Talent cloud limited privacy policy

Last Updated: 4th October 2018

Overview – the key information you should to know

Who are we:

We are Talent Cloud Limited, trading as and referred to in this document as Nightingale, a limited company registered in England & Wales. Our company registration number 11423780 and our registered office is at 35 Wilkinson Street, Sheffield, South Yorkshire, S10 2GB (collectively, “the Company”, “Nightingale,” “we,” “us” or “our”).

Nightingale needs to gather and use certain information about individuals. In data protection terminology Nightingale is defined as the Data Controller in respect of the personal information you provide us with.

What this policy is for:

The General Data Protection Regulation (GDPR) applies to the whole of the EU and companies holding data of EU citizens.

We value your privacy and want to be accountable to you, and transparent with you, in the way that we collect and use your personal information. We also want you to know your rights in relation to your personal information.

This Privacy Policy tells you what to expect when we collect and use your personal information. We have tried to make it simple and easy for you to read and find the information that is most relevant to you.

This Privacy Policy describes how this personal data must be collected, handled and stored to meet our data protection standards and to comply with the law.

This Privacy Policy ("Policy") together with our Terms of Use (“Terms”) and any other documents referred to in it, governs the basis of our collection, storage and use of personal information collected by Nightingale.

We are always looking to improve the information we provide to our users so if you have any feedback on this privacy policy, please let us know using our contact details above or by emailing us as hello@nightingaleapp.co.uk.

Who this policy applies to:

This Privacy Policy applies to the collection, storage and use of personal information about you.

This can include Independent Healthcare Professionals, Clients, Customers, Suppliers, Business Contacts, Employees and any other people the Company has a relationship with or may need to contact. These parties may be defined as the Data Processors.

Specifically, this Privacy Policy provides you with details about the personal information we collect and hold about you, how we use your personal information and your rights

regarding your personal information. It does not cover any use of your personal information by other Users whether they have accessed your information via our Platform or otherwise. That use will be governed by the relevant Users own privacy policy.

What this policy contains:

This privacy policy contains the following sections relating to your personal information:

1. What we do;

2. How we collect your personal information;

3. How we use your personal information;

4. Our legal basis for using your personal information;

5. How and why we share your personal information;

6. How long we store your personal information;

7. Your rights;

8. Marketing;

9. Risks and how we keep your personal information secure;

10. Data accuracy;

11. Data subject access requests;

12. Cookies;

13. Links to other websites;

14. Changes to this privacy policy; and

15. Further questions and how to make a complaint

Your rights to object:

You have various rights in respect of our use of your personal information as set out in Your rights Section. Two of the fundamental rights to be aware of are that you may:

(a) ask us to stop using your personal information for direct-marketing purposes. If you exercise this right, we will stop using your personal information for this purpose.

(b) ask us to consider any valid objections which you have to our use of your personal information where we process your personal information based on our, or another person's, legitimate interest.

You can find out more information in the Your rights Section.

What you need to do and your confirmation to us:

Please read this Privacy Policy carefully to understand how we handle your personal information. By engaging with us in the ways set out in this Privacy Policy, you confirm that you have read and understood the entirety of this Privacy Policy as it applies to you.

Detail – the key information you should know

1. What we do

Nightingale provides an online platform that directly connects Independent Healthcare Professionals seeking to provide professional healthcare services and Clients seeking to

engage Independent Healthcare Professionals to perform such Professional Healthcare Services within the Healthcare Services they operate.

2. How we collect your personal information

2.1

If you are an Independent Healthcare Professional registering to find shifts and provide your Professional Healthcare Services to Clients through the Nightingale Platform, we will collect personal information as detailed in your Healthcare Professional Profile at registration and as provided in your Healthcare Professional preferences once logged in.

2.2

If you are a Client running Healthcare Services and seeking to engage Independent Healthcare Professionals for shifts through the Nightingale Platform, we will collect personal information as detailed in your Client Profile at registration and as provided in your Client preferences once logged in.

