Privacy Policy
Effective Date: 8 October 2024
Last Updated: 14 December 2024
Serenity Alley Healthcare Recruitment Services (“we,” “our,” or “us”) is fully committed to safeguarding the privacy, security, and confidentiality of your personal data. We recognize the importance of ensuring that your personal information is handled with the utmost care and respect. This Privacy Policy has been developed to explain in detail how we collect, use, store, share, and protect your personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
As part of our services, we may collect personal information from you, and we are dedicated to ensuring that it is processed in a lawful, fair, and transparent manner. This Privacy Policy provides important information about your rights and our responsibilities when it comes to managing your personal data.
By engaging with our services or providing us with any personal information, you are agreeing to the terms and practices outlined in this policy. If you do not agree with any part of this policy, we respectfully ask that you refrain from using our services or providing any personal information to us.
Your privacy is of the utmost importance to us, and we are committed to maintaining the highest standards of data protection, ensuring that your information is used only for legitimate and transparent purposes as outlined in this document.
1. Data Controller Information
Serenity Alley Healthcare Recruitment Services operates as the data controller for any personal data you provide to us. As the data controller, we are responsible for determining how your personal data is collected, stored, processed, and shared in accordance with applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
We are committed to ensuring that your personal data is processed in a lawful, transparent, and secure manner, and that we fulfill our obligations to you regarding data protection rights.
Should you have any questions, concerns, or requests related to the processing of your personal data or wish to exercise your rights as a data subject, please do not hesitate to get in touch with us using the contact details provided below. We will respond to your inquiry promptly and in accordance with legal requirements.
Contact Information for the Data Controller:
- Email: info@serenityalley.co.uk
- Phone: 0800 002 9721
- Postal Address:
Serenity Alley Healthcare Recruitment Services 167-169 Great Portland Street, 5th Floor London, W1W 5PF England
We take your privacy seriously and are always available to assist with any queries you may have regarding how we handle your personal data. Whether you wish to request access to your data, update your information, or learn more about our data practices, please feel free to reach out.
2. Information We Collect
To provide you with our recruitment services, we collect various types of personal data. The information we gather helps us match you with suitable job opportunities, facilitate recruitment processes, and ensure compliance with relevant legal obligations. We collect this data in different ways, including directly from you, automatically through your interactions with our website, and from third-party sources.
2.1 Personal Data You Provide
We collect personal data that you voluntarily provide when you engage with our services. This data is crucial for us to effectively offer recruitment and staffing services. The personal data you may provide includes:
- Applying for a Job or Submitting Your CV/Resume:
When you apply for a job through us or submit your CV/resume for consideration, we collect information relevant to your job application, such as your employment history, qualifications, and skills.
- Registering as a Candidate or Client:
When you register with us as a candidate seeking employment or as a client looking for staffing services, we gather information necessary to create and manage your profile, such as your contact details, professional background, and preferences.
- Contacting Us via Our Website, Email, or Phone:
If you reach out to us for inquiries or other purposes, we collect your contact information and any additional details you provide during the communication.
The types of personal data we may collect from you include, but are not limited to:
- Identity Data:
Full name, date of birth, gender, nationality, and any other identifying details that help us establish your identity.
- Contact Information:
Your email address, phone number, postal address, and other communication details to contact you and maintain an ongoing relationship.
- Employment Information:
Job title, employment history, skills, certifications, qualifications, work experience, professional references, and any other relevant career details that help us assess your suitability for job opportunities.
- Special Category Data (Sensitive Data):
Health information, disabilities, and criminal records (if applicable). We only collect this sensitive data when it is strictly necessary for the recruitment process and as permitted by law. This may include information such as medical conditions or criminal background checks that are required for certain job roles (e.g., healthcare, security) or for compliance with legal obligations.
- Financial Data:
Bank account details, tax information, or other financial data (only applicable if required for payment purposes, such as in the case of a successful job placement or if you are an independent contractor).
2.2 Data Automatically Collected
In addition to the data you directly provide to us, we also collect certain technical and usage information automatically when you interact with our website. This data helps us improve our website’s functionality and provide a better user experience.
The types of automatically collected data include:
- Technical Data:
This includes your IP address, browser type, operating system, and device information. This data helps us troubleshoot technical issues, analyze website performance, and ensure compatibility across various devices and platforms.
- Usage Data:
We also collect information regarding your behavior on our website, such as pages viewed, links clicked, time spent on specific pages, and your general navigation patterns. This data helps us understand how users engage with our website and optimize content and functionality for a more seamless user experience.
2.3 Third-Party Sources
We may also collect personal data about you from third-party sources. This helps us expand our recruitment efforts and ensure we are working with up-to-date, accurate information. These third-party sources include:
- Publicly Available Sources:
This includes professional networks such as LinkedIn, publicly available professional directories, or industry-specific platforms. We may collect personal data that is made publicly available by you on such platforms, which helps us to understand your qualifications, skills, and career interests.
- References from Previous Employers or Educational Institutions:
If you provide references from previous employers or educational institutions, we may contact them to verify your employment history, academic background, or professional qualifications. These references help us evaluate your suitability for a particular role or job opportunity.
We ensure that when we collect data from third-party sources, it is in accordance with applicable data protection laws, and we handle all data with the same level of security and confidentiality as the data provided directly by you.
3. How We Use Your Data
At Serenity Alley Healthcare Recruitment Services, we value the trust you place in us when providing your personal data. We collect and process your personal information for specific, legitimate purposes that are necessary for the delivery of our recruitment services. Below, we outline the various ways in which we may use your personal data:
3.1 Recruitment and Staffing
Our primary purpose for collecting and processing your personal data is to support you in finding suitable job opportunities. We use your data to:
- Match You with Job Opportunities:
We analyze your skills, qualifications, experience, and preferences to identify and present relevant job roles that match your profile. By reviewing your CV, job history, and qualifications, we can determine the best positions for which you may be a strong candidate.
- Evaluate Your Suitability:
We assess your qualifications, experience, and other relevant information to evaluate whether you are a good fit for the job opportunities we present. This evaluation allows us to connect you with potential employers who are looking for candidates with your skill set.
- Facilitate Recruitment Processes:
Throughout the recruitment process, we will use your personal data to liaise with potential employers, arrange interviews, and share your profile with hiring managers, all with your explicit consent. We may also assist with tasks such as scheduling interviews and providing feedback.
- Maintain an Active Candidate Profile:
If you have registered with us, we may retain your details in our candidate database to ensure we can notify you about future job opportunities that may be a good fit, even if you are not actively seeking a new position.
3.2 Legal and Compliance
In order to ensure that our recruitment processes comply with UK laws and regulations, we may use your personal data for the following legal and compliance purposes:
- Comply with UK Employment Laws:
We use your personal data to comply with legal requirements, such as tax and national insurance obligations, and to ensure that employment practices adhere to relevant regulations. For example, we may use your data to verify that you are eligible to work in the UK.
- Conduct Pre-Employment Checks:
To ensure the suitability and safety of candidates for specific roles, we may carry out necessary pre-employment checks, such as:
- Right-to-Work Checks: Verifying your legal eligibility to work in the UK.
- DBS (Disclosure and Barring Service) Checks: Conducting criminal background checks (where necessary for certain roles, such as in healthcare or other regulated industries).
- References and Verification: We may contact previous employers or educational institutions to verify the details you have provided and confirm your work history, qualifications, and suitability for the position.
- Health and Safety Compliance:
- DBS (Disclosure and Barring Service) Checks: Conducting criminal background checks (where necessary for certain roles, such as in healthcare or other regulated industries).
For roles that require specific health and safety assessments or involve working with vulnerable individuals, we may use your data to ensure compliance with health-related requirements (such as vaccinations, fitness for duty, or other medical requirements) where applicable and lawful.
3.3 Communication
We use your personal data to communicate with you regarding recruitment opportunities, job applications, and other services. The ways in which we use your data for communication include:
- Job Application Updates:
We may contact you to inform you about the status of your job application, including whether you have been shortlisted, invited for an interview, or selected for the role.
- Recruitment Process Notifications:
We may send you updates on the recruitment process, such as details about interview schedules, required documents, or other steps that are part of your application.
- New Job Opportunities:
If you have opted to receive notifications, we may notify you about new job openings that match your skills, qualifications, and preferences.
- General Correspondence:
We may use your contact information to respond to your inquiries, assist with any questions you have regarding our services, or provide you with additional information about available roles.
3.4 Marketing (Optional)
With your explicit consent, we may use your personal data to send you marketing communications related to job opportunities, industry updates, and other recruitment-related information. This includes:
- Job Alerts:
We may send you notifications or alerts about new job opportunities that match your profile. These alerts may be customized based on the preferences you set during registration or during ongoing communications with us.
- Newsletters and Updates:
If you opt-in, we may send you newsletters containing information on job market trends, new services we offer, and relevant career advice that could assist you in your job search.
- Promotions and Special Offers:
We may occasionally send you promotional materials or information about exclusive services or offerings that could be beneficial to your job search.
You can always opt-out of receiving marketing communications by unsubscribing from our emails or by contacting us directly. If you withdraw your consent, we will no longer send you marketing communications, though this will not affect any processing of your personal data that is necessary for fulfilling our contractual or legal obligations.
4. Legal Basis for Processing Your Data
Under the UK General Data Protection Regulation (UK GDPR), we are required to have a lawful basis for processing your personal data. At Serenity Alley Healthcare Recruitment Services, we process your data only when we have a valid legal ground to do so. The following outlines the lawful bases upon which we rely to process your personal data:
4.1 Consent
We may process your personal data based on your explicit consent when you have provided it voluntarily. This applies to situations where we request your permission before processing your data, such as when you opt-in to receive marketing communications. Examples include:
- Marketing Communications:
If you agree to receive newsletters, job alerts, and promotional content, we will process your data based on your consent. You can withdraw this consent at any time by unsubscribing or contacting us, and we will cease sending such communications.
- Optional Data Processing:
There may be instances where we ask for your consent before collecting or processing certain types of personal data, such as when gathering sensitive information like health data or criminal background checks.
