Privacy Policy

Effective: 28th November 2022

General Statement

This Privacy Policy governs the Healthcare Job Fair brand, the healthcarejobfair.com website, and related subdomains, products, services and events. The Healthcare Job Fair brand is owned by Health Sector Talent Ltd. (hereinafter, “HST”, “the Company”, “we”, or “us”).

At HST, we value our customers and take pride in providing you with the best healthcare talent attraction services & recruitment events.

HST collects certain personal information about you to facilitate our relationship. We know how much you value your privacy. We at HST are committed to keeping your information secure. Therefore, we provide this Privacy Policy to outline the information we will collect and how that information will be used. Additional policies and procedures described in our Terms of Use and License Agreements should be reviewed.

---

Privacy Principles

We are committed to protecting the privacy of our customer’s personal data.

We make every effort to protect all personal data, such as name, address, ID information, that we obtain.

We maintain physical, technological and administrative safeguards to protect personal data.

We permit only authorised employees and contractors, including but not limited to consultants, to have access to some or all personal data of our customers as needed.

---

Consent

HST does not collect, use, or share personal data without your consent. You have the right to withdraw your consent at any time. The reason we collect personal data and how it is used are included in this privacy policy under Use.

---

Collection of your Personal Data

HST obtains and uses personal data, as defined below, for its business use and for local, national and European Union-related reporting requirements.

We may collect, store and use the following kinds of data. Providing personal data to us is voluntary. However, if you do not provide personal data to us, then we will not be able to provide you with the respective functionality offered by our website, complete processing of your bookings & enquiries and provide the requested products & services.

Types of personal data may include:

• Browser-based data such as IP Address, geographical location, browser type and version, operating system, referral source, etc.
• Personal data such as name, email address, mailing address, phone number, mobile phone number, company name or job title, received upon submittal of your request for service.
• Information for subscribing into our email newsletters and other marketing & sales communications.
• Other information submitted as a web request through our web-based online forms.

Personal data that is submitted in regards to or on behalf of other person(s) will only be accepted once consent has been received from that person(s) and documented.

Your information is recorded on our CRM database, which is currently supplied by HubSpot. A copy of your rights as an individual is available from HubSpot at https://www.hubspot.com/data-privacy/gdpr.

---

Use Of Your Personal Data

We use the data collected for legally required reporting to governmental or regulatory entities, marketing our products, supporting products purchased and providing continuing services. Personal data submitted via the website may be used for the purposes outlined in this policy.

Authorised use of personal data includes:

1. Providing information on our events and other related services to you and your business.
2. Personalising your experience on our websites & applications.
3. Sending information on products & services purchased through our online solutions.
4. Confirmations, statements, invoices, or other necessary emails to ensure a high level of customer service.
5. Non-marketing email communication.
6. Newsletters and other email communication mailing lists that you have subscribed to.
7. Sending notifications on updates to this policy.

Clients have the option of providing, or not providing, consent and use of their personal data.

---

Right To Data Portability

Data subjects have the right to receive personal data from us in a structured, commonly used format.

These rights may be used by sending a letter or e-mail to us on the addresses set out above, including the following information: name, address, phone number and a copy of a valid ID. We may request the provision of additional information necessary to confirm the identity of the data subject. We may reject requests that are unreasonably repetitive, excessive or manifestly unfounded. In case data subject considers our processing activities of personal data to be inconsistent with the applicable data protection laws, a complaint may be lodged with the local supervisory authority for data protection.

---

Sharing of Information

We may disclose your personal data to our group of companies (this means our holding company and all its subsidiaries) insofar as reasonably necessary for the purposes, and on the legal bases, set out in this policy.

We will not sell, share, or otherwise distribute your personal data to third parties (vendors/processors/providers/others) except as provided in this Privacy Policy. HST may share personal data with our subsidiaries and other third parties who act for or on our behalf, for further processing in accordance with the purpose(s) for which the data were originally collected or may otherwise be lawfully processed. Doing so allows us to efficiently conduct our business.

We use third-party data processors to collect, export, process and store data on our behalf, which may include Personal Data. The processors we are currently using include:

• Google, located in the USA (Privacy Shield Certified)
• HubSpot, located in Ireland & the USA (Privacy Shield Certified)
• DocuSign, located in Ireland & the USA

We believe these providers exercise reasonable care to protect your personal data. These third parties have contracted with us to only use personal data for the agreed upon purpose, and not to sell your personal data to third parties, and not to disclose it to other third parties except as may be required by law, as permitted by us or as stated in this Privacy Policy.

Your personal data may also be disclosed, if necessary, as required by law or regulation, to comply with legal, regulatory or administrative requirements of any governmental authorities, to comply with a court order, subpoena, search warrant or other valid legal process, in connection with any legal action, claim or dispute and for the protection of persons or property.