3. How we use your personal information

3.1

If you are an Independent Healthcare Professional we will collect, use and store your personal information for the following reasons:

(a) enabling you to advertise your availability as an Independent Healthcare Professional and to communicate with Clients to book shifts and the delivery of your professional healthcare services to one or more Clients;

(b) allowing Clients (as potential engagers of your services) to view your Professional Profile when you apply for a Shift, or have worked a Shift, or have been marked as a favourite by that Client;

(c) maintaining a record of your Professional Profile information and Platform history so that Clients seeking to engage someone with your skill set can easily search, find and request you to work with them;

(d) conducting profiling and business development activities, as well as market research and statistical analysis regarding activity via our platform. Such details will be anonymised as far as is reasonably possible and you will not be identifiable from the information collected;

(e) maintaining your Professional Profile information;

(f) complying with any legal or regulatory requirements and to make the necessary disclosure under the requirements of any applicable law, regulation, direction, court order, guideline, circular or code which are applicable to us for the prevention of crime;

(g) to allow you to access and use of the Nightingale Site/Platform;

(h) to provide technical support;

(i) to provide you with the information you request from us;

(j) to store information about your preferences and allow us to customise our Site/Platform according to your individual interests;

(k) to recognise you when you return to our Site/Platform;

(l) for equal opportunities monitoring;

(m) making our Site/Platform and your use of it available to you;

(n) improving our Site/Platform to ensure that content is presented in the most effective way for you and your device; and

(o) assisting in our efforts to keep our Site/Platform safe

3.2

If you are an Independent Healthcare Professional We will collect, use and store your personal information for the following reasons:

(a) enabling you to advertise and promote your Healthcare Services, locations and Shifts to Independent Healthcare Professionals seeking to engage with you to book Shifts and provide Professional Healthcare Services;

(b) to provide any and all relevant Site/Platform services to you (including but not limited to, enabling you to confirm and engage Independent Healthcare Professionals for Shifts, approval of electronic timesheets, authorisation of payments, billing history and all other administrative functions);

(d) to allow you to access and use of the Nightingale Site/Platform;

(e) to provide technical support;

(f) to provide you with the information you request from us;

(g) to store information about your preferences and allow us to customise our Site/Platform according to your individual interests;

(h) to recognise you when you return to our Site/Platform;

(i) for improvement and maintenance of our website and preparing reports or compiling statistics in order to improve our Services. Such details will be anonymised as far as is reasonably possible and you will not be identifiable from the information collected;

(j) to send you certain communications (including by email or post) about our Services such as service announcements and administrative messages (E.g. changes to our Terms and Conditions etc…); and

(k) to notify you of relevant events that may be of interest to you

4. Our legal basis for using your personal information

4.1

We consider that the legal basis for using your personal information as set out in this Privacy Policy is as follows:

4.1.1 Legitimate interests

In respect of any personal data processed before Users register on the Nightingale Site/Platform. This applies where a colleague sends you a referral notification/s from Nightingale before you have registered on our Site/Platform.

4.1.2 Consent

In respect of your personal information being shared with Clients. If a User withdraws their consent, they will then not be able to access the Nightingale Site/Platform. Any withdrawal of consent will not affect the lawfulness of the use of personal information prior to consent being withdrawn.

Occasionally personal information may continue to be used even if consent has been withdrawn, for example, if a Client makes a complaint about an Independent Healthcare Professional that was engaged via the Nightingale Site/Platform.

4.1.3 Necessary for performance of a contract

A Client, when engaging you through the Nightingale Site/Platform, will need to access your Professional Profile data to ensure that you meet their compliance standards. These standards are specific to the Client organisation and must be checked prior to any engagement with you.

