Privacy Policy
This Privacy Policy sets out the foundation on which all personal data that Coral Care Services collect from you, or that you provide to us via our website and any other group affiliate websites, will be processed by us. Read this policy carefully to understand Coral Care Services’ practices relating to your personal data and…
This Privacy Policy sets out the foundation on which all personal data that Coral Care Services collect from you, or that you provide to us via our website and any other group affiliate websites, will be processed by us. Read this policy carefully to understand Coral Care Services’ practices relating to your personal data and how we will treat it.
Coral Care Services has updated our Privacy Policy to GDPR standards.
WHO ARE WE?
We are Coral Care Services. Coral care services offer the most diverse range of healthcare, professional training and community care services in Northwest Ireland.
We take the protection of your personal data seriously.
This notice sets out the basis on which any personal data we collect from you, or from others, will be processed by us. Please read the following carefully to understand our practices regarding your personal data and how we will treat it.
Our data protection contact may be contacted at Coral Care Services, by email at admin@coralcareservices.ie
Purpose/Overview
Coral Care Services must comply with all relevant data protection, privacy and, security laws and, regulations in the locations in which we work.
The aim of this Data Protection Policy is to outline the requirements of Coral Care Services regarding the protection of personal data, and the measures we will take to protect the rights of data, in line with EU and Irish legislation.
We are required to collect and use certain types of information about people, including personal data’ as outlined by the General Data Protection Regulation (GDPR). This information can relate to patients, service users, current, past, and prospective employees, suppliers, and others with whom staff communicate.
Staff may occasionally be required to collect and use certain types of personal information to comply with the requirements of other legislation for example infectious diseases legislation and the National Cancer Registry. This document sets out to ensure compliance with the GDPR.
Scope
This policy applies to all Coral Care Services staff, students, interns and work experience candidates, contractors, sub-contractors, agency staff and authorised third party commercial service providers, and other persons or entities when receiving, handling, or processing personal data as defined by the GDPR.
Policy
It is the policy of Coral Care Services that all data is processed and controlled in line with the Data Protection Principles outlined below and relevant Irish legislation.
Data Protection Principles
The following data protection requirements apply to all instances where personal data is stored, transmitted, processed, or otherwise handled, regardless of geographic location.
Coral Care Services will comply with the following principles:
- Personal data shall only be processed fairly, lawfully and in a transparent manner.
- Personal data shall be obtained only for specified, explicit, lawful, and legitimate purposes, and shall not be further processed in any manner incompatible with those purposes.
- Personal data shall be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.
- Personal data shall be accurate, and where necessary kept up to date.
- Personal data shall not be kept for longer than necessary for the purposes for which the personal data are processed.
- Personal data shall be processed in a secure manner, which includes having appropriate technical and organisational measures in place to:
- Prevent unauthorised or unlawful access to, or processing of, personal data.
- Prevent accidental loss or destruction of personal data.
- Coral Care Services will be responsible for, and will be able to determine compliance with, these key principles:
- Persons will be able to request access to data we hold on them.
- Persons can request to change or correct any inaccurate data.
- Persons have the right to object to having their data processed.
- Persons can request to delete data that we hold.
- Persons can request to delete data that we hold.
Data Processing Policy Requirements
- Coral Care Services will be responsible for and will be able to demonstrate compliance with these GDPR Requirements.
- We will process personal data in accordance with the rights of persons.
- We will communicate in a brief, transparent, intelligible, and easily accessible form, using clear language.
- We will only transfer personal data to Third Parties within Ireland. Coral Care Services must not transfer personal data to a Third Party outside of the European Economic Area (EEA).
Processing of Personal Data
- The processing of personal data is required in order to protect the vital interests of the person. This would apply in emergency situations such as in the Emergency Department when unconscious, sharing information with other emergency services for rescue or relocation in storms etc.
- The processing of personal data is required for a task carried out in the public interest.
- Processing of personal data is permitted where it is necessary for the performance of a contract, or in order to take steps at the request of the person prior to entering into a contract.
Data Anonymisation and Pseudonymisation
Coral Care Services must anonymise and / or pseudonymise personal data when it is being used for purposes other than the direct provision of public health and health and social care services.
Unauthorised Disclosure
All persons covered under this policy are prohibited from disclosing any confidential information (including personal data) unless this policy or a legal basis allows for such disclosures.
All persons covered under this policy must report all suspected incidents of unauthorised access to relevant management. Incidents include disclosure, loss, destruction or alteration of patient and service user’s personal information, regardless of whether it is in paper or electronic form.
Third Party Transfer Policy
Subject to the provisions above, Coral Care Services may transfer personal data to a Third Party outside of the EEA where any of the following apply:
- The transfer is necessary to protect the data subject’s vital interests.
