Privacy notice for independent contractors and contract workers
How we use your personal data during the application process
We collect and process your personal information if you provide services to us, either as an independent contractor or via a service company.
This privacy notice describes how and why we process your information if you provide services to us as an independent contractor or work for a company which is providing services to us.
To find out more about how we handle personal data, read our privacy notice.
The NMC is the data controller in relation to your personal information.
Information we collect prior to entering into a contract for services with you or a service company you work for
Before we enter in a contract for services with you or a service company you work for, we collect and process:
- your name and any contact details that you or your service company give us
- any information included in your CV or documents you or your service company gives us which may include education history, employment history and information about your skills, ability and work experience.
Information we collect if we enter into a contract for services with you or a service company you work for
Once we’ve entered into a contract with you or a service company you work for, we may collect and process further information about you, including:
- you NMC contact details, such as an email address or telephone number
- any personal email addresses and/or phone numbers which you or the service company you work for give us
- the terms and conditions of your contract with us
- a record of the hours you have worked and any absences
- your job title and job description
- assessments of your contractual performance
- your photo, which may be used on a security ID access control card, the staff intranet, in news articles sent internally to all employees and on IT systems (for example in the Outlook email system);
- CCTV images of you
- any records of your activity on IT systems
- any recordings of your voice and conversations where meetings are recorded to aid note-taking or where telephone calls are recorded for training purposes.
The sources we use to collect information about you
We may collect information about you in a variety of ways, including from:
- your CV and supporting documents
- interviews or other forms of assessment
- surveys completed by you
- the service company you work for
- our IT systems
- recordings of meetings.
Why we process your personal information
We collect and process your information to assess your suitability to provide services for us or (where you work for a service company) the suitability of your service company to provide services to us.
If we enter into a contract with you or a service company you work for, we’ll process your information to:
- manage our contractual relationship with you or the service company you work for
- ensure you receive payment and anything else to which you’re entitled under our contract with you or the service company you work for
- comply with our legal obligations (for example, our health and safety obligations)
- grant you access to our buildings and IT systems where necessary
- investigate and respond to complaints or legal claims
- contact you in case of an emergency.
If in the future we intend to process your personal data for a different purpose, we’ll provide you with updated privacy information.
How and why we collect health information
We’re under a legal obligation to make reasonable adjustments to prevent people with disabilities from being placed at a substantial disadvantage, as well as ensuring they have a fair and equal chance of accessing our services.
Our legal basis for processing your information
If you’re an independent contractor or work for a service company we generally process your information because it’s necessary to take steps to enter into a contract with you or the service company you work for and/or to perform our contract with you or the service company you work for.
In some cases we’re also under a legal obligation to process your information. For example we process any health information you provide us in order to comply with our legal obligation to make reasonable adjustments.
Where we use your personal details to contact you in an emergency, we’ll only do so where it’s necessary to protect your vital interests or that of another person.
Who has access to your information
We’ll share your information internally with members of staff, for example those involved in the procurement process and members of our finance team to ensure you receive payment.
Where your data is stored on our IT systems, our IT staff will also have access to it in the course of their work.
We may also share your information with external third parties in the following ways:
- with suppliers who provide procurement services on our behalf;
- with legal advisors in the event of a complaint or legal claim.
How we protect your information
We take the security of your data seriously. We have internal policies and controls in place to keep your data secure. You can view our information security policy and data protection policies on our privacy notice page.
How long we keep your information for
We only keep your data for as long as we need it.
We may keep some information about you for a period of time after our contract with you or the service company you work for has ended where this is provided for in our contract with you or the service company.
Read our corporate retention schedule.
Keeping your information up-to-date
It’s your responsibility to ensure that information we hold about you is up-to-date by informing us of any changes to your personal information.
International transfers of data
We’ll only transfer your personal data outside the United Kingdom where we use a supplier to process personal data on our behalf and the supplier operates outside the UK.
We have policies and procedures in place to ensure that where your data is processed outside the UK it is adequately protected.
Use of Closed Circuit Television (CCTV) at our sites
CCTV is in operation at our sites. Where we’re not the sole occupier of the building (all offices other than 23 Portland Place) there’s additional CCTV which is controlled by the building owners or management company.
We record CCTV images of people when entering and leaving our premises as well as at strategic locations throughout the buildings. This is for the purposes of security and safety monitoring and the investigation of alleged criminal offences. We may share our CCTV images with law enforcement and courts if this is needed.
