Privacy Policy

Last updated: 3 March 2026

1. Overview

LocumPal ("we", "us", "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our healthcare staffing platform. We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data Controller

LocumPal is the data controller for the personal data processed through our platform. For any data protection queries, please contact us at [email protected].

3. Data We Collect

We collect the following categories of personal data:

Account Information

Name, email address, phone number, professional registration numbers (GOC, GMC), and user type (Provider or Locum).

Professional Data

Qualifications, specialty areas, years of experience, clinical interests, practice types, and compliance documents (DBS certificates, indemnity insurance, professional registration).

Location Data

GPS coordinates collected during shift check-in and check-out events only. Practice location coordinates for geofencing purposes. We do not track your location continuously.

Shift and Employment Data

Shift details, timesheets, attendance records, invoices, payment information, availability schedules, and ratings/reviews.

Communications

Messages exchanged between Providers and Locums through our in-app messaging system.

Technical Data

IP address, browser type, device information, and usage analytics to improve our service.

4. Legal Basis for Processing

We process your personal data on the following legal bases:

  • Contract performance: Processing necessary to provide our staffing platform services.
  • Legitimate interests: Improving our service, preventing fraud, and ensuring platform security.
  • Legal obligation: Compliance with healthcare regulations and employment law.
  • Consent: Where you have given explicit consent, such as for marketing communications.

5. How We Use Your Data

  • Matching Locums to shifts based on qualifications, experience, and availability
  • Verifying attendance through GPS-based check-in and check-out
  • Tracking compliance document status and sending expiry alerts
  • Generating timesheets and invoices from shift data
  • Facilitating communication between Providers and Locums
  • Providing ratings and reviews to build trust on the platform
  • Sending notifications about shifts, compliance, and payments
  • Improving our platform through analytics and usage patterns

6. Data Sharing

We share your data only as necessary to provide our services:

  • Between users: Provider and Locum profile information is shared as needed for shift matching and management.
  • Service providers: We use trusted third-party services for hosting, data storage, and analytics, all bound by data processing agreements.
  • Legal requirements: We may disclose data when required by law or to protect our rights and safety.

We do not sell your personal data to third parties. All data is stored within UK/EU data centres.

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide our services. After account deletion, we retain certain data for up to 6 years to comply with legal and regulatory requirements. Compliance documents are retained for the duration required by the relevant regulatory body.

8. Your Rights

Under UK GDPR, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Restriction: Restrict processing of your data in certain circumstances
  • Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to processing based on legitimate interests
  • Withdraw consent: Withdraw consent at any time where processing is based on consent

To exercise any of these rights, contact us at [email protected].

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including encryption in transit and at rest, access controls, regular security assessments, and secure data centres. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

10. Cookies

We use essential cookies to maintain your session and authentication state. We may also use analytics cookies to understand how our platform is used. You can manage cookie preferences through your browser settings.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact & Complaints

For any privacy-related queries, contact us at [email protected]. If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.