SCI Foundation is now Unlimit Health. Learn more about what the change means for our ongoing efforts to eliminate neglected tropical diseases
1. Purpose and Scope
When we refer to “we” or “us” in this privacy notice we are referring to Unlimit Health, a charitable company registered in England and Wales with company number 11775313 and charity number 1182166.
We are a controller of your personal data, which means we are responsible for deciding how we hold and use data about you. We are registered with the Information Commissioner Office with registration number ZB009119.
This privacy notice explains how and why we use your personal data during and after the recruitment process.
2. Definitions
Personal data means any personal information that you give us from which you can be identified, such as your name, your home address, your personal email contact details, or your telephone number. Personal data does not include information where your identity has been removed (i.e. anonymous data).
Special category data means personal data about your race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sex life or sexual orientation. These types of personal data require a higher level of protection.
Criminal offence data means personal data relating to criminal convictions and offences (for example, information about criminal activity, allegations, investigations and proceedings) and can include information about unproven allegations and information relating to the absence of convictions. It also covers related security measures, such as personal data about penalties and conditions or restrictions placed on an individual as part of the criminal justice process. Criminal offence data also requires a higher level of protection.
3. Your personal data
We may collect and use the following types personal data about you in connection with your application:
We may also collect and use special category data such as:
We collect the majority of this personal data directly from you during the recruitment process. We also collect additional personal data from third parties including:
If you fail to provide information when requested, which is necessary for us to consider your application (such as evidence of qualifications or work history), we will not be able to process your application successfully. For example, if we require references or a criminal record check for this role and you fail to provide us with relevant details, we will not be able to take your application further.
4. How we use your personal data
We will only use your personal data when law allows us to. Our reasons for using your personal data may sometimes overlap and there may be several lawful grounds which justify our use of your personal data.
We will use your personal data where we have a legitimate interest and we are satisfied that your interests and fundamental rights do not override our interests, including to:
We may also use your personal data:
5. How we use special category data
We may use your special category data when we:
We rely on the following lawful grounds when we use your special category data in this way:
Less commonly, we may use special category data where it is needed in relation to legal claims, to protect your vital interests (or someone else’s vital interests) in circumstances where you are not capable of giving your consent, or where you have already made the information public.
6. How we use criminal offence data
We will collect and use criminal offence data when it is appropriate, taking into account the nature of your role and where we are legally able to do so. In particular, where:
We rely on the following lawful grounds when we use your criminal offence data in this way:
If we decide to offer you the role after interview, we will then carry out a criminal record check before confirming your appointment.
We have in place an appropriate policy and safeguards which we are required by law to maintain when processing such data. You can find a copy of this policy at the end of this document in Schedule I.
7. Automated decision-making
Automated decision-making takes place when an electronic system uses your personal data to make a decision without human intervention.
We do not envisage using solely automated means to make any decisions that will have a significant impact on you during the recruitment process. We will notify you in writing if this changes.
8. Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent where this is required or permitted by law.
9. Sharing your personal data
We may share your personal data with third parties, including our third-party service providers. We require third parties to respect the security of your data and to treat it in accordance with the law.
10. Data security
We have put in place measures to protect the security of your personal data and to prevent it from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need-to-know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
11. Transferring data outside the UK
We will not transfer your personal data outside the UK for the purposes of recruitment.
12. Retention
We will retain your personal data for the following periods:
We retain your personal data for the periods referred to above so that we can show, in the event of a legal claim, that we have not discriminated against candidates on prohibited grounds and that we have conducted the recruitment exercise in a fair and transparent way.
If we wish to retain your personal data on file, on the basis that a further opportunity may arise in future and we may wish to consider you for that, we will write to you separately seeking your consent to retain your personal data for a further fixed period on that basis.
These retention periods may be extended or reduced if required by applicable law or we deem it necessary, for example, to defend legal proceedings or if there is an outstanding investigation relating to the data.
13. Your rights
Under certain circumstances by law you have the right to:
If you want to exercise any of these rights, please contact dpo@unlimithealth.org.uk. We may need to request additional information from you to help us confirm your identity and ensure your right to access the data (or to exercise any of your other rights) – this is to ensure that your personal data is not disclosed to any person who has no right to receive it.
If you have given your consent to us processing your personal data, you have the right to withdraw your consent at any time. To withdraw your consent, please contact dpo@unlimithealth.org.uk. Once we have received notification that you have withdrawn your consent, we will no longer process your personal data and, subject to our retention policy, we will dispose of your information securely.
14. Questions or Queries
If you have any questions about this privacy policy or how we handle your personal data, please contact dpo@unlimithealth.org.uk.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection.
