Privacy Policy for Consultants

Privacy notices for consultants

Key points:

  • Why do we use your data? We typically use your personal information for purposes related to your working relationship with Ramsay.
  • We use your sensitive data: In performing our obligations, Ramsay may use information about your health, racial and ethnic origin, sexual orientation, religion and membership of a trade union.
  • Sharing data: We may share your data with third parties, including third-party service providers and other entities in the group and regulators.
  • Security: We respect the security of your data and treat it in accordance with the law.
  • International transfer: We may transfer your personal information outside the EU to other companies in the Ramsay group, and, if we do, you can expect a similar degree of protection in respect of your personal information.

What is the purpose of this privacy notice?

  • Under data protection legislation, Ramsay is required to explain why we collect information about you, how we intend to use that information and whether we will share your information with anyone else.
  • This statement applies to all current and former consultants.
  • It is important that you read this statement so that you know how and why we use information about you. It is also important that you inform Ramsay of any changes to your personal information during your working relationship with Ramsay so that the information which we hold is accurate and current.
  • This privacy notice sets out information about the personal information that we, and third parties working in collaboration with Ramsay, may collect and hold about you, how that information may be used and your legal rights.
  • This statement does not form part of any contract of employment or other contract to provide services.

Who are we?

  • We are Ramsay Health Care UK Operations Limited, a company registered in England and Wales under company number 1532937 and with our registered office at Tower 42, Level 18, 25 Old Broad Street, London, EC2N 1HQ (“Ramsay”).
  • We may be processing your Personal Data whilst your work with Ramsay in accordance with applicable data protection legislation.

Our Data Protection Officer

  • Our Data Protection Officer is responsible for overseeing what we do with your personal information and monitoring our compliance with data protection laws.
  • Our Data Protection Officer is Geoff Cross. If you have any concerns or questions about our use of your personal data, you can contact our Data Protection Officer by writing at DataProtectionOfficer@ramsayhealth.co.uk

Who has access to my personal information?

The following Ramsay’s legal entities and health care providers may process your personal information if necessary for a specified purpose and subject to the necessary safeguards being in place:

  • Ramsay;
  • Ramsay Health Care Limited with registered address St Leonards NSW 2065, Australia, and with registration number ABN 57 001 288 768;
  • The Westbourne Centre Birmingham Limited, with registered address Level 18, Tower 42, 25 Old Broad Street, London, United Kingdom, EC2N 1HQ, and with registration number 06558306;
  • Independent British Health Care (Doncaster) Limited, with registered address Level 18, Tower 42, 25 Old Broad Street, London, United Kingdom, EC2N 1HQ, and with registration number 03043168;
  • Clifton Park Hospital Limited, with registered address Level 18, Tower 42, 25 Old Broad Street, London, United Kingdom, EC2N 1HQ, and with registration number 11140716;
  • Heath care providers providing health care services to Ramsay’s patients in our hospitals through services agreements. Those services include physiotherapy services, cosmetic surgery services, ophthalmology services, MRI services, and X-ray services;
  • The National Health Services (“NHS”).

What personal information do we hold about you?

  • The personal information we hold about you includes your name and contact details (postal and email addresses, phone numbers), details of work permit if needed, your qualifications, professional registrations, work experience and a copy of your CV. We may also hold more sensitive information about you, such as your physical or mental health, your sex life and/or sexual orientation, your religion, nationality, race and/or ethnicity and genetic or biometric data, results from blood tests. This special category of data is referred to as ‘more sensitive information’ in this Privacy Notice.

When will we use your personal information?

When you apply for practices privileges at Ramsay

  • When you apply for practices privileges (“PP”) at Ramsay, and pursuant to Ramsay’s Facility Rules, we will verify your suitability for the role based on:
    • your qualifications;
    • your work permit if required;
    • your criminal records;
    • your appraisal documentation;
    • health record and immunisation data;
    • your insurance provider and details of previous and ongoing claims involving you if any.
  • We may also require information from any educational establishments and from past or current employers and other health care services establishments where you may work.
  • We may obtain information about you from regulatory bodies such as the General Medical Council (“GMC”) and if required, from public bodies (e.g. HMRC or the Home Office).
  • We will ask you to complete an application with the Disclosure & Barring Service (which covers England and Wales) to confirm whether or not you have any criminal convictions and the results of that application will be sent to Ramsay and to you. We will also obtain from the referees you have allowed us to contact.
  • To ensure patient safety, your blood test results will be viewed by our occupational health team, with confirmation and advice provided to the management team at the relevant Ramsay’s hospital.
  • If required, we may use your sensitive information to make any reasonable adjustments so you can attend an interview and, if you are successful to confirm your fitness to work and any reasonable adjustments needed to help you practise as a consultant at our hospitals.
  • If you refuse to provide certain information when requested, we may not be able to take forward your application with us or we may be prevented from complying with our legal obligations (such as to ensure the health and safety of our workers). This may also lead to an application for practicing privileges being suspended, restricted or withdrawn.