4.2 Contractual Necessity
We process your personal data when it is necessary to fulfill our contractual obligations with you, or to take steps at your request prior to entering into a contract. This includes situations where we need your personal data to provide the recruitment services you have requested. Examples include:
- Job Matching and Placement:
To match you with relevant job opportunities and share your details with potential employers, we process your data as part of our agreement to provide you with recruitment services.
- Candidate and Client Agreements:
If you register with us as a candidate or a client, we process your data to fulfill the services we have agreed upon, such as placing you in a job or helping a client find suitable candidates for their vacancies.
- Contractual Arrangements:
If you are hired for a position, we will process your data to administer employment contracts, pay your salary, and ensure compliance with employment-related obligations.
4.3 Legal Obligations
In some cases, we process your personal data to comply with our legal obligations as required by UK law. These legal obligations may include laws governing employment, health and safety, tax reporting, or data protection. Examples include:
- Employment Law Compliance:
We process personal data to ensure that our recruitment practices comply with employment laws in the UK, including verifying your right to work, conducting background checks, and ensuring you meet any statutory requirements for the role you are applying for.
- Right-to-Work Checks:
We are legally required to verify that you have the legal right to work in the UK before we can place you in a role. This process involves collecting certain personal data to confirm your eligibility.
- Regulatory Compliance:
Certain roles, particularly in regulated sectors such as healthcare, require pre-employment checks, such as Disclosure and Barring Service (DBS) checks, medical fitness assessments, or other compliance checks mandated by law.
4.4 Legitimate Interests
We may process your personal data based on our legitimate interests, provided that these interests are not overridden by your rights and freedoms. Legitimate interests are defined as the pursuit of our business goals, as long as it does not infringe on your privacy or data protection rights. Examples of legitimate interests include:
- Improving Recruitment Services:
We process your personal data to assess and improve the quality of our recruitment services. This may include analyzing candidate feedback, streamlining our recruitment process, and improving our overall service offering.
- Managing Client Relationships:
We process personal data to maintain relationships with clients, including communicating about available candidates or vacancies, managing contracts, and ensuring the delivery of high-quality staffing solutions.
- Preventing Fraud and Security Threats:
We may process personal data to prevent fraud, ensure the security of our recruitment processes, and detect potential fraudulent activities that may affect our services or the personal data we hold.
- Internal Business Operations:
As part of our normal business operations, we may use your data to evaluate the effectiveness of our services, conduct business analysis, and improve our overall operations.
4.5 Special Category Data
Certain types of personal data are classified as special category data under the UK GDPR. This includes sensitive information such as health data, racial or ethnic origin, and criminal records. We process this special category data only in specific circumstances where required by law or with your explicit consent. The legal bases for processing special category data include:
- Explicit Consent:
We may process sensitive personal data, such as health information or criminal records, with your explicit consent. For example, we may require health information to assess your suitability for certain job roles that involve physical activity or health-related requirements (e.g., healthcare jobs, or roles involving vulnerable individuals).
- Legal Requirements:
We may process special category data if it is necessary to comply with specific legal obligations, such as conducting background checks for certain regulated roles, or ensuring compliance with health and safety regulations.
We take extra care to ensure the security and confidentiality of your special category data and will only process it in accordance with your consent or when legally required to do so.
This expanded version of Legal Basis for Processing Your Data provides a detailed explanation of the legal grounds for processing personal data under the UK GDPR, ensuring users understand their rights and the reasons their data is processed. Additionally, it clearly addresses the handling of special category data, which requires more stringent controls.
5. Data Sharing
At Serenity Alley Healthcare Recruitment Services, we understand the importance of safeguarding your personal data. However, there are situations in which we may need to share your personal data with third parties in order to provide our services effectively and comply with legal obligations. Below, we explain the circumstances under which we may share your personal data and the safeguards in place to protect it.
5.1 Potential Employers and Clients
One of the primary purposes for collecting your personal data is to help you secure employment opportunities. As part of our recruitment services, we may share your personal data with potential employers and clients to facilitate job placements. This may include sharing:
- CV/Resume
We may provide your CV, qualifications, and work history to prospective employers or clients who are considering you for a role. This will be done only with your explicit consent and in line with your job preferences.
- Application Details
We may share other details, such as your skills, certifications, job preferences, and references, to help employers assess your suitability for their open positions.
- Communication with Employers/Clients
We may also share your contact details with employers or clients for the purpose of coordinating interviews, follow-up communication, or employment offers.
It is important to note that we will only share your data with potential employers or clients once you have provided explicit consent and have agreed to the job opportunities being presented to you.
5.2 Service Providers
In order to provide efficient and high-quality recruitment services, we work with trusted third-party service providers who help us with various tasks. These may include:
- IT and Software Providers:
We may share your data with cloud service providers, data storage platforms, or IT service providers that help us store and manage your personal data securely.
- Payroll and Payment Providers:
If you are successfully placed in a role, we may need to share your financial data (e.g., bank account details) with payroll service providers to ensure proper salary payments and
tax-related processing.
- Background Check and Compliance Providers:
We may engage third-party providers to conduct background checks, such as criminal record checks (e.g., DBS checks), right-to-work verification, and other employment-related checks that are necessary for the recruitment process or required by law.