15. About this policy
This policy explains how Unlimit Health (“we”, “us”, the “Charity”) protect special category data and criminal offence data. This policy supports our Data Protection Policy.
This policy applies to all employees, workers, volunteers, consultants, trustees, applicants and anyone else working for or on behalf of the Charity (“you”). It does not form part of your contract of employment or any other contract for services and we may amend it at any time.
When we talk about processing we mean any activity that involves the use of personal data. Processing includes obtaining, recording or holding personal data, or carrying out any operations on the data such as organising, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes sharing or transferring personal data with third parties, for example partners such as the Ministries of Health that we work with.
You must comply with this policy when you handle special category data or criminal offence data on behalf of the Charity. A breach of this policy may result in disciplinary action under the Charity’s Disciplinary Policy.
If you have any questions about this policy or if you have any concerns that this policy is not being, or has not been, followed please contact dpo@unlimithealth.org.uk.
16. How we define personal data and special categories of personal data
When we talk about personal data we mean any information which relates to a living person who can be identified from that data either on its own, or when taken together with other information which is likely to come into our possession. It includes identifiers such as a person’s name or ID number and expressions of opinion about a person’s actions or behaviour.
We use the term special category data to mean personal data that reveals an individual’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health conditions, sexual life, sexual orientation, biometric or genetic data.
Criminal offence data means personal data relating to criminal convictions and offences (for example, information about criminal activity, allegations, investigations and proceedings) and can include information about unproven allegations and information relating to the absence of convictions. It also covers related security measures, such as personal data about penalties and conditions or restrictions placed on an individual as part of the criminal justice process.
Personal data includes data where the information that identifies the individual has been replaced by a key or code that is kept separately (pseudonymised personal data).
Personal data does not include anonymous data, i.e. data that has had the identity of an individual permanently removed.
17. Why we process special category data and criminal offence data
We process special category data and criminal offence data for a range of reasons, including:
Our recruitment, staff and trustee privacy notices contain more detailed information about how we process special category data and criminal offence data. You can find copies of these privacy notices on SharePoint here or SCI Global > Governance> Policies and Procedures > Policies> Finalised Policies.
18. Personal data protection principles
Our Data Protection Policy explains what the data protection principles are and how the Charity must demonstrate compliance with those principles, including keeping our Record of Processing Activities (ROPA).
When we process special category data or criminal offence data, in addition to the requirements explained in our Data Protection Policy, we must also satisfy one of the specific processing conditions for special category or criminal offence data. We have identified the legal ground and specific processing condition relied on for each processing activity and you can find a record of this in our ROPA.
When collecting special category data or criminal offence data from individuals, including if we collect it indirectly (for example from a third party or publicly available source), we always provide those individuals with the appropriate privacy notice.
We will carry out a data protection impact assessment (DPIA) where we are proposing to use personal data that are likely to result in high risk to individuals’ interests or which involve novel types of processing. For example, the MER team has carried out a DPIA because it processes special category data collected by third parties as part of its day to day work and combines these data sets for future research and related purposes.
19. Retention and erasure of special category data or criminal offence data
We take the security of special category data and criminal offence data very seriously. We have administrative, physical and technical safeguards in place to protect personal data against unlawful or unauthorised processing, accidental loss or damage. Where special category data or criminal offence data are processed, we always ensure that:
Date 22/09/2021
Action Policy introduced
Comment
Date
Action Policy updated
Comment [provide details of who made changes/what changes were made]
Cookies are small pieces of data that are used to optimise your browsing experience. Below is a list of the types of cookies we use on our site.
These are necessary for the website to function correctly when you navigate the site and make certain requests, such as filling in forms. You can set your browser to block or alert you about these types of cookies, but some parts of the site will not work. These cookies don’t store any personally identifiable information.
These cookies collect information about how you interact with our site and count visits and traffic sources. They enable us to measure and improve the performance of our site and help us identify which pages are the most and least popular. This data is completely anonymous but you can disable these cookies.
These may be set through our site by our advertising partners, such as Facebook Pixel and Google Analytics. We use data from Google’s Remarketing and Advertising Reporting features to collect interest and demographics-based advertising or third-party audience data (such as age, gender and interests) to inform our marketing strategy. This data and the cookies active on our site are used to deliver ads relevant to you in and outside of our site and measure the effectiveness of social media advertising. They also limit the number of times that you see an ad and help us measure the effectiveness of our marketing campaigns. It’s never our intention to spam you, just to provide you with content we think you’d like to see. They do not store any personally identifiable information and expire after 90 days.
You can turn off all these cookies at any time. This can be done through the settings of your browser. If you do, you may notice that the site doesn’t work as well and you may not be able to use every service.
To opt out of any Google Analytics features used on this site, you can use Google Analytics’ opt-out tool.