top of page

Privacy Policy

Effective Date: 1st June 2026

Welcome to RIVA Healthcare ("we", "us", or "our"). This Privacy Policy sets out how we collect, use, store, and protect your personal data when you use our website and recruitment services.

We are committed to processing personal data lawfully, fairly, and transparently, in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

RIVA Healthcare is a healthcare recruitment agency operating in the United Kingdom, specialising in the placement of healthcare professionals.


For the purposes of applicable data protection law, we act as the data controller in respect of your personal data.


Contact Details:


Email: info@rivahealthcare.net
Address: Office 1, Izabella House, 24-26 Regent Place, Birmingham, B1 3NJ

Telephone: 07437018116

2. Scope of This Policy

This Privacy Policy applies to:​

 

  • Candidates seeking employment through us

  • Clients engaging our recruitment services

  • Users of our website

3. Personal Data We Collect

We may collect, use, store, and transfer the following categories of personal data:


3.1 Candidates​

 

  • Identity Data: full name, date of birth

  • Contact Data: address, email address, telephone number

  • Professional Data: CV, employment history, qualifications, training, registrations

  • Compliance Data: right to work documentation, references, background checks

  • Special Category Data: health information where necessary for role suitability

  • Criminal Convictions Data: DBS and safeguarding checks where required by law


3.2 Clients​

 

  • Identity and Contact Data of representatives

  • Business and engagement information


3.3 Website Users​

 

  • Technical Data: IP address, browser type, device information

  • Usage Data: pages visited, time spent on site

  • Cookie Data (see Section 11)

4. How We Use Your Personal Data

We process your personal data for the following purposes:​

 

  • To provide recruitment and staffing services

  • To assess suitability for roles and match candidates with clients

  • To carry out compliance checks (including identity, right to work, and safeguarding)

  • To communicate with you regarding roles, applications, or services

  • To manage our business operations and improve our services

  • To comply with legal and regulatory obligations

5. Lawful Bases for Processing

We rely on the following lawful bases under UK GDPR:

  • Contractual Necessity – where processing is necessary to perform a contract with you

  • Legal Obligation – to comply with legal or regulatory requirements

  • Legitimate Interests – to operate and improve our business, provided your rights are not overridden

  • Consent – where required, particularly for certain communications or processing activities

Where we process special category data, we rely on additional lawful conditions such as employment, social security, and social protection law obligations.

6. Disclosure of Your Personal Data

We may share your personal data with:​

 

  • Healthcare organisations and clients for recruitment purposes

  • Regulatory authorities and professional bodies (e.g. for compliance checks)

  • Third-party service providers (including IT systems, payroll, and compliance platforms)


All third parties are required to respect the security of your personal data and process it in accordance with applicable law.

7. International Data Transfers

Where we transfer personal data outside the United Kingdom, we ensure appropriate safeguards are in place, such as adequacy regulations or standard contractual clauses.

8. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including satisfying legal, regulatory, tax, or reporting requirements.


Retention periods are determined based on the nature of the data and legal obligations applicable to healthcare recruitment.

9. Data Security

We implement appropriate technical and organisational measures to protect personal data from unauthorised access, alteration, disclosure, or destruction.


Access to personal data is limited to those employees, agents, and contractors who have a legitimate business need to know.

10. Your Legal Rights

Under UK data protection law, you have the following rights:

  • The right to access your personal data

  • The right to rectification of inaccurate or incomplete data

  • The right to erasure ("right to be forgotten")

  • The right to restrict processing

  • The right to data portability

  • The right to object to processing

  • The right to withdraw consent at any time (where applicable)

 

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.

11. Cookies

Our website uses cookies and similar technologies to distinguish you from other users and improve your browsing experience.


You can manage or disable cookies through your browser settings. Set your browser to refuse cookies or notify you when cookies are being sent.

12. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of those websites.

13. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy at any time. Any changes will be posted on this page and, where appropriate, notified to you.

14. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: info@rivahealthcare.net
Address: Office 1, Izabella House, 24-26 Regent Place, Birmingham, B1 3NJ

Last Updated: 1st June 2026

bottom of page