- Data Processing Contractors:
In some cases, we may share your data with contractors who assist us in performing recruitment functions, such as data entry, CV screening, or talent mapping. All such service providers are contractually obligated to safeguard your data and use it only for the purposes specified by us.
All service providers with whom we share your personal data are required to comply with relevant data protection laws and are bound by confidentiality agreements to protect your information.
5.3 Legal Authorities
We may need to share your personal data with governmental or regulatory bodies to comply with our legal obligations or to protect our legal rights. This could include:
- Government Agencies and Law Enforcement:
In order to comply with legal requirements, we may disclose your personal data to government bodies such as HM Revenue & Customs (HMRC), the Home Office, or other law enforcement agencies. This may occur in cases where we are required to report information for tax purposes, verify your eligibility to work in the UK, or cooperate with investigations.
- Regulatory Bodies:
If you are applying for roles in regulated industries, such as healthcare or education, we may be required to share your data with relevant regulatory bodies for compliance purposes, including ensuring that you meet the necessary legal or industry-specific qualifications (e.g., healthcare professionals needing to meet CQC or NHS standards).
We will ensure that any data shared with legal authorities is done so in accordance with applicable laws and only when required to do so.
5.4 International Transfers
We take the security of your personal data seriously and are committed to ensuring that any international transfers of your data are in full compliance with UK data protection laws. If your personal data is transferred to or stored in a country outside the UK, we will implement appropriate safeguards to ensure that your data remains protected. These safeguards may include:
- Adequacy Decisions:
In some cases, the UK government may have determined that a non-UK country provides an adequate level of data protection (known as an “adequacy decision”). If we transfer your data to such a country, it will be protected in accordance with UK data protection law.
- Standard Contractual Clauses (SCCs):
If the country to which your data is being transferred does not have an adequacy decision, we may use standard contractual clauses approved by the UK government. These clauses are designed to ensure that personal data is protected when transferred to countries outside the UK.
- Other Safeguards:
We may implement other mechanisms, such as binding corporate rules or certification schemes, to protect your data when transferred internationally. We will ensure that all international transfers are in line with the UK GDPR and provide adequate protection for your personal data.
We will only transfer your data to countries or organizations that provide a level of protection that meets or exceeds the standards set out in UK data protection laws.
6. Data Retention
At Serenity Alley Healthcare Recruitment Services, we are committed to ensuring that your personal data is retained only for as long as necessary to fulfill the purposes for which it was collected. We take the protection of your data seriously and have established clear data retention periods, as well as secure processes for data deletion and anonymization once it is no longer required. Below is a detailed breakdown of how long we keep different types of personal data:
6.1 Recruitment-Related Data
In the context of our recruitment services, your personal data, including your CV, application forms, employment history, and interview notes, will generally be retained for the following periods:
- Retention Period: We will retain your recruitment-related data for up to 2 years after our last meaningful interaction with you. This could be the completion of a recruitment process, your application for a role, or a job placement, whichever is the most recent.
Reason for Retention:
This retention period allows us to keep your data on file for potential future job opportunities, ensuring that we can contact you if a suitable role becomes available. Additionally, this period helps us comply with our obligations to maintain accurate records of recruitment activities and communications.
- Your Rights to Request Deletion:
If you wish for your recruitment-related data to be deleted before the 2-year retention period expires, you can submit a request to us. We will respect your wishes and delete the data promptly, provided there are no legal or contractual reasons for retaining it.
6.2 Payroll and Financial Records
If you are successfully placed in a role through our services, we may collect and store financial data, such as your bank account details, salary information, and tax-related documentation, for the purpose of processing payments and complying with tax regulations.
- Retention Period: Your payroll and financial records will be retained for 6 years after the end of the tax year in which the payment was made.
Reason for Retention:
This retention period is required by law under UK tax and accounting regulations. HMRC mandates that businesses retain financial records for at least 6 years to ensure that they can be audited, in case of tax inquiries, or to verify the accuracy of financial filings.
- Your Rights to Request Deletion:
Once the 6-year retention period has passed, your financial data will be securely deleted or anonymized. If you wish to request deletion of this data prior to the expiration of the retention period, please contact us. We will assess your request and comply with applicable legal requirements.
6.3 Other Personal Data
In cases where your personal data is collected for other purposes, such as through marketing communications, job alerts, or client management, we will retain the data for the time necessary to fulfill the purposes for which it was collected. This may include:
- Retention Period for Marketing Data: If you have consented to receive marketing communications, such as job alerts or newsletters, your data will be retained for as long as you continue to engage with these communications. If you withdraw your consent or unsubscribe, we will stop sending marketing messages and delete your data as soon as possible.
- Retention Period for Client Data: If you are a client or employer using our recruitment services, your data will be retained for the duration of our business relationship, plus any additional time necessary to comply with legal or regulatory requirements.
- Retention Period for Marketing Data: If you have consented to receive marketing communications, such as job alerts or newsletters, your data will be retained for as long as you continue to engage with these communications. If you withdraw your consent or unsubscribe, we will stop sending marketing messages and delete your data as soon as possible.
