SCI Foundation is now Unlimit Health. Learn more about what the change means for our ongoing efforts to eliminate neglected tropical diseases

Candidate Privacy Notice

1. Purpose and Scope

When we refer to “we” or “us” in this privacy notice we are referring to Unlimit Health, a charitable company registered in England and Wales with company number 11775313 and charity number 1182166.

We are a controller of your personal data, which means we are responsible for deciding how we hold and use data about you. We are registered with the Information Commissioner Office with registration number ZB009119.

This privacy notice explains how and why we use your personal data during and after the recruitment process.

2. Definitions

Personal data means any personal information that you give us from which you can be identified, such as your name, your home address, your personal email contact details, or your telephone number. Personal data does not include information where your identity has been removed (i.e. anonymous data).

Special category data means personal data about your race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sex life or sexual orientation. These types of personal data require a higher level of protection.

Criminal offence data means personal data relating to criminal convictions and offences (for example, information about criminal activity, allegations, investigations and proceedings) and can include information about unproven allegations and information relating to the absence of convictions. It also covers related security measures, such as personal data about penalties and conditions or restrictions placed on an individual as part of the criminal justice process. Criminal offence data also requires a higher level of protection.

3. Your personal data

We may collect and use the following types personal data about you in connection with your application:

  • full name and title
  • personal contact details (home address, home telephone number, mobile telephone number, personal email address)
  • information you have provided to us in your application form or CV and covering letter, including date of birth, gender, employment history, qualifications
  • information you provide to us during an interview
  • information provided in references
  • where applicable, information about criminal convictions and offences

We may also collect and use special category data such as:

  • information about your race or ethnicity, religious beliefs, sexual orientation and political opinions
  • information about your health, including any medical condition

We collect the majority of this personal data directly from you during the recruitment process. We also collect additional personal data from third parties including:

  • recruitment platforms or recruitment consultants if you apply for the role through one of these
  • criminal records checks carried out through the Disclosure and Barring Service;
  • your named referees
  • publicly accessible data from the Insolvency Service, Companies House and/or the Charity Commission

If you fail to provide information when requested, which is necessary for us to consider your application (such as evidence of qualifications or work history), we will not be able to process your application successfully. For example, if we require references or a criminal record check for this role and you fail to provide us with relevant details, we will not be able to take your application further.

4. How we use your personal data

We will only use your personal data when law allows us to. Our reasons for using your personal data may sometimes overlap and there may be several lawful grounds which justify our use of your personal data.

We will use your personal data where we have a legitimate interest and we are satisfied that your interests and fundamental rights do not override our interests, including to:

  • assess your skills, qualifications, and suitability for the role
  • carry out background and reference checks
  • communicate with you about the recruitment process
  • keep records related to our hiring processes

We may also use your personal data:

  • where we need to comply with legal or regulatory requirements
  • where we have your consent
  • where we need to protect your vital interests (or someone else’s vital interests)

5. How we use special category data

We may use your special category data when we:

  • use information about your physical or mental health, or disability status, to ensure your health and safety and/or to provide appropriate adjustments during the recruitment process
  • use information about your race or national or ethnic origin, religious, philosophical or moral beliefs, or your sexual life or sexual orientation, to ensure meaningful equal opportunity monitoring and reporting

We rely on the following lawful grounds when we use your special category data in this way:

  • with your explicit written consent
  • where it is needed in the public interest, such as for equal opportunities monitoring

Less commonly, we may use special category data where it is needed in relation to legal claims, to protect your vital interests (or someone else’s vital interests) in circumstances where you are not capable of giving your consent, or where you have already made the information public.

6. How we use criminal offence data

We will collect and use criminal offence data when it is appropriate, taking into account the nature of your role and where we are legally able to do so. In particular, where:

  • we are legally required to carry out criminal record checks for those carrying out the role;
  • the role is one which is eligible for a standard or enhanced check from the Disclosure and Barring Service;
  • the role requires a high degree of trust and integrity.

We rely on the following lawful grounds when we use your criminal offence data in this way:

  • there is a substantial public interest; or
  • you have given your explicit consent

If we decide to offer you the role after interview, we will then carry out a criminal record check before confirming your appointment.

We have in place an appropriate policy and safeguards which we are required by law to maintain when processing such data. You can find a copy of this policy at the end of this document in Schedule I.

7. Automated decision-making

Automated decision-making takes place when an electronic system uses your personal data to make a decision without human intervention.

We do not envisage using solely automated means to make any decisions that will have a significant impact on you during the recruitment process. We will notify you in writing if this changes.

8. Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent where this is required or permitted by law.

9. Sharing your personal data

We may share your personal data with third parties, including our third-party service providers. We require third parties to respect the security of your data and to treat it in accordance with the law.

10. Data security

We have put in place measures to protect the security of your personal data and to prevent it from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need-to-know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

11. Transferring data outside the UK

We will not transfer your personal data outside the UK for the purposes of recruitment.

