Scotland has one of the best health services in the world and the NHS is the largest employer in our country. We actively encourage applicants from a range of backgrounds, regardless of gender, age, religion, race, sexual orientation, religion or belief.
Increasingly, our workforce is based outside traditional hospital settings. They also work in GP surgeries, clinics and health centres in the community and with partner organisations, local authorities and the Scottish Government.
NHS Scotland is made up of 14 regional Health Boards. Each one is responsible for protecting and improving the health of the population in its area.
There are also eight national Health Boards. They support the regional Boards by providing a range of important, specialist and national services.
When applying to work with one of these Health Boards, the recruitment process and all relevant personal information involved will be managed by that board. Contact details for each of the Health Boards can be found at https://www.nhsinform.scot/care-support-and-rights/health-rights/confidentiality-and-data-protection/how-the-nhs-handles-your-personal-health-information#data/
You can find more information about our health workforce on the Scottish Government website.
The personal information you provide will allow the appropriate recruiting NHS Scotland organisation to effectively manage and progress your application through their recruitment processes, and for them to meet their obligations to you as a prospective employer.
The following personal information may be required:
Your contact details may be used to contact you regarding your application. The recruiting NHS Scotland organisation will communicate with you predominantly via email, by providing your email address; you are consenting to receive correspondence relating to the recruitment process by email.
The data will be stored, processed, used and disclosed in the following ways:
The legal basis relied upon for processing your personal information is article 6(1)(b) of the UK-GDPR, which relates to processing necessary to perform a contract or to take steps at your request, before entering a contract.
The legal basis relied upon to process any information you provide as part of your application which is special category data, such as health, religious or ethnicity information is article 9(2)(b) of the UK- GDPR, which relates to our obligations in employment and the safeguarding of your fundamental rights. We also rely upon Schedule 1 part 1(1) of the DPA2018 which again relates to processing for employment purposes. We may also rely on 9(2)(a) of the UK-GDPR, which relates to your explicit consent. It is important to note that special category data used for the purposes of equal opportunities is non-mandatory and you can select prefer not to say.
As part of the recruitment process, information about applicant criminal convictions and offences will be processed. The legal basis relied upon to process this data is Article 6(1)(b) to perform a contract or to take steps at your request, before entering a contract.
The recruiting Health Board is under a duty to protect the public funds it administers, and to this end the information you have provided on your application form will be used for the prevention and detection of fraud. The information may also be shared with other bodies responsible for auditing or administering public funds for these purposes. More detail and further information is available on the Audit Scotland website: www.audit-scotland.gov.uk/The recruiting board reserves the right to transfer your information to a third party involved in the recruitment process provided that the third party agrees to adhere to the terms of this Privacy Notice and provided that the third party only uses your Personal Data for the purposes that you provided for. Information will also be shared with other public bodies where the law requires this. Examples of such public bodies are Her Majesty’s Revenue and Customs (HMRC), the Department for Work and Pensions and the Scottish Freedom of Information Office. The recruiting board will also generally comply with requests for specific information from other regulatory and law enforcement bodies where this is necessary and proportionate.
NHS Scotland maintains a records retention and disposal schedule which sets out how long different types of information are held for. This schedule can be found here: The Scottish Government Records Management Code of Practice for Health and Social Care (Scotland) 2020
In line with this schedule, unsuccessful candidates’ data will be securely destroyed 12 months after the decision is made that your application has been unsuccessful adhering to the statutory requirement to retain information for a select period to allow candidates to challenge recruitment decisions.
Successful candidates’ information required for employment purposes will be retained throughout your employment and will be held in the appropriate employing boards HR system, all other documentation not relevant will be securely destroyed 12 months after your start date has been confirmed, this includes any supporting documentation which you provide for criminal reference checking, proof of address etc.
Under Data Protection law you have rights which are available to you. These rights are detailed below. Please be aware that should you wish to exercise these rights, your request should be made to the appropriate employing Health Board at https://www.nhsinform.scot/care-support-and-rights/health-rights/confidentiality-and-data-protection/how-the-nhs-handles-your-personal-health-information#data
Right to be informed - Your right to be informed is met by the provision of this privacy notice, and similar information when we communicate with you directly.
Right to access your information - You have the right to request a copy of the personal information about you that is held.
Right to correct your information (rectification) – It is important to ensure that your personal information is accurate, complete and up to date and therefore you can ask for a correction of any personal information about you that you believe does not meet these standards.
Right to the erasure of your information – You have the right to object to the processing of your information and can withdraw your application and delete your candidate profile at any point in the process. However, in order to proceed with an application for a position with the recruiting board, your personal information requires to be processed, as per 6(1)(b) in the UK-GDPR – processing is necessary for the performance of a contract with the data subject or to take steps to enter into a contract.
Right to object - At any time, you have the right to object to your personal information being processed for direct marketing purposes.
Right to restrict processing - In some cases, you may ask for a restriction on how we use your personal information.
Rights relating to data portability - This right is only available where the legal basis for processing under the UK GDPR is consent, or for the purposes of a contract between you and the recruiting organisation. For this to apply the data must be held in electronic form. The right is to be provided with the data in a commonly used electronic format.
Rights relating to automated processing, including profiling - You have the right to object to being subject to a decision based solely on automated processing, including profiling. Should we perform any automated decision-making, we will record this in our Privacy Notice, and ensure that you have an opportunity to request that the decision involves personal consideration. Please note that we currently do not carry out any automated processing or profiling in relation to our recruitment processes.
If you have a complaint about how your personal information is handled, you can contact the relevant Health Board’s Data Protection Officer, which can be found at https://www.nhsinform.scot/care-support-and-rights/health-rights/confidentiality-and-data-protection/how-the-nhs-handles-your-personal-health-information#data
You also have the right to make a complaint about data protection matters to the Information Commissioner's Office. They can be contacted via their website at https://ico.org.uk/make-a-complaint/ or by telephone on 0303 123 1113.