The European Union has recently instituted privacy regulations that affect you as our customer. CGFNS International, Inc. collects private information from you such as personal data and transcripts that it uses to evaluate your credentials. We also send this information to other entities as you have directed us to do, along with our divisions*. As we process your application, some third parties such as credit card companies and mail delivery systems may have very limited access to personal information. However, we do not sell or otherwise make your information available to advertisers. You have the right to object to certain processing which we carry out.
*CGFNS Alliance for Ethical International Recruitment Practices www.cgfnsalliance.org, International Centre on Nurse Migration www.intlnursemigration.org, International Consultants of Delaware www.icdeval.com
CGFNS PRIVACY NOTICE
What does this notice cover?
CGFNS International, Inc. (“CGFNS“, “we” or “us“) is committed to respecting the privacy of individuals, including the nurses and allied healthcare professionals which apply for its credentials analysis services.
This notice describes how we use your personal data in connection with such services. It also describes your data protection rights, including a right to object to some of the processing which CGFNS carries out. More information about your rights, and how to exercise them, is set out in the “What rights do I have?” section.
Note that for the purposes of applicable EU data protection law, our EU representative at DataProtection@cgfns.org.
What information do we collect?
We collect and process the following personal data about you when you complete an application form for our services on https://ncnz.cgfns.org/ (the “Website“), and when you communicate with us:
- Personal Information: such as, your data of birth, name (first, middle and surname), email address, gender, country of birth, current citizenship, home address and telephone number.
- Education History: such as, your primary and lower secondary education history, your higher secondary education history, your tertiary level (non-healthcare) education history and your tertiary level (healthcare) education history.
- Professional Employment History (if applicable): such as, your employment history for the previous five years.
- Professional License Information: such as, the country in which you are currently licensed and the status of your license.
- Specialty Education Information (if applicable): such as, the name of the organization from which you obtained this education and the country in which it is located.
- Your Payment Details: such as, your billing addresses and credit card details.
We automatically collect and process the following personal data about you when you browse or interact with the Website: such as information related to the browser and the device you are using to access the website; your IP address, and date/time stamps for your visit.
What information do we receive from third parties?
The above information although received directly from applicants, they are verified and expanded upon with additional information (such as curriculum and accreditation) by Schools, educational institutions and other primary source (employers, english language testing vendors and licensing vendors) organizations. This is essentially what we do as an organization.
How do we use this information, and what is the legal basis for this use?
- •To fulfil a contract, or take steps linked to a contract: in particular, in facilitating and processing applications submitted on the Website (including, verifying your identity, communicating with you and taking payment from you).
- Where this is necessary for purposes which are in our, or third parties, legitimate interests. These interests are:
- operating, and personalizing, the Website;
- providing you with access to the online application system, and enabling you to check the status of your application;
- responding to support tickets, and helping facilitate the resolution of any disputes;
- if you provide a credit or debit card as payment, we also use third parties to check the validity of the sort code, account number and card number you submit in order to prevent fraud (see data sharing below);
- updating you with operational news and information about our Website and services e.g. to notify you about changes to our Website, website disruptions or security updates;
- carrying out technical analysis to determine how to improve the Website and services we provide;
- monitoring activity on the Website, e.g. to identify potential fraudulent activity and to ensure compliance with the user terms that apply to the Website;
- managing our relationship with you, e.g. by responding to your comments or queries submitted to us on the Website or asking for your feedback or whether you want to participate in a survey;
- managing our legal and operational affairs; and
- providing general administrative and performance functions and activities.
- Where you give us consent:
- providing you with marketing information about products and services via email which we feel may interest you;
- on other occasions where we ask you for consent, we will use the data for the purpose which we explain at that time.
- For purposes which are required by law: in particular, responding to requests by government or law enforcement authorities conducting an investigation.
Relying on our legitimate interests
We have carried out balancing tests for all the data processing we carry out on the basis of our legitimate interests, which we have described above. You can obtain information on any of our balancing tests by contacting us using the details set out later in this notice.
