panel responsible for the appointments process will need to review the information to help them understand your qualifications and experience for the post and to ensure you meet the essential criteria set out in the Personnel Specification. This is called shortlisting. Whether or not you are shortlisted, the relevant recruitment team with responsibility for administering the Recruitment & Selection Process then use your information to facilitate advising you of the outcome of this initial stage in the process and for those who are successful at shortlisting to invite them to the next stage in the assessment process.

Following the full assessment process the relevant recruitment team with responsibility for administering the Recruitment & Selection Process will then use your contact information to advise you of the outcome of assessment and for the person (s) who is successful in the appointment to commence the conditional offer and pre-employment checks process.

Information processed for the above purposes is therefore lawful under GDPR Article 6(1)(f) – processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party

How Will We Use Information about You?

As well as facilitating the actual application process, once you have submitted an application form you become part of the ‘applicant pool’ for a post and your information will be used on an anonymised basis to inform our legal duties to monitor the applicant pool under Fair Employment legislation, including the 3 yearly Article 55 Review and fulfilment of duties under Section 75 of the Northern Ireland Act.

In addition to the above, details of Subject Access Requests (SARs), Freedom of Information Requests (FOIs) and Complaints may also be retained to monitor trends and best practice for the purpose of providing an efficient service, and for the purposes of analysing trends and organisational learning.

Information processed for this purpose is therefore lawful under GDPR Articles:

  • 6(1)(c) – Processing is necessary for compliance with a legal obligation.
  • 6(1)(f) - processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party.

Sharing Your Information

In submitting an application through hscrecruit.com, the employing authority for the post will have access to the information. This will be closely managed with only those who are required to see your information in the context of their duties having such access. Typically this will include, but is not limited to the relevant recruitment team with responsibility for administering the Recruitment & Selection Process, the panel responsible for the appointments process, the Occupational Health Department, the Human Resources Department and the Equality Unit / Department.

If you make application on line at www.hscrecruit.com, you should be aware that the E-recruitment System, managed by Third Party Supplier (along with the software license provider) has access to your information for purposes of testing for system accuracy purposes and fault resolution. The Third party supplier has an off shore team (India) as well as one in the UK. No Data leaves the UK for this purpose but is accessed as part of the overall system maintenance arrangements. This access is controlled through Service Level Agreements & contract arrangements.

There may be other occasions where we have a legal duty to share your personal information such as in the instance of Industrial Tribunals.

Any disclosure will be carried out in a secure manner and in accordance with Data Protection legislation.

Information processed for this purpose is therefore lawful under GDPR Articles:

  • 6(1)(c) – Processing is necessary for compliance with a legal obligation.
  • 6(1)(f) - processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party.

Retaining Information

Information is only retained for as long as necessary, in line with section L of the Department of Health (DoH) Good Management, Good Records (GMGR) as it relates to the area of recruitment.

Information relating to requests for disclosure (i.e. Subject Access, or FOI) will be kept for up to 3 years after last action, in accordance with Section J28 of GMGR.

For further information, please refer to the following DoH link: https://www.health-ni.gov.uk/topics/good-management-good-records

Security of Information

The HSC is committed to taking all reasonable measures to ensure the security of all personal information it holds. The following arrangements are in place:

a. All HSC staff have contractual obligations of confidentiality, enforceable through disciplinary procedures;

b. Everyone working for the HSC is subject to the common law duty of confidentiality;

c. Staff are granted access to personal information on a need-to-know basis only;

d. Each HSC organisation has a Senior Information Risk Owner (SIRO) who is accountable for the management of all information assets and any associated risks and incidents, and a Guardian (PDG) who is responsible for the management of service user information/confidentiality.

e. Each HSC organisation has also appointed a Data Protection Officer (DPO), who provides full authoritative advice and recommendations in the field of Data Protection and facilitates compliance with the Accountability requirement of GDPR;

f. All HSC staff are required to undertake information governance training every 2 years. The training provided ensures that staff are aware of their information governance responsibilities and follow best practice guidelines to ensure the necessary safeguards and appropriate use of personal information;

g. A range of policies and procedures are in place

h. All reasonable measures to guarantee the security of the HSCrecruit website and E-Recruitment servers are in place aimed at preventing unauthorised access, or data loss

Individual Rights

Individuals have certain rights under GDPR, namely:

You have full control over the personal profile information and maintenance of your hscrecruit.com account. you can therefore amend or delete your personal profile on hscrecruit.com at any time.

Access To Your Personal information

GDPR gives you the right to access information that the HSC holds about you by submitting a SAR. SARs must be made in writing. You will need to write to the relevant recruitment team and provide:

  • adequate information (for example full name, address, date of birth, job reference number) so that your identity can be verified and your information located.
  • an indication of what information you are requesting to enable us to locate this in an efficient manner.

The HSC aims to comply with requests for access to personal information as quickly as possible, and normally within a calendar month of receipt unless there is a reason for delay that is justifiable under GDPR. In the case of any delay this will be explained to you within the calendar month along with an anticipated timescale to provide you with the data you have requested.

We want to make sure that your personal information is accurate and up to date. If you think any information is inaccurate or incorrect then please let us know.

Contact Information

If you have any general questions about this Privacy Notice or the information we hold about you please contact:

dpo.bso@hscni.net

Changes to our privacy notice

We keep our Privacy Notice under regular review and we will place any updates on this document.