Last Updated October 23, 2025
Introduction
Aisthesis Medical Ltd (“Aisthesis”, “we”, “our”, or “us”) is committed to protecting the privacy and security of your personal information.
You are receiving this Privacy Notice because you are applying for a position with us—whether as an employee, consultant, intern, or contractor. This notice explains how and why we collect and process your personal data during recruitment, how long we retain it, and your rights under data protection law.
This notice complies with the Data Protection Act 2018 (DPA 2018), the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR) (where applicable), and the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR), as well as any subsequent legislation.
If your application is successful, we will provide you with a separate Employee Privacy Notice explaining how we process your information during employment.
“Personal data” means any information that identifies you or can be used to identify you—such as your name, contact details, employment history, or qualifications. It does not include anonymised data, such as diversity statistics collected in a non-identifiable format.
This notice applies to personal data collected and processed during all stages of recruitment, including initial application, interviews, assessments, offers, and onboarding.
We do not generally require special category data (such as health, ethnicity, or religious information) unless it is relevant to the recruitment process (for example, reasonable adjustments for a disability or anonymised diversity monitoring). We recommend that you avoid including sensitive information that is not directly relevant to your application.
Data Controller
Aisthesis Medical Ltd is the data controller for the personal information processed in connection with your application. This means we are responsible for deciding how we hold and use your personal data.
Aisthesis Medical Ltd is registered with the Information Commissioner’s Office (ICO) under registration number [insert ICO number once available].
We have appointed a Data Protection Officer (DPO) to oversee our data protection compliance, advise on our obligations, and act as a contact point for applicants and supervisory authorities.
📧 Contact: dpo@aisthesismedical.com
How We Collect Information About You and What We Use It For
This section explains what personal data we may collect or generate about you during recruitment, how we use it, and the lawful bases for processing it.
Under data protection law, Aisthesis Medical Ltd must have a lawful basis for processing your personal information. In most cases, we rely on one or more of the following:
- Contractual Necessity: Processing is required to take steps at your request before entering into a contract of employment or engagement.
- Legal Obligation: Processing is necessary to comply with a legal or regulatory requirement (for example, verifying your right to work).
- Legitimate Interests: Processing is necessary for our legitimate business purposes—such as recruiting qualified candidates and managing our recruitment processes—except where your rights override those interests.
In some limited circumstances, we may rely on your consent, for example:
- If you have opted in to receive information about future vacancies; or
- If you have consented to us retaining your details for future recruitment opportunities.
You can withdraw your consent at any time by contacting us using the details provided in the “How to Contact Us” section of this notice.
Application and Assessment Process
Information We Collect from You at the Application Stage
When you apply for a role, we collect the personal data you provide in your application materials—such as your CV, cover letter, or online application forms.
This typically includes:
- Name and contact details (email address, phone number, address)
- Employment history and previous experience
- Educational background and professional qualifications
- Skills, certifications, and relevant achievements
- Information you include in written correspondence or messages sent via our website or recruitment channels
You may also choose to include additional details such as your availability, notice period, or preferred working arrangements.
Information We Collect During Interviews and Assessments
If you are invited to participate in interviews, assessments, or technical evaluations, we will collect additional information you provide during these stages.
This may include:
- Your responses during interviews or assessments
- Information about your experience, knowledge, and suitability for the position
- Details you voluntarily share about salary expectations, work preferences, or career goals
We may also record notes, scores, or observations made by our interviewers or hiring managers to help evaluate your application.
Information We Create Ourselves
During recruitment, Aisthesis may generate additional information about you, including:
- Internal assessment notes or feedback on your suitability
- Interview summaries or written evaluations
- References obtained from referees you have identified
- In some cases, professional opinions gathered from trusted contacts in our network (where relevant and appropriate)
This information helps us evaluate candidates consistently and fairly. It forms part of our legitimate business interest in making informed hiring decisions.
We may also use your name and contact details to communicate with you about your application’s progress, schedule interviews, or notify you of outcomes.
Purpose and Lawful Basis for Processing
| Purpose of Processing | Lawful Basis |
|---|---|
| Reviewing and assessing your application, qualifications, and experience | Legitimate Interest |
| Communicating with you throughout the recruitment process | Legitimate Interest |
| Scheduling interviews and assessments | Legitimate Interest |
| Making and communicating employment offers | Contractual Necessity |
| Verifying references, qualifications, and right-to-work documentation | Legal Obligation |
| Maintaining recruitment records for internal reporting and compliance | Legitimate Interest |
| Contacting you about future vacancies (where consent is given) | Consent |
If Your Application Is Successful
If we offer you a position, we will collect additional personal data to prepare for your employment or engagement with Aisthesis Medical Ltd. This allows us to meet our legal, contractual, and operational obligations as an employer.