6.4 After the Retention Period
Once the retention period for any specific category of personal data has expired, we take appropriate measures to securely delete or anonymize your data, ensuring that it is no longer accessible or identifiable.
- Secure Deletion:
We use secure methods to delete personal data, such as data wiping, encryption, or other industry-standard techniques to ensure that the data cannot be recovered or reconstructed.
- Anonymization:
In some cases, where it is not possible to delete data (e.g., for statistical purposes or legal compliance), we may anonymize the data. Anonymization means that all personally identifiable information is removed, and the data can no longer be linked to you in any way.
- Continuous Monitoring:
We regularly review our data retention and deletion practices to ensure compliance with legal requirements and industry best practices.
6.5 Special Circumstances
In certain cases, we may be required by law or contractual obligations to retain personal data for longer periods. For example:
- Legal Claims: If we need to retain your data to defend or pursue a legal claim, your data may be retained until the claim is resolved.
- Regulatory Obligations: If any regulatory body requires the retention of your data for audit or compliance purposes, we will comply with their instructions.
- Legal Claims: If we need to retain your data to defend or pursue a legal claim, your data may be retained until the claim is resolved.
7. Your Rights
Under the UK General Data Protection Regulation (UK GDPR), you have several rights concerning the personal data we hold about you. These rights allow you to maintain control over your personal data and to ensure that we handle it in a transparent and lawful manner. Below is a detailed explanation of your rights:
7.1 Right to Access
You have the right to request a copy of the personal data we hold about you. This is commonly referred to as a Subject Access Request.
- What You Can Request:
You can ask us to confirm whether we are processing your personal data, and if so, you can request a copy of that data. You can also request information about how we process it, the purposes of processing, and any third parties with whom we have shared your data.
- How to Exercise This Right:
To exercise this right, simply contact us using the contact details provided in this Privacy Policy.
We will provide you with a copy of your data in a structured, commonly used, and
machine-readable format. If you request additional copies, we may charge a reasonable fee based on administrative costs.
7.2 Right to Rectification
You have the right to correct any personal data that we hold about you that is inaccurate or incomplete.
- What You Can Rectify:
If you notice that any of the data we hold is incorrect (for example, an incorrect address, phone number, or job history), you can request that we rectify it. Additionally, you can ask us to update or complete your data if you believe any part of it is incomplete.
- How to Exercise This Right:
If you believe your data is inaccurate or incomplete, please contact us, and we will make the necessary corrections within one month, as required by UK GDPR.
7.3 Right to Erasure
You have the right to request the deletion of your personal data under certain circumstances. This is commonly referred to as the Right to be Forgotten.
- When This Right Applies: You may request erasure of your data if:
- The data is no longer necessary for the purposes for which it was collected.
- When This Right Applies: You may request erasure of your data if:
- You withdraw your consent (where consent was the lawful basis for processing), and we have no other lawful basis for processing your data.
- You object to the processing, and we have no overriding legitimate grounds for continuing the processing.
- The data was unlawfully processed.
- You withdraw your consent (where consent was the lawful basis for processing), and we have no other lawful basis for processing your data.
- Exceptions:
Please note that there are certain exceptions to this right. For example, we may be required to retain certain data to comply with legal obligations, resolve disputes, or for the establishment, exercise, or defense of legal claims.
- How to Exercise This Right:
To request the deletion of your data, please contact us at info@serenityalley.co.uk, and we will assess your request in line with applicable legal requirements.
7.4 Right to Restrict Processing
You have the right to request that we restrict the processing of your personal data in certain circumstances.
- When This Right Applies:
You may request that we limit how we process your data if:
- You contest the accuracy of your personal data, and we are verifying it.
- The processing is unlawful, but you prefer restriction instead of erasure.
- We no longer need the data for the original purposes, but you require the data for legal claims.
- You object to processing, and we are assessing whether our legitimate grounds override your interests.
- How to Exercise This Right:
- We no longer need the data for the original purposes, but you require the data for legal claims.
To request the restriction of your data processing, please contact us with details of your request, and we will respond within the statutory time frame.
7.5 Right to Data Portability
You have the right to receive your personal data in a structured, commonly used, and
machine-readable format, and you may request to have it transferred to another data controller.
- What This Right Entails:
You can request that we provide your data to you in a commonly used format, such as CSV, XML, or JSON, so that you can transmit it directly to another data controller (for example, another service provider). This right applies only to data that we process based on your consent or contractual necessity.
- How to Exercise This Right:
To exercise your right to data portability, please contact us, and we will provide you with your data in a structured, machine-readable format within one month of your request.
7.6 Right to Object
You have the right to object to the processing of your personal data in certain situations. You can object to processing based on legitimate interests or for direct marketing purposes.
- When This Right Applies:
- Legitimate Interests: If we are processing your data based on legitimate interests, you have the right to object. We will then stop processing your data unless we can demonstrate compelling legitimate grounds for continuing.
- Direct Marketing: If we are processing your data for direct marketing purposes (such as sending newsletters, job alerts, or promotional messages), you have the right to object at any time. Upon receiving your objection, we will stop processing your data for these purposes.
- How to Exercise This Right:
- Legitimate Interests: If we are processing your data based on legitimate interests, you have the right to object. We will then stop processing your data unless we can demonstrate compelling legitimate grounds for continuing.
