Highfield Healthcare Candidate Privacy Notice
Highfield Healthcare (“we”, “our”, “us”) respects your privacy and is committed to protecting your personal data. This notice explains how we process personal information of job applicants and candidates during our recruitment process.
1. Who We Are
Highfield Healthcare is the data controller for your personal data in relation to recruitment activities.
For any further queries in relation to data, please contact us at:
recruitment@highfieldhealthcare.ie
2. Personal Data We Collect
We may collect and process the following categories of data about you:
Identification details: name, address, contact details, date of birth.
Employment details: CV, cover letter, work history, education, qualifications, skills.
References: information provided by referees.
Right to work: passport, visa, work permit.
Interview information: notes, test results, assessment outcomes.
Special category data (only where necessary and permitted by law): health/disability information (to ensure reasonable accommodations), Garda vetting results (if role requires)
3. Purpose, Legal Basis, and Retention
Purpose of Processing | Legal Basis | Retention Period |
Recruitment and assessment of candidates | Article 6(1)(b) GDPR – contract | Unsuccessful candidates: 6 months post-campaign |
Retaining candidate details for future roles (with consent) | Article 6(1)(a) GDPR – consent | Until consent withdrawn or 12 months maximum |
Verification of qualifications, employment history, and references | Article 6(1)(b) GDPR – contract | Successful candidates: 6 years post-employment |
Processing disability details to provide reasonable adjustments | Article 6(1)(b) GDPR – contract; Article 9(2)(b) GDPR – employment obligations | Successful candidates: 6 years post-employment |
Compliance with legal obligations (e.g. safeguarding, right to work) | Article 6(1)(c) GDPR – legal obligation | Successful candidates: 6 years post-employment |
Defence of legal claims | Article 6(1)(f) GDPR – legitimate interests | In line with statutory limitation periods |
4. How We Collect Your Data
We collect your data:
Directly from you when you apply.
From recruitment agencies acting on your behalf.
From referees you have provided.
From regulatory or vetting authorities where required
5. Who We Share Your Data With
We may share your data with:
Recruitment agencies (if you applied through one).
Service providers (e.g., online recruitment platforms, IT system providers).
Regulatory authorities or vetting bodies (where legally required).
Referees (for reference checking).
All third parties are bound by confidentiality and data protection obligations.
6. Security of Your Data
Your data is stored using encrypted storage, secure transfer, and access controls.
7. International Transfers
We do not routinely transfer candidate data outside the EEA. If such transfers are required, appropriate safeguards such as EU Standard Contractual Clauses will be applied.
8. Your Data Protection Rights
Under Articles 15 to 22 GDPR, you have the following rights in relation to your personal data:
Access: to request a copy of your personal data.
Rectification: to have inaccurate or incomplete data corrected.
Erasure: to request deletion of your data in certain circumstances.
Restriction: to request limitation of how we process your data.
Portability: to receive your data in a portable format and transfer it to another controller.
Object: to object to processing based on legitimate interests or direct marketing.
Automated decision-making: to not be subject to decisions based solely on automated processing, including profiling, that significantly affect you, unless certain safeguards apply.
To exercise these rights, please contact us at recruitment@highfieldhealthcare.ie
Highfield Healthcare does not use artificial intelligence (AI) in its recruitment processes.
9. Complaints
If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the supervisory authority:
Data Protection Commission (DPC)
21 Fitzwilliam Square South
Dublin 2, D02 RD28
Ireland
Website: www.dataprotection.ie
Telephone: +353 (0)761 104 800