Select your language

Privacy Notice

This privacy notice will help you understand how G&L Healthcare Advisors and its subsidiaries, including but not limited to Smart Step Consulting GmbH, uses and protects your personal data.

You can contact our voluntarily appointed Data Protection Officer, Simon Ghent at DPO@gandlhealth.com if you have any concerns or wish to exercise your rights.

If you prefer you can write to us at The Old Barrel Store, Drayman’s Lane, Marlow, Buckinghamshire, SL7 2FF.

Our Promises:

G&L Healthcare Advisors never forget it’s your right to total transparency and control on how we use your data. As such we give you these promises:

  • We will only collect data about you that is relevant and necessary;
  • Your data will only be held on systems that meet compliance standards;
  • Your data will only be accessed by those who need it and we will minimise the amount of data that is processed, wherever possible;
  • We won’t share except for the marketing of our own services to you, where we are required to share it by law, if we need to inform a regulatory body or we need to fulfil our service commitments to you through a third party that meets our own privacy standards;
  • We will always remember that it is your personal data, not ours. As such we will ensure complete transparency and openness with you wherever possible.
  • We respect your rights as outlined in the next section and will respond to all requests promptly

Your Rights:

You have the following rights over any data we hold about you:

  • Right to object to processing at any time
  • Right to opt out of marketing at any time
  • Right to have inaccurate data corrected
  • Right to erasure of personal data from our database
  • Right to export of personal data

You can read more about your rights here.

If you would like to uphold your rights then please contact our Data Protection Officer at DPO@gandlhealth.com

If you are in dissatisfied with our response you also have the right to lodge a complaint with the Data Protection Authority. This can be done at https://ico.org.uk/concerns/

How we Collect your Data

We mainly only process the data you have provided to us. This may be from:

  • Filling in a form on our website,
  • Sending us your details including Curriculum Vitae (“CV”)
  • Providing your details to us at events
  • Sourcing your data from agencies and other third parties for employment opportunities.

If you belong to an organisation, we may also source your information from public databases and other sources for our Legitimate Interests.

What Data we Collect

We try and minimise the data held and the exact data elements we hold will be dependent on your journey with us. Typically, data elements we collect is restricted to:

  • Your personal contact details – email address, IP Address, phone numbers, business related social media page such as LinkedIn and source of your data;
  • Your company details – as above but also address, website and other public held information including credit rating and invoicing details if relevant;
  • Transmitted information – such as emails, texts, messaging, phone call information and recordings, voice mails, email, meeting notes, CVs and document tracking information.

We may also need the following, depending on your journey with us:

  • Current Address
  • Passports or other proof of identity and address
  • Health Information

Some of this data is called “special category data” because it requires sensitive treatment. We handle this type of data particularly carefully.

Calls may also be recorded for information holding, quality and training purposes.

How we Process your Data:

Data is processed/stored mainly on encrypted cloud services such Microsoft 365 including Dynamics, Azure and Salesforce, including Hubspot for marketing. We only store “special categories of data” on our platforms that demonstrate high standards of security.

As a multinational service provider, we operate in a number of jurisdictions. We use the following safeguards with respect to data transferred outside the UK and European Union where an “adequacy decision” is not in place:

  • The processing is within the same corporate group as our business or organisation and is obligated to uphold the same standards of Data Protection and Security as our UK entity. For example, our offices in Canada.
  • Further to Section 119A of the Data Protection Act 2018 and noting Case C-311/18 in the European Court of Justice, if your data is transferred or processed outside of the UK or EEA we ensure the safeguards of International Data Transfer Agreements (IDTAs) or Addendums are enforced. Where this is not possible, we ensure that European Standard Contractual Clauses are entered.

We regularly review suppliers for data security compliance to ensure your data is safe and track where your data is held.

All our processes are subject to various internal policies to ensure that your data privacy and security is upheld.

What we use your Data for:

We process your data for several reasons:

  • To fulfil a contractual obligation or service to you
  • To better understand your needs.
  • To improve our services and products.
  • To assess your suitability for a job role within the group
  • To fulfil our legal duties.
  • To send invitations to events and follow these up if you have signed up to them.
  • To send you promotional emails containing the information we think you will find interesting.
  • If you have declared a disability we may use this information to provide appropriate environments during the recruitment process – for example in interview or tests.

We always ensure we have a “legal basis” to use your data for the purpose we have collected it for.

For recruitment we use Article 6 (1b) in conjunction, when relevant with C26 par. 1 BDSG. By submitting your CV you consent under Article 6 (1a) in conjunction, when relevant with C26 par 2 BDSG. Special categories of data are processed pursuant to Article 9 (1 and 2) in conjunction, when relevant with C26 par 3 BDSG.

You will not be subject to decisions that have significant impact on you based solely on automated decision making.

Third Parties:

We may use remarketing services from third parties. These may rely on the use of cookies. You can read more about these in our Cookies Policy.

We also share information where agents, resellers or suppliers are involved in the delivery of your service.

We may use companies within our group and other service providers for the purposes of processing any job application.

Our website and other materials sent to you may contain links to other third party websites. We may also offer buttons to social media that link to third party services. We’re not responsible for the content or your data privacy these sites provide through their tools or sites.

Data Retention

Dependant on the data you provide us and for what purpose it is provided we may need to retain your data based on your journey with us. Typically, we will retain your data for 5 years following the end of engagement with us.

Recruitment data will be retained for 6 months following the selection of a candidate in the event of legal claim and to demonstrate that we do not discriminate on prohibited grounds and that recruitment follows best practice.

If you wish to find out more about your specific data retention, please contact us.

Data Permissions:

Every marketing email sent from Us allows you to opt out of receiving emails from us, except for the purposes of fulfilling any contractual arrangements.

You can also contact us at the email address above and request to opt out, view, export or delete your data. If you request for your data to be deleted, your name and email address will be added to an exceptions list and all other data removed to the extent possible.

Legal Compliance:

We seek to uphold our legal obligations as covered by the Data Protection Act 2018, General Data Protection Regulation 2016 and the Privacy and Electronic Communications Regulations. Our Data Protection Authority is designated as the Information Commissioners Office (UK) (Registration ZA549981).

Due to our global reach, we do not warrant compliance with all legal obligations in countries that we operate in outside of the UK.

This Privacy Policy is reviewed on a regular basis and was last reviewed in March 2023. We will post the most current version on our website.