Effective: 28th November 2022
At HST, we value our customers and take pride in providing you with the best healthcare talent attraction services & recruitment events.
We are committed to protecting the privacy of our customer’s personal data.
We make every effort to protect all personal data, such as name, address, ID information, that we obtain.
We maintain physical, technological and administrative safeguards to protect personal data.
We permit only authorised employees and contractors, including but not limited to consultants, to have access to some or all personal data of our customers as needed.
Collection of your Personal Data
HST obtains and uses personal data, as defined below, for its business use and for local, national and European Union-related reporting requirements.
We may collect, store and use the following kinds of data. Providing personal data to us is voluntary. However, if you do not provide personal data to us, then we will not be able to provide you with the respective functionality offered by our website, complete processing of your bookings & enquiries and provide the requested products & services.
Types of personal data may include:
- Browser-based data such as IP Address, geographical location, browser type and version, operating system, referral source, etc.
- Personal data such as name, email address, mailing address, phone number, mobile phone number, company name or job title, received upon submittal of your request for service.
- Information for subscribing into our email newsletters and other marketing & sales communications.
- Other information submitted as a web request through our web-based online forms.
Personal data that is submitted in regards to or on behalf of other person(s) will only be accepted once consent has been received from that person(s) and documented.
Your information is recorded on our CRM database, which is currently supplied by HubSpot. A copy of your rights as an individual is available from HubSpot at https://www.hubspot.com/data-privacy/gdpr.
Use Of Your Personal Data
We use the data collected for legally required reporting to governmental or regulatory entities, marketing our products, supporting products purchased and providing continuing services. Personal data submitted via the website may be used for the purposes outlined in this policy.
Authorised use of personal data includes:
- Providing information on our events and other related services to you and your business.
- Personalising your experience on our websites & applications.
- Sending information on products & services purchased through our online solutions.
- Confirmations, statements, invoices, or other necessary emails to ensure a high level of customer service.
- Non-marketing email communication.
- Newsletters and other email communication mailing lists that you have subscribed to.
- Sending notifications on updates to this policy.
Clients have the option of providing, or not providing, consent and use of their personal data.
Right To Data Portability
Data subjects have the right to receive personal data from us in a structured, commonly used format.
These rights may be used by sending a letter or e-mail to us on the addresses set out above, including the following information: name, address, phone number and a copy of a valid ID. We may request the provision of additional information necessary to confirm the identity of the data subject. We may reject requests that are unreasonably repetitive, excessive or manifestly unfounded. In case data subject considers our processing activities of personal data to be inconsistent with the applicable data protection laws, a complaint may be lodged with the local supervisory authority for data protection.
Sharing of Information
We may disclose your personal data to our group of companies (this means our holding company and all its subsidiaries) insofar as reasonably necessary for the purposes, and on the legal bases, set out in this policy.
We use third-party data processors to collect, export, process and store data on our behalf, which may include Personal Data. The processors we are currently using include:
- Google, located in the USA (Privacy Shield Certified)
- HubSpot, located in Ireland & the USA (Privacy Shield Certified)
- DocuSign, located in Ireland & the USA
Your personal data may also be disclosed, if necessary, as required by law or regulation, to comply with legal, regulatory or administrative requirements of any governmental authorities, to comply with a court order, subpoena, search warrant or other valid legal process, in connection with any legal action, claim or dispute and for the protection of persons or property.
Data Transfer Abroad
As a global organisation, data we collect may be transferred internationally throughout HST’s worldwide organisation or to third parties that act on our behalf as noted in ‘Sharing of Information’. Some of these foreign jurisdictions may not provide the same level of privacy protection as your local jurisdiction. By providing consent, you consent to such transfers of your Personal Data. Without such consent, HST is not able to provide you with the services or products listed under ‘Collection of your Personal Data’. The personal data will be transferred with all appropriate and suitable safeguards as described in ‘Data Security’. The countries to which your data may be sent include:
Our holding company and all its subsidiaries are located in the Republic of Ireland and the United Kingdom, while we have offices in Australia and Canada.
