Privacy Policy

Introduction

ICG Medical Group (“ICG Medical”, “we”, “us”, “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, and safeguard your information, and outlines your rights under applicable global data protection laws.

This policy applies across all ICG Medical brands and global operations, including:

  • United Kingdom
  • Republic of Ireland
  • United States
  • Canada
  • Mexico
  • South Africa
  • India
  • China
  • Japan
  • Australia
  • Philippines

This policy applies to all individuals engaging with ICG Medical as candidates, clients, suppliers, and users of our websites or applications. For region-specific rules and obligations, please refer to the Regional Attestations Framework in the appendices.

1 – Who We Are

ICG Medical Group is a global provider of healthcare workforce solutions. While each of our brands may act as a data controller, this group-level policy governs the overarching data protection standards applied across all group entities.

Postal Address:

Suite 1, Wrest Park Business Centre
Capability House, Wrest Park, Silsoe
Bedfordshire, MK45 4HR
United Kingdom

2 – Scope of This Policy

This Privacy Policy applies when you:

  • Visit our websites or use our applications
  • Apply for or register interest in roles
  • Communicate with us via email, phone or in person
  • Are referred to us by a third party (with your permission)
  • Engage with us as a supplier, contractor, or client

This policy does not apply to third-party services or platforms linked to our websites or applications.

3 – Types of Data We Collect

Depending on your interaction, we may collect the following types of data:

  • Identity & Contact Data: Name, address, email, phone number
  • Professional Data: CV, qualifications, references, employment history
  • Compliance Data: Identity checks, background screening, licenses, health records
  • Account Data: Usernames, passwords, log data
  • Financial Data: Payment information, tax references
  • Behavioural & Technical Data: Device information, IP, usage data
  • Sensitive Data: Health or criminal background (where required and legally justified)

4 – How We Collect Your Data

We collect data through:

Directly from You: Via applications, forms, surveys, or direct contact

Automatically: Using cookies or analytics tools on websites and apps

Third Parties: Background screening services, referees, regulatory bodies

Referral: By others, with your prior consent

5 – Cookies and Tracking

We use cookies to:

  • Enable site functionality
  • Analyse usage behaviour
  • Customise user experience
  • Deliver targeted advertising

You may manage or disable cookies in your browser or using our cookie preference tool. See our full Cookie Policy for details.

6 – Lawful Use of Your Data

We use your personal data only when permitted by law. The lawful bases include:

PurposeData TypesLegal Basis
User verification and onboardingIdentity, ComplianceContract
Regulatory and credential checksComplianceLegal obligationLegitimate interest
Contract management and paymentFinancial, ContactContractLegal obligation
Analytics and service improvementTechnical, UsageLegitimate interest
Marketing and communicationsContactConsentLegitimate interest
Legal reporting or fraud preventionAnyLegal obligationVital interestLegitimate interest

You may withdraw consent at any time.

7 – Sharing Your Data

We only share data when necessary and with appropriate safeguards in place. This includes sharing with:

  • Other ICG Medical brands providing related services
  • Third-party processors (e.g. payroll, IT, compliance services)
  • Clients for service fulfilment
  • Regulators, auditors and legal advisers
  • Authorities or acquiring companies where legally required

All sharing is governed by data processing agreements or equivalent safeguards.

8 – International Data Transfers

Your data may be transferred outside your jurisdiction. We apply:

  • UK/EU adequacy decisions
  • Standard contractual clauses (SCCs)
  • Government-approved safeguards where applicable (e.g. India, China)

For transfers from China and India, we meet local security assessments and certification rules, including approval pathways.

9 – Data Retention

Data is retained only for as long as necessary for:

  • Contractual and legal compliance
  • Operational support or audit purposes
  • Service improvement (in anonymised form)

Retention is governed by our internal policy. Secure deletion or anonymisation follows expiry of the relevant period.

10 – Data Security

Encryption

Role-based access controls

Intrusion detection and monitoring

Security training

Incident response protocols

11 – Your Rights

Depending on your location, you may exercise:

Right of access

Right to correct inaccurate data

Right to erasure

Right to restrict processing

Right to object (including profiling)

Right to data portability

Right to withdraw consent

Right to lodge a complaint

Contact DPO@icgmedical.co.uk

12 – Marketing Preferences

Click ‘unsubscribe’ in marketing emails

Contact us directly

Manage preferences via account settings

We never sell your data

13 – Policy Changes

This policy may be updated periodically. We will provide notice where material changes occur.

14 – Contact

Global Data Protection Officer
Post: Suite 1, Wrest Park Business Centre, Capability House, Wrest Park, Silsoe, Bedfordshire, MK45 4HR, United Kingdom

Regional Compliance Appendices