Recruitment privacy policy

This Recruitment Privacy Policy governs the collection, storage, and use of personal information collected by us, OPEN Health Communications LLP (“OPEN Health”) during the recruitment process. It provides details about the personal information that we collect from you and our recruitment partners, how we use your personal information and your rights regarding the personal information that we hold about you.

This policy only applies to the personal data of job applicants, potential candidates for employment or partnership, and those who participate in our recruiting programs and events.

Who is OPEN Health?

OPEN Health Communications LLP (whose registered address is at C/O Corporation Service Company (UK) Limited, 25 Canada Square, 37th Floor, Canary Wharf, London E14 5LQ, United Kingdom and registered number OC360224) together with its subsidiary entities (details available here) operate in the healthcare and digital sector providing communications, market access, consultancy, public relations, meetings and events, medical education, data analytics, and health economic modelling services. This recruitment privacy policy is issued on behalf of the OPEN Health Group, so when we mention “OPEN Health,” “we,” “us,” or “our” in this privacy policy, we are referring to the relevant company in the OPEN Health Group responsible for processing your data.

We are a “controller” in relation to the personal data we collect as part of the recruitment process. This means that we are responsible for deciding how we hold and use personal information about you.

This policy has been drafted based on the principles of GDPR and other recognised privacy legislation in the territories in which we operate. However, the fundamental principles of data protection, confidentiality, and security of data apply throughout our business. Consequently, this policy is intended to apply to our personal information-processing activities globally. However, we have highlighted where some obligations are applicable to specific territories in this policy.

Data protection principles

We will comply with data protection law and principles, which means that your data will be:

  • Used lawfully, fairly and in a transparent way
  • Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes
  • Relevant to the purposes we have told you about and limited only to those purposes
  • Accurate and kept up to date
  • Kept only as long as necessary for the purposes we have told you about
  • Kept securely

Personal data – what we hold and why we process it

In connection with your application for work with us, we may collect, store, and use the following categories of personal information about you:

  • Your name, address, and contact details, including email address, telephone number, and skype details
  • Details of your qualifications, skills, experience, and employment history
  • Information about your entitlement to work in the country in which you are applying, including any visa-related data
  • Test results (e.g. technical or personality tests set by us)
  • Any other data you tell us about yourself, including gender, date of birth, and memberships of groups
  • For some roles, financial history
  • Any correspondence between us
  • Information about your current level of remuneration, including benefit entitlements (UK and EU only)
  • Whether or not you have a disability for which the organisation needs to make reasonable adjustments during the recruitment process (UK only)

For roles based in the USA, if we make you an offer of employment, we will also complete a background check or instruct a third party to do so on our behalf. Background checks will only be done where permitted by law applicable to the location where the position is located and to the extent necessary and proportionate to the role that you are being offered. A background check will only involve criminal background data to the extent permitted in your specific jurisdiction.

Where the data come from

We collect information about you for use during recruitment from a variety of sources:

  • Some of it comes from you, for example, via application forms, CVs or resumes, identity documents you submit, and through interviews or other forms of assessment, which may include online tests
  • The information about you may also come to us via a recruitment agency
  • We may also collect personal data about you from current employees, mutual connections, and third parties, such as references supplied by former employers
  • Other information comes from employment background check providers and information from agencies who provide criminal records checks

How we use the information about you

We will use the personal information we collect about you to:

  • Assess your skills, qualifications, and suitability for the role
  • Communicate with you about the recruitment process
  • Carry out background and reference checks, where applicable
  • Keep records related to our hiring processes
  • Comply with legal or regulatory requirements

In the UK, we may ask our applicants if they have any disabilities to enable us to make reasonable adjustments for candidates who have a disability.

We have a legitimate interest in processing personal data during the recruitment process and for keeping records of the process since it is in our legitimate interests to decide whether to appoint you to work at OPEN Health. Processing data from job applicants allows us to manage the recruitment process, assess and confirm a candidate’s suitability for employment, and decide to whom to offer a job. We may also need to process data from job applicants to respond to and defend against legal claims.

In some cases, we need to process data to ensure that we are complying with our legal obligations, such as checking a successful applicant’s eligibility to work in the country in which the role will be based before employment starts.

If your application is unsuccessful, OPEN Health may keep your personal data on file in case there are future employment opportunities for which you may be suited. Please see “How long we keep your personal data” below.

