Privacy Notice for Recruitment
About us
We are Suvera Ltd and we are located at Dashwood, 69 Old Broad Street London EC2M 1QS. We are registered Companies House under number 12237910 and with the ICO under number ZA567382. If you need to contact us about your data, you can email us at privacy@suvera.co.uk
What we do
Suvera Ltd operates a virtual clinic with health professionals that virtually manage patients with long-term conditions, such as hypertension, diabetes, asthma, COPD, depression and anxiety. Privacy and information governance are essential to the provision of trusted technology services, particularly in healthcare. At Suvera, we put this at the heart of what we do, not just because of our legal obligations, but because we, our friends and our families are all patients too. We all want to experience high quality healthcare whilst being in control of our data and how it is used.
Our role
This privacy notice applies to the data that we process when we are a controller of personal data. That will usually be the data of potential and existing employees, suppliers, direct patients, website users and then technical data when you use Suvera.
Being a controller means that we are trusted to look after and deal with your personal information in accordance with this notice. We determine the ways and means of processing your data and must therefore, be accountable for it.
How we process your data
Data that we process
As a potential employee we hold the following data on you:
Contact details, CV, email correspondence with you, pictures, videos and information from Facebook and LinkedIn-accounts, answers to questions asked through the recruiting, title, education and other information the User or others have provided through the Service.. If you are successful in gaining employment with us then you will fall under the employee privacy notice going forward which will be provided to you when you sign a contract with us.
We also carry out pre-employment checks, as legally obligated to do so by HMRC and various visa requirement bodies.
Lawful basis for processing
Our lawful basis for processing your data is a combination of contract, legitimate interest and consent. When you applied for a job it was with a view to entering into an employment contract with us. If we decide not to go forward with your application then we use legitimate interest to retain the data should the chosen candidate not work out or another role become immediately available. We use consent to collect references and also if we want to keep your contact details for longer than our usual retention period.
Retention period
For unsuccessful candidates we will keep your data on our database for a year after your application. This is in case another more suitable role opens up, or in case the position becomes re-available. If we want to keep the data longer than this then we will ask for your consent.
Data Sharing and transfers
We do not sell your data to anybody
Your rights
As a data subject you have rights in respect of our processing of your personal data.
Your right to data portability - this only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you. The right only applies if we are processing information based on your consent or under a contract, or in talks about entering into one, and the processing is automated.
If you want to exercise any of these rights, please just contact us on privacy@suvera.co.uk
You also have the right to lodge a complaint about our processing with a supervisory authority — in the UK that is the ICO whose details are here: https://ico.org.uk/make-a-complaint/
Security measures
Technical and operational security measures
All of our employees are trained in data protection and are aware of their obligations to ensure the privacy of all data subjects.
Our offices have physical security in place, All data is password protected, access controlled by two-factor authentication, backed up securely and encrypted when appropriate. Data privacy by design and default is an integral part of our development processes. We have a range of internal agreements and policies in place for information governance, network security, information handling, remote working, business continuity, confidential information, incident reporting, access control and staff confidentiality. We review these policies at least annually and will update them if a product or business change necessitates.
Business changes
What happens if our business changes hands?
We may, from time to time, expand or reduce your business and this may involve the sale and/or the transfer of control of all or part of your business. Any personal data that you have provided will, where it is relevant to any part of your business that is being transferred, be transferred along with that part and the new owner or newly controlling party will, depending on the lawful basis, be permitted to use that data only for the same purposes for which it was originally collected by us.
In the event that any of your data is to be transferred in such a manner, you will be contacted in advance and informed of the changes.
Cookies
We ask for your consent before we drop any third party or unnecessary cookies. For strictly necessary cookies, we rely on legitimate interest as we need these for our website to work.
“Cookies” are small text files placed on your device (e.g. computer, phone or tablet) when viewing certain pages in our software. Cookies allow us to keep track of some of your browsing preferences and optimise our software for your personal use. Cookies also allow us to automatically track certain information about how you navigate through, and interact with, our software, which helps us to measure its performance and to improve its design and functionality.
For more information on cookies, please visit www.allaboutcookies.org
We use the following cookies:
Strictly necessary cookies. These are cookies that are required for the operation of our software. They include, for example, cookies that enable you to log into your account. Analytical or performance cookies. These allow us to recognise and count the number of visitors and to see how visitors move around our software when they are using it. This helps us to improve the way our services works, for example, by ensuring that users are finding what they are looking for easily. Functionality cookies. These are used to recognise you when you return to our software. This enables us to personalise our content for you and remember your preferences (for example, so we can remember the state of your questionnaire if you reload the page while filling it in). Targeting cookies. These cookies record your visit to our software, the pages you have visited and the links you have followed. We will use this information to make our software and the advertising displayed on it more relevant to your interests.
The information that is collected through the cookies can in some instances be personal data and is, in such instances, regulated by our Recruitment Cookie Policy.
Changes to our privacy notice
We may change this privacy notice from time to time (for example, if the law changes). We recommend that you check this page regularly to keep up-to-date.
If we make any material changes to the manner in which we process and use your personal data, we will contact you to let you know about the change.
Data sharing and transfers
Like most companies, we use a number of other companies as part of our data processing, for example cloud services and technology services. We have Data Processing Agreements in place with these providers. Where data is transferred outside of the UK and EEA, we ensure that appropriate protection and mechanisms are in place, for example Standard Contractual Clauses. If data is transferred from the UK to the EEA then it is done so on the basis of those countries having a comparable data protection regime to the UK (adequacy).
We do not sell your data to anybody.