Privacy and cookies

Last Updated: 22nd November 2019

Who we are and what we do

Health Careers is the information service about the range of 350 or so careers available in health in England. We are part of Health Education England and our aim is to support people in education and at all stages of their career to discover more about the health roles that are available.

The Health Careers team works from various locations across England and we:

provide a comprehensive Health Careers website that has detailed information about a range of health roles
run a contact centre where people can talk to or email an adviser to find out about different health careers
provide the Step into the NHS service specifically for young people to encourage them to consider a career in health
publish a range of printed materials for use at careers and other events
attend big national careers events to promote health careers
produce a number of videos to show what it’s like to work in different jobs
provide timely updates through social media
part of the 'We are the NHS' team delivering website and customer communications.

Information we hold about you

In view of our role, we may hold information (personal data) about people who visit our website, and the linked Step into the NHS website, register with us to receive information (including as part of the We are the NHS campaign), contact us, or provide us with information through attendance at events etc.

Policy on how we use your information

This policy explains how we, as part of Health Education England, (referred to as 'we', ‘our’ or ‘us’ below) uses any personal data we collect from you or which you give to us and the ways in which we protect your privacy. Protecting the privacy and personal data of our users is of the utmost importance to us. This policy is provided in accordance with the General Data Protection Regulation and the Data Protection Act 2018 (current data protection laws in England).

The data controller in respect of personal data we hold about you is Health Education England of 1st Floor Blenheim House, Duncombe Street, Leeds, LS1 4PL.

Our data protection officer is Christopher Brady christopher.brady@hee.nhs.uk

Please note that Health Education England has a separate privacy notice detailing how it uses personal data in view of its statutory functions. This privacy notice is specific and limited to the use of data by Health Careers, including the Step into the NHS website and We are the NHS campaign.

By visiting our website healthcareers.nhs.uk or stepintothenhs.nhs.uk (referred to as “this site” in this notice) you are accepting and consenting to the practices described in this policy.

Information we may collect about you and sources of data

We may collect and process the following data about you:

Information you give us. You may give us information about you by filling in forms on this site or by corresponding with us by phone, e-mail or otherwise. This includes information you provide when you register to use this site or sign-up to receive information, upload information to this site, or perform other social media functions on this site, enter a competition, promotion or survey, provide feedback on this site and when you report a problem with this site. The information you give us may include your name, address, e-mail address, phone number, date of birth, your gender and your job title.

Information we collect about you. With regard to each of your visits to this site we may automatically collect the following information:

technical information, including the internet protocol (IP) address used to connect your computer to the internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from this site (including date and time); page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call us

Information we receive from other sources. We may receive information about you if you use any of the other websites we operate or the other services we provide eg our helpline. We also work closely with third parties (including, for example, other business partners, sub-contractors, advertising networks, analytics providers, and search information providers) and may receive information about you from them. This may include personal information such as your name and email address.

Cookies

Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site. For detailed information on the cookies we use and the purposes for which we use them see our Cookie policy.

How we use your information

We use information held about you in the following ways:

Information you give to us. We will use this information:

to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information about career opportunities and any other information or services that you request from us;
to provide you with information about other careers information or other services we offer that are similar to those that you have already enquired about - we will only contact you by electronic means (unless you have agreed to be re-contacted by post or telephone) with information about careers, products and/or services similar to those you have said you are interested in or which were the subject of a previous enquiry by you;
to provide you, or permit selected third parties to provide you, with information about careers, products or services we feel may interest you. Where we permit selected third parties to use your data, they will contact you electronically, by telephone or post only if you have consented to this;
to notify you about changes and updates to our service; and/or
to ensure that content from this site is presented in the most effective manner for you and for your computer.

Information we collect about you. We will use this information:

to administer this site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
to improve this site to ensure that content is presented in the most effective manner for you and for your computer;
to allow you to participate in interactive features of our service, when you choose to do so;
as part of our efforts to keep this site safe and secure;
to make suggestions and recommendations to you and other users of this site about careers, products or services that may interest you or them.

Information we receive from other sources. We may combine this information with information you give to us and information we collect about you. We may use this information and the combined information for the purposes set out above (depending on the types of information we receive).

Disclosure of your information

We will not share your personal data with third parties for commercial purposes.

We may share your information with selected third parties including:

business partners, suppliers and sub-contractors to the extent necessary for the performance of any contract we enter into with them or you; and/or

analytics and search engine providers that assist us in the improvement and optimisation of our site.