Our legal basis for recording CCTV
We use our premises to perform our regulatory functions. We consider that ensuring the security and safety of our premises is necessary for to perform a task carried out in the public interest and/or in our official authority as a regulator.
We also consider that we have a legitimate interest in using CCTV images to keep our premises safe and secure.
For more information about how we use CCTV, you can ask to see the CCTV policy.
Your personal data on our IT systems
We have to use IT systems to process your personal data. In addition, our IT systems create data about you by, for example, recording websites that you visit and emails that you send from our corporate IT network.
If you use our IT systems for personal use, this may result in data about your private life being processed and stored by our IT systems.
For more information about how your personal data is stored, processed, accessed, monitored or deleted from our IT systems, please refer to our ICT user policy.
Telephone call monitoring and recording
Telephone calls may be monitored and recorded to aid note-taking or for training purposes. Telephone calls aren’t monitored or recorded in all teams.
If you work in a team which monitors or records calls you will be made aware of this.
What if you don’t provide personal data?
Certain information, such as contact details, are necessary to enable the NMC to enter a contract with you.
If you don’t provide this information we may not be able to enter into a contract with you.
Right to be informed
You have the right to know about how and why we collect and use your information. This privacy notice forms part of our work to inform you about the information we hold about you and how we use it.
You can request further information or clarification on our use of your information at any time by filling in this form or emailing us at email@example.com.
Right of access
You have the right to request a copy of the information we hold about you.
In most cases the information will be provided to you free of charge. Only if the request is manifestly unreasonable or excessive or is a repeated request for the same information can we apply a charge. We would apply a charge based on the costs of providing the information.
There are circumstances where we’ll hold information but will not be able to provide it in response to a request. In such circumstances we would tell you that this is the case (unless compelled by law not to do so). We would also not supply information about a person if we haven’t been given enough details to identify them from that information.
You can request a copy of the information we hold about you by emailing firstname.lastname@example.org.
Right to rectification
You have the right to ask us to correct any information we hold if it’s incorrect.
Where proportionate and practical we’ll ensure that any organisation we have shared the information with also corrects it.
You can make your request by emailing email@example.com.
Right to erasure
In some circumstances you may have the right to ask us to remove information we hold about you.
There are limitations to this right. For example, if we are compelled by law to keep information about you or it is integral to our activities as a regulator.
To make your request email us at firstname.lastname@example.org.
Right to restrict processing
You have the right to ask us to restrict the processing of your information for specific purposes for specific periods of time.
In many instances the right to restrict the processing of your information does not arise, for example, where we process your information because of a legal obligation.
To make a request to restrict processing contact email@example.com.
Right to data portability
You have the right to request your information in a machine readable format, using common standards or file types. This right only applies where you have provided the information to us yourself and we are processing the information based on your consent or to fulfil a contract and when the processing is carried out by automated means.
To make a request email firstname.lastname@example.org.
Right to object
You have the right to object to us processing your information. This includes the right to object to direct marketing and the right to object to your information being used for research.
There are a number of exemptions to this right. If we’re not able to comply with your request we’ll advise you of our decision within one month of your request setting out the reasons.
You can tell us of your objection by contacting email@example.com.
Rights related to automated decision making including profiling
You have the right to request human intervention in any automated decision making processes where this process is not based on your consent, authorised by law or necessary for the performance of a contract.
Automated decision making is where a decision is taken about you using an electronic system without human involvement. We don’t currently make decisions using automated processes.
If you have an enquiry about our use of automated decision making, contact firstname.lastname@example.org.
If you have consented to the processing of your data you have the right to withdraw that consent at any time. To withdraw your consent, contact email@example.com.
As outlined in this privacy notice, in most instances we process your data for on a legal basis other than consent.
Data Protection Officer
Our Data Protection Officer can be contacted by emailing DPO@nmc-uk.org.
Your right to complain to the Information Commissioner’s Office (ICO)
You have a right to complain to the Information Commissioner’s Office (ICO). The contact details for the ICO can be found on the ICO website.
If more than one data controller processes your data
The NMC is the data controller in relation to your personal information.
If you were introduced to the NMC by a recruitment agency or online recruitment site before you made your application to us, that agency or recruitment site will also be a data controller in relation to your data.
To exercise your data protection rights you may need to contact the agency or recruitment website which is also a data controller in relation to your personal data. For example to obtain a copy of information which is held about you, you will need to contact the agency as well as making a request to us at firstname.lastname@example.org.