Hypervision Surgical respects your privacy and is committed to protecting your personal data. In accordance with the General Data Protection Regulation (GDPR), we have implemented this Applicant Privacy Notice to inform you, as applicants and prospective employees, of the types of data we process about you. We also include within this notice the reasons for processing your data, the lawful basis that permits us to process it, how long we keep your data for and your rights regarding your data.
This notice applies to current and former employees and was last modified on: 8 March 2024.
1. Who We Are
Hypervision Surgical Ltd is a company registered in England and Wales under Company Registration No. 12614766. This privacy notice is issued on behalf of the Hypervision Surgical Ltd so when we mention Hypervision Surgical, “we”, “us” or “our” in this privacy notice, we are referring to Hypervision Surgical Ltd.
Hypervision Surgical is a global medical device manufacturer. We design, develop and manufacture medical devices for use during surgical procedures. Our products are classed as medical devices in most jurisdictions.
The registered office address for Hypervision Surgical Ltd is London Institute for Healthcare Engineering (LIHE), 100 Lambeth Palace Road, London, SE1 7AR, United Kingdom.
We have appointed a Data Protection Officer (DPO) who can be contacted at the following address: [email protected]. Our DPO is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this notice, including any requests to exercise your information rights, please contact the DPO using the email address details set out above.
2. Changes to Our Privacy Notice
We may change this privacy notice from time to time, so we encourage you to review this notice periodically. When we change this privacy notice in a material way, we will update the last modified date which can be found at the beginning of this notice. Historic versions of this notice are held by our DPO.
It is important that the personal data we hold about you is accurate and current, particularly your contact information. Please keep us informed where your personal data needs updating during your engagement with us.
3. Data Protection Principles
Under GDPR, all personal data obtained and held by us must be processed according to a set of core principles. In accordance with these principles, we will ensure that:
-
processing is fair, lawful, and transparent;
-
data is collected for specific, explicit, and legitimate purposes;
-
data collected is adequate, relevant, and limited to what is necessary for the purposes of processing;
-
data is kept accurate and up to date (data which is found to be inaccurate will be rectified or erased without delay);
-
data is not kept for longer than is necessary for its given purpose;
-
data is processed in a manner that ensures appropriate security of personal data including protection against unauthorised or unlawful processing, accidental loss, destruction, or damage by using appropriate technical or organisation measures; and
-
we comply with the relevant GDPR procedures for international transferring of personal data.
4. Personal Data Held
We keep several categories of personal data on our applicants in order to carry out effective and efficient processes. We keep this data in a recruitment files relating to each applicant and we also hold the data within our computer systems (including email).
Specifically, we hold the following types of data, as appropriate to your status:
-
personal details such as name, address, phone numbers;
-
your photograph;
-
your gender, marital status, information of any disability you have or other relevant medical information;
-
right to work documentation;
-
information on your race and religion for equality monitoring purposes;
-
information gathered via the recruitment process such as that entered into a CV or included in a CV cover letter;
-
references from former employers;
-
details on your education and employment history; and
-
CCTV footage captured as part of the interview process.
Special categories of data are data relating to your:
-
health;
-
sex life;
-
sexual orientation;
-
race;
-
ethnic origin;
-
political opinion;
-
religion;
-
trade union membership; and
-
genetic and biometric data.
We carry out processing activities using special category data:
-
for the purposes of equal opportunities monitoring;
-
in our sickness absence management procedures; and
-
to determine reasonable adjustments.
Most commonly, we will process special categories of data when the following applies:
-
you have given explicit consent to the processing;
-
we must process the data in order to carry out our legal obligations;
-
we must process data for reasons of substantial public interest; or
-
you have already made the data public.
5. Collecting Your Data
You provide several pieces of data to us directly during the recruitment period.
In some cases, we will collect data about you from third parties, such as employment agencies, former employers when gathering references.
Should you be successful in your job application, we will gather further information from you, for example, your bank details and next of kin details, once your employment begins.
We will only collect criminal conviction data where it is appropriate given the nature of your role and where the law permits us. This data will usually be collected at the recruitment stage, however, may also be collected during your employment, if successful. We use criminal conviction data to determine your suitability, or your continued suitability for the role. We rely on the lawful basis of our legitimate interests to process this data.
Personal data is kept in files or within the Company’s IT systems (including email).
6. Lawful Basis for Processing
The law on data protection allows us to process your data for certain reasons only.
The information below categorises the types of data processing, appropriate to your status, we undertake and the lawful basis we rely on.
