Who we are
“Obsidian” / “we” / “us”/ “our” means Obsidian Healthcare Group Limited with a registered address: Eastcastle House, 27/28 Eastcastle Street, London, England, W1W 8DH, United Kingdom. Email: dpo@clanwilliam.co.uk.
Obsidian is part of the Clanwilliam Group with an address: Suite 17, The Courtyard, Carmanhall Road, Dublin 18, Ireland. Further details on the Clanwilliam Group’s Data Privacy can be found at https://www.clanwilliamgroup.com/privacy-statement/.
Obsidian may be a data controller of your personal data or a data processor of your personal data on behalf of our clients, and in that case our client would be the data controller.
This Privacy Notice relates to processing where we are the data controller. Where we are a data processor, we may only process personal data in accordance with the controller’s documented instructions as set out in a specific data processing agreement or other contractual arrangements with the controller. We may only transfer personal data out of the EEA and appoint sub-processors as permitted by the data processing agreement and data controller.
Personal data provided to or collected by us
The information regarding the type of personal data we may collect and how we process same varies in accordance with the services we provide as data controller.
Please select the relevant option from the list below to read the applicable privacy statement, which will explain how we will use your personal data.
Please note that access to personal data is managed and controlled within Obsidian and the Clanwilliam Group. Your personal data will only be accessed by employees of Obsidian or the Clanwilliam Group who have a relevant purpose for accessing your data. It may also be accessed by those who we hire to help us run our business or who we are required to provide information to in line with the law or self-preservation (e.g. fraud).
We shall not disclose your personal data unless we have a lawful basis for doing so. Where Obsidian intends to disclose your personal data, it will inform you at the time of collection through this Privacy Notice, your consent, contract or other documentation provided to you.
Your data protection rights
Under data protection law, you have rights, including:
- Your right of access – you have the right to ask us for copies of your personal data.
- Your right to rectification – you have the right to ask us to rectify personal data you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
- Your right to erasure – you have the right to ask us to erase your personal data in certain circumstances.
- Your right to restriction of processing – you have the right to ask us to restrict the processing of your personal data in certain circumstances.
- Your right to object to processing – you have the right to object to the processing of your personal data in certain circumstances.
- Your right to data portability – you have the right to ask that we transfer the personal data you gave us to another organisation, or to you, in certain circumstances.
- Your right to withdraw consent – when we use consent as our lawful basis you have the right to withdraw your consent.
You do not usually need to pay a fee to exercise your rights. If you make a request, we have one calendar month to respond to you. To make a data protection rights request, please contact us via our Data Protection Office: dpo@clanwilliam.co.uk
Security
We take reasonable steps to protect your personal data using physical and/or electronic security measures appropriate to the sensitivity of the personal data.
Although we have enacted security measures, we cannot guarantee the security of any information that you submit via email or over the Internet. Submission of personal data using such networks is done at your own risk, since no Internet transmission is ever 100% secure or error free. You should take special care in deciding what information you send to us via email or when posting on our websites.
Third-party websites
You can choose to access certain third-party websites and services through our website. Obsidian is not responsible for the privacy policies or practices of other websites. You should examine their websites for further information on their privacy policy.
We have a LinkedIn, X and Glassdoor page relating to some of our services. When you choose to share information with the social media platform, the information you share will be governed by their privacy policies. You can modify your privacy settings with LinkedIn, X and Glassdoor.
Use of cookies on this website
To read about the cookies this website uses, please see our cookie policy.
Right of complaint
If you have any questions concerning our privacy practices, please contact us via our Data Protection Office: dpo@clanwilliam.co.uk.
If you remain unhappy with how we have used your data after raising a complaint with us, you have the right to complain to the Information Commissioner’s Office: .
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
UK
Tel: +44 (0) 303 123 1113
Website: https://www.ico.org.uk/make-a-complaint
Changes to our Privacy Notices
Internet and data privacy best practice are constantly developing. We update these Privacy Notices to reflect changes to our practice, and we reserve the right to revise and publish the changes on the Privacy Notice page of our website. We encourage you to review this page periodically to ensure you are aware of what information we collect and how we process it.
Our website – Privacy Notice
Personal data provided to or collected by us
The following is a non-exhaustive list of the main purposes in summary form for which your personal data may be processed depending on which category of data subject you fall within.
Retention periods vary, and Obsidian shall assess cases according to the processing itself and the risks to you as the data subject. There are some general guidelines set out below. For all other situations, your personal data shall be held for as long as it is necessary, in line with applicable laws, to prevent fraud, resolve disputes, troubleshoot problems, assist with any investigation, enforce our Terms of Service, and for other actions permitted by law or strict criteria developed within our group data protection programme.
| Type of processing and purpose | Personal data type | Lawful basis | Retention period |
|---|---|---|---|
| General queries received from you via the contact details provided, or you provide information via Obsidian’s website which requires a reply from us | Name, email address, telephone number, detail of the conversation | Legitimate interest | 2 years |
Where we get personal information from
The data we collect is provided by you and your Internet browser via cookies. To read about the cookies this website uses, please see our cookie policy.