If you wish to object to our processing of your data for marketing purposes, simply click the unsubscribe link in any email we have sent you or contact us directly.
7.7 Right to Withdraw Consent
If we rely on your consent to process your data, you have the right to withdraw that consent at any time.
- When This Right Applies:
You may have consented to the processing of your data for specific purposes, such as receiving marketing communications. If you no longer wish to receive communications or want us to stop processing your data for that purpose, you can withdraw your consent at any time.
- How to Exercise This Right:
To withdraw your consent, please contact us at info@serenityalley.co.uk or follow the instructions in our communications (such as clicking an unsubscribe link).
7.8 How to Exercise Your Rights
To exercise any of the rights described above, please contact us using the following details:
- Email: info@serenityalley.co.uk
- Phone: 0800 002 9721
- Address: Serenity Alley Healthcare Recruitment Services, 167-169 Great Portland Street, 5th Floor, London, W1W 5PF, England
We will respond to your request within one month from the date of your request. In certain cases, where the request is particularly complex, or if we receive a large number of requests, this period may be extended by an additional two months. If this occurs, we will inform you accordingly.
8. Cookies and Tracking Technologies
At Serenity Alley Healthcare Recruitment Services, we use cookies and similar tracking technologies to enhance your experience when you visit our website. Cookies are small text files that are placed on your device when you access our site. They help us deliver a more personalized and efficient experience, track usage patterns, and ensure that our website functions properly.
Cookies may collect both personal and non-personal data. Below, we explain the different types of cookies and tracking technologies we use, and how you can manage your cookie preferences.
8.1 Types of Cookies We Use
We use the following types of cookies on our website:
1. Essential Cookies
- Purpose: These cookies are necessary for the core functionality of our website. Without them, certain features (such as accessing secure areas of the site, managing your job applications, or submitting your CV) may not work as intended.
- Example: Cookies that enable you to stay logged in during your session or help ensure that the website displays correctly on your device.
- Purpose: These cookies are necessary for the core functionality of our website. Without them, certain features (such as accessing secure areas of the site, managing your job applications, or submitting your CV) may not work as intended.
2. Analytics Cookies
- Purpose: These cookies help us collect information about how you use our website, which pages you visit, and how you interact with our content. This data allows us to assess and improve the performance and usability of the website, ultimately enhancing the user experience.
- Examples: Cookies from services like Google Analytics that track usage data such as the pages viewed, the time spent on our site, the links clicked, and other actions taken on the website. This information is used in an aggregated and anonymous form for analysis.
- How We Use This Data: We use this data to understand the performance of our website, detect errors, optimize navigation, and deliver better, more relevant content.
- Purpose: These cookies help us collect information about how you use our website, which pages you visit, and how you interact with our content. This data allows us to assess and improve the performance and usability of the website, ultimately enhancing the user experience.
3. Marketing Cookies
- Purpose: These cookies are used to deliver targeted job advertisements, job alerts, or other promotional content based on your preferences and activities on our website. Marketing cookies help us serve you relevant content and advertisements across other websites, making our marketing more effective.
- Examples: Cookies that track your browsing history and preferences to deliver personalized job offers or promotions. They may also help us understand the effectiveness of our marketing campaigns by tracking whether users engage with our advertisements.
- Purpose: These cookies are used to deliver targeted job advertisements, job alerts, or other promotional content based on your preferences and activities on our website. Marketing cookies help us serve you relevant content and advertisements across other websites, making our marketing more effective.
8.2 How to Manage Cookies
You have the right to control and manage your cookie preferences. Depending on your browser or device, you can choose to accept or reject cookies, and in some cases, you can delete cookies that have already been placed. Below are your options for managing cookie preferences:
- Cookie Banner: When you visit our website, we display a cookie banner that gives you the option to accept or decline specific types of cookies (such as marketing cookies). You can choose to accept all cookies or only the essential ones, depending on your preferences.
- Browser Settings: Most web browsers allow you to adjust your cookie settings. You can choose to block or delete cookies by navigating to the privacy or security settings in your browser. However, please be aware that blocking essential cookies may impair the functionality of certain features of our website.
- Opting Out of Analytics Cookies: If you do not want your data to be used for analytics purposes, you can opt out of Google Analytics by installing the Google Analytics opt-out browser add-on. This will prevent your data from being used by Google Analytics for statistical purposes.
- Opting Out of Marketing Cookies: You can manage preferences for targeted advertising through third-party platforms, such as the Network Advertising Initiative (NAI) or Digital Advertising Alliance (DAA). These organizations offer tools for opting out of
- Cookie Banner: When you visit our website, we display a cookie banner that gives you the option to accept or decline specific types of cookies (such as marketing cookies). You can choose to accept all cookies or only the essential ones, depending on your preferences.
interest-based advertising across multiple websites.
Please note that if you disable or delete cookies, some parts of our website may not function optimally. You may still be able to access most of our site, but your experience may be less personalized.
