AUREUM PRIVACY POLICY
Candidates Consent
Aureum (“We”, “Us”, “Our”) is a recruitment business which provides
recruitment and work-finding services to its clients. Aureum must process
personal data so that it can provide these services and in doing so we act as a
“data controller.”
As “data controller” means that we are responsible for deciding how we hold
and use personal information about you. We are required under data
protection legislation to notify you of the information contained in the
privacy notice.
This notice informs you of how we protect your personal data and informs
you about your legal rights when we obtain your personal data, in
accordance with the new General Data Protection Regulation (GDPR). This
notice does not act or form part of any contract to provide you with
recruitment or work-finding services.
For more information and/or to exercise any of your rights at any time you
can contact Aureum:
- by email
- by phone
- In writing
Legal basis for processing your personal data
Most of the personal information will be collected during the registration and
onboarding process, however, in order to ensure that your compliance is up
to date and you are able to continue to work for Aureum Healthcare, we will
also be collecting additional/new information on an ongoing basis.
Aureum will collect your personal data (including sensitive personal data)
via our website, mobile app, telephone and other sources, including
colleagues when you are referred to Aureum Healthcare via the refer a friend
scheme.
We will process your personal data for the purposes of providing you with
work-finding services.
Consent – Aureum holds and processes personal data by obtaining your
written or verbal consent wherever possible. Consent is given to us by you,
when registering with our online platform
Legitimate Interest – where there is commercial purpose for processing your
personal data. For example, where you have provided your personal data
and we use this data for the purposes of securing you an interview or a
placement.
We will only use your personal data for the purposes for which we collected
it and in situations where the law allows us to.
Personal data we hold
The categories of personal data we may collect, and process include but are
not limited to: - Identity
- Full name
- Date of birth
- Nationality/citizenship
- Gender
- Marital status
- Photograph
- Evidence of right to work in the UK
- Contact information
- Address
- Telephone/Mobile number
- Emergency contact details (Next of kin)
- Professional experience and employment history
- Education history; skills and other qualifications
- Financial information
- Details of criminal convictions
- Details of disabilities
- Details of health and medical records
- Referee details and information collected from your referees
about you - Any additional information that you choose to tell us or is
provided by a third-party source, clients, referees, others…
The holding of this data is required for us to ensure that you are suitable for
opportunities being managed by us. We hold this data for the purposes of
providing you with work-finding services and/or information relating to
roles relevant to you.
Who will we share your data with?
Aureum will only share your personal data when necessary and where there
is a legitimate reason to do so.
NHS Trusts and Aureum Clients – We will share your personal data with
Trusts/clients who you request to work with, and sometimes third parties
associated with those clients if consent is given.
Auditors – We may be required to share your personal data with external
auditors, with whom we have a contract in place. They will not share your
personal information with any organisation other than us. They will hold it
securely and retain it for the period we instruct.
Data Processors – Your personal data may be transferred to other third
parties acting in their capacity as data processors. We use data processors
who are third parties to provide elements of service for us. We have contracts
in place with our data processors to ensure they will not share your personal
information with any organisation other than us and only permit them to
process your personal data for specified purposes in accordance with our
instructions. They will hold it securely and retain it for the period we
instruct.
Other third party service providers – Your personal data may be shared with
third party service providers including, but not limited to, technical support
and IT contractors, Training companies, Professional Bodies, DBS services
Your data will not be shared outside of the EEA unless for a specific
opportunity and with your express permission.
Sensitive data
Special category data is personal data which is of a sensitive nature. These
include, but are not limited to: - Race
- Ethnic origin
- Political membership or affiliation
- Religion and belief
- Trade union membership
- Health
- Sexual orientation
“Special categories” of particularly sensitive personal information require
higher levels of protection. We need to have further justification for
collecting, storing and using this type of personal information. We have in
place an appropriate policy document and safeguards which we are required
by law to maintain when processing such data. We may process special
categories of personal information in the following circumstances: - In limited circumstances, with your explicit written consent.
- Where we need to carry out our legal obligations or exercise
rights in connection with employment. - Where it is needed in the public interest, such as for equal
opportunities monitoring
Less commonly, we may process this type of information where it is needed
in relation to legal claims or where it is needed to protect your interests (or
someone else’s interests) and you are not capable of giving your consent, or
where you have already made the information public.
How long do we keep your personal data for?
Aureum Healthcare will only keep your personal data for as long as is
necessary for the purposes for which it was collected and in order to fulfil our
obligations to you.
If you no longer require the services of Aureum Healthcare, we will keep
your personal data stored for the necessary period to comply with all and
any relevant legislation at the time. Upon expiry of that period, Aureum
Healthcare will seek further consent from you and where consent is not
granted, Aureum will cease to store and process your personal data.
How is your personal data protected?
Aureum has put in place appropriate security measures to prevent your
personal information from being accidentally lost, used, or accessed in an
unauthorized manner.
Additionally, we limit access to your personal information to those
employees, agents, contractors and other third parties who have a business
need to know. They will only process your personal information on our
instructions, and they are subject to a duty of confidentiality.
In case of suspected personal data breach, Aureum will notify you and any
applicable regulator where legally required to.
Your rights in relation to your personal data
You have the following data protection rights: - The right to be informed about the collection and use of your
personal data - The right to request access or directly access your personal data
being held by Aureum - The right to rectify your personal data (if inaccurate)
- The right to, in certain circumstances, request erasure of your
personal data - The right to object to decision being taken by automated means
- The right to restrict the process of your personal data
- The right withdraw consent at any time
- The right to claim compensation for damages cause by breach of
the GDPR or any relevant Data Protection Law in force at the
time
To exercise any of these rights, please contact Aureum Healthcare Ltd. Your
request will be dealt with as soon as possible and at the latest within one
calendar month of the date of the request being received. If an extension of
this period is needed, we will let you know within the one-month period.
We regularly review this privacy notice and will update it where necessary.
We do recommend you regularly review this privacy notice to make sure you
have the most up to date information. This privacy notice was last updated
on 29/04/2024.