Version 2.0 – Last updated: May 2018
We are committed to protecting and respecting your privacy.
- Information we collect about you
- How we use your information
- Who we give your information to
- Where we store your information
- How we protect your information
- How long we keep your information
- Your rights
- Changes to this policy
- Contact us
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
For the purposes of European Economic Area data protection law, (the “Data Protection Law”), the data controller is: Berdroot Developments Limited, Kemp House, 160 City Road, London EC1V 2NX, United Kingdom.
Information we collect about you
We will collect and process the following personal data from you:
1. Information you give us
This is information about you that you give us directly when you interact with us.
This is information about you that you give us by filling in forms on our Service or by corresponding with us by phone, e-mail or otherwise. It includes information you provide when you register to use our Service, Servicely for a job posting, use our Service to directly message hospitals or trusts about a job posting, submit a query, and when you report a problem with our Service.
The information you give us may include:
- your name
- personal e-mail address
- NHS.net email address
- phone number
- GMC number
- personal description and photograph
- login and password details, current employment information
- content generated by you on the Service, including reviews, ratings and blog posts
- details you provide of your employment and training history for the purpose of your creating your profile on our Service
- documents to prove your professional qualifications for the purpose of using our Service
- payslips, tax code, payroll information and bank account information for the purposes of our Messly Instant Pay service
- national insurance number
- employment expenses for the purposes of our Messly Tax Rebate service
2. Information we collect about you from your use of our Service
We will automatically collect information from you each time you use our Service. This includes technical information such as your Internet protocol (IP) address used to connect your device to the Internet, your login information, operating system and platform, version, time zone setting, plug-in types and versions.
We also collect information generated through the use of our Service, including:
- shifts which you have applied for
- shifts which you have worked
- amounts which you have been paid for shifts which have been booked
3. Information we receive from other sources
This is information we receive about you from hospitals and trusts (“Organisations”). This includes your GMC number and your employment or bank registration status with the Organisation. GMC data is publically available at https://webcache.gmc-uk.org/gmclrmp_enu/ and is used for the purpose of affiliating new doctors using our Service with the relevant Organisations that they are employed by or otherwise verified by in order to provide medical services.
How we use your information
You can see a full list of the types of data we process, the purpose for which we process it and the lawful basis on which it is processed here. We use information held about you in the following ways: Information you give to us: We will use this information to take steps in order to enter into any contract or carry out our obligations arising from any contract entered into between you and us including: administering your account with us; storing your registration documents and providing them to Organisations upon request following your application for a relevant job posting; associate you with any Organisation for which you are already affiliated; notifying you about changes to our service We will also use this information to ensure in our legitimate interests that content from our Service is presented in the most effective manner for you and for your device, including ensuring that your experience is optimised in terms of relevance of job postings, content and access to resources, and ensuring that we provide you with the information that you request from us. 2) Information we collect about you from your use of our Service We will use this information in our legitimate interests, where we have considered these are not overridden by your rights to: administer our Service and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes. keep our Service safe and secure. improve our Service to ensure that content is presented in the most effective manner for you and for your device. allow you to participate in interactive features of our service, when you choose to do so. 3) Information we receive from other sources We may combine this information with information you give to us and information we collect about you in our legitimate interests (where we have considered that these are not overridden by your rights). We will use this information and the combined information for the purposes set out above (depending on the types of information we receive).
Who we give your information to
Where we store your information
How we protect your information
All information you provide to us is stored on our secure servers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Service, you are responsible for keeping this password confidential. We ask you not to share a password with anyone. We keep your information secure by following internal policies of best practice and training for staff, and by using Secure Socket Layer (SSL) technology when information is submitted to us online Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Service; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. In the unlikely event of a criminal breach of our security we will inform the relevant regulatory body within 72 hours and, if your personal data were involved in the breach, we shall also inform you. Our Service may, from time to time, contain links to external sites. We are not responsible for the privacy policies or the content of such sites.
How long we keep your information
We retain personal data for as long as you have an account with us in order to meet our contractual obligations to you and for six years after that to identify any issues and resolve any legal proceedings. We may also retain aggregate information beyond this time for research purposes and to help us develop and improve our services. You cannot be identified from aggregate information retained or used for these purposes.
You have the right under certain circumstances: to be provided with a copy of your personal data held by us; to request the rectification or erasure of your personal data held by us. If you wish you erase your information, you are required to submit a request via the email account used to register with us. Upon verification of the source of request, the process will kick off for removing any personal data linked to the individual who raised the request. Following the completion of the process a notification will be sent to the individual within one month confirming the completion of the process. to request that we restrict the processing of your personal data (while we verify or investigate your concerns with this information, for example); to object to the further processing of your personal data; to request that your provided personal data be moved to a third party. Where the processing of your personal information by us is based on consent, you have the right to withdraw that consent without detriment at any time by contacting us. You can also exercise the rights listed above at any time by contacting us at firstname.lastname@example.org If your request or concern is not satisfactorily resolved by us, you may approach your local data protection authority, (see http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.html). The Information Commissioner is the supervisory authority in the UK and can provide further information about your rights and our obligations in relation to your personal data, as well as deal with any complaints that you have about our processing of your personal data.
Changes to this policy