At all times your data remains within the European Economic Area (EEA) in full compliance with Regulations (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, namely GDPR.
You acknowledge that personal data that you submit for publication through our website or services may be available, via the internet, around the world. We cannot prevent the use (or misuse) of such personal data by others.
Data Retention and Destruction
HST keeps personal data for as long as is necessary for fulfilment of each use described in this policy, or as legally required by appropriate local, national, EU-based and other regulatory bodies. Past that period, records, both physical and electronic, are destroyed.
Cookies and Other Technologies
Cookies are used on this website. By using our website, you agree that cookies are to be placed on your device as further explained below.
Cookies are small pieces of data that a website sends to your computer’s web browser while you are navigating through it. They have many different purposes, but mainly, cookies enable you to navigate between pages easily, remembering your preferences, and eventually to improve the user experience. These cookies may then be stored on your machine to identify your computer.
Cookies used on this website can be either set up by our website or by a third-party website. Moreover, these cookies can be “session” or “persistent” cookies: a session cookie is a cookie that is automatically deleted when the user closes the browser, whereas a persistent cookie is a cookie that remains stored in the user’s terminal device until it reaches a defined expiration date. Cookies used on this website have a maximum lifetime of 24 months.
HST may use personal data collected from our cookies to identify user behaviour and to serve content and offers based on your profile.
The performance cookies used on this website do not collect personal data.
Other cookies can collect personal data (including information from cookies placed via our advertisements on third-party websites):
- If a user is a registered user.
- If we send you a targeted email which includes web beacons, cookies or similar technologies we will know whether you open, read, or delete the message.
- When you click a link in a marketing e-mail you receive from HST, we will also use a cookie to log what pages you view and what content you download from our websites, even if you are not registered at or signed into our site.
Other non-cookie technologies:
HST also enables the use of technologies that perform functions similar to cookies such as web beacons or other technologies that may be included in marketing e-mail messages or newsletters in order to determine whether messages have been opened and links clicked on. Web beacons do not place information on your device, but may work in conjunction with cookies to monitor website activity.
- https://support.google.com/chrome/answer/95647?hl=en (Google Chrome);
- https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop (Mozilla Firefox);
- https://help.opera.com/en/latest/web-preferences/ (Opera);
- https://support.microsoft.com/en-gb/windows/delete-and-manage-cookies-168dab11-0753-043d-7c16-ede5947fc64d (Internet Explorer);
- https://support.apple.com/en-ie/guide/safari/sfri11471/ (Safari); and
- https://support.microsoft.com/en-us/windows/microsoft-edge-browsing-data-and-privacy-bb8174ba-9d73-dcf2-9b4a-c582b4e640dd (Microsoft Edge).
We recommend that you leave the cookies active. Bear in mind that if you block, turn off or otherwise reject our cookies, some web pages may not display properly or you will not be able to use any website services that require you to sign in.
Links to Third Party Websites
This website contains links to third-party websites. These links do not constitute or imply an endorsement, authorisation, sponsorship or affiliation by HST with respect to a third party, a third party’s website, the content of a third party’s website, or products or services provided by a third party. We accept no responsibility for the content of such websites or any links they might contain, or for the terms on which they operate in particular their management of your personal data.
The information practices of those websites linked to our website is not covered by this Policy. HST is not responsible for the privacy policies of websites to which it links. If you provide information to such third parties, different rules regarding the collection and use of your personal information may apply. We strongly suggest you review such third-party’s privacy policies before providing data to them.
We use security safeguards to protect personal data from unauthorised access. We have policies and procedures in place to set forth physical, administrative and technological safeguards around data security. We train our employees in these policies and procedures. In the event of an actual or suspected breach, HST follows the steps outlined in its Incident Response Plan Policy to respond to same.
