Hexarad Careers Privacy Notice

Last Updated: 11 November 2025

1. Introduction and Who We Are

Hexarad Group Limited ("we", "us", "our") is committed to protecting the privacy and security of your personal information. This privacy notice describes how we collect and use personal information about you during the recruitment process, in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018).

Hexarad is the "data controller" for the information you provide during this process. This means we are responsible for deciding how we hold and use personal information about you.

Our registered office is:

Lynwood House, Station Road, Harrow, Middlesex, HA1 2AW. Hexarad's principal place of business and trading address is 163 Tower Bridge Road, London SE1 3LW.

Company Number: 12127115

2. Our Data Protection Officer (DPO)

We have appointed a Data Protection Officer (DPO) to oversee compliance with this privacy notice. If you have any questions about this notice or how we handle your personal information, please contact the DPO:

  • Email: enquiries@hexarad.com
  • Telephone: +44 203 327 1183
  • Post: 2nd Floor, 163 Tower Bridge Rd, London SE1 3LW, UK.

3. What Information We Collect

We collect and process a range of information about you. This includes:

  • Personal and Contact Details: Your name, address, telephone number, and email address.
  • Application Information: Your CV, cover letter, application form, qualifications, academic records, and employment history.
  • Interview Data: Information you provide during an interview and any notes we take.
  • Right to Work Data: Information to verify your identity and right to work in the UK (e.g., passport, visa documentation). This is typically collected if you are offered a role.
  • Reference Data: Information provided by your named referees.

Special Category and Criminal Offence Data

Given our work in the healthcare sector, we also need to process more sensitive information ("special category data") for certain roles, particularly clinical and patient-facing/handling roles:

  • Health Data: Information about your health, including any medical conditions or disabilities, for the purpose of making reasonable adjustments to the recruitment process (e.g., for an interview).
  • Criminal Conviction Data: We conduct Disclosure and Barring Service (DBS) checks for roles that involve regulated activity or are positions of trust (which includes most roles in a teleradiology setting). We will inform you if this is required for the role you are applying for.
  • Equal Opportunities Monitoring Data: (This is optional). Information about your ethnic origin, sexual orientation, religion, or belief. This is collected for statistical monitoring, is not used in the selection process, and is typically provided on an anonymous or voluntary basis.

4. Our Lawful Basis for Processing

We will only use your personal information when the law allows us to. Most commonly, we will use your information in the following circumstances:

Purpose of Processing Type of Data Used Our Lawful Basis (UK GDPR)
To assess your skills, qualifications, and suitability for the role. All application and interview data. Legitimate Interest (to select and recruit the most suitable candidates).
To communicate with you about the recruitment process. Personal and contact details. Legitimate Interest (to manage the recruitment process).
To check you are legally entitled to work in the UK. Right to work data. Legal Obligation.
To make reasonable adjustments to the recruitment process for candidates with disabilities. Health data. Legal Obligation (under the Equality Act 2010). Article 9(2)(b) UK GDPR — carrying out obligations in employment law.
To carry out DBS checks for roles requiring a high level of trust or access to patient data. Criminal conviction data. Legal Obligation and Substantial Public Interest (DPA 2018, Schedule 1 — necessary for protecting vulnerable individuals).
To conduct equal opportunities monitoring. Equal opportunities data. Explicit Consent (You are free to withdraw this consent at any time without it affecting your application).

5. Who We Share Your Data With

Your information will be shared internally for the purposes of the recruitment exercise. This includes members of the HR and recruitment team, hiring managers, interviewers, and IT staff if access to the data is necessary for the performance of their roles.

We may also share your data with trusted third parties, including:

  • Applicant Tracking System (ATS) Providers: BambooHR who host our careers platform.
  • Background Check Providers: CareCheck to conduct DBS checks, and Cognito to take up references.

We require all third parties to respect the security of your data and to treat it in accordance with the law.

6. International Data Transfers

Some of our third-party service providers may be based outside the UK. When we transfer your data outside the UK, we ensure a similar degree of protection is afforded to it by:

  • Ensuring the country has been deemed to provide an adequate level of protection for personal data by the UK Government.
  • Using specific contracts approved by the UK Government which give personal data the same protection it has in the UK, such as the International Data Transfer Agreement (IDTA).

Please contact our DPO if you want further information on the specific mechanisms used when transferring your personal data.

7. How Long We Keep Your Data

If your application is unsuccessful, we will retain your personal information for a period of 12 months after the recruitment process has been completed.

If your application is successful, personal data gathered during the recruitment process will be transferred to your personnel file and will be retained in line with our Employee Privacy Notice, which will be provided to you upon joining.

8. Your Data Protection Rights

Under data protection law, you have rights including:

  • Your right of access — You have the right to ask us for copies of your personal information.
  • Your right to rectification — You have the right to ask us to rectify information you think is inaccurate or complete information you think is incomplete.
  • Your right to erasure — You have the right to ask us to erase your personal information in certain circumstances.
  • Your right to restriction of processing — You have the right to ask us to restrict the processing of your information in certain circumstances.
  • Your right to object to processing — You have the right to object to processing if we are relying on "legitimate interests" as our lawful basis.
  • Your right to data portability — You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

To exercise any of these rights, please contact our DPO at enquiries@hexarad.com.

9. How to Complain

We hope that our DPO can resolve any query or concern you raise about our use of your information.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), which is the UK supervisory authority for data protection issues.

  • Website: ico.org.uk/make-a-complaint
  • Telephone: 0303 123 1113
  • Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF