Privacy Policy

Roam Health Limited ("we," "us," or "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our platform that connects UK-qualified doctors with career opportunities outside the NHS.

This policy complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. By using our services, you acknowledge that you have read and understood this Privacy Policy.

Data Controller: Roam Health Limited

Company Registration: Registered in England & Wales, Company Number: [To be inserted before publication]

Registered Address: [Full registered address to be inserted before publication]

Operational Address: London, United Kingdom

Contact Email: privacy@roamhealth.com

Data Protection Officer: dpo@roamhealth.com

As the data controller, we determine the purposes and means of processing your personal data. If you have any questions about this Privacy Policy or our data practices, please contact us using the details above.

Personal Information:

• Name, email address, telephone number
• Professional qualifications and GMC registration details
• Career preferences, specialities, and work location preferences
• Employment history and curriculum vitae
• LinkedIn profile information (if provided)
• Account credentials and authentication information

Special Category Data (Sensitive Personal Data):

• Health information related to medical specialisation
• Professional membership and registration data
• Educational background and qualifications

Technical Information:

• IP address, browser type, and operating system
• Device identifiers and technical specifications
• Usage data, including pages visited and time spent on our platform
• Cookies and similar tracking technologies

Communication Data:

• Messages exchanged through our platform
• Customer service correspondence
• Feedback and survey responses

We process your personal data on the following legal bases under UK GDPR:

Contract (Article 6(1)(b)):

• Providing our matching services between doctors and employers
• Managing your account and user profile
• Processing applications and facilitating introductions

Legitimate Interests (Article 6(1)(f)):

• Improving our platform and services
• Fraud prevention and security measures
• Marketing our services to existing users
• Analytics and performance monitoring

Consent (Article 6(1)(a)):

• Marketing communications to prospective users
• Optional data collection for enhanced services
• Non-essential cookies and tracking

Special Category Data (Article 9(2)(a)):

We process special category data (including health-related professional information) based on your explicit consent, which you can withdraw at any time by contacting us.

We use your personal data for the following purposes:

Service Provision:

• Creating and managing your user account
• Matching your qualifications and preferences with suitable opportunities
• Facilitating communication between doctors and employers
• Providing customer support and responding to enquiries
• Processing job applications and managing recruitment workflows

Platform Improvement:

• Analysing usage patterns to improve our matching algorithms
• Conducting research and development for new features
• Performing analytics to enhance user experience
• Monitoring platform performance and security

Legal and Compliance:

• Verifying professional qualifications and GMC registration
• Maintaining records for regulatory compliance
• Preventing fraud and ensuring platform security
• Complying with legal obligations and court orders

We do not sell your personal data. We may share your information in the following circumstances:

With Employers:

• Basic profile information when you express interest in opportunities
• CV and detailed qualifications when you apply for specific roles
• Contact information to facilitate direct communication

Service Providers:

• Cloud hosting providers for data storage and platform operation
• Email service providers for communication delivery
• Analytics providers for platform improvement (anonymised data)
• Payment processors for employer billing (no doctor data shared)

Legal Requirements:

• To comply with legal obligations or court orders
• To protect our rights, property, or safety
• To prevent fraud or investigate suspicious activity
• In connection with regulatory investigations

Business Transfers:

In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the new owner, subject to the same privacy protections.

We primarily store and process your data within the United Kingdom. Where we use service providers located outside the UK/EEA, we ensure appropriate safeguards are in place:

• Adequacy decisions recognised by the UK Information Commissioner's Office
• Standard Contractual Clauses approved for international transfers
• Binding Corporate Rules for multinational service providers
• Certification schemes demonstrating appropriate data protection measures

You can request details about the specific safeguards in place for any international transfers by contacting our Data Protection Officer.

We retain your personal data for the following periods:

Active User Accounts:

• Profile and account data: Retained whilst your account remains active
• CV and qualification data: Retained for 3 years after last login
• Communication records: Retained for 2 years for quality assurance

Inactive Accounts:

• Account deleted automatically after 2 years of inactivity
• Basic contact information may be retained for 6 months post-deletion
• Legal or compliance records retained as required by law

Employer Data:

• Job postings: Retained for 1 year after posting expires
• Billing and payment records: Retained for 7 years for tax purposes
• Communication records: Retained for 3 years

You can request deletion of your data at any time, subject to our legal obligations to retain certain records.