12. Retention

We will retain your personal data for the following periods:

  • if your application is unsuccessful, for 6 months after we have communicated our decision to you; or
  • if your application is successful, for 6 years after you leave employment with us.

We retain your personal data for the periods referred to above so that we can show, in the event of a legal claim, that we have not discriminated against candidates on prohibited grounds and that we have conducted the recruitment exercise in a fair and transparent way.

If we wish to retain your personal data on file, on the basis that a further opportunity may arise in future and we may wish to consider you for that, we will write to you separately seeking your consent to retain your personal data for a further fixed period on that basis.

These retention periods may be extended or reduced if required by applicable law or we deem it necessary, for example, to defend legal proceedings or if there is an outstanding investigation relating to the data.

13. Your rights

Under certain circumstances by law you have the right to:

  • Request access to your personal data (commonly known as a subject access request). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
  • Ask us to correct personal data that we hold about you which is incorrect, incomplete or inaccurate.
  • Ask us to erase your personal data from our files and systems where there is no good reason for us continuing to hold it.
  • Object to us using your personal data to further our legitimate interests (or those of a third party) or, less commonly, where we are using your personal data for direct marketing purposes.
  • Ask us to restrict or suspend the use of your personal data, for example, if you want us to establish its accuracy or our reasons for using it.
  • Ask us to transfer your personal data to another person or organisation.

If you want to exercise any of these rights, please contact dpo@unlimithealth.org.uk. We may need to request additional information from you to help us confirm your identity and ensure your right to access the data (or to exercise any of your other rights) – this is to ensure that your personal data is not disclosed to any person who has no right to receive it.

If you have given your consent to us processing your personal data, you have the right to withdraw your consent at any time. To withdraw your consent, please contact dpo@unlimithealth.org.uk. Once we have received notification that you have withdrawn your consent, we will no longer process your personal data and, subject to our retention policy, we will dispose of your information securely.

14. Questions or Queries

If you have any questions about this privacy policy or how we handle your personal data, please contact dpo@unlimithealth.org.uk.

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection.

Schedule 1

Appropriate Policy – Special Category Data and Criminal Offence Data

15. About this policy

This policy explains how Unlimit Health (“we”, “us”, the “Charity”) protect special category data and criminal offence data. This policy supports our Data Protection Policy.

This policy applies to all employees, workers, volunteers, consultants, trustees, applicants and anyone else working for or on behalf of the Charity (“you”). It does not form part of your contract of employment or any other contract for services and we may amend it at any time.

When we talk about processing we mean any activity that involves the use of personal data. Processing includes obtaining, recording or holding personal data, or carrying out any operations on the data such as organising, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes sharing or transferring personal data with third parties, for example partners such as the Ministries of Health that we work with. 

You must comply with this policy when you handle special category data or criminal offence data on behalf of the Charity. A breach of this policy may result in disciplinary action under the Charity’s Disciplinary Policy.

If you have any questions about this policy or if you have any concerns that this policy is not being, or has not been, followed please contact dpo@unlimithealth.org.uk.

16. How we define personal data and special categories of personal data

When we talk about personal data we mean any information which relates to a living person who can be identified from that data either on its own, or when taken together with other information which is likely to come into our possession. It includes identifiers such as a person’s name or ID number and expressions of opinion about a person’s actions or behaviour.

We use the term special category data to mean personal data that reveals an individual’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health conditions, sexual life, sexual orientation, biometric or genetic data.

Criminal offence data means personal data relating to criminal convictions and offences (for example, information about criminal activity, allegations, investigations and proceedings) and can include information about unproven allegations and information relating to the absence of convictions. It also covers related security measures, such as personal data about penalties and conditions or restrictions placed on an individual as part of the criminal justice process.

Personal data includes data where the information that identifies the individual has been replaced by a key or code that is kept separately (pseudonymised personal data).

Personal data does not include anonymous data, i.e. data that has had the identity of an individual permanently removed.

17. Why we process special category data and criminal offence data

We process special category data and criminal offence data for a range of reasons, including:

  • carrying out research and sharing the results of that research
  • dealing with sensitive issues such as whistleblowing or safeguarding complaints
  • assessing fitness to work or perform services for the Charity
  • complying with health and safety obligations and our obligations under the Equality Act 2010
  • checking people’s right to work in the UK
  • carrying out safer recruitment checks to verify that people are suitable to be appointed to a certain role, or to continue in that role

Our recruitment, staff and trustee privacy notices contain more detailed information about how we process special category data and criminal offence data. You can find copies of these privacy notices on SharePoint here or SCI Global > Governance> Policies and Procedures > Policies> Finalised Policies.

18. Personal data protection principles

Our Data Protection Policy explains what the data protection principles are and how the Charity must demonstrate compliance with those principles, including keeping our Record of Processing Activities (ROPA).

When we process special category data or criminal offence data, in addition to the requirements explained in our Data Protection Policy, we must also satisfy one of the specific processing conditions for special category or criminal offence data. We have identified the legal ground and specific processing condition relied on for each processing activity and you can find a record of this in our ROPA.

