Skip to content

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Find out more here. Hide this message

About us

Recruitment privacy notice

Why are we collecting your information?

This Privacy Notice has been written to inform you that York and Scarborough Teaching Hospital NHS Foundation Trust (the Trust) processes information about you in order to manage your job application with the Trust.

Who do we collect your information from?

Much of the information we use will be collected directly from you: We also use information received from previous employers.

Who are we?

The Trust is a ‘Data Controller’, this means that we determine the purposes for which, and the manner in which, your personal data is processed. We have a responsibility to you and your personal data and will only collect and use this in ways which are compliant with data protection legislation.

The Trust has appointed Rebecca Bradley (Head of Information Governance) to be its Data Protection Officer (DPO). The role of the DPO is to ensure that the Trust is compliant with Data Protection legislation and to oversee data protection procedures. The DPO contact details are:

York and Scarborough Teaching Hospital NHS Foundation Trust
York Hospital
Wigginton Road
York
North Yorkshire
YO31 8HE
yhs-tr.Information.Governance@nhs.net

What Information are we collecting?

  • Personal identifiers (your name, address, date of birth etc);
  • Previous job experience and qualifications (including copies of certificates and employment references);
  • Information about your previous employment attendance and performance (including disciplinary information);
  • Information about your right to work;
  • Relevant medical information which affects your employment;
  • Membership of professional bodies.

We may also process special categories of information that may include:

  • Nationality, racial and/or ethnic origin (for equality purposes);
  • Religious or philosophical beliefs(for equality purposes);
  • Sex life or sexual orientation(for equality purposes);
  • Health information.

What is our lawful basis for processing your information?

Any personal data we process is done so in accordance with the UK GDPR. Our lawful basis for processing are:

  • Article 6(1)(b) Contractual obligation;
  • Article 6(1)(c) Legal obligation.

Where we process your special category information our lawful basis are:

Article 9(2)(b) Employment, social security and social protection; Schedule 1, Part 1 Paragraph 1;

Article 9(2)(h) Health and Social purposes; Schedule 1, Part 1, Paragraph 2 specifically in relation to the assessment of the working capacity of an employee.

In relation to DBS checks we process in accordance with GDPR Article 10 and the Data Protection Act 2018 Section 10 (4) and (5), Schedule 1 Part 2 Paragraph 18 Safeguarding of children and individuals at risk and Schedule 1 Part 2 Paragraph 10 preventing or detecting unlawful acts.

How long do we keep your information for?

The Trust follows NHS Digitals recommended retention schedule which can be found in the Records Management Code of Practice for Health and Social Care 2016

Who do we share your information with?

We will share your information with the following organisations:

  • disclosure and barring service to conduct criminal record checks, if applicable.

Do we transfer your information outside the UK?

The majority of the information we collect is held in the UK. In some circumstances we may transfer your information outside of the UK, for example where servers are held in the EU. We will take all reasonable steps to make sure your data is not processed in a country that the UK government does not see as ‘safe’. If we do need to send your data out of the EU we will ensure that necessary safeguards are in place.

National Fraud Initiative

The Trust participates in the Cabinet Office’s National Fraud Initiative: a data matching exercise to assist in the prevention and detection of fraud. We are required to provide particular sets of data to the Minister for the Cabinet Office for matching for each exercise. This is necessary to comply with a legal obligation (GDPR Article 6(1)(c)) and does not require consent under the data protection legislation. For further information, please see the National Fraud Initiative Privacy Notice.

What rights do you have over your data?

Under GDPR data subjects have the following rights in relation to the processing of their personal data:

  • to be informed about how we process your personal data. This notice fulfils this obligation
  • to request access to your personal data that we hold, and be provided with a copy of it
  • to request that your personal data is amended if inaccurate or incomplete
  • to request that your personal data is erased where there is no compelling reason for its continued processing
  • to request that the processing of your personal data is restricted
  • to object to your personal data being processed

If you have any concerns about the way we have handled your personal data or would like any further information, then please contact our DPO on the address provided above. To put in a Subject Access Request please contact:

01904 725312
yhs-tr.recruitment@nhs.net

If we cannot resolve your concerns you may also complain to the Information Commissioner’s Office (the Data Protection Regulator) about the way in which the Trust has handled your personal data. You can do so by contacting:

First Contact Team
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
casework@ico.org.uk // 0303 123 1113

Version 3 - 20/03/2023

Two female receptionists on the phone at a desk smiling

Feedback

Chinese Poland

View all languages >

Our Trust is asking visitors to help protect patients from highly contagious winter infections by not visiting friends and relatives in hospital, when they have been unwell or in close contact with someone with flu or norovirus.  Full details here.