Privacy Policy

ICG Medical Group is a global provider of healthcare workforce solutions. While each of our brands may act as a data controller, this group-level policy governs the overarching data protection standards applied across all group entities.

Postal Address:
Suite 1, Wrest Park Business Centre, Capability House, Wrest Park, Silsoe, Bedfordshire, MK45 4HR, United Kingdom

This Privacy Policy applies when you:

• Visit our websites or use our applications
• Apply for or register interest in roles
• Communicate with us via email, phone or in person
• Are referred to us by a third party (with your permission)
• Engage with us as a supplier, contractor or client

This policy does not apply to third-party services or platforms linked to our websites or applications.

Depending on your interaction, we may collect:

• Identity & Contact Data – Name, address, email, phone number
• Professional Data – CV, qualifications, references, employment history
• Compliance Data – Identity checks, background screening, licences, health records
• Account Data – Usernames, passwords, log data
• Financial Data – Payment information, tax references
• Behavioural & Technical Data – Device information, IP, usage data
• Sensitive Data – Health or criminal background (where required and legally justified)

• Directly from You – Via applications, forms, surveys, or direct contact
• Automatically – Using cookies or analytics tools on websites and apps
• Third Parties – Background screening services, referees, regulatory bodies
• Referral – By others, with your prior consent

We use cookies to:

• Enable site functionality
• Analyse usage behaviour
• Customise user experience
• Deliver targeted advertising

You may manage or disable cookies in your browser or using our cookie preference tool. See our full Cookie Policy for details.

We use your personal data only when permitted by law. Lawful bases include contract, legal obligation, legitimate interest, and consent. You may withdraw consent at any time.

We only share data when necessary and with appropriate safeguards in place, including with:

• Other ICG Medical brands providing related services
• Third-party processors (e.g. payroll, IT, compliance services)
• Clients for service fulfilment
• Regulators, auditors and legal advisers
• Authorities or acquiring companies where legally required

All sharing is governed by data processing agreements or equivalent safeguards.

Your data may be transferred outside your jurisdiction. We apply:

• UK/EU adequacy decisions
• Standard contractual clauses (SCCs)
• Government-approved safeguards where applicable

Data is retained only for as long as necessary for contractual and legal compliance, operational support, or audit purposes. Secure deletion or anonymisation follows expiry of the relevant period.

We apply strong protections aligned with ISO/IEC 27001 principles, including:

• Encryption
• Role-based access controls
• Intrusion detection and monitoring
• Security training
• Incident response protocols

If you suspect misuse or breach, please contact us immediately.

Depending on your location, you may exercise:

• Right of access
• Right to correct inaccurate data
• Right to erasure
• Right to restrict processing
• Right to object to certain uses (including profiling)
• Right to data portability
• Right to withdraw consent
• Right to lodge complaints with your data protection authority

Contact DPO@icgmedical.co.uk to exercise your rights.

You can opt out of marketing by clicking 'unsubscribe' in emails, contacting us directly, or via account settings on our platforms. We never sell your data.

This policy may be updated periodically. We will provide notice where material changes occur.

Global Data Protection Officer

Email: DPO@icgmedical.co.uk
Post: Suite 1, Wrest Park Business Centre, Capability House, Wrest Park, Silsoe, Bedfordshire, MK45 4HR, United Kingdom