4.1.4 Necessary for compliance with a legal obligation

This basis applies in special circumstances such as a police or other legal investigation or serious complaint requiring the Client or Nightingale to release personal information in order to comply with any legal or regulatory requirements and to make the necessary disclosure under the requirements of any applicable law, regulation, direction, court order, guideline, circular or code which are applicable to us.

4.1.5 Public interest

In limited circumstances, Clients may use personal information to help discharge their obligations relating to providing healthcare services to patients and relatives and looking after their welfare.

5. How and why we share your personal information

5.1

We may share your personal information with our group companies where it is in our legitimate interests to do so for internal administrative purposes (E.g. ensuring a consistent service for our clients and for you, corporate strategy, compliance, auditing and monitoring, research and development and quality assurance).

5.2

We will also share your personal information with the following third parties or categories of third parties:

(a) our other service providers and sub-contractors, including but not limited to payment processors, utility providers, suppliers of technical and support services, insurers, logistic providers, and cloud service providers;

(b) public agencies and the emergency services;

(d) analytics and search engine providers that assist us in the improvement and optimisation of our Site/Platform

5.3

Any third parties with whom we share your personal information are limited (by law and by contract) in their ability to use your personal information for any purpose other than to provide services for us.

We will always ensure that any third parties with whom we share your personal information are subject to privacy and security obligations consistent with this privacy policy and applicable laws.

5.4

We will also disclose your personal information to third parties:

(a) where it is in our legitimate interests to do so to run, grow and develop our business;

(b) if we sell or buy any business or assets, we may disclose your personal information to the prospective seller or buyer of such business or assets;

(c) if substantially all of Nightingale’s or any of its affiliates' assets are acquired by a third party, in which case personal information held by Nightingale will be one of the transferred assets;

(d) if we are under a duty to disclose or share your personal information in order to comply with any legal obligation, any lawful request from government or law enforcement officials and as may be required to meet national security or law enforcement requirements or prevent illegal activity;

(e) in order to enforce or apply our terms and conditions or any other agreement or to respond to any claims, to protect our rights or the rights of a third party, to protect the safety of any person or to prevent any illegal activity; or

(f) to protect the rights, property, or safety of Nightingale, our staff, our Clients (including residents) or other persons. This may include exchanging personal information with other organisations for the purposes of fraud protection and credit risk reduction

5.5

We may also disclose and use anonymised, aggregated reporting and statistics about users of our Site/Platform or our services for the purpose of internal reporting or reporting to our group or other third parties, and for our marketing and promotion purposes. None of these anonymised, aggregated reports or statistics will enable our users to be personally identified.

5.6

Save as expressly detailed above, we will never share, sell or rent any of your personal information to any third party without notifying you and, where necessary, obtaining your consent. If you have given your consent for us to use your personal information in a particular way, but later change your mind, you should contact us and we will stop doing so.

6. How long we store your personal information

We keep your personal information for no longer than necessary for the purposes for which the personal information is processed. The length of time we retain personal information for depends on the purposes for which we collect and use it and/or as required to comply with applicable laws and to establish, exercise or defend our legal rights.

7. Your rights

7.1 Your rights

You have certain rights in relation to your personal information. If you would like further information in relation to these or would like to exercise any of them, please contact us via email at dataprotection@nightingaleapp.co.uk.

You have the following rights:

7.1.1 Right of access

You have a right of access to any personal information we hold about you. You can ask us for a copy of your personal information; confirmation whether your personal information is being used by us; details about how and why it is being used; and details of what safeguards are in place if we transfer your information outside of the European Economic Area ("EEA").

7.1.2 Right to update your information

You have a right to request an update to any of your personal information which is out of date or incorrect.

7.1.3 Right to delete your information

You have a right to ask us to delete any personal information which we are holding about you in certain specific circumstances. You can ask us for further information on these specific circumstances by contacting us via email at dataprotection@nightingaleapp.co.uk.

We will pass your request onto other recipients of your personal information unless that is impossible or involves disproportionate effort. You can ask us who the recipients using the email address above.