8.3 Third-Party Cookies
In addition to the cookies we place on your device, third-party services such as Google, LinkedIn, or other marketing and analytics providers may also place cookies on your device when you visit our website. These third-party cookies are governed by their respective privacy policies and may be used to collect information about your browsing activity across different websites to provide personalized advertising or analytics services.
We encourage you to review the privacy policies of these third-party providers for further details on how they collect and use your data.
8.4 Updates to Our Cookie Policy
We may update this section of our Privacy Policy from time to time to reflect changes in how we use cookies and tracking technologies. We recommend checking this policy periodically to stay informed about how we manage cookies and how you can control your cookie preferences.
9. Security Measures
At Serenity Alley Healthcare Recruitment Services, we take the security of your personal data seriously and have implemented a range of technical and organizational measures designed to protect your data from unauthorized access, alteration, disclosure, or destruction. Our goal is to ensure that your personal data is handled securely and in compliance with relevant data protection laws, such as the UK GDPR.
We use industry-standard security practices to safeguard your information, but it is important to note that no method of electronic transmission or storage is entirely immune to potential risks. Therefore, while we are committed to providing a high level of security, we cannot guarantee the absolute security of your data. Below is an overview of the key security measures we employ:
9.1 Technical Security Measures
- Data Encryption
- Purpose: We use encryption to protect sensitive data, both in transit and at rest. This means that any personal data exchanged between your device and our website is encrypted using secure protocols (e.g., SSL/TLS), making it difficult for unauthorized parties to access or intercept the information.
- Scope: This applies to personal information such as your CV, application forms, and login credentials.
- Purpose: We use encryption to protect sensitive data, both in transit and at rest. This means that any personal data exchanged between your device and our website is encrypted using secure protocols (e.g., SSL/TLS), making it difficult for unauthorized parties to access or intercept the information.
2. Firewalls and Anti-Malware Systems
- Purpose: We deploy firewalls and other advanced security systems to monitor and control incoming and outgoing network traffic. These measures help prevent unauthorized access to our servers and protect against cyber-attacks, such as hacking and data breaches.
- Scope: Firewalls and malware protection are integrated across all systems that store or process your personal data, ensuring that our servers are secure from threats.
- Purpose: We deploy firewalls and other advanced security systems to monitor and control incoming and outgoing network traffic. These measures help prevent unauthorized access to our servers and protect against cyber-attacks, such as hacking and data breaches.
3. Secure Access Protocols
- Purpose: We enforce secure access protocols to ensure that only authorized personnel have access to your data. This includes multi-factor authentication (MFA) and secure login mechanisms for employees who need to access sensitive information.
- Scope: Any staff member who interacts with personal data must authenticate using secure methods, and their access is limited to the data necessary for their specific role.
- Purpose: We enforce secure access protocols to ensure that only authorized personnel have access to your data. This includes multi-factor authentication (MFA) and secure login mechanisms for employees who need to access sensitive information.
9.2 Organizational Security Measures
- Regular Security Audits and Vulnerability Assessments
- Purpose: We conduct regular internal and external security audits to assess the effectiveness of our security measures. These audits identify potential vulnerabilities, allowing us to address them proactively and keep our systems up to date with the latest security standards.
- Scope: Our audits cover all areas of data processing and storage, ensuring that any weaknesses are detected and resolved in a timely manner.
2. Staff Training and Awareness
- Purpose: All employees involved in data handling receive regular training on data protection, privacy laws, and secure data management practices. This ensures that everyone understands their role in safeguarding personal data and is aware of how to spot potential security threats, such as phishing attempts.
- Scope: Staff are trained to handle personal data responsibly and securely, with a focus on minimizing risks associated with human error, such as misplacing or mishandling information.
- Purpose: All employees involved in data handling receive regular training on data protection, privacy laws, and secure data management practices. This ensures that everyone understands their role in safeguarding personal data and is aware of how to spot potential security threats, such as phishing attempts.
3. Data Minimization and Retention Policies
- Purpose: We only collect and retain the minimum amount of personal data necessary to fulfill our recruitment services. Our data retention policy ensures that personal data is kept for no longer than required and is securely deleted or anonymized once it is no longer needed.
- Scope: This minimizes the exposure of your data, ensuring that it is not stored unnecessarily and reducing the risk of unauthorized access.
- Purpose: We only collect and retain the minimum amount of personal data necessary to fulfill our recruitment services. Our data retention policy ensures that personal data is kept for no longer than required and is securely deleted or anonymized once it is no longer needed.
9.3 User Responsibilities
While we strive to provide the highest level of security, it is important that you also take steps to protect your own personal data when interacting with our services. For example, we recommend the following:
- Use Strong Passwords: Ensure that any accounts you create with us are protected with strong, unique passwords. Avoid using easily guessable information or reusing passwords across different sites.
- Protect Your Devices: Make sure that the devices you use to access our services are secured with appropriate security measures, such as antivirus software and firewalls.
- Stay Vigilant: Be cautious of phishing emails or messages that attempt to collect personal information. Always verify the source before clicking on links or opening attachments.
- Use Strong Passwords: Ensure that any accounts you create with us are protected with strong, unique passwords. Avoid using easily guessable information or reusing passwords across different sites.