When collecting special category data or criminal offence data from individuals, including if we collect it indirectly (for example from a third party or publicly available source), we always provide those individuals with the appropriate privacy notice.

We will carry out a data protection impact assessment (DPIA) where we are proposing to use personal data that are likely to result in high risk to individuals’ interests or which involve novel types of processing. For example, the MER team has carried out a DPIA because it processes special category data collected by third parties as part of its day to day work and combines these data sets for future research and related purposes.

19. Retention and erasure of special category data or criminal offence data

We take the security of special category data and criminal offence data very seriously. We have administrative, physical and technical safeguards in place to protect personal data against unlawful or unauthorised processing, accidental loss or damage. Where special category data or criminal offence data are processed, we always ensure that:

  • the processing is recorded in our ROPA;
  • when we no longer require the data for the purpose for which it was collected, we will delete it or render it permanently anonymous without delay;
  • where records are destroyed we will ensure that they are safely and permanently disposed of.

Date  22/09/2021

Action Policy introduced

Comment

Date 

Action Policy updated

Comment [provide details of who made changes/what changes were made]

Cookies

Cookies are small pieces of data that are used to optimise your browsing experience. Below is a list of the types of cookies we use on our site.

Functional and required cookies

These are necessary for the website to function correctly when you navigate the site and make certain requests, such as filling in forms. You can set your browser to block or alert you about these types of cookies, but some parts of the site will not work. These cookies don’t store any personally identifiable information.

Cookie name Duration Purpose
Crumb Session Prevents cross-site request forgery (CSRF). CSRF is an attack vector that tricks a browser into taking unwanted action in an application when someone’s logged in.
RecentRedirect 30 minutes Prevents redirect loops if a site has custom URL redirects.
CART 2 weeks Shows when a visitor adds a product to their cart
hasCart 2 weeks Indicates that the visitor has a cart.
Locked Session Prevents the password-protected screen from displaying if a visitor enters the correct site-wide password.
SiteUserInfo 3 years Identifies a visitor who logs into a customer account
SiteUserSecureAuthToken 3 years Authenticates a visitor who logs into a customer account
Commerce-checkout-state Session Stores state of checkout while the visitor is completing their order.
squarespace-popup-overlay Persistent Prevents the Promotional Pop-Up from displaying if a visitor dismisses it
squarespace-announcement-bar Persistent Prevents the Announcement Bar from displaying if a visitor dismisses it
Test Session Investigates if the browser supports cookies and prevents errors.

Analytics and performance cookies

These cookies collect information about how you interact with our site and count visits and traffic sources. They enable us to measure and improve the performance of our site and help us identify which pages are the most and least popular. This data is completely anonymous but you can disable these cookies.

Cookie name Duration Purpose
_ga 2 years Used to distinguish users.
_gid 24 hours Used to distinguish users.
_gat 1 minute Used to throttle request rate.
AMP_TOKEN 30 seconds to 1 year Used to retrieve a Client ID from AMP Client ID service.
gac 90 days Contains campaign related information for the user.
utma 2 years Used by Google Analytics to identifying unique visitors.
utmt 10 minutes Used to throttle request rate.
utmb 30 minutes Used by Google Analytics to determine visitor session.
utmc Session Used by Google Analytics to determine visitor session.
utmz 6 months Used by Google Analytics to track traffic sources and navigation.
utmv 2 years Used to store visitor-level custom variable data.
ss_cid 2 years Identifies unique visitors and tracks a visitor’s sessions on a site.
ss_cvr 2 years Identifies unique visitors and tracks a visitor’s sessions on a site.
ss_cvisit 30 minutes Identifies unique visitors and tracks a visitor’s sessions on a site.
ss_cvt 30 minutes Identifies unique visitors and tracks a visitor’s sessions on a site.
ss_cpvisit 2 years Identifies unique visitors and tracks a visitor’s sessions on a site.
ss_cookieAllowed 30 days Remembers if a visitor agreed to placing Analytics cookies on their browser if a site is restricting the placement of cookies.

Targeting and marketing cookies

These may be set through our site by our advertising partners, such as Facebook Pixel and Google Analytics. We use data from Google’s Remarketing and Advertising Reporting features to collect interest and demographics-based advertising or third-party audience data (such as age, gender and interests) to inform our marketing strategy. This data and the cookies active on our site are used to deliver ads relevant to you in and outside of our site and measure the effectiveness of social media advertising. They also limit the number of times that you see an ad and help us measure the effectiveness of our marketing campaigns. It’s never our intention to spam you, just to provide you with content we think you’d like to see. They do not store any personally identifiable information and expire after 90 days.

You can turn off all these cookies at any time. This can be done through the settings of your browser. If you do, you may notice that the site doesn’t work as well and you may not be able to use every service.

To opt out of any Google Analytics features used on this site, you can use Google Analytics’ opt-out tool.