Privacy Policy


The General Data Protection Regulation (GDPR) will be effective from May 25th 2018.  It is a regulation in EU Law regarding personal data protection and privacy for all individuals within the European Union. Its aim is to give control to citizens and residents over their personal data.

Under the GDPR there are six principles regarding personal data and these have been implemented into Poppy Nursing:

  • Lawfulness, fairness and transparency – Personal data is processed lawfully, fairly and transparently
  • Purpose limitations – Persona data is collected only for specified, explicit and legitimate purposes
  • Data minimisation – Personal data is adequate, relevant and limited to what is necessary for the processing of it
  • Accuracy – Personal data kept is accurate and kept up to date
  • Storage limitations – Personal data is only kept for as long as necessary and most definitely not for ‘just in case’
  • Integrity and confidentiality – Personal data is processed in a manner that ensures its security

Personal Data is defined as:

Any representation of data that permits the identity of an individual to whom the data applies to be reasonably inferred by either direct or indirect means. Further, personal data is defined as data: (i) that directly identifies an individual (e.g., name, address, national insurance number or other identifying number or code, telephone number, email address, etc.) These data elements may include a combination of gender, race, birth date, geographic indicator, and other descriptors). This information can be maintained in either paper, electronic or other media.

What this Privacy Notice Covers

This Privacy Notice covers the activities of Poppy Nursing Services.

We are committed to doing the right thing when it comes to how we collect, use and protect your personal data. That’s why we’ve developed this Privacy Notice which:

  • sets out the types of personal data that we collect
  • explains how and why we collect and use your personal data
  • explains when and why we will share personal data within the MCG Group companies and with other organisations; and
  • explains the rights and choices you have when it comes to your personal data

Poppy Nursing Services serve a variety of parties in different ways and this notice applies to you if you use our services (referred to in this Notice as “our Services”) as a contractor, employee or client

To use our Services you must be a contractor, employee or other organisation who wishes to use our Services for the purpose of that business or enterprise and not for personal use. Using our Services means being a registered or potential client or contractor of Poppy Nursing Services through one or more of the following mechanisms:

  • Registered nurse, carer or other health professional providing a service on behalf of their own limited company for Poppy Nursing Services
  • Registered nurse, carer or other health professional providing a service using an umbrella company for Poppy Nursing Services,
  • online or otherwise using any of the websites (“our Websites”) where this Notice is posted; or
  • being employed directly through Poppy Nursing Services
  • An organisation which acts independently or as part of a group, requesting or using services provided

What Personal data do we collect?

This section tells you what type of information we may collect from you when you register to work with Poppy Nursing Services either as a contractor or an employee. The level of information held will depend upon the type of role applied for and the point you are at in the recruitment process.

  • Bank details
  • Name
  • D.O.B
  • Address
  • Email address
  • Telephone numbers
  • Next of kin contact details
  • NI numbers
  • Work history
  • DBS numbers
  • NMC numbers
  • Copies of identity documents (for audit purpose)
  • Training and education history
  • References
  • Race/Gender details
  • Companies house information
  • Personal preferences

How and why we use personal data

  • To comply with NHS recruitment standards
  • To Safeguard the patients that we care for
  • To comply with HMRC requirements
  • To communicate with you about opportunities to work
  • To communicate with you about services supplied by the contractor
  • To communicate in reference to confirming placement bookings
  • To make payments for work carried out
  • To create and send invoices for products and services provided
  • For future reference in the event of litigation, or clinical investigation
  • To issue identity cards, in line with CQC requirements
  • To evidence compliance to NMC, CQC and NHS
  • To assess suitability to work
  • To assess fitness to practice.
  • To offer directions and placements based on geographical appropriateness
  • To verify NMC registration
  • Produce invoices and statements
  • To monitor geographical supply and demand
  • To identify and engage with candidates who may wish to work with us based on interests, geographical location (social media)
  • For audit purposes
Manage and improve our websites, recruitment, and services

Data is used to help us develop and improve our services to both our contractors and our clients. Internal market research helps us to improve information technology systems, understand how and the way we communicate with you.

Detect and prevent fraud or other crime

We have an obligation to ensure that our services are safe and consequently if required, your data may be processed in order to detect to and to prevent fraud, other crimes and the misuse of our services. This ensures that everyone using our services remain safe.

Personalising your experience

Looking at your browsing behaviour allows use to personalise the information that you will see, this mostly applies to enrolment incentives and information about open days etc. We may also monitor the effectiveness of our marketing communications. We may monitor the preferences of contractors to assist with allocating shifts and placements.

We want to ensure that the people that we communicate with receive relevant marketing material and company updates.

Contact and interact with you

We may contact you about our Services, for example by phone, email, text or post or by responding to social media posts that you have directed at us.We want to serve you better as a customer so we use personal data to provide clarification or assistance in response to your communications and to respond to your queries.

Manage promotions, incentives and competitions

Manage any competitions or promotions you take part in, including those we run with our suppliers and other third parties. We need to process your personal data so that we can administer the promotions and competitions you choose to enter.

Changing your preferences

You have the option at any time to change the way we communicate with you. You can, email, text, phone or respond by social media or call into your local branch. We set out below your options when it comes to Cookies, and how we control online behavioural advertising.