9.4 Reporting a Security Incident
If you suspect that your personal data has been compromised or if you notice any unusual activity related to your account, please notify us immediately. We take all reports of potential data breaches seriously and will investigate the issue promptly.
To report a security concern or if you have any questions about the security of your data, please contact us at:
- Email: info@serenityalley.co.uk
- Phone: 0800 002 9721
9.5 Limitations of Security
Although we employ a variety of technical and organizational measures to protect your personal data, no system or method of transmission over the internet is completely secure. While we strive to implement robust security protocols, we cannot guarantee that data transmitted through our website or stored on our servers is entirely immune to unauthorized access, disclosure, alteration, or destruction. We recommend that you take additional precautions when interacting online.
10. Updates to This Policy
At Serenity Alley Healthcare Recruitment Services, we are committed to maintaining transparency regarding how we collect, use, and protect your personal data. As part of our ongoing efforts to ensure that we comply with relevant laws and regulations, and to reflect any changes in our business practices, we may periodically update this Privacy Policy.
10.1 Reasons for Updates
There are several reasons we may update this Privacy Policy, including but not limited to:
- Changes in Legal or Regulatory Requirements: Data protection laws, such as the UK GDPR, may evolve, and we will ensure our policy aligns with the latest legal requirements.
- Improvements to Our Services: As our services and technologies evolve, we may update the ways we collect, store, and process personal data. For example, we may integrate new tools or features into our recruitment process, which could affect how data is handled.
- Business Operations: If we expand our services, work with new partners, or change the nature of how we interact with candidates or clients, our policy may need to be updated to reflect these changes.
- Feedback or Recommendations: We may make updates based on feedback from our users, stakeholders, or legal advisors to enhance clarity or improve data protection measures.
- Changes in Legal or Regulatory Requirements: Data protection laws, such as the UK GDPR, may evolve, and we will ensure our policy aligns with the latest legal requirements.
10.2 Availability of Updates
Whenever we update this Privacy Policy, the revised version will be made available on our website. We encourage you to review this policy regularly to stay informed about how we handle your personal data. The “Effective Date” at the top of this policy will always reflect the date of the most recent updates.
10.3 Notifications of Significant Changes
If any updates are significant, we may notify you directly, particularly if the changes affect the way your data is processed. This may be done through email or other communication channels that you have provided us. For example, if we introduce new uses for your personal data or if we plan to share your data with new third parties, we will ensure that you are made aware of these changes and, where necessary, obtain your consent.
10.4 Continued Use of Our Services
By continuing to use our services after the update of this Privacy Policy, you indicate your acceptance of the changes. If you do not agree with the updated policy, you should stop using our services and contact us to request deletion of your data, as outlined in Section 7 (Your Rights).
11. Complaints
At Serenity Alley Healthcare Recruitment Services, we are dedicated to handling your personal data responsibly and in compliance with all relevant data protection laws. If you believe that we have mishandled your personal data or have not processed it in accordance with this Privacy Policy or your rights under the UK General Data Protection Regulation (UK GDPR), you have the right to lodge a complaint.
11.1 Filing a Complaint with Us
Before filing a complaint with the Information Commissioner’s Office (ICO), we encourage you to contact us directly. We will do our best to address your concerns and resolve any issues in a timely and satisfactory manner.
To lodge a complaint with us, please contact our Data Protection Officer (DPO) or the appropriate team using the following contact information:
- Email: info@serenityalley.co.uk
- Phone: 0800 002 9721
- Address: 167-169 Great Portland Street, 5th Floor, London, W1W 5PF, England
We will respond to your complaint promptly and aim to resolve any issues within one month, as required by the UK GDPR. If the complaint is complex or requires more time for investigation, we may extend this period by an additional two months, notifying you of the delay and providing an explanation.
11.2 Filing a Complaint with the ICO
If you are not satisfied with our response or believe that we have not addressed your concerns adequately, you have the right to escalate the matter to the Information Commissioner’s Office (ICO), the UK’s independent authority for data protection.
You can lodge a complaint with the ICO if you believe that we have violated your rights under the UK GDPR or other applicable data protection laws.
Here is how you can contact the ICO:
- Website: https://ico.org.uk
- Phone: 0303 123 1113
- Postal Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, United Kingdom
The ICO has the authority to investigate your complaint, and if necessary, take enforcement action. Please note that you are not required to contact us directly before filing a complaint with the ICO, but we would appreciate the opportunity to address your concerns first.
- Our Commitment to Resolving Issues
12. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy, or if you would like to exercise any of your rights under the UK General Data Protection Regulation (UK GDPR), please do not hesitate to contact us. We are here to assist you and ensure that your personal data is handled in accordance with your expectations and applicable laws.
You can reach us using the following contact information:
Serenity Alley Healthcare Recruitment Services
- Email: info@serenityalley.co.uk
- Phone: 0800 002 9721
- Address: 167-169 Great Portland Street, 5th Floor, London, W1W 5PF, England
We value your privacy and aim to respond to any inquiries or requests as promptly as possible. Whether you need more information about our privacy practices or wish to exercise your rights under the data protection laws, our team is ready to provide you with the necessary assistance.
Thank you for trusting Serenity Alley Healthcare Recruitment Services with your personal data.