1. IntroductionVivo Healthcare Ltd is dedicated to protecting your privacy and security in accordance with UK GDPR and the Data Protection Act 2018. As the Data Controller, we determine how and why your personal data is used.
2. Who We Are and How to Contact UsVivo Healthcare Ltd is a company registered in England and Wales.
Data Protection Officer (DPO)For questions about data handling, contact our DPO:
3. The Information We Collect
We collect and use personal data necessary for our staffing services and legal compliance.
Standard Personal Data
This includes contact details, identity information (like date of birth, NI number, and ID copies), employment history, qualifications (like NMC PIN), financial details for payroll, and potentially CCTV/access data.
Special Categories of Personal Data
We process sensitive data like health information (for safety and adjustments), criminal convictions (via DBS checks required for healthcare), and, with explicit consent, diversity data for monitoring.
4. How We Collect Your Information
Data is collected during recruitment and employment. Sources include direct input from you, third parties like background check providers, former employers, professional bodies, clients, and publicly available information.
5. How and Why We Use Your Information (Lawful Basis)
We process your data based on lawful grounds under UK GDPR, primarily for:
Purpose of ProcessingLawful Basis (Article 6 UK GDPR)Special Category Basis (Article 9 UK GDPR)Recruitment and placement
Performance of a contractEmployment law obligations/Public interest
Paying staff and tax compliance
Legal obligationN/A
Background (DBS) checks
Legal obligation/Legitimate interestSubstantial public interest/Legal requirements
Health and safety compliance
Legal obligation/Vital interestsEmployment law obligations/Public health
Managing performance/conduct
Legitimate interestsLegal claims/Employment law obligations
6. Data Sharing and Third Parties
We may share your data with third parties to provide services, requiring them to protect your data. Recipients include care facilities (clients), payroll and IT providers, regulators (CQC, NMC, HMRC, ICO), and professional advisors. Third parties are not permitted to use your data for their own purposes.
7. Data Security and Storage
We use technical and organisational measures to protect your information and limit access to those with a business need, who are bound by confidentiality. Data is stored securely in the UK.
8. Data Retention
Data is kept only as long as necessary for the intended purpose and to meet legal requirements. Unneeded data is securely destroyed according to internal policies.
9. Your Rights
Under UK data protection law, you have rights, including access, correction, erasure, objection, restriction of processing, data transfer, and withdrawal of consent. There is no charge to exercise these rights, and we will respond within one month.
10. Complaints
Address any data handling concerns to our DPO (details in section 2). You can also complain to the ICO: