Who we are?

Loria Healthcare are a specialist medical recruitment agency solely focused on supplying healthcare professionals to the NHS and private healthcare organisations throughout the UK. Loria Healthcare are a multi-framework provider to the NHS.

What is a privacy notice?

Being transparent and providing accessible information to individuals about how we use personal information is a key element of the Data Protection Act 1998 and the General Data Protection Regulation (Regulation (EU) 2016/679). The most common way to provide this information is in a privacy notice.

A Privacy Notice is a statement by Loria Healthcare to our staff, locum staff, contractors, visitors, the public and third parties that describes how we collect, use, retain and disclose personal information which we hold. It is sometimes also referred to as a Privacy Statement, Fair Processing Statement or Privacy Policy. This privacy notice is part of our commitment to ensure that we process your personal information/data fairly and lawfully.

Contact details for Loria Healthcare data controller are:

Data Controller

Loria Healthcare Ltd
The Grange (Pmg)
Neasden Lane
NW10 1QB

Tel: +44 (0) 208 050 9647

Email: gdpr@loriahealthcare.com

Why issue a privacy notice?

As a locum provider, Loria Healthcare delivers services to the NHS. In order to do this in an effective and efficient way we will need to collect and use personal information about you.

The Data Protection Act 1998 and the EU General Data Protection Regulation ensure that we comply with a series of data protection principles. These principles are there to protect you and they make sure that we:

  • Process all personal information lawfully, fairly and in a transparent manner.
  • Collect personal information for a specified, explicit and legitimate purpose.
  • Ensure that the personal information processed is adequate, relevant and limited to the
  • purposes for which it was collected.
  • Ensure the personal information is accurate and up to date.
  • Keep your personal information for no longer than is necessary for the purpose(s) for which
  • it was collected.

Loria Healthcare recognises the importance of protecting personal and confidential information in all that we do and takes care to meet its legal and regulatory duties. This notice is one of the ways in which we can demonstrate our commitment to you. The notice outlines and explains what rights you have to control how we use your information.


We will usually seek your consent prior to processing or sharing your information, however, if there is a legal reason, as outlined under the Data Protection Act 1998, we may not require your consent, e.g. where the disclosure is necessary for the purposes of the prevention and/or detection of crime. Where we need to disclose sensitive or confidential information to other partners, we will do so only with your prior explicit consent or where we are legally required to. We may disclose information when necessary to prevent risk of harm to an individual.

What are we governed by?

The key pieces of legislation/guidance we are governed by are:

  • Data Protection Act 1998
  • Human Rights Act 1998 (Article 8) Access to Health Records Act 1990
  • Freedom of Information Act 2000
  • The Common Law Duty of Confidentiality
  • Information Security Management Standards (ISMS)
  • Information Standards (AIS)
  • General Data Protection Regulations (GDPR)
Who are we governed by?

We are governed against the NHS framework agreements we deliver. We therefore operate (through these frameworks) to the following standards:

  • Department of Health – https://www.gov.uk/government/organisations/department-of- health
  • Information Commissioner’s Office – https://ico.org.uk/
  • NHS England – https://www.england.nhs.uk/

Our locum staff including doctors, nurses and healthcare professionals are also regulated and governed by professional bodies including numerous royal colleges.

Why and how we collect information

We obtain and hold personal confidential information about you which is needed to meet our legal and framework regulatory requirements to work as a locum.

These records may include (amongst other things):

  • Your personal data, such as address, date of birth and next of kin;
  • Your work history including places you have worked at and details of the worked carried out;
  • Your educational experience and training;
  • Your financial details including bank account(s);
  • Notes and reports about your health including vaccinations and immunisations you have received;
  • Results of any investigations/suspensions with regulatory bodies you may or not have; and
  • All relevant information that is required as part of our contractual obligations when working as a locum in NHS and Private sector settings.

It may also include personal sensitive information such as sexuality, race, your religion or beliefs, and whether you have a disability, allergies or health conditions. It is important for us to have a complete picture, as this information supports the provision of high quality services being provided against the frameworks we supply to and also the patients that you will serve as a locum.

Information is collected in a number of ways, including that which is directly given by you, provided by your previous employers, or regulatory/professional bodies.

How we use information
  • To help inform decisions that we are able to make in regards to potential employment and locum opportunities we may offer you
  • To ensure that you have the requisite training, skills and experience to perform the duties required of you
  • To work effectively with other organisations who may require this information, e.g. payroll agencies to process payments on your behalf
  • To meet NHS patient safety and safeguarding requirements
  • To ensure our services can meet future needs
  • To review services you have provides and ensure it is of the highest standard possible
  • For research and audit purposes
  • To prepare statistics on our organisational performance
  • To monitor how we provide services to the NHS
How information is retained and kept safe?

Information is retained in secure electronic and paper records and access is restricted to only those who need to know. It is important that information is kept safe and secure, to protect your confidentiality. There are a number of ways in which your privacy is shielded; by removing your identifying information, using an independent review process, adhering to strict contractual conditions and ensuring strict sharing or processing agreements are in place.

The Data Protection Act 1998 regulates the processing of personal information. Strict principles govern our use of information and our duty to ensure it is kept safe and secure.

Technology allows us to protect information in a number of ways, in the main by restricting access. Our guiding principle is that we are holding your information in strict confidence.

How do we keep information confidential?

We are committed to protecting your privacy and will only process personal confidential data in accordance with the Data Protection Act 1998, the General Data Protection Regulation (2018), the Common Law Duty of Confidentiality and the Human Rights Act 1998.

Loria Healthcare is a Data Controller and under the terms of the Data Protection Act 1998 and the General Data Protection Regulation (2018) we are legally responsible for ensuring that all personal confidential data that we collect and use i.e. hold, obtain, record, use or share about you is done in compliance with this legislation.

