logo-inversewaves

Thank you for using LocumTap!

LocumTap Privacy Notice

Version 1.0

LocumTap has to handle personal data about temporary workers and the staff of their employers.

This page explains what personal data we handle and why we do so.

Colloquially, “locum” means a clinician working temporary shifts for an employer such as an NHS hospital. On this page, we say “locum” in the general sense to mean anyone who substitutes temporarily for another member of the same profession.

(For the legal eyed reading this, words in bold say the legal basis of the GDPR under which we are controlling the data. We’re legally the controller of all data in this document.)

Here’s the personal data we handle starting when...

1. Locum applies to work for an employer

When a locum applies to work at an employer we handle this personal data about them:

  • Email, password, cookies - to identify themselves to LocumTap
  • Name, data of birth - to match against existing Electronic Staff Records
  • Passport - required for photo identification, as medicine is a regulated industry
  • Right to work documents - if Passport doesn’t give right to work
  • Disclosure and Barring Service (DBS) - required by law and Government policy
  • GMC number - for identification with official register of medical practitioners
  • Proof of qualifications - ultimately, so can book only shifts they’re qualified for

We do this to fulfill the contract between the locum and the employer (employment application).

Note that we give this information (except password and cookies!) to the employer’s HR team that the locum is applying to work at. We keep a history of rejected applications so the employer has a record for disputes and fraudulent applications.

We also store the same personal data so that the locum can more easily apply to other employers. This is by consent of the locums, and they can request deletion of the data at any time.

2. Locum books a shift

After a locum is activated as working at an employer, we handle this personal data about them:

  • Name, password, cookies - to identify themselves to LocumTap
  • Mobile notification keys - for in-app push notifications about shifts
  • Grade and specialities - so they can only book shifts they’re qualified for
  • Shifts they have booked to work on
  • Departments they are assigned to
  • Whether they are a preferred locum - so don’t need approval when booking shifts

We do this to fulfill the employment contract between the locum and the employer. Of course the employer HR team has access to this information in their shift booking system (except password and cookies!).

So the employer can handle employment disputes, and for patient safety, we permanently store this personal data about the locum:

  • History of shifts they used to work on
  • Cancelled shifts and the reason they are cancelled
  • Changes to timing or escalation of shifts

Again, this is to fulfill the locum’s employment contract, particularly in the case of errors or disputes.

4. Agency locum books a shift

If a shift is filled not by LocumTap but by an agency we store this information about the agency locum:

  • Name of agency locum
  • Grade, department
  • Time and other details about shift

This is to fulfill the agency locum’s employment contract with their agency, which requires booking shifts on the employer’s booking system.

5. Locum gets paid

So a locum can get paid, we handle this personal data about them:

  • ESR / payroll number - for integration by the employer with their payroll system
  • Rate of pay for a shift
  • History of shifts and their rates of pay

This is necessary to fulfill the employment contracts between the locums and their employer. It is necessary that we keep the history, in case there are errors or disputes. The employer has access to this information.

6. Employer’s staff do their jobs

We handle some personal data about employer staff who use the LocumTap employer portal to do their work:

  • Name, password, cookies - to identify themselves to LocumTap
  • Audit history of their activity on the LocumTap employer portal

This is so the employer can perform their public task (if public sector) or legitimate interests (otherwise) of managing their HR team, including knowing who made decisions about the HR team.

7. All users

To help maintain our service we store:

  • Standard server logs

We do this in our legitimate interests to run a reliable service and provide customer support.

We generate aggregated statistical information about shifts, bookings and locums. For example, measuring the fill rate of an HR team. These statistics are no longer personal data. We use them for research, marketing and financial planning.

Making requests about your data

If we hold any of your personal data, you can request to access it. In some cases, depending on the reason given above that we hold the data, you can request we correct, erase or restrict our processing of it.

If you’d like to to do this, please contact us by emailing info@locumtap.com.

We’d also love to hear from you if you have any other questions.

If you have any concerns about any organisation’s processing of personal data, you can report your concern to the Information Commissioner’s Office. https://ico.org.uk/concerns