- The persons have given explicit consent to the proposed transfer.
- The transfer is necessary for the conclusion or performance of a contract concluded in the interest of the persons between Coral Care Services and a Third Party.
- The transfer is necessary or legally required for the establishment, exercise, or defence of legal claims.
Education and Awareness Policy
Coral Care Services will ensure that data protection training material is available through the HSELand (The HSE e-learn environment). In addition to General Data Protection Regulation training staff may receive additional training when applicable to their duties or position.
DETAILS OF PERSONAL DATA PROCESSING
In the course of our business, we collect and process the Personal Data as set out in this Notice. This may include data we receive directly from an individual (Data Subject) for example, by completing forms or by corresponding with us by mail, phone, WhatsApp, social media messages, email or otherwise and data we receive from other sources including, for example, our website, our recruitment operating system (Vincere), garda vetting, NMBI, health certificate providers and others.
We will only process Personal Data for the specific purposes in this Notice or for any other purposes expressly permitted by the applicable law. We will notify those purposes of the Data Subject when we first collect the data or as soon as possible thereafter.
The personal data we collect, details of the processing activity and the lawful basis is as follows:
PROCESS DESCRIPTION OF DATA COLLECTED, PURPOSE OF PROCESSING AND USE LAWFUL BASIS
Clients We collect the following information from new clients: name, address, contact details including email address and phone number, and financial information. We use this data to set you up as a client on our systems, liaise with you about projects that we are undertaking with you, make appropriate financial returns to revenue, process payment of invoices, etc.
We collect the following personal data through our organisation’s “work with us” form:
- Client contact name
- Contact email address
- Contact phone number
We use this data to match your staffing requirements to the availability of our nurses and carers.
When corresponding with us by phone, e-mail or otherwise, we ask you to disclose only as much information as is necessary to provide you with our services.
Legitimate Interests
Suppliers
We collect and process information relating to our suppliers (and their employees) such as names, contact details, and financial information. We use this data to set you up as a supplier on our system; to liaise with you on projects that we are undertaking with you, to provide you with information and to process the payment of your invoices.
Candidates
We collect the following information through our online registration form and sometimes through social media messaging:
- Full name
- Contact information including phone number and email address
- Available start dates
- Preferences (clinical and job duration)
- Status of your passport/visa
- Postal address (required only at the point of contract issue)
- CVs
The type of information you may provide in your CV:
- A cover letter, your name, e-mail address and phone number.
- Relevant employment history and education (degrees obtained, places worked, positions held, relevant awards, and so forth).
- Relevant certifications that you hold
We use this data to screen candidates, assess suitability for roles and contact successful candidates.
We ask that you do not disclose sensitive personal information (e.g., gender, height, weight, medical information, religion, philosophical or political beliefs, financial data) in your application.
Agency Worker / Contractor Set Up
When you enter into a contract with us, we collect the following information:
We collect the following personal data from new recruits:
- Passport or driving license for identification
- Photograph for Coral Care Services Identification Badge
- Signed Garda Vetting NVB 1 Form
- BI Annual Garda Vetting
- Annual garda vetting certificate
- NMBI Registration
- Immunisation records
- Completed candidate reference forms from the two most recent employers
- Relevant certificates
- Relevant training certificates
- Pre-employment occupation forms
- Bank details
- Emergency contact details (we will never contact these people without your consent)
We gather this personal data directly and from third parties.
We use this data to decide and recommend our agency or permanent employment that might be suitable for you and verify identities and ensure that all relevant legal requirements are met, and certifications are up to date.
If you do not provide the information we need, or help us keep it up to date, we may not be able to provide you with our services.
Sales and Marketing
We are not collecting any information for sales and marketing purposes. Any data collected on signup, referral purpose, and how this is used should be outlined by Emerald Nursing.
All information is collected in the following forms:
- Nurse/Carer Sign Up
- Organisations Sign Up
- Apply for a job form
- Login Sign up extended form
- Legitimate interests
- Consent
- Website Data and Cookies
We collect data from cookies on our website.
A cookie is a little piece of text that our server places on your device when you visit any of our websites. We use this data to improve your experience on our website and understand how you use our website.
We use functionality cookies to recognise and remember your previously selected preferences
We use advertising cookies to understand the content that you view on our website, the links you follow and specific information about your device, including IP address.
We do not use session cookies.
See our cookie policy for more information [Our Cookie Policy].
Consent
Special Category Data Collected We will collect certain medical information such as:
- Fitness to Practice Certificates
- Vaccination/immunisation records
- Drug and Alcohol test results
We also collect:
Garda vetting information (this may include criminal history)
We collect this special category data to ensure that all relevant legal and industry requirements are met.