All data controllers must notify the Information Commissioner’s Office (ICO) of all personal information processing activities.

Everyone working for Loria Healthcare has a legal duty to keep information about you confidential. All identifiable information that we hold about you will be held securely and confidentially. We use administrative and technical controls to do this. We use strict controls to ensure that only authorised staff are able to see information that identifies you. Only a limited number of authorised staff have access to information that identifies you where it is appropriate to their role and is strictly on a need-­­ to-­­know basis. Information provided in confidence will only be used for the purposes to which you consent to, unless there are other circumstances covered by the law.

All of our staff, and Senior Management Team receive appropriate and ongoing training to ensure they are aware of their personal responsibilities and have contractual obligations to uphold confidentiality, enforceable through disciplinary procedures. All staff are a l s o trained in data protection, confidentiality, IT/cyber security, with additional training for specialist(s), such as records, data protection/IT staff to ensure they understand how to recognise and report an incident ensuring that the organisation’s procedure for investigating, managing and learning lessons from incidents.

The Data Protection Act 1998 regulates the processing of personal information. Strict principles govern our use of information and our duty to ensure it is kept safe and secure. NCH is registered with the Information Commissioners Office (ICO).

Technology allows us to protect information in a number of ways, in the main by restricting access. Our guiding principle is that we are holding your information in strict confidence.

What are the Retention Periods?

Your information will not be sent outside of the European Economic Area (EEA) where the laws do not protect your privacy to the same extent as the law in the UK. We will never sell any information about you.

Who will the information be shared with?

To provide best possible service, sometimes we will need to share information about you with others. We may share your information with NHS organisations and regulatory bodies. You may be contacted by any one of these organisations for a specific reason (e.g. taking up the offer of a locum appointment); they will have a duty to tell you why they have contacted you. Information sharing is governed by specific rules and law.

Sharing with non-NHS organisations

To ensure that the Loria Healthcare provides an efficient and effective service we will sometimes need to share your information with different organisations that help us deliver our service and also meet NHS patient safety standards. For example these may include:

  • Regulatory bodies such as GMC,NMC and GDC (amongst others);
  • Suppliers and service providers we work with, such as Umbrella and Payroll Agencies;
  • Universities and Higher Education Authorities; and
  • Government agencies such as HMRC, DWP and Police

However, we will not disclose any information to third parties without your explicit consent, unless there are exceptional circumstances, such as when the health or safety of others is at risk or where the law requires the disclosure of information.

We may also be asked to share basic information about you, such as your name and parts of your address, which does not include sensitive information. Generally, we would only do this to assist them to carry out their statutory duties (such as national audits). In these circumstances, where it is not practical to obtain your explicit consent, we are informing you through this Privacy notice.

We will also need to supply your information to organisations we have been contracted to provide a service to such as NHS organisations. We will only ever share your information if we are satisfied that our partners or suppliers have sufficient measures in place to protect your information in the same way that we do.


Most websites you visit will use cookies in order to improve your user experience by enabling that website to ‘remember’ you. Cookies do lots of different jobs, like letting you navigate between pages efficiently, storing your preferences and generally improving your experience of a website. Cookies make the interaction between you and the website faster and easier.

Cookies may be set by the website you are visiting or they may be set by other websites who run content on the page you are viewing.

What is in a Cookie?

A cookie is a simple text file that is stored on your computer or mobile device by a website’s server and only that server will be able to retrieve or read the contents of that cookie. Each cookie is unique to your web browser. It will contain some anonymous information such as a unique identifier and the site name and some digits and numbers. It allows a website to remember things like your preferences or login.

What to do if you don’t want Cookies to be set

Some people find the idea of a website storing information on their computer or mobile device a bit intrusive, particularly when this information is stored and used by a third party without them knowing. Although this is generally quite harmless you may not, for example, want to see advertising that has been targeted to your interests. If you prefer, it is possible to block some or all cookies, or even to delete cookies that have already been set; but you need to be aware that you might lose some functions of that website. If you have any concerns about cookies, please let us know.

Your right to withdraw consent for us to share your personal information

You have the right to refuse/withdraw consent to information sharing at any time. We will fully explain the possible consequences to you, which could include delays in you being placed as a locum.

Contacting us about your information

Loria Healthcare has a senior person responsible for protecting the confidentiality of your information and enabling appropriate sharing. If you have any questions or concerns regarding the information we hold on you, the use of your information or would like to discuss further, please contact the Data Protection Team.

Tel: +44 (0) 208 050 9647

Email: gdpr@loriahealthcare.om

Can I access my information?

Under the Data Protection Act 1998 a person may request access to information (with some exemptions) that is held about them by an organisation. For more information on how to access the information we hold about you please contact;

Data Protection Team, The Grange (Pmg), Neasden Lane, London, NW10 1QB

Tel: +44 (0) 208 050 9647

Email: gdpr@loriahealthcare.om

Contacting us if you have a complaint, comment or compliment

We try to meet the highest standards when collecting and using personal information. We encourage people to bring concerns to our attention and we take any complaints/comments we receive very seriously. You can submit a complaint by writing to:

Data Protection Team, The Grange (Pmg), Neasden Lane, London, NW10 1QB

Tel: +44 (0) 208 050 9647

Email: gdpr@loriahealthcare.om

If you remain dissatisfied with Loria Healthcare’s decision following your complaint, you may wish to contact: The Information Commissioner

Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF

Phone: 08456 30 60 60

Their web site is at www.ico.gov.uk The Information Commissioner will not normally consider an appeal until you have exhausted your rights of redress and complaint to Loria Healthcare.

Privacy and Cookie Policy