---

Data Transfer Abroad

As a global organisation, data we collect may be transferred internationally throughout HST’s worldwide organisation or to third parties that act on our behalf as noted in ‘Sharing of Information’. Some of these foreign jurisdictions may not provide the same level of privacy protection as your local jurisdiction. By providing consent, you consent to such transfers of your Personal Data. Without such consent, HST is not able to provide you with the services or products listed under ‘Collection of your Personal Data’. The personal data will be transferred with all appropriate and suitable safeguards as described in ‘Data Security’. The countries to which your data may be sent include:

Our holding company and all its subsidiaries are located in the Republic of Ireland and the United Kingdom, while we have offices in Australia and Canada.

At all times your data remains within the European Economic Area (EEA) in full compliance with Regulations (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, namely GDPR.

The hosting facilities for our website are OVH situated in France; The host facility (HubSpot) for our data relating to customers is firstly sent to Google Germany, for encryption before it is housed in the USA. Transfers to each of these countries will be protected by appropriate safeguards, namely the use of standard data protection clauses adopted or approved by the European Commission, a copy of HubSpot data privacy policy can be obtained from https://www.hubspot.com/data-privacy/gdpr.

You acknowledge that personal data that you submit for publication through our website or services may be available, via the internet, around the world. We cannot prevent the use (or misuse) of such personal data by others.

---

Data Retention and Destruction

HST keeps personal data for as long as is necessary for fulfilment of each use described in this policy, or as legally required by appropriate local, national, EU-based and other regulatory bodies. Past that period, records, both physical and electronic, are destroyed.

---

Cookies and Other Technologies

Cookies are used on this website. By using our website, you agree that cookies are to be placed on your device as further explained below.

Cookies are small pieces of data that a website sends to your computer’s web browser while you are navigating through it. They have many different purposes, but mainly, cookies enable you to navigate between pages easily, remembering your preferences, and eventually to improve the user experience. These cookies may then be stored on your machine to identify your computer.

Cookies used on this website can be either set up by our website or by a third-party website. Moreover, these cookies can be “session” or “persistent” cookies: a session cookie is a cookie that is automatically deleted when the user closes the browser, whereas a persistent cookie is a cookie that remains stored in the user’s terminal device until it reaches a defined expiration date. Cookies used on this website have a maximum lifetime of 24 months.

Use of cookies:

HST may use personal data collected from our cookies to identify user behaviour and to serve content and offers based on your profile.

The performance cookies used on this website do not collect personal data.

Other cookies can collect personal data (including information from cookies placed via our advertisements on third-party websites):

• If a user is a registered user.
• If we send you a targeted email which includes web beacons, cookies or similar technologies we will know whether you open, read, or delete the message.
• When you click a link in a marketing e-mail you receive from HST, we will also use a cookie to log what pages you view and what content you download from our websites, even if you are not registered at or signed into our site.

To learn more about the types of cookies and the actual cookies used on this website, please see our detailed Cookie Policy.

Other non-cookie technologies:

HST also enables the use of technologies that perform functions similar to cookies such as web beacons or other technologies that may be included in marketing e-mail messages or newsletters in order to determine whether messages have been opened and links clicked on. Web beacons do not place information on your device, but may work in conjunction with cookies to monitor website activity.

“Do-not-track” signals:

Some web browsers may transmit “do-not-track” signals to the websites with which the browser communicates. As of the Effective Date of this Privacy Policy, an industry standard has not yet been established on how to respond to these signals. Therefore, our website does not currently recognise or respond to these signals, but HST will reassess its response approach once a standard is established. However, at this time you can generally express your privacy preferences regarding the use of most cookies through your web browser.

How to accept or refuse cookies:

If you do not want to receive cookies from our website, you may set your browser to refuse cookies or to notify you when you receive a cookie, which you may then accept or refuse upon such notice. You can also generally set your browser to turn off cookies.

As the means by which you can refuse cookies through your web browser controls vary from browser-to-browser, you should visit your browser’s help menu for more information.

• https://support.google.com/chrome/answer/95647?hl=en (Google Chrome);
• https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop (Mozilla Firefox);
• https://help.opera.com/en/latest/web-preferences/ (Opera);
• https://support.microsoft.com/en-gb/windows/delete-and-manage-cookies-168dab11-0753-043d-7c16-ede5947fc64d (Internet Explorer);
• https://support.apple.com/en-ie/guide/safari/sfri11471/ (Safari); and
• https://support.microsoft.com/en-us/windows/microsoft-edge-browsing-data-and-privacy-bb8174ba-9d73-dcf2-9b4a-c582b4e640dd (Microsoft Edge).

We recommend that you leave the cookies active. Bear in mind that if you block, turn off or otherwise reject our cookies, some web pages may not display properly or you will not be able to use any website services that require you to sign in.

---

Links to Third Party Websites

This website contains links to third-party websites. These links do not constitute or imply an endorsement, authorisation, sponsorship or affiliation by HST with respect to a third party, a third party’s website, the content of a third party’s website, or products or services provided by a third party. We accept no responsibility for the content of such websites or any links they might contain, or for the terms on which they operate in particular their management of your personal data.