Who we share information with
We may, on occasion, share personal data with other companies within the Clanwilliam Group to deliver, support or enhance our services. Our website hosts have access to contact information provided by you, but do not share this information except with ourselves.
Sharing information outside the UK
We do not share this data outside the EU.
Our marketing – Privacy Notice
Personal data provided to or collected by us
The following is a non-exhaustive list of the main purposes in summary form for which your personal data may be processed depending on which category of data subject you fall within.
Retention periods vary, and Obsidian shall assess cases according to the processing itself and the risks to you as the data subject. There are some general guidelines set out below. For all other situations, your personal data shall be held for as long as it is necessary, in line with applicable laws, to prevent fraud, resolve disputes, troubleshoot problems, assist with any investigation, enforce our Terms of Service, and for other actions permitted by law or strict criteria developed within our group data protection programme.
| Type of processing and purpose | Personal data type | Lawful basis | Retention period |
|---|---|---|---|
| Marketing through mediums such as email, newsletters, websites, promotional material | Email address, name, telephone number, home address | Consent | As set out in the consent form |
| Third-party IT administrators for purpose of maintaining the website functionality | Access to all data on the server | Legitimate interests | As long as it remains on the server |
| Marketing through mediums such as social media platforms | Social profile usernames, associated email addresses and other public profile data | Consent | Once they are no longer required for the purpose they were placed and up to 2 years maximum |
We do not receive or collect any personal information from you as part of our advertising activities, unless you respond to an advertisement directly using the contact details provided as part of said advertisement.
We also promote our services and events we are supporting through the use of LinkedIn and X using posts and tweets for advertising, promotion, recruitment and business reasons. We do not use the information for any other purposes and only respond to comments or requests for further information. Followers of the company pages may use the unfollow or unfriend features should they no longer wish to have their data connected to, or to be seen by, the company.
We may use this data to communicate with all classes of individual by telephone, email, fax, post and other electronic means about services we are providing or future opportunities that may be of interest to them. An individual data subject can obtain further information on the legitimate interests and balancing of interests of their data, where legitimate interests is the lawful reason for processing the data, by contacting: dpo@clanwilliam.co.uk.
Where we get personal information from
The data we collect is provided by you, via direct interactions with our marketing activities and/or cookies from your Internet browser. To read about the cookies this website uses, please see our cookie policy.
Who we share information with
We do not share information with third parties for the purposes of marketing.
Sharing information outside the UK
We do not share this data outside the UK.
Our recruitment services – Privacy Notice
Personal data provided to or collected by us
The following is a non-exhaustive list of the main purposes in summary form for which your personal data may be processed depending on which category of data subject you fall within.
Retention periods vary, and Obsidian shall assess cases according to the processing itself and the risks to you as the data subject. There are some general guidelines set out below. For all other situations, your personal data shall be held for as long as it is necessary, in line with applicable laws, to prevent fraud, resolve disputes, troubleshoot problems, assist with any investigation, enforce our Terms of Service, and for other actions permitted by law or strict criteria developed within our group data protection programme.
| Type of processing and purpose | Personal data type | Lawful basis | Retention period |
|---|---|---|---|
| Job applicant as part of the application process | Name, email address, CV, cover letter, emails, test scores and references | Consent or legitimate interest | 1 year following application |
| Transfer of personal data within the Clanwilliam Group required in the general course of business | Business details or relevant details depending on the nature of the query | Legitimate interests or consent | Depending on the nature of the query but usually one year unless other time is required |
| Third-party IT administrators for purpose of maintaining the server operations | Access to all data on the server(s) | Legitimate interests | As long as it remains on the server |
| Arranging further services as part of a contract or for employment, accommodation or travel arrangements | Proof of identity documents, right to work documents, bank and health details | Consent | Employment period plus additional 8 years post leaving |
Your data may also be used as we believe it to be necessary or appropriate under applicable law, including outside of the country of residence, to comply with legal process, to respond to requests from the public or government authorities, including outside of the country of residence, or to comply with specific code(s) related to the industry requirements and disclosure and to fulfil other purposes for which you provide personal data, or with your explicit consent.
An individual data subject can obtain further information on the legitimate interests and balancing of interests of their data, where legitimate interests is the lawful reason for processing the data, by contacting: dpo@clanwilliam.co.uk.
Where we get personal information from
We gain information through social media connections for recruitment of employees in line with this policy and LinkedIn terms and conditions. We also receive information from third parties for candidates for employment from agencies, as well as directly from you as a candidate during the recruitment process.
How long we keep information
We retain information if it is necessary and relevant for our operations. In addition, we retain personal information to comply with applicable laws, prevent fraud, resolve disputes, troubleshoot problems, assist with any investigation, enforce our Terms of Service, and other actions permitted by law. When your personal information is no longer needed for our business purposes, we dispose of it, subject to applicable laws.
Candidates’ CVs, test scores and interview information to apply for a job with Obsidian are retained as described in the table above.
Who we share information with
We may, on occasion, share personal data with other companies within the Clanwilliam Group to deliver, support or enhance our services.
We do not share information with third parties for the purposes of recruitment.
Sharing information outside the UK
We do not share this data outside the EU.
This policy was last updated: August 2024