Privacy Policy
Effective Date: 26 August 2025
Overview
Alvius Ltd (“Alvius”, “we”, “our”, or “us”) is committed to protecting your personal data and complying with all applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (“Data Protection Laws”). This Privacy Policy describes how we collect, use, disclose, and protect personal data when you use our websites, platform services, or interact with us directly.
Who We Are
Alvius Ltd is a UK-based technology provider that delivers cloud-based software platforms to enable recruitment agencies, managed service providers (MSPs), and client organisations to manage temporary worker compliance, candidate vetting, talent pooling, shift booking, invoicing, and timesheet workflows.
Scope
This Privacy Policy applies to the processing of personal data by us in connection with:
- Customers: Where we provide our services or products to you for the benefit of end users.
- Suppliers: For the provision of products and services to us by suppliers or service providers.
- Website visitors: Where you are a visitor on our website.
Data Roles and Responsibilities
- Controller: Alvius is a data controller for personal data we collect directly (e.g., from clients, prospects, suppliers, or our own staff).
- Processor: Alvius is a data processor when operating services on behalf of clients, who control the purpose and use of the data.
Types of Personal Data
Personal data or personal information means any information about an individual from which that person can be identified. It does not include anonymised data where the identity has been removed. Anonymised data falls outside the scope of Data Protection Laws.
What Personal Data We Collect
As a Data Controller (Business Operations)
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together:
- Identity Data: First name, last name, username or similar identifier and title.
- Contact Data: Billing address, email address and telephone numbers.
- Financial Data: Bank account and payment card details.
- Transaction Data: Details about payments to and from you and other transaction details for the provision of services.
- Technical Data: Internet protocol (IP) address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website or platform.
- Profile Data: Username and password, searches made by you, ratings and comments, preferences, feedback and survey responses.
- Usage Data: Information about how you use our website and services.
- Marketing and Communications Data: Preferences in receiving marketing from us and communication preferences.
As a Data Processor (Platform Use)
We may process the following categories of data on behalf of our clients:
- Identity Data: First name, last name, username or similar identifier, title and date of birth.
- Contact Data: Billing address, email address and telephone numbers.
- Work Data: CVs, work history, training records, job preferences.
- Checks Data: Right to work documentation, national insurance numbers, criminal background checks (e.g., DBS), safeguarding, QTS/NCTL status.
- Timesheet Data: Timesheets, shift history, approvals.
- Diversity and Health Data: If voluntarily submitted and permitted by law.
- Technical Data: Platform usage logs and system access records.
How We Use Personal Data
Depending on your relationship with us we may process the categories of data above and categories of personal data specific to you. Please see below in the Processing Tables on how we may process your personal data depending on our relationship with you and our lawful basis for doing so.
Lawful Bases: How We Use Your Personal Data
- Performance of a contract: Where we need to perform the contract we are about to enter into or have entered into with you.
- Legal obligation: Where we need to comply with a legal obligation.
- Legitimate interests: Where it is necessary for our legitimate interests or those of a third party and your interests and fundamental rights do not override those interests.
- Consent: Where we rely on consent, you have the right to withdraw consent at any time.
- Vital interests: Where necessary to protect your vital interests in case of emergencies.
- Public obligation: Where necessary to comply with matters of public health or public interest.
How We Collect Your Personal Data
Directly From You
You give us your personal data in your direct interactions with us by filling in forms on our website, leaving ratings and comments, or corresponding with us by email, post or telephone.
Third-Party Sources
- Where other parties send us your personal data to enable the provision of our services to you.
- Where you provide your personal data to a third party for the purpose of sharing it with us.
If you provide us with personal data about someone else, you are responsible for ensuring you have the necessary consent to do so.
Customer: Processing Information
| Processing Activities | Categories of Personal Data | Lawful Basis |
|---|---|---|
| Operating our platforms and services | Identity Data, Contact Data | Performance of a contract |
| Sign you up to our products/services | Identity Data, Contact Data | Performance of a contract |
| Facilitate account creation and login | Identity Data, Contact Data | Performance of a contract |
| Respond to enquiries | Identity Data, Contact Data | Performance of a contract; Legitimate interests |
| Manage payments, fees and recover money owed | Identity, Contact, Financial, Transaction Data | Performance of a contract; Legitimate interests |
| Compliance and vetting workflows | Identity Data, Contact Data | Performance of a contract |
| Manage user access and authentication | Identity Data, Contact Data | Performance of a contract |
| Marketing communications | Identity Data, Contact Data | Consent or Soft Opt-in |
| Webinars and demos | Identity Data, Contact Data | Performance of a contract |
| Testimonials | Identity Data | Consent |
| Platform administration and protection | Identity, Contact, Technical Data | Legitimate interests; Legal obligation |
Supplier: Processing Information
| Processing Activities | Categories of Personal Data | Lawful Basis |
|---|---|---|
| Provide services and products to us | Identity, Contact Data | Performance of a contract |
| Manage payments owed to you | Identity, Contact, Financial, Transaction Data | Performance of a contract |
| Product/service support engagement | Identity, Contact Data | Performance of a contract; Legitimate interests |
Website Visitor: Processing Information
| Processing Activities | Categories of Personal Data | Lawful Basis |
|---|---|---|
| Respond to website enquiries | Identity, Contact Data | Legitimate interests |
| Notify about policy updates | Identity, Contact Data | Legitimate interests |
| Website administration and protection | Identity, Contact, Technical Data | Legitimate interests; Legal obligation |
| Deliver relevant content and advertising | Identity, Contact, Profile, Usage, Marketing, Technical Data | Legitimate interests |
| Analytics and service improvement | Technical Data, Usage Data | Legitimate interests; Consent where required |
| Non-essential cookies | Technical Data | Consent |
Cookies and Similar Technologies
We gather information and statistics collectively about visitors to our website to improve our services. Please refer to our cookies notice for further details.
Providing Personal Data
If you do not provide personal data where required by law or contract, we may not be able to provide our services.
Marketing Communications
You may unsubscribe from marketing communications at any time using the unsubscribe link in communications or by contacting us.
How We Share Your Personal Data
- Internally: Employees and contractors on a need-to-know basis.
- Within our Group: Group companies for service provision.
- Suppliers: IT, communications and outsourced support providers.
- Professional advisers: Lawyers, auditors, insurers and bankers.
- Payment service intermediaries
- Law enforcement and regulators
- Advertising networks and analytics providers
- Third parties in business transfers
International Transfers
We transfer personal data only where adequate protection mechanisms are in place, including adequacy decisions and UK-approved safeguard mechanisms.
Data Security
We maintain an ISO 27001-certified Information Security Management System (ISMS), including encryption, access controls, secure hosting, vulnerability testing, incident response procedures, confidentiality agreements and audits.
Data Retention
We retain personal data only as long as necessary for legal and business purposes. Once no longer required, data is securely deleted or anonymised.
Your Rights
- Request access
- Request correction
- Request erasure
- Object to processing
- Request restriction
- Request data portability
- Withdraw consent
Concerns and Complaints
You may contact us first or complain to the UK Information Commissioner’s Office (ICO) or another relevant supervisory authority.
Linked Websites
Third-party websites are not governed by this policy.
Contact Us
Company Name: Alvius Ltd
Registered Address: 2 Hinksey Court, Church
Way, Oxford, England, OX2 9SX
Contact Email: contact@alvius.com
Updates to This Policy
We may update this Privacy Policy from time to time and will notify you where required.
Version Date: 26th August 2025