Physical access to all HST offices and other facilities are security controlled which include locks that are opened by keys and by using keypad door entry (pin pad) systems connected to an alarm system.
Information systems and communications equipment are placed in secure areas and protected by additional physical security measures that permit access only to the employees who need access, in addition to operational processes, CCTV surveillance, environmental controls and fire detection/suppression systems to safeguard against accidental loss, theft or unauthorised removal, misuse, damage or unauthorised access.
All gateways to the internet are protected by a firewall and access to both internal and external networks are restricted and controlled.
Endpoint security is constantly being reviewed to protect the network against unauthorised access, data loss or destruction.
Access to information is through a secure login process with a unique identifier.
All personal information is encrypted and stored with a multi-key encryption algorithm or pseudonymised.
All personal information is pseudonymised if it is necessary to be stored.
Key personnel laptops have full disk encryption software. The software is configured with a system lock-out feature enabled after a certain number of incorrect password entries.
Critical servers are scanned using network and system vulnerability scanners. Web applications are also scanned by automated penetration tools for application-level security vulnerabilities that may be susceptible to hacking.
External vulnerability scanning on our internet-facing sites is performed monthly to ensure that these sites are secure. These are done via in-house vulnerability scanning tools and third-party services.
Penetration tests are performed on our key internet applications prior to production or major upgrades.
Payment-related data, if stored on our secure servers, will be hashed, masked, encrypted, and/or redacted per current PCI-DSS standards.
User acknowledges that transmission of data of the public internet is insecure and transmission of data over the internet cannot be guaranteed.
User is responsible for keeping secure passwords generated on HST online applications. HST hashes passwords and does not have access to passwords through back-end systems to view your password. HST will never ask for a password other than on the login page of our online solution.
Your Personal Data Rights
HST offers transparency in the personal data that we collect and maintain, and acknowledges your rights in relation to your personal data.
Your principal rights under data protection law are:
- the right to access;
- the right to rectification;
- the right to erasure;
- the right to restrict processing;
- the right to object to processing;
- the right to data portability;
- the right to complain to a supervisory authority; and
- the right to withdraw consent.
We provide you with the ability to request access to your personal data records.
Whenever we process personal data, we take reasonable steps to ensure that your personal data is kept accurate and up-to-date for the purposes for which it was collected. We provide you with the ability to request that your information be rectified, corrected and restrict the processing.
We provide you with the ability to object to the processing of your personal data if such processing is not reasonably required for a legitimate business purpose as described in this policy or in our compliance with law. We provide you with the ability to request your personal data be transferred or erased.
In the case of electronic direct marketing, we will provide you with a method to opt-out of receiving further marketing materials or with a method to opt in if required by law.
HST reserves the right to deny a request based on lack of identification or other legitimate reasons. Requests to delete personal data will be subject to any applicable legal and ethical reporting or document filing or retention obligations imposed on us. In addition, the personal data may have been destroyed, erased or made anonymous in accordance with our record retention obligations and practices.
We provide a response to a request within one month; either to fulfil the request, deny the request, explain why we cannot honour the request, or inform you of a necessary extension. Proper identification is required. We reserve the right to charge a fee for excessive requests.
You have the right to lodge a complaint with a supervisory authority.
If you wish to make a request or have any questions, please contact us as noted below in Contact Information.
Click here to download a copy of our Access Request Form.
You may contact us using the contact information below.
For product or service information:
- Email: email@example.com
- Telephone: +353 1 8260692
- or write to us at:
Health Sector Talent Limited
Attn: Customer Service
13 Keypoint, Rosemount Business Park
- Data Protection Officer: Gerard Gosson
- Email: firstname.lastname@example.org
- Telephone: +353 1 8260692
- or write to us at:
Health Sector Talent Limited
Attn: Data Protection
13 Keypoint, Rosemount Business Park
This policy will be reviewed and revised on a consistent basis to ensure accuracy.