NL Group Limited (“NLG”) take the protection and security of your personal information very seriously and this policy sets out our responsibilities under The General Data Protection Regulation 2016 (“GDPR”) and other applicable laws in England and Wales relating to the processing and security of personal information.
As the operators of the NLG Health and NLG Home Care websites, NL Group Limited registered in England and Wales with Company Registration Number 04295083 and having its registered office address at NLG, Riverside House, 3 Earls Court, Henry Boot Way, Hessle, HU4 7DY ("We", "Us", “NLG”) is committed to protecting and respecting your privacy.
This policy explains to you how NLG uses and secures your personal information whilst you are using the NLG website www.nlghealth.co.uk and www.nlgsocial.co.uk or when you enter into a contract with NLG to provide recruitment services to you.
This Privacy and Cookies Policy ("Policy") relates to services provided through our website and recruitment agency (“Services”) and sets out the basis on which the personal data collected from you, or that you provide to Us will be processed by Us. Please read the following carefully to understand our views and practices regarding your personal data and how We will treat it.
For the purpose of, the General Data Protection Regulation (“GDPR”), from the GDPR implementation date or, until GDPR implementation date, the Data Protection Act 1998 (collectively the “Data Protection Laws”):
- in respect of the personal data of users of the Website and the recruitment services (“Services”) and business contacts and prospects of NLG, the Data Controller is NL Group Limited;
- In respect of the personal data of candidates who apply for an Opening (as the term is described in NLG’s Terms) (“Candidates”) NLG shall process personal information as a data processor on behalf of the Candidate, who use Our Services to assist with their temporary healthcare assignments.
NLG has offices in 1 location; our registered head office is located within the United Kingdom.
NL Group Limited
3 Earls Court
Henry Boot Way
Company Registration Number: 04295083
Our Data Protection Officer is Mark Hathway, please contact Mark if you have any questions about how your personal information is used by NLG, email@example.com or 01482 606040(Option 1).
This policy was last updated on 9th December 2020.
Collection of data
Browsing our website: When you browse our website www.nlghealth.co.uk or nlgsocial.co.uk, we will collect the Internet Protocol (IP) address of the PC you are using, this data is anonymous and we cannot identify you at this point. We collect this data so that we can identify where customers are dropping out of the website and to identify areas of improvement to make the experience more engaging for our customers.
Applying for a position: When you apply for a position with us or you interact with us in the different ways described below, we may ask you for the following information:
- Personal and contact details (for example your name, email address, date of birth, gender and your choice of language with which you wish to interact with us).
- Personal and contact details you give us when subscribing to receive emails, newsletters or marketing information from us.
- During pre-assignment vetting we will request details from you including, your name, your work history, qualifications, contact details (such as email, telephone number and home address), your right to work documents, details required for equality and discrimination legislation checks and your personal preferences, choices and requirements specific to particular requests or services.
- Details of your education, employment history, bank details and national insurance number, references, right to work and other information you tell us about yourself (eg the information contained within your CV) when you engage with us for the provision of services.
- Information required for pre-assignment vetting, such as DBS checks and results of medical screenings.
- Information we collect via cookies or similar technology stored on your device (find out more about cookies and how we use them in our Cookies Policy.
- Your IP address.
- Information from social media activity (such as likes, shares and tweets) when you interact with us on social media.
- Information you provide if you report a problem with our website or service.
- Additional information which you provide voluntarily and/or which we may ask from you to better understand you and your interests.
How, when and why do we collect your Personal Information?
We may collect your Personal Information when you apply for a role through us (or otherwise contact us from time to time) by:
- Responding to an advert on a job board or other website.
- By directly contacting our business.
- By filling in an application form in a branch.
- When you speak to one of our consultants by telephone.
- Another agency or organisation passes your details to us.
Why do we collect your Personal Information?
We collect and use your Personal Information because it is necessary to obtain certain details including Personal Information from you in the work-searching process and it is in our legitimate interests in the course of operating our business, including:
- Responding to your queries.
- Providing work-finding services and/or information to you.
- Transmitting Personal Information between our offices or functions for internal administrative purposes.
- Setting you up on a work assignment with a client.
- Hosting and maintaining our websites.
- Ensuring network and information security.
- Carrying out direct marketing.
However we will only collect, use and handle your Personal Information when:
- It is necessary for our legitimate interests in connection with carrying out our business, as long as, in each case, these interests are in line with applicable law and your legal rights.
