Privacy Notice – Staff & Recruitment Candidates

Effective date: 10 January 2024

Amwell created this privacy notice to explain how we collect, process and protect your data as a staff member, contractor, intern or recruitment candidate.

In this privacy notice we will tell you how we process your personal data. When we collect or use your data Amwell is the “data controller”. This means we decide how and why your data is processed.

If you want to get in touch the contact details for Amwell’s Data Protection Officer are listed at the bottom of this notice.

How we collect your personal data

Your data is collected by Amwell in a few ways:

  • Data you give directly
  • Data we collect from others
  • Data we collect automatically

What personal data we collect and use

Here is a list of the categories of personal data that are collected and used, with examples.

Contact details

  • Your name, email address, home address, telephone number
  • Next of kin name and contact details

Personal details

  • Your date of birth, gender, marital status
  • Ethnicity, on a voluntary basis for equal employment opportunity analysis (special category data)

Finance details

  • Bank details: account name, account number, BIC, IBAN, etc.
  • Tax details including PPS number, TIN or other identifier
  • Pension details
  • Salary details and payslips
  • Salary adjustments (e.g. for leave, tax deductions, etc.)

Employee details

  • Your employee ID, department, job title, location, join date, status
  • Leave details
  • Other leave details (may include data concerning health)
  • Performance / training / peer and manager feedback
  • Industrial relations (may include data revealing trade union membership)
  • Disciplinary and grievance records
  • IT accounts and assets
  • Call recordings and transcripts, business contact data and related analytics
  • Exit checklist and interview notes (when leaving the company)

Recruitment candidate details

  • Interview notes
  • Qualifications
  • Employment history / resume / CV
  • References
  • Disability details (data concerning health)
  • Scores calculated during recruitment process

Successful recruitment candidate details

  • Visa details (may include data revealing racial or ethnic origin)
  • Record of eligibility to work
  • Offer letter, job description, contract

Background check

  • Name, date of birth, personal identification number (e.g. SSN, PPSN)
  • Current and past addresses
  • Background check application form
  • Background check results

Travel information

  • Details for bookings: passport number, preferences, loyalty scheme details
  • Trip records

Other

  • Survey responses
  • HR communication with recruitment candidates and employees
  • Data protection request details

How and why we use your personal data

Amwell uses your data for the purposes described below

  • Payroll
  • Human resources management, including recruitment and performance management
  • Travel booking
  • Communication, collaboration and administration
  • Legal obligations

In general, Amwell processes your data for the purposes of establishing, administering and managing aspects of your employment relationship (including all associated processes) in line with your contract. Amwell also processes your data to comply with legal or regulatory requirements.

Recruitment and candidate screening

Amwell uses Phenom Fit Score to assist with recruitment and candidate screening. Candidate screening is always conducted with human oversight and intervention, and the fit score is not the sole deciding factor. The fit score could be classified as "profiling" or "automated decision-making" under the GDPR.

Fit Score works with objective job-related characteristics, such as relevant career paths and skills-based hiring to compute a value that aims to predict how a given candidate profile fits the job match criteria. To a recruiter, this value is represented as a letter grade: A, B, C, and No Fit. In brief, the Fit Score model computes the letter grade by comparing the resume to the job description. The AI behind Fit Score includes AI language modeling of similarity between candidate information and job-related criteria, such as the match between a candidate’s skills to the skills listed in a job description. Fit Score is applied to all candidates equally regardless of their demographic or other protected characteristics. The only inputs to Fit Score are job-related; there are no inputs of demographic information, or biometric information.

Lawful basis

The bases for processing your personal data are:

  • Consent (GDPR Art.6(1)(a))
  • Contract (GDPR Art.6(1)(b))
  • Legal obligation (GDPR Art.6(1)(c))
  • Legitimate interests (GDPR Art.6(1)(f))

The conditions for processing your special category personal data are:

  • Explicit Consent (GDPR Art.9(2)(a))
  • Employment (GDPR Art.9(2)(b))
  • Legal claims (GDPR Art.9(2)(f))

Understanding your Rights

You have rights regarding your personal data. If you have any questions, please contact Amwell using the contact details provided in the Contact section below.

Right to information about processing of your personal details

The aim of this privacy statement is to give you this information.

Right to access your personal data

You have the right to know if your personal data is being held, what categories of data are held, and to receive a copy of all data about you.

Right to change or remove your details

You have the right to correct any inaccurate data, or remove data if it is not necessary for us to hold it.

