Last updated: 19/08/2025
Medexa Group (“we”, “our”, “us”) is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect information when you interact with our services, including our website, recruitment processes, and staffing solutions.
Medexa Group provides healthcare recruitment services across the UK, matching healthcare professionals with employers. As part of this process, we collect and process personal data in line with the UK General Data Protection Regulation (GDPR) and the Data Protection Act 2018.
We may collect and process the following personal data:
Candidates: Name, contact details, CV, employment history, qualifications, training records, compliance documents (including DBS checks), right-to-work documents, references, and bank details for payroll.
Employers/Clients: Contact details, job requirements, contract details, and correspondence.
Website Visitors: Information submitted via contact forms, cookies, and analytics data.
We process personal data for the following purposes:
To provide recruitment and staffing services.
To assess candidate suitability for roles.
To fulfil contractual obligations with clients.
To meet compliance and regulatory requirements.
To process payments, payroll, and invoicing.
To communicate with you about vacancies, applications, or staffing needs.
To improve our services and website functionality.
We process personal data on the following legal grounds:
Contract: Processing necessary to perform a contract with you.
Legal Obligation: Meeting requirements such as right-to-work checks and DBS verification.
Legitimate Interests: Providing recruitment services, maintaining business relationships, and improving our operations.
Consent: Where you have given us permission to use your data for specific purposes, such as marketing communications.
We may share your personal data with:
Employers seeking staff through Medexa Group.
Payroll providers, DBS checking services, and compliance partners.
Regulatory and law enforcement authorities, where legally required.
IT and system providers that support our operations.
We will never sell your personal data to third parties.
We retain personal data only for as long as necessary to fulfil our recruitment and compliance obligations or as required by law. Candidate data is typically retained for up to six years from the last date of contact unless otherwise required.
We implement technical and organisational measures to protect your personal data from unauthorised access, loss, or misuse. This includes secure servers, encryption, and restricted access to sensitive information.
Under UK GDPR, you have the following rights:
Access to the personal data we hold about you.
Correction of inaccurate or incomplete data.
Erasure of your data (“right to be forgotten”).
Restriction of processing.
Data portability.
Objection to processing based on legitimate interests.
Withdrawal of consent where consent is the legal basis.
To exercise your rights, please contact us using the details below.
Our website uses cookies and similar technologies to improve user experience and analyse traffic. You can manage your cookie preferences through your browser settings.
If you have any questions about this Privacy Policy or how your data is processed, please contact us:
Medexa Group
Mabel House, Thames Ditton, United Kingdom, KT7 0JP
Email: info@medexagroup.co.uk
Phone: +44 (0)1372 236897
If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at www.ico.org.uk.