- Where you have agreed.
- Where this is necessary for legal obligations which apply to us.
How we use the Personal Information that you provide to us.
We undertake the following processing of your Personal Information on the legal basis that it is necessary to perform the contract with you and to provide the services we have agreed to provide to you. Where we have not entered into a contract with you, we may also carry out this processing because in that pre-contractual stage where we consider it is necessary in our legitimate business interests in order to deal with requests, enquiries or comments you have made to us.
Submission of details to clients
If you register to apply for a particular role, request to be put forward for a role or if you have asked us to put you forward for suitable roles, we will share some of your personal details including your name, work history and qualifications with our clients offering potential roles which might be suitable for you.
On-boarding for a work-assignment
If you are offered and accept a work assignment through us, we will need further Personal Information from you such as NI number, bank details, emergency contact details and some medical information in order to fulfil our statutory and contractual obligations to both you and our client.
Reporting to clients and managing timesheets, payroll and work performance
We sometimes have to prepare reports for clients relating to the services provided by us for example reports on financial or administrative matters or compliance with legal requirements. Such reports may contain your Personal Information such as your name, hours worked and pay rate. In addition we may need to manage submission of timesheets, payroll services and other Human Resourcing services such as managing your statutory rights and work appraisals for our clients, all of which would require use of your Personal Information.
Other lawfully permitted processing
We may also use any Personal Information that you provide to us for example to other companies within the NL Group or to employers or any other company who you ask us to approach on your behalf for work-searching purposes. If you choose not to provide Personal Information requested by us, we may not be able to provide you with the services and/or information you have requested or otherwise fulfil the purpose(s) for which we have asked for the Personal Information, including placing you in a work-assignment. We will where possible anonymise or aggregate such data for reporting purposes.
We undertake Pre-Assignment Vetting
We collect your Personal Information which you provide to us when applying for a role or registering for our job-finding services to comply with our (and clients’) legal obligations regarding your right to work and any necessary qualifications for roles. We may also process your Personal Information for this purpose where we consider it necessary for the performance of the contract with you, or otherwise with your consent.
We undertake the following processing of your Personal Information with your consent.
Where legally permitted to do so where you have provided us with your contact details and have agreed to be contacted for marketing purposes, we may contact you by telephone or by post for marketing purposes relating to our services, our website, and/or to research opinion on proposed business developments. Your agreement to the use of your Personal Information for these purposes is optional (see Marketing Opt-out below) and if you fail to provide your agreement, your use of our work-finding services will not be affected.
You are entitled to opt-out from receipt of marketing communication at any time and free of charge by emailing firstname.lastname@example.org or by using the “unsubscribe” option included in any marketing e-mail or other marketing material received from us.
- Facebook Pixels - The Facebook pixel is an analytics tool that allows you to measure the effectiveness of your advertising by understanding the actions people take on your website. You can use the pixel to: Make sure that your ads are shown to the right people
- Google Analytics - Google Analytics is a web analytics service offered by Google that tracks and reports website traffic
- Sharethis.com - ShareThis is a technology company that provides free engagement and growth tools for site owners. Their tools allow the sharing of content across 40+ social channels and are used by over three million publishers globally.
- Consensu.org - IAB Europe is the European-level association for the digital marketing and advertising ecosystem.
How and when do we share information with third parties?
Some services that we provide require the involvement of third parties. We have carefully selected these third parties and taken steps to ensure that your Personal Information is adequately protected. The third parties may include our clients, suppliers of IT services, pay-rolling services or vetting services.
Where we employ third party companies or individuals to process Personal Information provided by us on our behalf for business functions, including (without limitation) IT support, hosting our data on cloud platforms, legal, accounting, audit, consulting and other professional service providers, and providers of other services related to our business. Portions of our services may be provided by organisations with which we have a contractual relationship, including subcontractors, and, accordingly, your Personal Information may be disclosed to them. We only provide these organisations with the information that they need to be able to perform their services.
We will have in place an agreement with our service providers which will restrict how they are able to process your Personal Information.
Sharing within NL Group and to Service Providers
International Transfers of your Personal Information
- Where the transfer is to a place that is regarded by the European Commission as providing adequate protection for your Personal Information.
- Where we have put in place appropriate safeguards, for example by using a contract for the transfer which contains specific data protection provisions that have been adopted by the European Commission or a relevant data protection authority. You can request a copy of these contracts by contacting us at: email@example.com
- Where you have consented to it, or there is another legal basis to allow us to make the transfer.