Background Checks
As part of our pre-employment verification, we may conduct background checks including:
- Confirming your previous employment and references
- Verifying academic and professional qualifications
- Requesting a copy of your P45 (for UK employees) or equivalent tax documentation
- Conducting other relevant checks, such as professional registration validation or eligibility to work in regulated sectors
We process this information based on our legitimate interests in maintaining high standards of integrity, competence, and compliance—and in ensuring that employees are appropriately qualified for their roles.
Identification Information
We will also collect copies of official identification and supporting documents, including:
- Passport, driving licence, or national ID card
- Proof of address (such as a utility bill or bank statement)
- Work permit, visa, or other evidence of right to work (where applicable)
- Photograph and signature (for verification and security purposes)
We collect this information to comply with legal obligations—including immigration and right-to-work requirements—and to fulfil the performance of your employment contract and maintain secure internal systems.
If you are hired, this information will form part of your employee record and be handled according to our Employee Privacy Notice.
Special Categories of Personal Data
| Category | Examples | Purpose | Lawful Basis |
|---|---|---|---|
| Medical/health information (application stage) | Details of any impairment disclosed during recruitment | To make reasonable adjustments during application or interviews | Legal / Employment Law Obligation |
| Immigration information | Passport, visa, work permit | To verify right to work in the UK or EU | Legal / Employment Law Obligation |
| Medical/health (successful candidates) | Health declaration or medical questionnaire | To assess working capacity or workplace adjustments | Contractual / Legal Obligation |
| Diversity and equality data | Race, ethnicity, religion, or sexual orientation | Equal opportunity monitoring and reporting | Legal / Substantial Public Interest |
All special category data is processed with enhanced security and confidentiality safeguards.
What If You Do Not Provide the Personal Data We Request?
Certain information is necessary to process your application or prepare your employment contract. If you do not provide the required data, we may be unable to consider your application or make an offer.
Change of Purpose
We will only use your personal data for the purposes described in this notice, unless we reasonably determine that another compatible purpose applies. If processing for an unrelated purpose is required, we will notify you in advance.
Who We Share Your Information With
We may share your personal data with third parties where required by law, where necessary to fulfil contractual obligations, or where we have a legitimate business interest.
Recipients include:
- IT, hosting, and security providers
- Recruitment and talent management partners
- Legal, HR, and financial advisors
- Professional screening or background-checking providers
All such third parties are contractually bound to protect your data and act only on our instructions.
International Data Transfers
If we transfer your personal data outside the UK or EU, we will ensure appropriate safeguards are in place, such as:
- Standard Contractual Clauses (SCCs)
- UK International Data Transfer Agreements (IDTAs)
- Binding Corporate Rules (BCRs)
- Transfers under recognised data protection frameworks
All transfers comply with applicable Data Protection Legislation.
Data Storage and Security
We store all information you provide on secure, access-controlled servers within the UK or EU, or in other approved jurisdictions.
Appropriate technical and organisational measures are implemented to protect against unauthorised access, loss, or alteration.
Data Retention
- Successful applicants: data retained for employment duration and a reasonable period afterward, per our Employee Privacy Policy.
- Unsuccessful applicants: data retained for up to 12 months after recruitment ends, unless consent is given to retain it longer.
Once retention periods expire, data is securely deleted or anonymised.
Accuracy of Information
Please keep your details up to date during the recruitment process to ensure accuracy.
Your Rights
You have the right to:
- Access your personal data
- Correct inaccurate or incomplete information
- Erase your data (“right to be forgotten”)
- Restrict or object to processing
- Request data portability
📧 To exercise any of these rights, contact: dpo@aisthesismedical.com
Complaints and Oversight
You may contact the Information Commissioner’s Office (ICO) via
🔗 https://ico.org.uk/for-the-public
We encourage contacting us first so we can address any issue promptly.
Fees and Verification
Requests are generally free of charge.
We may request identification to verify your identity before processing certain requests.
Further Information
For more details about our recruitment data practices, contact:
📧 Email: dpo@aisthesismedical.com
📮 Address:
Aisthesis Medical Ltd
London, SE1 7LL
United Kingdom