Who gets to see your personal data

Your information may be shared internally for the purposes of the recruitment exercise. This includes members of the HR and recruitment team, interviewers involved in the recruitment process, managers in the business area with a vacancy, and members of the OPEN Health senior or executive teams, as well as IT staff if access to the data is necessary for the performance of their roles.

We will only share your personal information with the following third parties for the purposes of processing your application: Job Adder and Applicant Stack. All our third-party service providers and other entities in the OPEN Health Group are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

For candidates based in the UK or EEA (meaning the EU, Switzerland, and Norway), we may transfer your personal data outside the EEA to members of the OPEN Health Group where this is necessary for the recruitment process. If we transfer your data to the OPEN Health Group or third parties outside the UK and/or EEA, we have entered into an agreement ensuring appropriate and suitable safeguards with our OPEN Health Group members and third parties using terms adopted by the Information Commissioner and approved by the Commission (EU Model Clauses). For further details, see European Commission: Model contracts for the transfer of Personal Data to third countries.

Data security

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered, or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors, and other third parties who have a business need-to-know. If we share your personal data with our agents, contractors, and other third parties, we require they adhere to our Supplier Privacy and Security Requirements, which are available at

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

How long do we keep your personal data?

If your application for employment is unsuccessful, we will hold your data on file for no more than 12 months after the end of the relevant recruitment process. However, if there is no further communication between us, we will delete the data 6 months after the end of the relevant recruitment process.

If you have consented for us to keep your personal data on file for consideration for future employment opportunities, then we will hold your data on file for a further 5 years. At the end of that period, or once you withdraw your consent, your data will be deleted or destroyed.

You may withdraw your consent at any time by contacting us via

If your application for employment is successful, personal data gathered during the recruitment process will be transferred to your personnel file and retained in accordance with our employee data-retention policy.

Automated decision-making

Recruitment processes are not based solely on automated decision-making; however, we may ask you to complete a psychometric test that will be considered as part of the process. No decision will be made solely on the results of any psychometric tests.


As you interact with our website, we may automatically collect technical data (including internet protocol [IP] address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our websites) about your equipment, browsing actions, and patterns. We collect personal data by using cookies, server logs, and other similar technologies. Please see our Cookie Policy for further details.

Some of our online recruiting activities are hosted by third parties. When you access sites operated by these third parties, they may place their own cookies or other tracking technologies on your device.

Your rights in connection with personal data

As a data subject, you have a number of rights. You can:

  • Request access to your personal data (commonly known as a “data subject access request” or “data portability request” or “right to know”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
  • Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
  • Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise, or defend legal claims; or (d) if you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
  • Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which overrides your rights and freedoms.
  • Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information as part of our recruitment process.
  • Request for erasure or deletion of your personal data, which enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully, or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
  • Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. You have the right to withdraw your consent for processing for that purpose at any time. To withdraw your consent, please use the contact details below. If you withdraw your consent, we may not be able to process your application properly or at all.

If you would like to exercise any of these rights, please use the contact details below.

Disclosures under the California Consumer Privacy Act of 2018 (“CCPA”) if you do not provide personal data

As required under the CCPA, we have provided the metrics regarding the consumer rights requests we received from California residents from January 1, 2020 to December 31, 2020 in the following table:

Request Type

Received Granted (in whole or in part) Denied Mean Days to Respond
Requests to Know Nil Nil Nil Nil
Requests to Delete Nil Nil Nil Nil

What if you do not provide personal data?

You are under no statutory or contractual obligation to provide data to us during the recruitment process. However, if you do not provide the information when requested, which is necessary for us to consider your application (such as evidence of qualifications or work history), we may not be able to process your application properly or at all.

Contact details

In processing your personal data for the purposes of recruitment, we act as data controller if you provided your details to us directly. If you provided your details via a recruitment agency, we will be joint data controllers with that recruitment agency. 

For privacy queries please contact For queries related to your job application please contact

For candidates based in the UK or EEA, if you believe that we have not complied with your data protection rights, you have the right to make a complaint at any time to the following:

  • UK-based candidates: The Information Commissioner’s Office (ICO), the UK regulator for data protection issues (
  • EEA-based candidates: The Dutch DPA, who we have nominated as our lead data protection authority in the EEA (