Patient Access

Want advice from your doctor, self-help information or have an admin request?

Job Applicant Privacy Notice

Important information

In regulation with the Data Protection Act 2018 and following the guidance published within the Data Security and Protection Toolkit (DSPT), transparent processing is fundamental to individuals being able to exercise rights when their personal data is being processed. Individuals can be informed directly via correspondence or indirectly through the use of leaflets and websites, which must be brought to their attention.

At Valentine Health Partnership transparency information includes the personal data collected, the purpose, the lawful basis for processing, a list of rights and when/whether they apply to the processing undertaken by the organization, contact details and the procedure for subject access requests and other rights requests.

If in any doubt, seek advice on the level of detail required and how to adapt it to different scenarios. This may vary depending on the circumstances, complexity and/or level of data that you hold.

For a full list of what your transparency information should include please see the ICO guidance and the IGA GDPR checklist.

Data controller:

Valentine Health Partnership

Ferryview Health Centre

25 John Wilson Street, SE18 6PZ

Tel: 020 8319 5400

Email: [email protected]

Data protection officer:

Laura Snow

Tel: 020 8319 5400

Email: [email protected]

The organization gathers and processes the personal data of job applicants as part of the recruitment process. We are committed to being open and transparent about how we gather and use that data and to meeting our data protection obligations.

Collecting information

We will collect and use the following types of personal data about you:

  • Recruitment information such as your application form and CV, references, qualifications and membership of any professional bodies and details of your employment history, skills, and experience
  • Your contact details and date of birth
  • Information about your current level of remuneration, including benefit entitlements
  • Whether or not you have a disability for which the organization needs to make reasonable adjustments during the recruitment process
  • Information in relation to your right to work in the UK [as per the Rights to Work in the UK Policy]
  • Information from the Disclosure and Barring Service (DBS) to administer relevant checks and procedures.

The organization may collect this information in a variety of ways, for example from application forms, CVs or resumes, obtained from your passport or other identity documents such as your driving license, from forms completed by you or through interviews, meetings or other assessments, including on-line tests.

This personal data might be provided to us by you, or someone else (such as a former employer’s reference, information from background check providers including criminal records checks permitted by law) or it could be created by us.

The organization might will seek information from third parties, with your consent, prior to a job offer but we will inform you that we are doing so.

Your personal data will be stored in a range of different places, including in your application record, in the organization’s HR management systems and in other IT systems (including the organization’s email system).

Processing your personal data

The organization will process your personal data (including special categories of personal data) in accordance with our obligations under the 2018 Data Protection Act.

We will use your personal data:

  • To take steps at your request prior to entering a contract with you

to enter a contract with you

  • To comply with any legal obligations
  • If it is necessary for our legitimate interests (or for the legitimate interests of someone else).  However, we can only do this if your interests and rights do not override ours (or theirs).  You have the right to challenge our legitimate interests and request that we stop this data processing.

We will process your personal data for the purposes of:

  • Assisting in decision-making in recruitment and promotion procedures
  • Assessing and confirming a candidate’s suitability for employment
  • Maintaining accurate and up-to-date recruitment records
  • Obtaining occupational health advice, to ensure that it complies with duties in relation to individuals with disabilities and meets its obligations under health and safety laws
  • Ensuring effective general HR and business administration
  • Obtaining references from third parties
  • Responding to and defending legal claims

Special categories of personal data

Some special categories of personal data, such as information about health or medical conditions, is processed to carry out employment law obligations (such as those in relation to job applicants with disabilities).

For some roles, the organization is obliged to seek information about criminal convictions and offences. Where we seek this information, we do so because it is necessary for us to carry out our obligations and exercise specific rights in relation to employment.

The organization will not use your personal data for any purpose other than the recruitment exercise for which you have applied.

Automated decision-making

Employment decisions are not based solely on automated decision-making.

Sharing your personal data

Your information may be shared internally for the purpose of the recruitment exercise, including with members of the HR and recruitment team, interviewers in the recruitment process, managers in the business area with the vacancy and IT staff if access to the data is necessary for performance of their roles.

The organization will not share your personal data with third parties, except those engaged for the purposes of the recruitment process, or unless your application for employment is successful and we make you an offer of employment.  We will then share your data with background checks providers for to obtain necessary background checks and the Disclosure and Barring Service to obtain necessary criminal record checks.

The organization will not transfer your data to countries outside the European Economic Area.

Protection of personal data

The organization has internal policies and controls in place to ensure that your personal data is not lost, accidentally destroyed, misused, or disclosed and is not accessed except by its employees in the performance of their duties. HR IT electronic record is accessible by HR Manager only, password protected, and cloud based.

Where the organization engages third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and practical measures to ensure the security of data.

Retention of data

If your application is unsuccessful, the organization will hold your personal data for a period of three months following the recruitment process  At the end of that period (or once you withdraw consent), your data will be deleted or destroyed.  

If your application for employment is successful, personal data gathered during the recruitment process will be transferred to your personnel file and retained during your employment.  The periods for which your data will be held will be provided to you in Employee/Workers Privacy Notice

Storing DBS certificates

The correct storage of DBS certificate information is important. The code of practice requires that the information revealed is considered only for the purpose for which it was obtained. Once a recruitment (or other relevant) decision has been made, we do not keep certificate information for any longer than is necessary. This retention will allow for the consideration and resolution of any disputes or complaints or be for the purpose of completing safeguarding audits.

Throughout this time, the usual conditions regarding the safe storage and strictly controlled access will prevail

Your data subject rights:

  • You have the right to information about what personal data we process, how and on what basis as set out in this document
  • You have the right to access your own personal data by way of a subject access request
  • You can correct any inaccuracies in your personal data
  • You have the right to request that we erase your personal data where we were not entitled under the law to process it or it is no longer necessary to process it for the purpose it was collected
  • While you are requesting that your personal data is corrected or erased or are contesting the lawfulness of our processing, you can apply for its use to be restricted while the application is made
  • You have the right to object to data processing where we are relying on a legitimate interest to do so and you think that your rights and interests outweigh our own and you wish us to stop
  • You have the right to object if we process your personal data for the purposes of direct marketing
  • You have the right to receive a copy of your personal data and to transfer your personal data to another data controller. We will not charge for this and will, in most cases, aim to do this within one month
  • You have the right to be notified of a data security breach concerning your personal data
  • With some exceptions, you have the right not to be subjected to automated decision making
  • In most situations we will not rely on your consent as a lawful ground to process your data.  If we do however request your consent to the processing of your personal data for a specific purpose, you have the right not to consent or to withdraw your consent later.

If you would like to exercise any of these rights, or withdraw your consent, please contact Denise Gaspar [email protected]

Accessing your data

We are legally required to act on requests and provide information free of charge with the exception of requests that are manifestly unfounded, excessive or repetitive.

If we determine this to be the case we may charge a reasonable fee or refuse to act on the request. We will acknowledge your request and provide the information within one month of receiving your request.

Please send your request to Laura Snow [email protected]

Lodging a complaint

If you are not satisfied with our response or believe we are processing your personal information in a way that is not in accordance with the law, you have the right to lodge a complaint with the supervisory authority in the UK responsible for the implementation and enforcement data protection law: the ICO.

You can contact the ICO via the following:


Helpline:          0303 123 1113

Health A-Z

Guide to conditions, symptoms & treatments

Live Well

Advice, tips and tools for health & wellbeing

Medicines Guide

How medicine works & possible side effects

Care & Support

Options & where to get the best support