7.1.4 Right to restrict use of your information

You have a right to ask us to restrict the way that we process your personal information in certain specific circumstances. You can ask us for further information on these specific circumstances by contacting us via email at dataprotection@nightingaleapp.co.uk.

7.1.5 Right to stop marketing

You have a right to ask us to stop using your personal information for direct-marketing purposes. If you exercise this right, we will stop using your personal information for this purpose.

7.1.6 Right to data portability

You have a right to ask us to provide your personal information to a third-party provider of services.

This right only applies where we use your personal information based on your consent or performance of a contract, and where our use of your information is carried out by an automated process.

7.1.7 Right to object

You have a right to ask us to consider any valid objections which you have to our use of your personal information where we process your personal information based on our, or another person's, legitimate interest.

7.2

We will consider all such requests and provide our response within a reasonable period (and in any event within 28 days of your request unless we tell you we are entitled to a longer period allowed by applicable law). Please note, however, that certain personal information may be exempt from such requests in certain circumstances, for example if we need to keep using the information to comply with our own legal obligations or to establish, exercise or defend legal claims.

7.3

If an exception applies, we will tell you this when responding to your request. We may request you provide us with information necessary to confirm your identity before responding to any request you make.

8. Marketing

8.1

We may collect and use your personal information for undertaking marketing by email, telephone and post.

8.2

We may send you certain marketing communications (including electronic marketing communications to existing Users) if it is in our legitimate interests to do so for marketing and business development purposes.

8.3

However, we will obtain your consent to direct marketing communications where we are required to do so by law and if we intend to disclose your personal information to any third party for such marketing.

8.4

If you wish to stop receiving marketing communications, you can unsubscribe, change your marketing preferences or contact us via email at dataprotection@nightingaleapp.co.uk.

9.Risks and how we keep your personal information secure

9.1

The main risk of our processing of your personal information is if it is lost, stolen or misused. This could lead to your personal information being in the hands of someone

else who may use it fraudulently or make public information that you would prefer to keep private.

9.2

For this reason, Nightingale is committed to protecting your personal information from loss, theft and misuse. We take all reasonable precautions to safeguard the confidentiality of your personal information, including through the use of appropriate organisational and technical measures.

These rules describe how and where data should be safely stored:

(a) when data is stored on paper, it should be kept in a secure place where unauthorised people cannot see it;

(b) when not required, the paper or files should be kept in a locked drawer or filing cabinet;

(c) employees should make sure paper and printouts are not left where unauthorised people could see them (E.g. on a printer);

(d) data printouts should be shredded and disposed of securely when no longer required and within 5 working days;

(e) when data is stored electronically, it must be protected from unauthorised access, accidental deletion and malicious hacking attempts;

(f) data should be protected by strong password that are changed regularly and never shared between employees;

(g) if data is stored on removable media (E.g. a Data Stick or DVD), these should be kept securely locked away when not being used;

(h) data should only be stored on designated drives and servers, and should only be uploaded to an approved cloud computing service;

(i) servers containing personal data should be located in a secure place away from general office space;

(j) data should be backed up frequently and tested regularly, in line with company standard backup procedures;

(k) if data is stored to laptops, smartphone or tablets it should be deleted as soon as possible after it has been used and, in any event, no longer than 12 hours after the data has been received; and

(l) all servers and computers containing data should be protected by approved security software and a firewall;

9.3

During provision of your personal information to us, your personal information may be transferred over the internet. Although we make every effort to protect the personal information which you provide to us, the transmission of information over the internet is not completely secure.

As such, you acknowledge and accept that we cannot guarantee the security of your personal information transmitted to our website and that any such transmission is at your own risk. Once we have received your personal information, we will use strict procedures and security features to prevent unauthorised access to it.

9.4

Where we have given you, or where you have chosen, a password which enables you to access your profile and account on our Site/Platform, you are responsible for keeping this password private and confidential. Please do not share your password with anyone.

