Who We Are
The Purpose for Processing:
We will need to process your personal data for the following reasons:
– As part of the process of entering into a contract with you or your company.
– To use your CV and any ancillary information you have provided as a means of establishing whether you would be a suitable candidate to undertake a medical assessment and report.
– To carry out a DBS and background checks where required.
– To undertake any administrative work necessary to ensure the medical assessment and report are completed.
– To share your completed medical report with our instructing party in line with our own service requirements.
– For use as part of any external audit requirements.
– To provide you or your business with service updates or important notices.
– Fulfil our existing contractual obligations to your company.
– In order to defend any claim that may be brought against us in respect of the work we undertake as a business.
– To contact you to perform a post-service interview to gather feedback. In the event of this specific process, we would ask for your consent prior to participation.
To process your personal data in line with any legal obligations we are required to comply with. This will include our obligations to you in relation to the processing of your personal data
– To invite you to events that we believe may be of interest to you.
– To carry out market research to enable us to improve our services and product offerings.
– To provide you with information on related services and products that we think you may be interested in.
Lawful Basis for Processing
We will process your personal data in line with the following lawful bases:
If you are a supplier then it will be necessary for us to process your personal data as part of fulfilling the existing, or soon to be established contractual agreement between Gyrus and you or your company.
We will use your personal data when we are undertaking any marketing related activities in line with the signed Terms and Conditions.
We will process your personal data on the basis of a legitimate interest when we are undertaking any marketing related activities. We believe that we have a genuine and legitimate reason to process your personal data as we feel that you may be interested in hearing from us and we do not expect that processing your personal data will harm any of your rights and interests.
We may be required to process your personal data to comply with our legal obligations. This can include complying with a subject access request you have made or supplying personal data to public authorities once we have verified a request.
Categories of Personal Data Collected
As part of our processing activities we may obtain data directly from you. We may also gather the following personal data as part of our processing activities:
- Your name and contact details
- Information regarding general attributes which are relevant to the services you provide.
If you attend one of our events and purchase your tickets using one of our third party providers, they may ask you to provide personal data. This will include, but may not be limited to your name, contact details, business information and billing address. This information will be shared with us with your explicit consent.
Any financial information you provide will be processed by the third party and will not be provided to us.
Categories of Recipients
– We will never share your information with any third parties that intend to use your personal data for their own purposes, other than what they are required to by law.
– We will be required to transfer your personal data to our instructing party and any relevant third party connected to the claim as advised by the instructing party for the following purposes:
- as part of the nomination process used for selecting a suitably qualified medical professional,
- to facilitate in the progression of the medical assessment or treatment and completion of the corresponding reports and
- to include your personal data in the medical report that you create.
– We will also share your personal data with selected third parties who will assist us in our service provision to you. In particular, we will allow access to your personal data with a selected outsourcing partner who assist us in our processing activities who are based outside the EEA. As personal data will be processed outside of the jurisdiction of European legislation, the access by the third party in question is subject to appropriate safeguards contained in the contract between us and the supplier. For the avoidance of doubt, your data will remain stored within the UK and any third parties will be accessing this securely through Gyrus’s IT infrastructure.
– All third parties are fully vetted to ensure that your personal data is only shared and stored with companies that comply with all applicable Data Protection Regulations, including the General Data Protection Regulation and the Data Protection Act.
– Your personal data will not be stored outside of the European Economic Area unless we have been specifically instructed to do this. In these exceptional cases we will notify you and advise you of the safeguards that have been adopted to ensure that all transfers comply with all applicable Data Protection Regulations, including the General Data Protection Regulation and the Data Protection Act.
– If you will be attending an event organised by us we may provide you with the option of purchasing a ticket through a third party provider. We are not responsible for their privacy policies and recommend you review their privacy notice before sharing your data with them.
If you use the Live Chat functionality on our website, any data provided to us by you and your IP address will be collected.
We will retain your personal data:
- During the course of your service provision
- For a further 7 years for HMRC audit purposes.
We will only use your personal data to the extent necessary to comply with our legal obligations (for example for HMRC financial accounting obligations as well as to enable us to defend any claim that may be brought against us in respect of the work we undertake as a business).
Under the Data Protection Act, you have the following rights in relation to your personal data.
- Right to Access – You have a right to request a copy of your personal data.
- Right to Rectification – You have the right to ask us at any time to make any corrections or remove any personal data that you believe is inaccurate.
- Right to Data Portability – You have the right to request for the information we hold about you to be provided in a portable format.
- Right to Erasure – You have the right to request the erasure of the personal data. However we may still need to retain personal data to comply with our legal obligations. In the event of a request we will provide you with full details of the personal data that we are required to retain.
- Right to Restriction – You have the right to request a restriction in the processing of your personal data. However, we may need to keep basic contact information about you if you are already or will shortly be an active supplier as we will require this information for the fulfilment of our service provision.
- Right to Objection – You have the right to object to the processing of your personal data. However, we may need to keep basic contact information about you if you are already or will shortly be an active supplier as we will require this information for the fulfilment of our service provision.
We will aim to respond to any requests relating to your rights without undue delay and in any case within 1 calendar month of receipt of your request. If we are unable to comply with a request for any reason, then we will provide you with a full justification in writing within 30 calendar days of receipt of your request. We may ask you to confirm your identity so that we can validate a request. If you would like to make a request, please email or write to us using the contact details provided below.
To Withdraw Consent
You have the right to withdraw your consent to the use of your personal data for marketing activities. You can withdraw your consent to marketing activity at any time using the unsubscribe link located at the bottom of any of our marketing emails. Alternatively, you can contact a member of the Expert Liaison team by emailing us at email@example.com.
If you are a supplier then we will still need to keep basic contact information about you as we will require this for contractual purposes.
If you are unhappy about any aspect of our process and you would like to file a complaint, please contact us using the details below.
Alternatively, if you would like to make a complaint or report a concern about the way in which we have processed your personal data then please contact the Information Commissioner’s Office who will be able to provide further assistance.
If you have any further questions or would like to raise any concerns about the way in which your personal data has been processed, please feel free to contact our Data Protection Officer using the information provided below:
Email: firstname.lastname@example.org – Please indicate in the header of the email that the email is intended for the Data Protection Officer.