- Sharing with other third parties
We may also provide your information to other third parties such as regulators and law enforcement agencies, where we are required by law to do so, where necessary for the purposes of preventing and detecting fraud, other criminal offences and/or to ensure network and information security.
How long do we store Personal Information for?
Security and Confidentiality
We employ appropriate security measures to help protect your Personal Information and guard against access by unauthorised persons. Information storage is on secure computers in a secure environment, or in secure, locked storage in the case of hard copy information. The information is encrypted wherever possible and we undergo periodic reviews of our security policies and procedures to ensure that our systems is secure and protected. However the transmission of information via the Internet is not completely secure so we cannot guarantee the security of your information when it is transmitted to our website or from third party websites such as job boards.
NLG is a nationwide supplier of temporary healthcare professionals, NLG aims to set the highest standards of Information security and in so doing so has developed an Information Security Management System (ISMS) to meet the requirements of the ISO27001:2013 standard. The aim of which is to protect the Confidentiality, Integrity and Availability of NLG and client held information resources and assets, thus safeguarding NLG and its clients from unauthorised access, compromise and or disclosure of data. Our current ISO27001 certification expires in January 2022.
Cyber Essentials PLUS Certification
In addition to the above, we have services that are Cyber Essentials PLUS accredited, this helps prevent the vast majority of cyber-attacks. Having a Cyber Essentials PLUS badge enables us to:
- Protect our organisation against common cyber threats
- Demonstrate our commitment to information security
You may withdraw your consent to receiving marketing at any time by emailing firstname.lastname@example.org. It is important to us that you are in control of your own information. As a result, we offer the following controls:
You may request access to or copies of the Personal Information that we hold about you. If you would like to exercise this right, please contact us at email@example.com or the address below.
If you believe that any information we have about you is incorrect or incomplete, please contact us firstname.lastname@example.org as soon as possible. We will take steps to seek to correct or update any information if we are satisfied that the information we hold is inaccurate. You may request that we restrict our processing.
- You may request that your Personal Information be deleted, where it is no longer necessary for the purposes for which it is being processed and provided there is no other lawful basis for which we may continue to process such information.
- To the extent we are processing your Personal Information to meet our legitimate interests (as set out above), you may object to the processing of your Personal Information by us. If we are unable to demonstrate our legitimate grounds for that processing, we will no longer process your Personal Information for those purposes.
- You may object to our processing as set out above.
- You may withdraw any consent given to processing.
- Where we are processing your Personal Information automatically for the purposes of performing our contract with you, you may have the right to request that the Personal Information we hold about you be transferred to a third party data controller.
- Where we may undertake automated decision-making we will request your explicit consent if the decision-making is not authorised by law or necessity for the performance of a contract.
You may also request that we restrict the processing of your data to that to which you have consented or for the establishment, exercise or defence of legal claims or the protection of the rights of another person, whilst we verify your data as set out in point 2 above; pending verification of our legitimate grounds as set out in point 4 above; or if the processing is unlawful or no longer necessary, but you wish us to retain your data for the purposes of establishing, exercising or defending legal claims.
Please contact email@example.com and we will assist you and provide you with all rights to which you are entitled in relation to your Personal Information under applicable data protection law.
If you are unhappy with the way that we have handled your Personal Information, you can make a complaint to the Information Commissioners Office (ICO) which is the UK authority responsible for data protection. Contact details are available online, or alternatively please ask us on firstname.lastname@example.org for assistance.
How to complain
We appreciate that at NLG we do not always get things right, this section explains how you can make a complaint.
We appreciate that at NLG we do not always get things right, this section explains how you can make a complaint. It is regrettable for us as an organisation when we receive a complaint. We take all complaints seriously and can assure you we will do our best to deliver a satisfactory outcome. If you do wish to complain about how your personal information is used by NLG then please write to us at:
GDPR Compliance Team
NL Group Limited
3 Earls Court
Henry Boot Way
Alternatively, you can email us at email@example.com.
NLG will investigate and respond within 10 working days, this allows us time to investigate your complaint thoroughly.
Supervisory Authority Details
This section provides details of the Supervisory Authority and how they can be contacted.
Where you believe that NLG has not taken our responsibilities with your personal data seriously, you have the right to complain to the Supervisory Authority. Their details are:
Information Commissioners Office
Telephone number: 0303 123 113
NL Group Companies and Trading Brands