10. Data accuracy

10.1

The law requires Nightingale to take all reasonable steps to ensure data is kept accurate and up to date.

10.2

It is the responsibility of all employees of Nightingale who work with data to take reasonable steps to ensure it is kept as accurate and up to date as possible.

10.3

Data will be held in as few places as necessary. Employees of Nightingale should not create any unnecessary additional data sets.

10.4

Staff should take every opportunity to ensure data is updated, E.g. by confirming an Independent Healthcare Professional or Clients details when they contact us.

10.5

Nightingale will make it easy for Users to update the information we hold about them. In the vast majority of cases this can be done via our Site/Platform.

10.6

Data should be updated as and when identified. E.g. If a customer can no longer be reached on their stored telephone number or email address, then this information should be removed from our records.

11. Date subject access requests

11.1

All Users that are the subject of personal information held by Nightingale are entitled to request the following:

(a) what information the company holds about you and why

(b) how you can gain access to it

(d) how the company is meeting its data protection obligations

If a User contacts Nightingale requesting this information, this is called a data subject access reques

11.2

Data subject access requests from Users should be made by via email to dataprotection@nightingaleapp.co.uk and include the title “Data subject Access Request”. Nightingale can supply a standard request form for data subject access requests, although you do not have to use this.

11.3

Users will not be charged for a data subject access request. Nightingale will aim to provide the relevant data within 28 days of the request.

11.4

Nightingale will always verify the identity of anyone making a data subject access request before handing over any information.

12. Cookies

12.1

Some pages on our website use cookies, which are small files placed on your internet browser when you visit our website. We use cookies to offer you a more tailored experience in the future, by understanding and remembering your browsing preferences.

12.2

Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a better experience when you browse our website and allows us to improve our site.

12.3

Where we use cookies on our website, you may block these at any time. To do so, you can activate the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies), you may not be able to access all or parts of our website or to use all the functionality and services provided through our website.

12.4

We use third party analytics providers to collect information about your use of our website, this allows us to improve how our service works. The information allows us to see the overall patterns of usage on our site and helps us record any difficulties you have with it.

These third-party analytics providers use cookies and other, similar technologies to collect information about the use of the site and to report statistics and trends to us without identifying you individually.

13. Links to other websites

13.1

Our website may contain hyperlinks to other websites that are not operated by us. These hyperlinks are provided for your reference and convenience only and do not imply any

endorsement of the activities of such third-party websites or any association with their operators.

13.2

This Privacy Policy only applies to the personal information that we collect or which we receive from third-party sources, and we cannot be responsible for personal information about you that is collected and stored by third-parties.

13.3

Third-party websites have their own terms and conditions and privacy policies, and you should read these carefully before you submit any personal information to these websites.

13.4

We do not endorse or otherwise accept any responsibility or liability for the content of such third-party websites or third-party terms and conditions or policies.

14. Changes to our privacy policy

We may update our Privacy Policy from time to time. Any changes we make to our Privacy Policy in the future will be posted on this page with the ‘Last Updated’ date amended and, where appropriate, we will notify you by post or email.

Please check back frequently to see any updates or changes to our Privacy Policy.

15. Further questions and how to make a complaint

15.1

If you have any queries or complaints about our collection, use or storage of your personal information, or if you wish to exercise any of your rights in relation to your personal information, please contact dataprotection@nightingaleapp.co.uk.

We will investigate and attempt to resolve any such complaint or dispute regarding the use or disclosure of your personal information.

15.2

In accordance with Article 77 of the General Data Protection Regulation (GDPR), you may also make a complaint to the Information Commissioner's Office (ICO), or the data protection regulator in the country where you usually live or work, or where an alleged infringement of the General Data Protection Regulation (GDPR) has taken place.

Alternatively, you may seek a remedy through the courts if you believe your rights have been breached