Right to data portability

While we do not process your data on the basis of consent, we will provide your data in a portable format.

Right to object to processing

You can object to processing for direct marketing (opt-out), or if it could otherwise affect your rights, freedoms or interests.

Right to withdraw consent

Where we process your data on the basis of consent, you have a right to withdraw your consent. To withdraw consent please contact Human.Resources@amwell.com

Right not to be subject to solely automated decision-making

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. In such cases, you have the right to obtain human intervention, to express hyour point of view and to contest the decision.

Right to lodge a complaint

You also have the right to lodge a complaint with a supervisory authority, although we encourage you to contact Amwell first.

Contact details for the Data Protection Commission can be found at https://www.dataprotection.ie

Contact details for the Information Commissioner's Office can be found at https://ico.org.uk/

Data protection policies

Amwell has a set of data protection policies and procedures. All staff can access our Data Protection Policies Overview on SharePoint.

Third parties

Amwell uses external service providers and will also share your data in some cases.

Third party Details Location

Payroll

Payroll providers uses your contact, finance and employee details to process the payroll.

EEA / UK / US
as appropriate

Recruitment Platform

Amwell uses a recruitment platform to store recruitment records including contact details, applications, CVs, and scores.

 US

HR Information System

Amwell uses a HR information system used to store HR records including contact details and appraisals.

 US

Travel Booking

Travel booking services will use your contact and travel information.

 EEA
and as appropriate for service providers such as airlines and hotels

Microsoft

Microsoft provides Office 365 services including email, calendar, contacts, file sharing and other collaboration tools.

 EEA / US

Other IT / Cloud service providers

Amwell uses several other IT or cloud service providers for activities including:

  • Company objective management
  • Employee recognition
  • Project management
  • Product management and development
  • Awareness and training
  • Customer relationship management

Your name, email address and username will be shared with the service providers in order to create an account for you and each service provider may process more personal data about you depending on the service.

 EEA / UK / US

Gong

We use Gong to record and transcribe calls with customers and prospects. Calls may be used for employee coaching.

 US

Tax authorities

Personal data will be sent to Revenue Commissioners, HM Revenue & Customs or the appropriate national tax authority for you.

 EEA / UK / US
as appropriate

Background check

Name, data of birth, current and former addresses and other application information will be used by background check provider appropriate for you.

 EEA / UK / US
as appropriate

 

International transfers

Amwell may transfer your personal data between its affiliates and service providers, and we may transfer, process, and store your data within and outside of the European Economic Area (EEA) or United Kingdom (UK). Where your data is transferred outside the EEA or UK Amwell will ensure that appropriate legal arrangements are in place to protect it. This includes the use of EU Controller-to-Processor Standard Contractual Clauses (SCCs) or other available transfer mechanisms.

Data security

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.

All Amwell employees are contractually and ethically bound to respect the confidentiality of any personal data held by Amwell.

Amwell maintains ISO 27001:2013 certification and Cyber Essentials certification.

Retention of Personal Data

Personal Data shall be retained only in accordance with Amwell’s Personal Data Retention Policy. As an overview:

  • Most personal data for staff will be held for 6 years post-employment
  • Bank details will be held for 3 years post-employment
  • Pension details (where applicable) will be held for up to 75 years post-employment
  • Recruitment data will be held for 2 years
  • Background check information and IT account data will be held for 1 year post-employment, unless there is a legal obligation to retain longer

Privacy notice changes

We will revise this privacy notice when necessary and we encourage you to check back in future for changes.

  • 16 Mar 2021 Revised third parties and international transfers
  • 21 May 2021 Reformatted and revised third parties and activities
  • 16 September 2022 Update ISO 27001 certification
  • 30 January 2023 Updated third party locations; removed reference to outsourced IT; added third party Gong (call recording)
  • 10 January 2024 Updated categories of personal data to include ethnicity and scores during recruitment; added consent legal basis and withdrawal right; added section on recruitment and candidate screening; added right not to be subject to solely automated decision-making; retention period for recruitment data; renamed SilverCloud to Amwell.

Contact

If you wish to contact Amwell regarding our use of your Personal Data or to exercise your rights, please contact us by email at dataprotection@silvercloudhealth.com or at:

SilverCloud by Amwell
One Stephen Street Upper
Dublin 8
Ireland

Amwell's Data Protection Officer (DPO) is BH Consulting:

Amwell Data Protection Officer
BH Consulting
The LINC Centre
Blanchardstown Road North
Dublin 15
Ireland

+353 1 440 6065