Verum Healthcare Consulting (“Verum”) is committed to protecting and respecting your privacy. Under data protections laws, we are a data controller in relation to personal information. This means we are responsible for deciding what information to collect and how it is used.
 

Our contact details are set out in the ‘Contact’ section of this website.
 

This notice explains what personal information we collect, how and why we use it, who we disclose it to, and how we protect it.

Our website is intended for use by our current clients, prospective clients and professional and business contacts.
 

What are the Data Protection laws?
 

The Data Protection Act 2018 contains most of the rules about how personal information should be collected and processed. It is replaced on 25th May 2018 by the EU General Data Protection Regulation (GDPR). Other rules exist which govern things like email direct marketing.
 

This privacy notice takes into account of all of the rules, including GDPR.
 

What personal information do we collect?

​

• People who contact us directly (for example with an enquiry). We will store the information you submit via our website or other forms of contact, which may include your name, contact details, and details about the service you’re interested in or enquiring about.

​

• Existing business contacts. We may collect and hold your contact details and relevant professional information as required to enable our work with you, for example to support contractual or payment requirements, or to support communication with key stakeholders and the delivery of specific engagement activities.
   

Verum will always try to keep the amount of personal information we collect to the minimum needed.

​

How will we use the information we collect about you and why?

​

We take your privacy seriously and will only use your personal information to provide the Services you have requested from us, detailed as identified above. We will use this information subject to your instructions and in accordance with data protection legislation requirements and our duties related to confidentiality.

​

For business with our Clients, our lawful reason for processing personal information will be “legitimate interests”. Under “legitimate interests” we can process your personal information if we have a genuine and legitimate reason and we are not harming any of your rights and interests.

​

Our work for you may require us to pass your information to our third-party service providers / sub-contractors for the purposes of completing tasks and providing the Services to you on our behalf.

​

However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the Services and we have contracts in place that requires them to keep your information secure and not to use it for their own direct marketing purposes.

​

We will never share your information for marketing purposes with companies so that they may offer you their services.

 

What is the lawful basis for processing?

​

In general, we do not require your consent to process your personal information because the processing is necessary:

​

• in order to provide you with the information or services that you’ve requested, or

​

• in order to respond to your enquiry, submitted via the website or by email, or

​

• for legitimate interests, which are to develop and diversify our business and to provide us with insight into the types of people who use our services (this basis applies to business-to-business direct marketing in particular), or

• because we need it to comply with the law.

​

However, you do have the right to object to how we process your personal information, or ask us to restrict processing.  We do not generally collect “sensitive personal data” or “special categories of data” where the rules about how we process it are stricter.

​

If you object to or ask us to restrict the processing of your personal information, this won’t affect the lawfulness of the processing we’ve already carried out. Please see the below for Your Rights section for more details.

​

How we protect your personal information

​

Verum ensures an appropriate level of security to protect your personal information, including protection against unauthorised disclosure or unlawful processing and against accidental or intentional loss, destruction or damage.

​

We employ up to date technologies and systems to protect your personal information from unauthorised disclosure or damage or misuse. We also ensure that our staff receive regulation training about information security and data protection.

We meet the ISO/IEC 27001:2017 standard for information security management systems.

​

We regularly review all our systems, policies and technologies to ensure that these continue to work effectively to protect your personal information.

​

How long will we keep your personal information?

​

We will keep your personal information for as long as is required for the purpose explained in this notice. When we no longer need it, we will archive your personal information, then after twelve (12) months, this will be deleted permanently. We may in certain circumstances need to hold your personal information for longer, for example in relation to a legal dispute or because of regulatory requirements.

​

Your rights in relation to your personal data

​

You have a number of rights under data protections laws. These are:

​

• to request access to your personal information.

​

• to request that your personal information is corrected if it is out of date, inaccurate or incomplete.

​

• to request that your personal information be deleted or removed from our records and systems.

​

• to make a complaint to the Information Commissioners Office. 

​

You also have the right to:

​

• withdraw your consent to the processing of your personal information (where we need your consent to process your personal information).

​

• object to or restrict the processing of your personal information (where we don’t need your consent to process your personal information).

​

• obtain an electronic file of your personal information or have it transferred to another data controller in limited circumstances.

​

How do I exercise my rights?

​

If you would like to make a request to access or correct your personal information, or to exercise any of your other rights, you can contact us at any time using the details set out in the Contact Us section of this website.

​

We will respond to any request received from you within 30 days from the day we receive your request.

​

Please note that some of your rights are restricted, and apply only in certain circumstances. For example, we may refuse to delete your personal information whilst we need it for a valid purpose, including to defend any potential legal claims. We will set out in our response our reasons if we are unable to meet your request.  To find out how to make a complaint to the Information Commissioner’s Office, see Contacting the Information Commissioner’s Office.

​

Contacting the Information Commissioner’s Office (ICO)

​

The ICO is the UK’s independent body set to uphold information rights. You can fine more about the ICO on their website here. The ICO can also be contacted by post, email and by phone.

​

Changes to this Privacy Notice

​

This privacy notice is current as at 3rd August 2021. We make changes from time to time and you should regularly check for updates.