Privacy Policy

Obsidian Healthcare: Our Commitment to Your Privacy

  • Our Services encompass providing recruitment services for temporary healthcare professionals to healthcare service providers. We are fully committed to ensuring the protection of your personal data throughout our operations.

    This privacy policy sets out how Obsidian Healthcare Recruitment (hereafter referred to as Obsidian Healthcare) uses and protects any information that you give Obsidian Healthcare. Obsidian Healthcare is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website, then you can be assured that it will only be used in accordance with this privacy statement.

    Obsidian Healthcare may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective from 1st  December 2020. If you have any concerns or inquiries about data protection, please contact our data protection officer at Obsidian Healthcare, Bracetown Business Park, Clonee, Dublin 15, Ireland or via email at gdpr@obsidianhealthcare.ie.

  • During our business operations, we collect, and process Personal Data as outlined in this Notice. This includes data received directly from an individual (the Data Subject), such as through form submissions or interactions with us via mail, phone, WhatsApp, social media messages, email, etc., and data obtained from other sources like our website, our recruitment system, garda vetting, NMBI, health certificate providers, among others.

    Occasionally, we may record telephone conversations for training and quality improvement purposes, ensuring to inform you and obtain your consent beforehand.

    We process Personal Data exclusively for the purposes detailed in this Notice or for other reasons expressly allowed by law. We will communicate these purposes to the Data Subject at the time of the initial data collection or promptly thereafter.

    Becoming a client, supplier, or member of the Obsidian Healthcare team involves the processing of your personal data as a contractual requirement. We need specific information to deliver our services and fulfil legal obligations. If you fail to provide this information upon request, it may prevent us from providing our services to you.

  • Description of data collected, purpose of processing and use: We collect the following information from new clients: name, address, contact details including email address and phone number, financial information. We use this data to set you up as a client on our systems, liaise with you about projects that we are undertaking with you, to make appropriate financial returns to revenue, to process payment of invoices, etc.

    We collect the following personal data through our organisations “work with us” form: 

    • Client contact name 

    • Contact email address

    • Contact phone number

    We use this data to match your staffing requirements to the availability of our nurses and carers. When corresponding with us by phone, e-mail or otherwise, we ask you to disclose only as much information as is necessary to provide you with our services.

    Lawful basis: Legitimate Interests, Performance of a Contract.

  • Description of data collected, purpose of processing and use: We gather, and process data related to our suppliers and their employees, including names, contact details, and financial information. This data is utilised to register you as a supplier in our system, communicate with you about joint projects, inform you, and manage the payment of your invoices.

    Lawful basis: Performance of a Contract.

  • Description of data collected, purpose of processing and use: We collect the following information through our online registration form and sometimes through email or social media messaging: 

    • Full name

    • Contact information including phone number and email address

    • Available start dates

    • Preferences (clinical and job duration)

    • Status of your passport/visa

    • Postal address (required only at point of contract issue)

    • Curriculum vitae

    The type of information you may provide in your CV:

    • A cover letter, your name, e-mail address and phone number. 

    • Relevant employment history and education (degrees obtained, places worked, positions held, relevant awards, and so forth). 

    • Relevant certifications that you hold

    This data is utilised for screening applicants, evaluating their suitability for job roles, and to contact successful applicants. We require this information to understand your needs and provide you with a better service, and in particular but not limited to the following reasons:

    • Internal record keeping.

    • We may use the information to improve our services.

    • We may periodically call, text, send emails and post information which we think you may find interesting using the details which you have provided.

    • We may use this data for audit and compliance purposes.

    Please refrain from including sensitive personal details (such as gender, height, weight, medical conditions, religious, philosophical or political convictions, financial information) in your application.

    Lawful basis: Legitimate Interests.

  • Description of data collected, purpose of processing and use: When you enter into a contract with us, we collect the following information: 

    We collect the following personal data from new candidates:

    • Passport or driving license for identification

    • Photograph for Obsidian Healthcare Identification Badge

    • Signed Garda Vetting NVB 1 Form

    • BI Annual Garda Vetting Annual garda vetting certificate

    • NMBI Registration

    • Immunisation records

    • Completed candidate reference forms from two most recent employers

    • Relevant certificates

    • Relevant training certificates

    • Pre-employment occupation forms

    • Bank details 

    • Emergency contact details (we will never contact these people without your consent)

    We collect personal data both directly and through third parties. This data is utilised to determine and suggest agency or permanent employment opportunities that may be appropriate for you, as well as to confirm identities and ensure compliance with all legal obligations and that certifications remain current. Without the necessary information or updates from you, we may be unable to offer our services.

    Lawful basis: Performance of a Contract, Legal obligation.

  • Description of data collected, purpose of processing and use: Obsidian Healthcare does not gather information for sales or marketing objectives. Data collection occurs solely during signup or for referral purposes, and the usage of such data is clearly defined by Obsidian Healthcare's policies.

    All information is collected in the following forms:

    • Healthcare Professional Application Forms

    • Organisations Sign Up

    Lawful basis: Legitimate interests, Consent.