Once your practices privileges have been granted

  • Your fitness for the role and the accuracy of your personal information will be verified every two years of your PP being granted, in compliance with Ramsay’s Facility Rules.
  • We will also process your personal information after your PP have been granted for compliance with a legal obligation, to protect the vita interest of your patients, for the performance of a task carried out in the public interest, or to pursue our legitimate interests. This may include by is not limited to, monitoring your fitness for the role, checking your references, maintaining records about you at the hospital you work, referring any issues to the GMC and/or MAC, writing and reviewing your appraisals, communicating with you about you, or your patients, reviewing complaints and legal claims involving you, and compliance with legal or regulatory requirements.
  • We may use your sensitive information for compliance with employment and social security law, for the protection of the vital interests of a patient, for our legitimate activities, for the defence of a legal claim, for public interests, for the assessment of your working capacity, for medical diagnosis, for the provision or management of health care services, for reasons of public interest in the area of public health. We may for instance review your health data or your criminal records for the safety of our patients. The necessary safeguards will be put in place at all times when handling any of your sensitive data. We may also use your sensitive information to ensure equal opportunity monitoring and reporting.
  • We do not carry out automated decision making or profiling with any of your personal information.

Sharing your personal information with third parties

Our staff and third-party service providers are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our staff, or our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions. Those specified purposes include:

  • Recruitment process;
  • Payroll;
  • Appraisals;
  • IT services;
  • Management of units;
  • Risk management system.

Sharing information as part of the recruitment process

  • Our legal, HR, finance, and hospital staff involved in your recruitment may access your personal information. Our occupational health team may also access your personal information should your application for PP be successful.
  • Your personal information may also be shared with the GMC for compliance with legal obligations.
  • We may also share your personal information with previous and current employers, and other health care providers you may work with or may have worked with.
  • We may share your personal information with the referees you provided us with when applying for a position at Ramsay.

Sharing information with regulators

  • If requested, and if necessary for compliance with a legal obligation, we may share your personal information with the Disclosing and Barring Service. We may share information about you with the Care Quality Commission (“CQC”). Other regulators in the UK with whom we may share information about you include the Medicines and Healthcare products Regulatory Authority, the Human Fertilisation and Embryology Authority, NHS and the Department of Health. We may also if required share your personal information with HMRC, or the Home Office.
  • We may also be under an obligation to share your personal information with EU regulators if required by legal obligations.

Sharing information with professional advisors

  • We may share your personal information with external lawyers, auditors, financial, tax and public relations advisors.

Sharing information with patients and health care providers

  • We may share any relevant personal information with patients with patients if we receive a query, complaints or a legal claim. We may also share your information with the NHS, or other health care providers as part of a complaint or legal claim process.

Audits, surveys and initiatives

  • We frequently review for auditing purposes: i) our recruitment processes, ii) the quality of our services and ii) the allocation of consultants by hospitals. Publishing of this data, if any, will be in anonymised statistical form.
  • The Private Healthcare Information Network (“PHIN”) is a government mandated source of information with which we may share your personal information for compliance with legal obligations.

Ramsay website and directory

  • Your name, email address, picture, and telephone number will be collected and posted on the Ramsay’s website and made publicly available for information purposes, unless you oppose to your details being made publicly available.

Other companies in the Ramsay Group

  • We may share your personal information with other entities in our group as part of our regular reporting activities on company performance, in the context of a business reorganisation or group restructuring exercise, for system maintenance support and hosting of data.

Storing your information and deleting it

  • We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Details of retention periods for different aspects of your personal information are available in our retention policy which is available from Ramsay Intranet. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
  • In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. Once you are no longer for Ramsay, we will retain and securely destroy your personal information in accordance with our data retention policy.

Your rights

Under certain circumstances, by law you have the right to:

  • Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
  • Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
  • Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
  • Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your personal information to another party.

Complaint to the ICO

You also have the right to complain to the Information Commissioner's Office ("ICO") if you are not satisfied with the way we use your information. You can contact the ICO by writing to: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

Changes to this privacy statement

We reserve the right to update this privacy statement at any time, and we will provide you with a new privacy statement when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.