Activity requiring your data | Lawful basis |
---|---|
Carrying out checks in relation to your right to work in the UK | Legal obligation |
Making reasonable adjustments for disabled employees | Legal obligation |
Making recruitment decisions in relation to both initial and subsequent employment, e.g., promotion | Our legitimate interests |
Making decisions about salary and other benefits | Our legitimate interests |
Making decisions about contractual benefits to you | Our legitimate interests |
Assessing training needs | Our legitimate interests |
Dealing with legal claims made against us | Our legitimate interests |
Preventing fraud | Our legitimate interests |
7. Failure to Provide Data
Your failure to provide us with data may mean that we are unable to fulfil our requirements for entering into a contract of employment with you. This could include being unable to offer you employment.
8. Who We Share Your Data With
Employees within our company who have responsibility for recruitment, administration of payment and contractual benefits and the carrying out performance related procedures will have access to your data which is relevant to their function. All employees with such responsibility have been trained in ensuring data is processed in line with GDPR.
We may also share your data with third parties as part of a Company sale or restructure, or for other reasons to comply with a legal obligation upon us. We will have data processing agreements in place with such third parties to ensure data is not compromised. Third parties must implement appropriate technical and organisational measures to ensure the security of your data.
9. Protecting Your Data
We have implemented reasonable and appropriate technical and organisational measures to protect the personal information we process against accidental or unlawful destruction, loss, change or damage. We limit access to personal data to those employees, agents, contractors and other third parties who have a business need to know. They are under agreement with us to only process your personal data under our instructions and are subject to a duty of confidentiality. We will work carefully to ensure that your personal information is treated securely and in accordance with applicable law and this privacy policy.
Despite these safeguards, no internet-based transmission or information storage technology can be guaranteed 100% secure so we cannot promise that our security measures won’t be overcome. We will follow our incident response procedures should this occur. Should you receive a communication which represents to be from Hypervision Surgical, and which asks you to provide sensitive data or account information via email, or which otherwise seems strange, please treat this as unauthorised and suspicious and report it to our support team, or contact us at [email protected]. If you wish to inquire further about the security safeguards we use, please contact us using the details set out at the start of this privacy notice.
10. International Transfers
Your information will be shared internally for the purposes of the recruitment exercise. This includes members of the HR and recruitment team, interviewers involved in the recruitment process, managers in the business area with a vacancy and IT staff if access to the data is necessary for the performance of their roles.
Our business administration activities take place in the UK. We will not share your data with third parties unless your application for employment is successful and it makes you an offer of employment. We will then share your data with former employers to obtain references for you.
We will not transfer your data outside the European Economic Area (EEA).
11. Retention Periods
If your application for employment is unsuccessful, we will hold your data on file for 6 months after the end of the relevant recruitment process. At the end of that period, your data is deleted or destroyed.
If your application for employment is successful, personal data gathered during the recruitment process will be transferred to your personnel file and retained during your employment. The periods for which your data will be held will be provided to you in a new privacy notice, which we have published for our employees.
12. Rights in Respect of Your Personal Information
You have the following rights in relation to the personal data we hold on you:
-
Right of access. You have the right to obtain:
-
confirmation of whether, and where, we are processing your personal information;
-
information about the categories of personal information we are processing, the purposes for which we process your personal information and information as to how we determine applicable retention periods;
-
information about the categories of recipients with whom we may share your personal information; and
-
a copy of the personal information we hold about you.
-
-
Right of portability. You have the right, in certain circumstances, to receive a copy of the personal information you have provided to us in a structured, commonly used, machine-readable format that supports re-use, or to request the transfer of your personal data to another organisation or person.
-
Right to get data corrected. You have the right to obtain correction, or deletion, of any inaccurate or incomplete personal information we hold about you without undue delay. This is known as the right to rectification.
-
Right to get data deleted. You have the right to erasure, in some circumstances. You can require us to delete your personal information without undue delay if the continued processing of that personal information is not justified. This is also known as the right to be forgotten.
-
Right to limit how we use your data. In some circumstances you can limit the way we use your personal data if you are concerned about the accuracy of the data or how we are using it. If necessary, you can also stop us deleting your data. Together, these opportunities are known as your right to restriction. This right is closely linked to your rights to challenge the accuracy of your data and to object to its use.
-
Right to object. In some circumstances, you have the right to object to our using your personal data. This effectively means that you can stop or prevent us from using your data. However we may not need to stop if where we can give strong and legitimate reasons to continue using it. You also have the right to withdraw consent, where our processing of your data is on the basis of consent previously given by you.
-
Right to lodge a complaint. If you have a complaint about our processing of your personal data, please contact our DPO in the first instance so that we can address your concerns. We will be happy to help.
Where you have provided consent to our use of your data, you also have the right to withdraw that consent at any time. This means that we will stop processing your data.
Our recruitment processes are not based solely on automated decision-making.
13. Concerns
If you think your data rights have been breached, you are able to raise a complaint with the Information Commissioner (ICO). You can contact the ICO at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF or by telephone on 0303 123 1113.
Please contact us at any time should you have any comments, questions, concerns or complaints regarding this privacy notice or our associated practices. We will be happy to look into it for you. Please contact us at [email protected].