Performance of a Contract
When you become a client, supplier or join the Coral Care Services team, the processing of your personal data, will become a condition of the contract between us as we require certain information in order to be able to provide you with our services and to comply with certain legal obligations. In those circumstances, if you do not provide your information when requested, we may be unable to provide our services to you.
3. WHAT INFORMATION ABOUT YOU DO WE OBTAIN FROM OTHERS?
When you use Coral Care Services, we may obtain the following categories of personal data from others:
We will collect candidate reference forms from previous employers of each job candidate.
When we refer you for a medical exam, we may receive a medical report from the medical practitioner.
We will collect Certificate of Fitness to Practice certificates from a third-party supplier.
Garda vetting information received from ERF.
4. WHO DO WE SHARE YOUR DATA WITH?
We share your personal data with selected clients to provide you with our Services. These clients include hospitals, nursing homes and a number of other healthcare facilities.
We will never share your CV or other personal data with our clients without your consent.
We will also share your personal data with third parties service providers engaged by Coral Care Services, for the provision of human resource services, payroll services, and IT services. We have data processing agreements in place with our third-party service providers.
In addition, we may disclose your personal information to third parties:
In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;
If we or substantially all of our assets are acquired by a third party, in which case information held by us about our customers will be one of the transferred assets;
If we are under a duty to disclose or share your information in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements; or to protect our rights, property, or safety, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction;
5. HOW LONG DO WE KEEP HOLD OF YOUR INFORMATION?
We only collect the amount of personal data that is necessary for us to fulfil our obligations as your recruitment agency/employer and to fulfil operational and statutory legal purposes for the provision of nursing staff to healthcare providers. We will only keep that data for certain periods. The time periods for which we retain your data depend on the type of personal data and the purposes for which we use it. We will keep your personal data for no longer than is required or permitted.
For further information on the periods for which your personal data is kept, please see our data retention policy.
6. DO WE TRANSFER YOUR INFORMATION OUTSIDE THE EUROPEAN UNION OR EUROPEAN ECONOMIC AREA?
Yes.
The data that we collect from you may be transferred to, and stored in the United Kingdom, outside the European Economic Area (“EEA”), for which there is currently an adequacy decision relating to the safeguards for personal data from the European Commission.
7. AUTOMATED DECISION-MAKING AND PROFILING
We use automated decision-making/profiling when we use non-essential cookies on our website sites such as Google Analytics. See our cookie policy for more information [Our Cookie Policy].
8. WHAT ARE YOUR RIGHTS WITH RESPECT TO YOUR PERSONAL DATA?
You have the following rights in relation to your Personal Data processed by Coral Care Services:
To request access to any Personal Data held by us relating to you (a “Data Subject Access Request”). To make a Data Subject Access Request, please email us at admin@coralcareservices.ie
To have any inaccurate or misleading data rectified, corrected or erased (subject to certain statutory restrictions);
To restrict the processing of Personal Data in certain circumstances;
Not to be subject to a decision based solely on automated decision-making including profiling (subject to certain statutory restrictions);
To data portability, which allows individuals to move, copy or transfer Personal Data from one IT environment to another. You can request to obtain a copy of your Personal Data in a commonly used electronic format so that you can manage and move it.
To object to the processing of Personal Data based on public interest grounds or based on the legitimate interest of the data controller (subject to certain statutory exceptions).
Where your data is processed based on your consent, you have the right to withdraw your consent at any time. However, this will not affect the lawfulness of processing based on consent before your consent was withdrawn.
Please note that these rights are not absolute rights and may be subject to statutory restrictions.
You also have the right to make a complaint.
If you have a complaint about the use of your personal information, please let us know so we have the opportunity to put things right as quickly as possible.
If you wish to make a complaint you may do so in person, by telephone, in writing and by email. Please be assured that all complaints received will be fully investigated. We ask that you supply as much information as possible to help our staff resolve your complaint quickly.
You can also make a complaint to a supervisory authority. For a list of Supervisory Authorities in Europe, please see this list on the European Commission’s website: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm
To avail of any of the rights set out above, you may write to us at the address above or by email at: admin@coralcareservices.ie. Suitable proof of identification may be required before a request can be processed.
9. WHAT WILL HAPPEN IF WE CHANGE OUR PRIVACY NOTICE?
This notice may change from time to time, and any changes will be posted on our website and will be effective when posted. Please review this notice each time you use our website or our services. This notice was last updated on 13 July 2022.
10. HOW TO CONTACT US
For data protection queries our Data Protection Contact can be reached by phone on 087 3482908, by email at admin@coralcareservices.ie
SCHEDULE 1
If you wish to be disclosed with the list of third-party suppliers we may share your data please contact us directly by email at admin@coralcareservices.ie and we will be happy to provide this information.