Aureum Global Ltd is a digital health technology company registered in England and Wales (Company No. 16862523). We operate a modular clinical platform connecting individuals, clinicians, and organisations. Our registered email is admin@aureumglobal.co.uk. We are registered with the Information Commissioner's Office as a data controller.
We collect the following categories of personal data:
Account data: Name, email address, and authentication credentials required to operate your account.
Clinical and health data (special category): Psychological assessment responses, programme progress, session notes, and outcome measures. This data is held under Article 9 UK GDPR with your explicit consent.
Usage data: Platform engagement patterns used solely to personalise your programme. Anonymised before any aggregate analysis.
Communications: Any messages you send us via our contact form or email.
We use your data to: deliver and personalise the platform; connect you with clinical practitioners where requested; provide aggregate anonymised reporting to corporate clients; comply with our legal obligations; and communicate with you about your account.
We do not use your data for advertising. We do not sell your data. We do not profile you for commercial purposes.
Contract: Account management and service delivery.
Explicit consent (Art. 9): All special category health and psychological data.
Legitimate interests: Platform improvement using anonymised aggregate data.
Legal obligation: Compliance with applicable law.
We share data only with: clinical practitioners you have consented to work with; IT infrastructure providers under data processing agreements; corporate clients in anonymised aggregate form only. We never share individual psychological data with employers. We never transfer data outside the UK or EEA without explicit consent.
Account data is held for the duration of your account plus 12 months. Clinical records are held for 7 years following your last session, in line with NHS clinical standards. You may request deletion at any time; we will action all deletion requests within 30 days subject to any legal retention obligations.
Under UK GDPR you have the right to: access your data; correct inaccurate data; request erasure; restrict processing; data portability; and object to processing. To exercise any right, contact admin@aureumglobal.co.uk. You also have the right to lodge a complaint with the ICO at ico.org.uk.
All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Clinical records are encrypted at record level. Infrastructure is hosted in the UK and EU. We conduct regular security reviews and maintain incident response procedures.
Data controller: Aureum Global Ltd, Company No. 16862523. Email: admin@aureumglobal.co.uk. For data protection queries write to us at the registered company address or email privacy enquiries to admin@aureumglobal.co.uk.