1. Introduction and Identity of the Data Controller
Innergy Healthcare Talent Management & Outsourcing ("Innergy Healthcare", "we", "us", "our") is a healthcare talent management and global outsourcing company registered in Nigeria and operating internationally, including in the United Kingdom and Ireland.
Registered Address: H16, Alafia Estate, Ibadan, Nigeria
Data Protection Officer:
Email: info@innergyhealthcare.com
We are committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, share, and protect your personal data when you visit our website at innergyhealthcare.com, submit an expression of interest as a candidate, engage with us as an employer or institutional partner, or communicate with us by email, phone, or other means.
2. Legal Framework
We process personal data in accordance with:
- UK General Data Protection Regulation (UK GDPR)
- UK Data Protection Act 2018
- EU General Data Protection Regulation 2016/679 (EU GDPR) (for Irish operations)
- Nigeria Data Protection Act 2023 (NDPA)
- Nigeria Data Protection Regulation 2019 (NDPR)
Where we transfer data from Nigeria to the UK or Ireland, we implement appropriate safeguards including Standard Contractual Clauses (SCCs) and align with adequacy decisions where applicable.
3. What Personal Data We Collect
3.1 Candidate Data
Identity Data: Full legal name, date of birth, gender, nationality, passport number and expiry, NIN where applicable.
Contact Data: Email, mobile, WhatsApp, residential address, emergency contact details.
Professional and Qualification Data: Academic certificates, transcripts, professional registration numbers (MLSCN, NMCN, MDCN), employment history, references, licences, IELTS/SELT/OET results, Care Certificate or equivalent training records.
Assessment Data: Psychometric scores, English communication evaluations, interview notes, care readiness outcomes, behavioural and personality profile summaries.
Sensitive Personal Data: Health information (where required for visa or fitness-to-work), criminal records disclosure (Enhanced DBS or equivalent), immigration status.
Immigration and Visa Data: Passport biographic pages, visa application documentation, TB test results, biometric information (indirectly via government authorities).
3.2 Employer Data
- Organisation name and registered address
- Sponsor licence number (where applicable)
- Contact person details
- CQC/HIQA registration details
- Contractual and payment information
- Correspondence records
3.3 Institutional Partner Data
- Institution name and address
- NBTE or relevant accreditation details
- Contact person details
- Partnership agreement records
- Student cohort data (aggregated and anonymised where possible)
3.4 Website Visitor Data
- IP address, browser type and version, device type and OS
- Pages visited, time spent, referral source
- Cookie identifiers (see our Cookie Policy)
4. How We Collect Your Data
- Website forms: Expression of interest, employer enquiry, institutional partnership, and contact forms.
- Direct communication: Email, phone, WhatsApp, or video calls.
- Institutional partners: Colleges and training institutions referring candidates with consent.
- Assessment platforms: Psychometric and English evaluation tools.
- Third-party verification services: Credential verification and background check providers.
- Public professional records: Professional council registers where publicly available.
5. How We Use Your Data
5.1 Candidate Data
- Assess eligibility and suitability for international healthcare opportunities
- Conduct psychometric and professional readiness evaluations
- Verify qualifications and professional registrations
- Match profiles with appropriate employer vacancies
- Prepare and submit documentation for professional registration (NMC, HCPC, CORU, etc.)
- Support visa and immigration applications where instructed
- Communicate about applications, progress, and opportunities
- Provide pre-departure and post-arrival support
- Comply with legal and regulatory obligations and maintain audit records
5.2 Employer Data
- Manage commercial relationships, match candidates, facilitate interviews
- Issue and manage contracts and invoices
- Comply with legal obligations
5.3 Website Visitor Data
- Operate and maintain our website
- Analyse traffic and improve user experience
- Detect and prevent security threats
6. Legal Basis for Processing
| Purpose | Legal Basis |
|---|---|
| Candidate assessment and matching | Consent / Contract |
| Credential verification | Legitimate Interests / Legal Obligation |
| Visa and immigration documentation | Consent / Legal Obligation |
| Employer partnership management | Contract / Legitimate Interests |
| Website analytics | Consent (Cookies) |
| Compliance and audit records | Legal Obligation |
| Post-placement support | Legitimate Interests / Contract |
| Marketing communications | Consent |
7. International Data Transfers
As a Nigerian-based company with operations in the UK and Ireland, your personal data may be transferred internationally. Transfers from Nigeria to the UK are protected by Standard Contractual Clauses (SCCs), Data Processing Agreements, and technical and organisational security measures. The UK and EU have adequacy arrangements in place. We never sell your personal data.
8. Who We Share Your Data With
- Employer partners (with explicit consent)
- Professional registration bodies (NMC, HCPC, CORU, MLSCN, NMCN, MDCN)
- UK Home Office / Irish Immigration Service
- Background check providers (DBS, AccessNI, Nigerian Police equivalents)
- English language testing centres (IELTS, OET, PTE)
- IT and platform providers (hosting, CRM, assessment platforms)
- Legal and compliance advisors
- Regulatory authorities (where legally required)
9. Data Retention
| Data Category | Retention Period |
|---|---|
| Active candidate data | Duration of engagement + 2 years |
| Successfully placed candidates | 6 years from placement date |
| Unsuccessful candidates | 1 year (unless you request deletion) |
| Employer partner data | Duration of contract + 7 years |
| Website analytics data | 26 months |
| Financial/invoicing records | 7 years (legal requirement) |
| Psychometric assessment data | 3 years from assessment date |
10. Your Rights
Under UK GDPR and the Nigeria Data Protection Act, you have the following rights:
- Access — request a copy of the personal data we hold about you.
- Rectification — correct inaccurate or incomplete data.
- Erasure — request deletion, subject to legal retention obligations.
- Restriction — temporarily stop processing while a dispute is resolved.
- Data portability — receive your data in a structured, machine-readable format.
- Object — object to processing based on legitimate interests or direct marketing.
- Withdraw consent — at any time, without affecting prior lawful processing.
- Automated decision-making — we do not make fully automated decisions with legal effects.
To exercise any right, contact our Data Protection Officer at info@innergyhealthcare.com. Response within 30 days of receipt.
11. Security
- Encrypted data storage and transmission (SSL/TLS)
- Access controls and role-based permissions
- Regular security assessments
- Staff data protection training
- Incident response procedures
In the event of a data breach likely to cause risk to your rights, we notify the relevant supervisory authority within 72 hours and affected individuals without undue delay.
12. Cookie Policy
See our dedicated Cookie Policy for full details on how we use cookies on this website.
13. Complaints
You have the right to complain to the supervisory authority:
- UK: Information Commissioner's Office (ICO) — ico.org.uk — 0303 123 1113
- Ireland: Data Protection Commission (DPC) — dataprotection.ie
- Nigeria: Nigeria Data Protection Commission (NDPC) — ndpc.gov.ng
14. Changes to This Policy
We review and update this policy at least annually. Material changes will be communicated via email to registered users and a prominent notice on our website.