auratus GROUP

Privacy Policy

Auratus Privacy Notice 

At Auratus UK, safeguarding your personal information is a top priority. How we collect, use, store and share your data is crucial to maintaining your trust. This privacy notice explains how we handle your personal information and applies to all individual consumers of our services, including service clients, contract parties, or anyone we interact with in the course of business.

What is personal information?

‘’Personal information’’ refers to any data that can identify an individual, such as name, address, email, phone number, and financial details. This may apply to customers, their representatives, employees, business contacts, and suppliers. Any mention of ‘’information’’ or ‘’data’’ in this privacy notice refers to personal information about a living individual.

What information we collect, use, and why

Information you supply to us. You may supply us with information about you by filling in forms on our website. This includes information you provide when you submit a contact/enquiry form. The information you give us may include:

  • Name
  • Address
  • E-mail address
  • Phone number
  • Business contacts

Information our website automatically collects about you. 

In compliance with our cookie policy and data protection regulations, we want to inform you that during each visit to our website, we may automatically collect certain technical information. This data includes a truncated and anonymised version of your Internet Protocol (IP) address, browser type and version, operating system, and platform. This information is gathered to help us improve our website's functionality and user experience.

Please be assured that any data we collect is anonymised to protect your privacy and is not used to personally identify you. We utilise this information solely for analytical purposes, such as understanding how visitors interact with our website, optimising performance, and enhancing security measures.

Information for operation of client services, we may collect or use the following personal information:

  • Name
  • Contact details 
  • Bank details
  • Telephone numbers
  • Business contact details

Information for recruitment purposes, we collect or use the following personal information:

  • Contact details (e.g. name, address, telephone number or personal email address)
  • Date of birth
  • National Insurance number
  • Copies of passports or other photo ID
  • Employment history (e.g. job application, employment references or secondary employment)
  • Education history (e.g. qualifications)
  • Right to work information

We may also collect or use the following special category information for recruitment purposes:

  • Racial or ethnic origin
  • Health information
  • Sexual orientation information

How we may use your information 

  • To carry out our responsibilities resulting from any agreements you’ve entered into with us.
  • To comply with any applicable legal or regulatory requirements 
  • Tell you about changes to our services
  • To operate our business effectively and appropriately, we may conduct activities such as system testing, evaluating business capabilities, planning, communication, quality assurance, and audits.

Lawful bases for processing your information: 

Under UK data protection laws, we must have a ‘’lawful basis’’ for collecting and using your personal information. There is a list of possible lawful bases in the UK GDPR. You can find out more about lawful bases on the ICO’s website. Which lawful basis we rely on may affect your data protection rights which are in brief set out below. You can find out more about your data protection rights and the exemptions which may apply on the ICOs website.

Our lawful bases for collecting or using personal information for the operation of client or customer accounts are:

  • Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.
  • Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.
  • Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:
  • Providing services to clients that may require them to share some of your personal information (clients customers) to fulfil our contractual agreement. Our contractual agreement, however, is with the client and not directly with their customers.
  • To use your personal data for any purposes not explicitly described in this privacy notice, we will rely on our legitimate interest. To do this, a Legitimate Interest Assessment (LIA) will be carried out with focus on the purpose, necessity and balancing test against your rights and freedoms under data protection laws. 

Our lawful basis for collecting or using personal information for dealing with queries, complaints or claims are:

  • Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.

Our lawful bases for collecting or using personal information for recruitment purposes are:

  • Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.
  • Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.

Our lawful basis for collecting and using sensitive information:

  • Special Category Information: We may process sensitive information including medical information, racial or ethnic origin, and any other relevant sensitive details obtained from you or third parties. We will only process information necessary for specific purposes, with a lawful bases such as Vital Interests, Public Interest in compliance with applicable law, or your Explicit Consent.

Security and Privacy Commitments

At Auratus, safeguarding your personal information is a top priority. We are committed to ensuring the confidentiality, integrity, and security of your data through a robust set of technical and organisational measures. These safeguards are designed to protect your information from unauthorised access, unlawful processing, accidental loss, destruction, or damage. Below are the key security practices we employ:

  • We employ strong encryption protocols to protect your personal data, both during transmission and when stored within our systems. Encryption ensures that any data exchanged with or stored by Auratus remains secure and unreadable to unauthorised parties. Whether data is in transit or at rest, it is protected from interception and misuse.
  • To ensure the confidentiality of your data, we have established strict access control mechanisms. Only authorised personnel are granted access to sensitive information, and this access is governed by role-based access control (RBAC). This system limits access based on specific job functions, ensuring that only those who need it to perform their duties can view or process personal data.
  • We enforce the use of multi-factor authentication (MFA) for all users accessing sensitive systems. This additional layer of security further reduces the risk of unauthorised access, ensuring that even if login credentials are compromised, the security of your data remains intact.
  • We conduct regular risk assessments and security audits to evaluate potential threats and vulnerabilities in our systems. This proactive approach allows us to identify and address any weaknesses promptly, minimising the risk of data breaches and fraud.
  • Your personal information is stored securely in a controlled environment. We implement both physical and technical measures to ensure that data is protected from unauthorised access. Our systems are regularly updated and monitored to maintain the highest level of security.
  • While we take every measure to protect your personal information, we also advise you to maintain the confidentiality of your login credentials. Usernames, passwords, and other identification details should not be shared or disclosed to anyone, as these are the first line of defence against unauthorised access.
  • We continuously monitor our systems for potential security threats. Regular updates, security patches, and vulnerability testing are part of our ongoing efforts to stay ahead of emerging risks. Our monitoring processes ensure that we can detect and respond to any security issues before they can impact your data.
  • While we employ industry-leading security measures, no system is entirely immune to risk. We cannot guarantee the absolute security of information transmitted over the internet or similar connections. We encourage you to take reasonable steps to protect your personal data, including keeping your login credentials private and secure.
  • In the unlikely event of a serious data breach or suspected security incident, we will act swiftly to mitigate any potential harm. We will notify the Information Commissioner’s Office (ICO) without undue delay and within 72 hours, as per regulatory requirements. We are committed to transparency and will inform affected individuals promptly if their data is at risk.

How long we keep information

We retain your personal information according to our internal policies, based on legal or regulatory minimum retention periods. If necessary, we may retain it longer for valid business reasons. In rare cases where deletion is technically impossible, we will render the data inaccessible, ensuring it is not used, accessed, or shared, and your rights and freedoms remain protected.

Who we share information with

We may share your personal information with third party processors for data storage activities.

We may also share personal information with fraud prevention agencies to prevent fraud, money laundering, and verify your identity. If false or inaccurate information is detected and fraud is confirmed, we will report it to these agencies. Law enforcement may also access and use this information. The information you provide to Auratus may also be share with:

  • Professional or legal advisors
  • Regulatory authorities
  • External auditors
  • Organisations we’re legally obliged to share personal information with
  • Suppliers and service providers

We may share your personal data to countries located outside the UK and EEA, provided that these countries have been deemed by the UK Government or the European Commission to offer an adequate level of data protection. Such adequacy decisions indicate that these countries have legal frameworks and protections comparable to those required under the UK and EU GDPR. As a result, your personal data will be handled with the same level of care and security as it would within the UK or EEA.

For transfers to countries that do not benefit from an adequacy decision, we take additional measures to ensure your data remains protected. Before transferring or granting access to your personal data in these cases, we conduct a comprehensive Transfer Risk Assessment (TRA) to evaluate the specific risks associated with the transfer. Additionally, we ensure that appropriate safeguards, such as an International Data Transfer Agreement (IDTA) or, where applicable, Standard Contractual Clauses (SCCs), are in place. These safeguards establish legally binding commitments to protect your personal data and provide enforceable rights and remedies in case of misuse.

Our goal is to ensure that regardless of where your personal data is processed or accessed, it is treated in full compliance with applicable data protection laws, and your rights and freedoms are consistently upheld.

Your rights under data protection laws

  • Your right of access – You have the right to ask us for copies of your personal information. You can request other information such as details about where we get personal information from and who we share personal information with. There are some exemptions which means you may not receive all the information you ask for. 
  • Your right to rectification – You have the right to ask us to correct or delete personal information you think is inaccurate or incomplete.
  • Your right to erasure – You have the right to ask us to delete your personal information.
  • Your right to restriction of processing – you have the right to object to the processing of your personal data. 
  • Your right to data portability – you have the right to ask that we transfer the personal information you gave us to another organisation, or to you
  • Your right to withdraw consent – when we use consent as our lawful basis you have the right to withdraw your consent at any time.

If you exercise your rights or make a request, we must respond to you without undue delay and in any event within one month. 

To make a data protection rights request, please contact us, privacy@auratus.co.uk

How to complain

For questions, complaints, concerns about this privacy notice, please contact  privacy@auratus.co.uk

If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the ICO.

The ICO’s address:           

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113

Website: https://www.ico.org.uk/make-a-complaint

By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Cookie Policy for more information.
Preferences Deny Accept