Some of these third parties are data processors acting on our behalf under contract, such as website developers, contact centre and marketing agencies, distribution centres for literature and marketing materials, and IT processors such as Google Analytics and MailChimp.

We may disclose your personal information to third parties:

if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms and conditions of use and other agreements, or to protect the rights, property, or safety of Health Education England, our customers, or others, or for the purposes of in connection with any legal proceedings (including prospective legal proceedings), for the purpose of obtaining legal advice, or for the purpose of establishing, exercising or defending legal rights. This includes, for example, exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

Lawful bases for processing

Where we process personal data for the above purposes, our legal basis for doing so under the General Data Protection Regulation is:

Article 6(1)(a) – you have given consent to the processing of your personal data for one or more specific purposes; or

Article 6(1)(b) – processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract; or

Article 6(1)(c) – processing is necessary for compliance with a legal obligation to which the controller is subject; or

Article 6(1)(e) – processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; or

Article 6(1)(f) – processing is necessary for the purposes of legitimate interests pursued by the controller.

Where we process special categories of personal data for these purposes, the legal basis for doing so is:

Article 9(2)(a) - you have given explicit consent to the processing of your personal data for one or more specific purposes; or

Article 9(2)(f) - processing is necessary for the establishment, exercise or defence of legal claims; or

Article 9(2)(g) – processing is necessary for reasons of substantial public interest.

Where we store your personal data

Should you subscribe to receive emails from us through our website, some data eg your name and email address might be transferred to, or stored at, locations outside the European Economic Area.

All information we hold is stored on our secure servers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of this site, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee complete security of your data transmitted to this site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

Retention periods – how long we keep your information for

Subject to any requests we may receive from you for your data to be erased and subject to your data having to be retained for longer to enable us to fulfil any of the purposes for processing your data listed above, data that you provide to us or that is collected about you is held by us for two years from your last contact with us or from your last access of the data.

Privacy policy coverage

This privacy statement applies to this site only and our linked website for Step into the NHS. It does not cover links within this site to other websites. If you follow a link to any third party websites, please note that these websites may have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to such websites.

Your rights as a data subject

The General Data Protection Regulation includes a number of rights that are more extensive than those in the Data Protection Act 1998. We must generally respond to requests in relation to your rights within one month, although there are some exceptions to this.

The availability of some of these rights depends on the lawful basis that applies in relation to the processing of your personal data, and there are some other circumstances in which we may not uphold a request to exercise a right. Your rights and how they apply are described below.

Right to be informed

Your right to be informed is met in the main by the provision of this privacy notice. We may also provide you with certain information about our use of your data when we communicate with you directly.

Right of access

You have the right to obtain a copy of personal data that we hold about you and other information specified in the GDPR, although there are exceptions to what we are obliged to disclose.

Right to rectification

You have the right to ask us to rectify any inaccurate data that we hold about you. You can do this contacting us by contacting us.

Right to erasure (‘right to be forgotten’)

You have the right to request that we erase personal data about you that we hold. If you believe we have information about you, you can contact us to find out.

The right to erasure is not an absolute right, and depending on the legal basis that applies, we may have overriding legitimate grounds to continue to process the data.

Right to restriction of processing

You have the right to request that we restrict processing of personal data about you that we hold. You can ask us to do this for example where you contest the accuracy of the data.

Right to data portability

This right is only available where the legal basis for processing under the General Data Protection Regulation is consent, or for the purposes of a contract between you and us. For this to apply the data must be held in electronic form. The right is to be provided with the data in a commonly used electronic format so that you can transfer the data elsewhere.

Right to object

You have the right to object to processing of personal data about you in certain circumstances. The right is not absolute and we may continue to process the data if we can demonstrate compelling legitimate grounds to do so.

Rights in relation to automated individual decision-making including profiling

You have the right to object to being subject to a decision based solely on automated processing, including profiling. We do not currently have any automated decision-making processes, but in future should we perform any automated decision-making, we will record this in our privacy notice, and ensure that you have an opportunity to request that the decision involves personal consideration.

Rights in relation to direct marketing

We will only use your data for marketing purposes if you have subscribed to receive certain information or opted to receive marketing material. You can do this by logging into your account and updating your details, or you can also contact us, if you have previously consented by calling us or email, or by signing up to information relevant to the We are the NHS campaign.