Sharing of Personal Data

Poppy Nursing Services is committed to protecting your personal information. We will not share your data with any third party for any commercial reasons. However, we may share personal data with other organisations in the following circumstances:

  • If the law or a public authority says we must share the personal data; e.g. some information is required to be shared with clients to evidence compliance and competency in line with CQC requirements;
  • If we need to share personal data in order to establish, exercise or defend our legal rights (this includes providing personal data to others for the purposes of preventing fraud and reducing credit risk);
  • To an organisation, we sell or transfer (or enter into negotiations to sell or transfer) any of our businesses or any of our rights or obligations under any agreement we may have with you too. If the transfer or sale goes ahead, the organisation receiving your personal data can use your personal data in the same way as us;
  • Any company within our parent company’s group of companies;
  • To any other successors in title to our business.
Service Providers

We work with carefully selected Service Providers that carry out certain functions on our behalf. These include, for example, companies that help us with technology services, storing and combining data, processing payments, credit checking and those who provide services on our behalf such as delivering orders to your premises, erecting signage, sending communications on our behalf or market research. We only share personal data necessary to enable our Service Providers to provide their services.

How we protect personal data

We know how important it is to protect and manage your personal data. This section sets out some of the measures we have in place.

  • We use computer safeguards such as firewalls, data encryption, a private network and we enforce physical access controls to our buildings and files to keep this data safe. We only authorise access to employees who need it to carry out their job responsibilities.
  • We protect the security of your information, while it is being transmitted to Third Party Suppliers and Service Providers, using secure SSL/TLS with AES 128-bit encryption. Your data is then encrypted again for storage with AES 256-bit. This is to prevent hackers from seeing your information.
  • We enforce physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of personal data. We may occasionally ask for proof of identity before we share your personal data with you.

However, whilst we take appropriate technical and organisational measures to safeguard your personal data, please note that we cannot guarantee the security of any personal data that you transfer over the internet to us.

When we send any data to any third party we will take steps to ensure the safety of your data.

The personal data that we collect from you may be transferred to and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by companies operating outside the EEA who work for us or for one of our service providers. We will put in place appropriate protection to make sure your personal data remains adequately protected and is treated in line with this Notice.

Marketing and Market Research

This section explains the choices you have when it comes to receiving marketing communications and taking part in market research.

We will send you relevant offers and news about our services in a number of ways including by email, but only if you have previously agreed to receive these marketing communications. When you register with us we will ask if you would like to receive marketing communications, and you can change your marketing choices online, in branch, over the phone or in writing at any time.

We also like to hear your views to help us to improve our services, so we may contact you for market research purposes. You always have the choice about whether to take part in our market research.

Cookies and Similar Technologies

We use cookies and similar technologies, such as tags and pixels (“Cookies”), to personalise and improve your customer experience as you use our Websites and Mobile Apps and to provide you with relevant online advertising. This section provides more information about Cookies, including how we use them and how you can exercise your choices about our use of Cookies.

How we use Cookies

Cookies are small data files that allow a website to collect and store a range of data on your desktop computer, laptop or mobile device.

Cookies help us to provide important features and functionality on our Websites and Mobile Apps, and we use them to improve your customer experience. For example, we use Cookies to do the following:

Improve the way our Websites work

Cookies allow us to improve the way our Websites and Mobile Apps work so that we can personalise your experience and allow you to use many of their useful features.

Improve the performance of our Websites

Cookies can help us to understand how our Websites and Mobile Apps are being used, for example, by telling us if you get an error messages as you browse.

These Cookies collect data that is mostly aggregated and anonymous.

Deliver relevant online advertising

We use Cookies to help us deliver online advertising that we believe is most relevant to you on our Websites and other organisations’ websites.

Measuring the effectiveness of our marketing communications, including online advertising

Cookies can tell us if you have seen a specific advert or message, and how long it has been since you have seen it. This information allows us to measure the effectiveness of our online advertising campaigns and control the number of times you are shown an advert.

We also use Cookies to measure the effectiveness of our marketing communications, for example by telling us if you have opened a marketing email that we have sent you

Your choices when it comes to Cookies

You can use your browser settings to accept or reject new Cookies and to delete existing Cookies. You can also set your browser to notify you each time new Cookies are placed on your computer or another device. You can find more detailed information about how you can manage Cookies at the All about Cookies and Your Online Choices websites.

If you choose to disable some or all Cookies, you may not be able to make full use of our Websites.

Destroying and Archiving personal Information

If you have enquired or applied with Poppy Nursing Services and we haven’t heard from you

After a period of six months, we will destroy any personal information we hold by shredding any paper files and deleting any electronic information we have. It is important that you inform us if you don’t wish for this to happen, as it could mean that you need to begin the application process again, which may incur costs.

If you have previously been employed directly by Poppy Nursing Services

Unless working in a clinical capacity, after two years of employment being discontinued we will destroy any personal information we hold, either by shredding or deleting electronic files, unless there is any ongoing dispute or litigation. You will need to contact us if you wish for this to not happen.

If you have worked in a clinical capacity

Your data will be archived for seven years following your last shift with Poppy Nursing. We do this as we may need to supply information as part of a clinical, professional or criminal investigation during this period. Please see the “How we protect your data” section of this document, for further information on storing your information. After seven years any data we hold on paper will be shredded and any electronic files will be deleted. We will not send notification prior to destroying files but you may contact us if you wish for this not to happen.

If you are a client or organisation

We will store any information we hold for up to one year after your last booking with us. Due to agency supply being ad-hoc and sporadic we keep information for reasons of productivity and efficiency. After this time we will make contact with you to ensure that the information we hold is up to date and to ensure you are happy for us to hold that information.

Your Rights

Under the General Data Protection Regulation, you have the right to see the personal data we hold about you. This is called a Subject Access Request.

If you would like a copy of the personal data we hold about you, please write to:

Compliance Team, 56 Clarendon Rd, Watford WD17 1DB

We want to make sure that the personal data we hold about you is accurate and up-to-date. If any of the details are incorrect, please let us know and we will amend them.

Changes to this Privacy Policy

We reserve the right to make changes to this Privacy Notice from time to time, so please take the time to review periodically.

Last reviewed May 2018