The information practices of those websites linked to our website is not covered by this Policy. HST is not responsible for the privacy policies of websites to which it links. If you provide information to such third parties, different rules regarding the collection and use of your personal information may apply. We strongly suggest you review such third-party’s privacy policies before providing data to them.

---

Data Security

We use security safeguards to protect personal data from unauthorised access. We have policies and procedures in place to set forth physical, administrative and technological safeguards around data security. We train our employees in these policies and procedures. In the event of an actual or suspected breach, HST follows the steps outlined in its Incident Response Plan Policy to respond to same.

Physical access to all HST offices and other facilities are security controlled which include locks that are opened by keys and by using keypad door entry (pin pad) systems connected to an alarm system.

Information systems and communications equipment are placed in secure areas and protected by additional physical security measures that permit access only to the employees who need access, in addition to operational processes, CCTV surveillance, environmental controls and fire detection/suppression systems to safeguard against accidental loss, theft or unauthorised removal, misuse, damage or unauthorised access.

All gateways to the internet are protected by a firewall and access to both internal and external networks are restricted and controlled.

Endpoint security is constantly being reviewed to protect the network against unauthorised access, data loss or destruction.

Access to information is through a secure login process with a unique identifier.

All personal information is encrypted and stored with a multi-key encryption algorithm or pseudonymised.

All personal information is pseudonymised if it is necessary to be stored.

Key personnel laptops have full disk encryption software. The software is configured with a system lock-out feature enabled after a certain number of incorrect password entries.

Critical servers are scanned using network and system vulnerability scanners. Web applications are also scanned by automated penetration tools for application-level security vulnerabilities that may be susceptible to hacking.

External vulnerability scanning on our internet-facing sites is performed monthly to ensure that these sites are secure. These are done via in-house vulnerability scanning tools and third-party services.

Penetration tests are performed on our key internet applications prior to production or major upgrades.

Payment-related data, if stored on our secure servers, will be hashed, masked, encrypted, and/or redacted per current PCI-DSS standards.

User acknowledges that transmission of data of the public internet is insecure and transmission of data over the internet cannot be guaranteed.

User is responsible for keeping secure passwords generated on HST online applications. HST hashes passwords and does not have access to passwords through back-end systems to view your password. HST will never ask for a password other than on the login page of our online solution.

---

Notices

We reserve the right to modify or change this Privacy Policy at any time. Any such change, update, or modification will be effective immediately upon release, and reflected with the updated effective date and revision number. If we make any changes to our Policy, we will post the updated Policy on our website, provided on an updated homepage link, and may post other places we deem appropriate.

If we make any material changes to our Privacy Policy, we will provide our current customers & registered website users with revised Policy that describe our new policies and procedures that apply to them. This revised Policy will be emailed to your address of record.

---

Your Personal Data Rights

HST offers transparency in the personal data that we collect and maintain, and acknowledges your rights in relation to your personal data.

Your principal rights under data protection law are:

• the right to access;
• the right to rectification;
• the right to erasure;
• the right to restrict processing;
• the right to object to processing;
• the right to data portability;
• the right to complain to a supervisory authority; and
• the right to withdraw consent.

We provide you with the ability to request access to your personal data records.

Whenever we process personal data, we take reasonable steps to ensure that your personal data is kept accurate and up-to-date for the purposes for which it was collected. We provide you with the ability to request that your information be rectified, corrected and restrict the processing.

We provide you with the ability to object to the processing of your personal data if such processing is not reasonably required for a legitimate business purpose as described in this policy or in our compliance with law. We provide you with the ability to request your personal data be transferred or erased.

In the case of electronic direct marketing, we will provide you with a method to opt-out of receiving further marketing materials or with a method to opt in if required by law.

HST reserves the right to deny a request based on lack of identification or other legitimate reasons. Requests to delete personal data will be subject to any applicable legal and ethical reporting or document filing or retention obligations imposed on us. In addition, the personal data may have been destroyed, erased or made anonymous in accordance with our record retention obligations and practices.

We provide a response to a request within one month; either to fulfil the request, deny the request, explain why we cannot honour the request, or inform you of a necessary extension. Proper identification is required. We reserve the right to charge a fee for excessive requests.

You have the right to lodge a complaint with a supervisory authority.

If you wish to make a request or have any questions, please contact us as noted below in Contact Information.

Click here to download a copy of our Access Request Form.

---

Contact Information

You may contact us using the contact information below.

For product or service information:

• Email: contact@hst.health
• Telephone: +353 1 8260692
• or write to us at:
  Health Sector Talent Limited
  Attn: Customer Service
  13 Keypoint, Rosemount Business Park
  Ballycoolin
  Dublin 11
  Ireland

For information regarding our privacy policy or to make a request related to your Personal Data rights:

• Data Protection Officer: Gerard Gosson
• Email: dpo@hst.health
• Telephone: +353 1 8260692
• or write to us at:
  Health Sector Talent Limited
  Attn: Data Protection
  13 Keypoint, Rosemount Business Park
  Ballycoolin
  Dublin 11
  Ireland

---

Revision History

This policy will be reviewed and revised on a consistent basis to ensure accuracy.