Right to complain to the Information Commissioner

You have the right to complain to the Information Commissioner if you are not happy with any aspect of our processing of personal data or believe that we are not meeting our responsibilities under data protection laws. The contact details for the Information Commissioner are:

Information Commissioner’s Office

Wycliffe House

Water Lane,

Wilmslow SK9 5AF

ico.org.uk

How to access your personal information or make a request in relation to other rights

Requests may be made in writing. If you wish to make a request you can email us at advice@healthcareers.nhs.uk.

All requests will be recorded, and you may need to provide information to verify your identity and enable us to locate the information, such as:

Full name, address, date of birth;
An indication of what information you are requesting to enable us to locate this in an efficient manner.

Changes to the policy

If this privacy policy changes in any way, we will place an updated version on this page.

Contacting us

If you have any questions about this privacy statement or the practices of this site, you can contact us on advice@healthcareers.nhs.uk.

Cookie policy

Information about our use of cookies

The Privacy and Electronic Communications (EC Directive) Regulations 2003 (SI 2003/2426), as amended, (2003 Regulations) require website operators and other online providers that set cookies on their users' equipment to provide internet users with clear and comprehensive information about the purposes for which the cookie is stored and accessed.

This cookie policy forms part of a layered approach providers may take to comply with this obligation. Providers can either link to the cookie policy directly from a prominent place on their website (for example, the website header), or they can link to it from their privacy policy.

A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer's hard drive.

This site uses cookies to distinguish you from other users of this site. This helps us to provide you with a good experience when you browse this site and also allows us to improve this site. By continuing to browse the site, you are agreeing to our use of cookies.

Consent to receive cookies

Cookies are small data files that most website operators place on the browser or hard drive of their user's computer. Cookies may gather information about the user's use of the website or enable the website to recognise the user as an existing customer when he returns to the website at a later date. More recently, cookies have also been used to collect information about the user which allows the website operator or a third party to create a profile of the user, his preferences and his interests for the purpose of serving the user with targeted, interest-based advertising.

Website operators must obtain the users' consent to the use of cookies.

We use the following cookies:

Strictly necessary cookies. These are cookies that are required for the operation of this site. They include, for example, cookies that enable you to log into secure areas of this site.

Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around this site when they are using it. This helps us to improve the way this site works, for example, by ensuring that users are finding what they are looking for easily.

You can find more information about the individual cookies we use and the purposes for which we use them in the table below:

Cookie	Name	Purpose	Expiration
Google Analytics	_utma	Google Analytics cookie which to track visitor behaviour and measure site performance when you are browsing the site.	Approximately two years
Google Analytics	_utmb	If you browse the site, this cookie determines new sessions and visits	30 minutes
Google Analytics	_utmc	This cookie is used in combination with the _utmb cookie to identify new sessions/visits for returning visitors when you are browsing the site.	On closure of browser
Google Analytics	_utmz	This cookie can tell site owners where visitors came from when arriving on the site when you are browsing the site.	Six months
Website	Session Cookie SESS*	The Session cookie is used when accessing pages of the site that require username and password authentication. This cookie determines that a user is logged in. When the user logs out of the site, this cookie is removed from the browser. Information is recorded when you are browsing the site.	On logging out of the site
Website	Has_js	Logs whether the site has JavaScript enabled which allows the appropriate content to be delivered. This information is record on page load.	End of Session
Find your career tool	toolsidvalue	These cookie only appear if you access the Find your career tool and are recorded whilst you are browsing this area.	Seven days
Compare roles tool	compare_roles[$nid]	This cookie only appears if you access the compare roles tool and are recorded whilst you are browsing this area.	End of session
Facebook	_fbp	This cookie will help deliver our advertising to people who have already visited our website when they are on Facebook or a digital platform powered by Facebook Advertising. See Facebook privacy policy.	End of session
Google Analytics	_ga	This is a cookie applied on page load and is used for visitor identification	Two years
Google Analytics	_gat_UA_xxxxxxx-1	Used by Google Analytics for throttling request rates. This is a cookie applied on page load.	10 minutes
Google Analytics	_gid	This is a cookie applied on page load and to identify the users journey	24 hours
Google Analytics	gcl_au,	Used by Google AdSense for experimenting with advertisement efficiency across websites using their services. This information is gathered on page load	Three months
Twitter	i/adsct	Twitter uses this cookie to allow tailored advertising based on our actions on this website. See Twitter privacy policy	End of session

Privacy and cookies

Help us improve Health Careers