GDPR Candidate Agreement (Updated April 2025)
This notice outlines the basis on which we collect, use, and process any personal data you provide to us, or that we obtain from other sources, in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
About the GDPR
The General Data Protection Regulation (Regulation (EU) 2016/679), as retained in UK law following Brexit, sets out principles and rights designed to protect individuals’ privacy. It provides a robust framework for organisations that process personal data and reinforces the rights of individuals.
This notice reflects your rights as of April 2025.
The Information We Collect
To support our core recruitment activities, we may collect and process the following personal data:
-
Name, address, and postcode
-
Personal and professional email addresses and telephone numbers
-
CV and work history, including employment preferences and salary expectations
-
Educational qualifications and reference details
-
Right to work documentation (e.g., passport, visa)
-
Compliance and financial information (e.g., for payroll or IR35 purposes)
-
Links to publicly available professional profiles (e.g., LinkedIn)
-
A photograph (if voluntarily provided)
How We Collect Your Information
Your personal data may be collected through:
-
Direct interactions (e.g., registration via our website, job applications, phone calls, emails)
-
Participation in our services (e.g., subscribing to job alerts, applying for roles, attending events)
-
Engagement with our digital platforms (e.g., website forms, surveys, or social media tools)
-
Third-party sources, such as job boards, CV libraries, LinkedIn, or personal recommendations
When data is obtained from a third-party or public source, we will notify you within 30 days, informing you of the data source, whether it was publicly accessible, and how we intend to use the data.
Our Legal Basis for Processing Your Data
We process your data under the following lawful bases:
-
Legitimate Interests: Where processing is necessary for our recruitment services
-
Contract: Where we are entering into or have entered into a contract with you
-
Legal Obligation: Where processing is required by law (e.g., right-to-work checks)
For further details on lawful bases, we recommend consulting the ICO guidance:
https://ico.org.uk/for-organisations/guide-to-data-protection/
Where Your Data Is Stored
Your personal data is stored securely on our recruitment platform, which is hosted on Microsoft Azure’s European data centres. These facilities are protected by multiple layers of security, including biometric access, 24/7 on-site staff, and advanced alarm systems.
Data Retention Policy
We retain data based on the following criteria:
-
The nature and sensitivity of the data
-
Its accuracy and relevance over time
-
Your level of engagement with our services
-
Legal or contractual obligations
We currently retain data for up to 2 years for candidates who have not been placed and show no recent engagement. Upon expiry, data may be:
-
Archived
-
Deleted from our recruitment software
-
Anonymised to prevent accidental reinsertion, particularly if you request data deletion or suppression
Where we are required to keep data for legal, financial, or audit purposes (e.g., after a placement), this will be done securely and only for as long as necessary.
Your Rights Under the UK GDPR
You have the right to:
-
Be informed about how your data is used
-
Access your personal data
-
Request correction of inaccurate or incomplete data
-
Request deletion of your data under certain conditions
-
Restrict or object to data processing
-
Request data portability
-
Object to automated decision-making and profiling
You can manage or update your data by logging into your profile via our website.
If you wish to exercise any of your rights or have questions about this policy, please contact us directly.