  • Description of data collected, purpose of processing and use: Our website utilises cookies to gather data. A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added, and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

    We use traffic log cookies to identify which pages are being used. This helps us analyse data about webpage traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

    Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

    You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website. See our cookie policy for more information (Our Cookie Policy).

    Lawful basis: Consent.

  • Description of data collected, purpose of processing and use: We will gather specific medical information, including:

    • Fitness to Practice Certificates 

    • Vaccination/immunisation records

    • Drug and Alcohol test results

    We also collect:

    • Garda vetting information (this may include criminal history)

    We gather this specific category of data to guarantee compliance with all pertinent legal and industry standards.

    Lawful basis: Legal obligation, Performance of a Contract.

  • When you use Obsidian Healthcare’s Services, we may obtain the following categories of personal data from others:

    • We collect candidate reference forms that cover a minimum of the last three years, and we also conduct annual referencing on all our candidates.

    • If we refer you for a medical exam, we may receive a medical report from the medical practitioner. 

    • We will collect a Certificate of Fitness to Practice from a third-party supplier.

    • Garda vetting information received from Obsidian Healthcare.

  • Your personal data is shared with select clients to deliver our Services, which include hospitals, nursing homes, and various other healthcare facilities.

    Your CV and personal data will not be shared with any clients without your explicit consent.

    Additionally, your personal data may be shared with third-party service providers contracted by Obsidian Healthcare for human resources, payroll, and IT services. Data processing agreements are established with all third-party service providers.

    Additionally, we may share your personal information with third parties:

    • In the event of a sale or purchase of any business or assets, we may disclose your personal data to the prospective seller or buyer of such business or assets;

    • If a third party acquires us or substantially all of our assets, customer information held by us will be among the transferred assets;

    • If we need to disclose or share your information to fulfil a legal obligation, enforce our terms of use and other agreements, or to protect our rights, property, or safety, as well as that of our customers or others. This includes exchanging information with other entities for fraud protection and credit risk reduction.

  • We collect only the personal data necessary to meet our obligations as your recruitment agency/employer and to comply with operational and legal requirements for supplying healthcare professionals to our clients. We retain this data for specific periods, which vary depending on the type of personal data and its use. Your personal data will be retained only as long as necessary or legally allowed.

    For details on the retention periods of your personal data, please refer to our data retention policy.

  • Yes. The data collected from you may be transferred to, and stored within the United Kingdom, outside the European Economic Area ("EEA"). Currently, there is an adequacy decision by the European Commission regarding the safeguards for personal data in place.

  • Our website employs automated decision-making and profiling through the use of non-essential cookies, such as those from Google Analytics. For more details, please refer to our cookie policy (Our Cookie Policy).

  • You have the following rights in relation to your Personal Data processed by Obsidian Healthcare:

    • To request access to any Personal Data held by Obsidian Healthcare about you, please send a "Data Subject Access Request," via email to gdpr@obsidianhealthcare.ie (there may be a fee associated to receiving this data).

    • To have any inaccurate or misleading data rectified, corrected, or erased, subject to certain statutory limitations.

    • To limit the processing of Personal Data under specific conditions.

    • Not to be subject to a decision based solely on automated decision-making, including profiling, subject to certain statutory exceptions.

    • To Data portability which enables individuals to move, copy, or transfer their Personal Data from one IT environment to another. It is possible to request a copy of your Personal Data in a commonly used electronic format, allowing you to manage and move it as needed.

    • To object to the processing of personal data on the grounds of public interest or the legitimate interests of the data controller, subject to certain statutory exceptions.

    • Right to withdraw from using our services; where your data is processed with your consent, you retain the right to revoke that consent at any moment. Nevertheless, this will not compromise the legality of any processing that occurred with your consent prior to its withdrawal.

    • The right to complain; should you want to file a complaint, you can do so in person, over the phone, in writing, or via email. Rest assured that all complaints will be thoroughly investigated. To expedite the resolution process, please provide as much information as possible. You also have the option to lodge a complaint with a supervisory authority. For a list of Supervisory Authorities in Europe, refer to the European Commission's website at the following link.

    It is important to be aware that these rights are not absolute and may be subject to legal restrictions.

    Should you have any concerns regarding the use of your personal data, please inform us to allow for the prompt rectification of the issue.

    To avail of any of the rights set out above, you may write to us at the address above or by email at: gdpr@obsidianhealthcare.ie. Suitable proof of identification may be required before a request can be processed. 

  • This notice is subject to change periodically. Any modifications will be published on our website and become effective upon posting. We encourage you to review this notice whenever you access our website or use our services. The last update to this notice was on June 6, 2024.

  • The Company is committed to taking all reasonable steps to ensure that suitable security measures are implemented to protect the confidentiality of both electronic and manual information, in compliance with GDPR and current Irish Legislation. Additionally, we reserve the right to share information with our financial providers.

    In line with our dedication to maintaining the highest level of security and adherence to the General Data Protection Regulation (GDPR), we may keep certain documents in physical form within our secure storage facility. This action is in accordance with the standards prescribed by the Garda National Vetting Bureau (GNVB) for verification and audit processes.

  • Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

  • For data protection queries our Data Protection Contact can be reached by email at gdpr@obsidianhealthcare.ie or you can write to us at the address provided.

Get in Touch