Under UK GDPR, you have the following rights regarding your personal data:

Right of Access (Article 15):

Request a copy of the personal data we hold about you, including information about processing purposes, categories of data, and recipients.

Right to Rectification (Article 16):

Request correction of inaccurate or incomplete personal data. You can update most information through your account settings.

Right to Erasure (Article 17):

Request deletion of your personal data where there is no compelling reason for continued processing.

Right to Restrict Processing (Article 18):

Request limitation of processing while we verify the accuracy of data or assess your objection to processing.

Right to Data Portability (Article 20):

Request your personal data in a structured, machine-readable format for transfer to another service provider.

Right to Object (Article 21):

Object to processing based on legitimate interests, including direct marketing communications.

Right to Withdraw Consent:

Where processing is based on consent, you can withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

Exercising Your Rights:

To exercise any of these rights, please contact us at privacy@roamhealth.com. We will respond to your request within one month, though this may be extended by two months for complex requests.

We implement appropriate technical and organisational measures to protect your personal data:

Technical Measures:

• Encryption of data in transit and at rest using industry-standard protocols
• Secure authentication and access control systems
• Regular security assessments and penetration testing
• Automated backup and disaster recovery procedures
• Secure development practices and code review processes

Organisational Measures:

• Staff training on data protection and security protocols
• Access controls ensuring data is only accessible to authorised personnel
• Data processing agreements with all third-party service providers
• Incident response procedures for data breaches
• Regular review and updating of security policies

Despite these measures, no internet transmission is completely secure. We cannot guarantee absolute security but commit to notifying you and relevant authorities of any data breaches as required by law.

We use cookies and similar technologies to enhance your experience and understand how our platform is used:

Essential Cookies:

• Authentication and session management
• Security and fraud prevention
• Load balancing and performance optimisation

Functional Cookies:

• Remembering your preferences and settings
• Providing personalised content and recommendations
• Language and accessibility preferences

Analytics Cookies:

• Understanding usage patterns and popular features
• Measuring platform performance and error rates
• Conducting A/B testing for service improvements

Marketing Cookies:

• Delivering relevant advertisements
• Measuring advertising campaign effectiveness
• Building profiles for targeted marketing

You can control cookie settings through your browser preferences. However, disabling certain cookies may affect platform functionality. We obtain consent for non-essential cookies in accordance with UK privacy laws.

We may send you marketing communications about our services, including:

• New job opportunities matching your profile
• Platform updates and new features
• Industry insights and career guidance
• Invitations to relevant events and webinars

Legal Basis:

• Existing customers: Legitimate interest (with easy opt-out)
• Prospective customers: Explicit consent
• Service-related communications: Contract necessity

You can unsubscribe from marketing communications at any time by clicking the unsubscribe link in emails, updating your account preferences, or contacting us directly. Service-related communications necessary for platform operation cannot be opted out of whilst you maintain an account.

Our platform may contain links to third-party websites, including employer websites and professional networks like LinkedIn. We are not responsible for the privacy practices of these external sites.

When you click on third-party links or integrate with external services, you are subject to their privacy policies and terms of service. We recommend reviewing their privacy practices before providing any personal information.

We may integrate with third-party services (such as LinkedIn for profile importing) with your explicit consent. You can revoke these integrations at any time through your account settings.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

We will notify you of material changes by:

• Email notification to your registered address
• Prominent notice on our platform
• In-app notifications when you next log in

Changes will take effect 30 days after notification, unless immediate changes are required for legal compliance or security reasons. Continued use of our services after changes constitute acceptance of the updated policy.

Contact Us:

For any questions about this Privacy Policy or our data practices:

• Email: privacy@roamhealth.com
• Data Protection Officer: dpo@roamhealth.com
• Phone: +44 7814 263861
• Address: Roam Health Limited, London, United Kingdom

Right to Complain:

If you believe we have not handled your personal data in accordance with this policy or applicable data protection laws, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

• Website: www.ico.org.uk
• Phone: 0303 123 1113
• Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

We encourage you to contact us first so we can address your concerns directly, but you have the right to contact the ICO at any time.