Withdrawing consent or otherwise objecting to direct marketing
Wherever we rely on your consent, you will always be able to withdraw that consent, although we may have other legal grounds for processing your data for other purposes, such as those set out above. [In some cases, we are able to send you direct marketing without your consent, where we rely on our legitimate interests. You have an absolute right to opt-out of direct marketing, or profiling we carry out for direct marketing, at any time. You can do this by following the instructions in the communication where this is an electronic message, or by contacting us using the details set out below.]
Who will we share this data with, where and when?
We will share your personal data with:
- The recipient organization(s) which you have nominated in your application for our services where applicable;
- Our subsidiary companies CGFNS Alliance for Ethical International Recruitment Practices cgfnsalliance.org, International Centre on Nurse Migration www.intlnursemigration.org, International Consultants of Delaware www.icdeval.com for research and upon applicant request;
- We use payment processors PayPAL and Moneris for processing application fees and NotaryCam for Identity Notarization purposes;
Your personal data may be shared with government authorities and/ or law enforcement officials if required for the purposes above (e.g. if you are applying for the VisaScreen service, we will disclose your personal data to the United States Department of Homeland Security by whom we have been authorised to validate the credentials of certain foreign healthcare processions for occupational visas); if mandated by law; or, if required for the legal protection of our legitimate interests in compliance with applicable laws.
In the event that the business is sold or integrated with another business, your data will be disclosed to our advisers and any prospective purchaser’s adviser and will be passed to the new owners of the business.
We transfer your personal data with countries outside the EEA namely the USA and Canada.
Where information is transferred outside the European Economic Area (“EEA“), and where this is to a third party in a country that is not subject to an adequacy decision by the EU Commission, this transfer is justified on the basis that it is necessary in order to perform the contract which we have with you (which is recognized by GDPR Article 49(1)(b)).
A copy of the relevant mechanism can be provided for your review on request to DataProtection@cgfns.org.
What rights do I have?
You have the right to ask us for a copy of your personal data; to correct, delete or restrict (stop any active) processing of your personal data; and to obtain the personal data you provide to us for a contract or with your consent in a structured, machine readable format, and to ask us to share (port) this data with you or another controller.
In addition, you can object to the processing of your personal data in some circumstances (in particular, where we don’t have to process the data to meet a contractual or other legal requirement, or where we are using the data for direct marketing).
These rights may be limited, for example, if fulfilling your request would reveal personal data about another person, where they would infringe the rights of a third party (including our rights) or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping. Relevant exemptions are included applicable local data protection law. We will inform you of relevant exemptions we rely upon when responding to any request you make.
To exercise any of these rights, or to obtain other information, such as a copy of a legitimate interests balancing test, you can get in touch with us using the details set out below. If you have unresolved concerns, you have the right to complain to an EU data protection authority where you live, work or where you believe a breach may have occurred.
For the processing of all our reports, (such as VisaScreen, CES) for the contracted services the provision of information is mandatory: if relevant data is not provided, then we will not be able to perform the contracted services. All other provision of your information is optional.
How do I get in touch with you?
We hope that we can satisfy queries you may have about the way we process your personal data. If you have any concerns about how we process your data, or would like to opt out of direct marketing, you can get in touch at DataProtection@cgfns.org or by writing to 3600 Market Street, Suite 400, Philadelphia, PA 19104-2651.
How long will you retain my data?
We keep your personal data in line with the periods stated in our Data Retention Policy. For more information on our data retention policy, please contact DataProtection@cgfns.org.
CGFNS COOKIES NOTICE
What cookies will be used on the website?
We use the following categories of cookies on the Website:
- Strictly Necessary Cookies
Some cookies are essential for the operation of the Website. For example, some cookies allow us to identify registered users and ensure they can access the Website. If a registered user opts to disable these cookies, the user may not be able to access all of the content of the Website.
- Performance Cookies
Other cookies may be used to analyse how users use the Website and to monitor its performance. This allows us to provide a high-quality experience by customising the offering and quickly identifying and fixing any issues that arise. For example, performance cookies may be used to keep track of which pages are most popular and to determine why some pages are receiving error messages.
- Functionality Cookies
Functionality cookies are used to allow us to remember users’ preferences and tailor the Website to provide enhanced features.
How do I get in touch with you?