ADAPTABLE RECRUITMENT – UK GDPR & PRIVACY POLICY (2026 UPDATE)

Updated to comply with UK GDPR and the Data Protection Act 2018.

  1. Introduction & Commitment Statement

Accountable Recruitment Limited (“we”, “us”, “our”) is committed to protecting the privacy and security of all individuals whose personal data we process.

We act as an independent Data Controller, registered with the UK Information Commissioner’s Office (ICO), registration number ZB587131.

This policy explains how we collect, use, store, share and protect personal information in accordance with:

  • UK General Data Protection Regulation (UK GDPR)
  • Data Protection Act 2018 (DPA 2018)
  • Privacy & Electronic Communications Regulations (PECR)

This policy applies to:

  • Candidates
  • Clients
  • Supplier contacts
  • Website users

Any individual whose data we process during recruitment activity

  1. What Personal Data We Collect

2.1 Candidates

To match you to suitable job opportunities, we collect:

  • Contact details (name, phone, email)
  • CV and career history
  • Education, qualifications, skills
  • Right‑to‑work status
  • Emergency contacts
  • Financial information where roles require it
  • Information from third‑party job boards such as Reed, LinkedIn, GAAPweb, etc.

Special category data (where necessary)

  • Diversity information
  • Health‑related information
  • Criminal‑record information

Where these categories apply, processing complies with Article 9 UK GDPR and Schedule 1 DPA 2018 (e.g., employment law obligations, equality monitoring). Explicit consent is only used where legally appropriate.

2.2 Clients

We process:

  • Business contact names and details
  • Hiring requirements
  • Communications and instructions
  • Reference requests

This enables us to provide recruitment services and relevant market information.

2.3 Suppliers

We process:

  • Contact details
  • Bank/payment information
  1. How We Collect Personal Data

We collect data through:

  • Direct communication with you
  • CV submissions
  • Website forms
  • Recruitment platforms (Reed, LinkedIn, GAAPweb and other job boards you registered with)
  • Referrals
  • Client instructions
  1. Lawful Basis for Processing

We process personal data under the following legal bases:

4.1 Legitimate Interests

To:

  • Source employment opportunities
  • Introduce candidates to clients
  • Maintain business relationships
  • Promote relevant events and opportunities

4.2 Contractual Necessity

Where processing is required to perform our recruitment services.

4.3 Legal Obligations

To meet employment‑law or right‑to‑work requirements.

4.4 Consent

Only where required for specific processing (e.g., certain special‑category data), and may be withdrawn at any time.

  1. How We Use Personal Data

Candidates

  • Matching you with job vacancies
  • Sharing your profile with prospective employers
  • Contacting you about current and future opportunities

Clients

  • Providing recruitment services
  • Communicating candidate options
  • Providing market insight

Suppliers

  • Managing contracts and payments
  1. Who We Share Personal Data With

We may share your data with:

  • Prospective employers (with your knowledge)
  • Background‑checking providers where requested
  • Technology and CRM suppliers acting as processors
  • Legal or regulatory authorities where required
  1. International Transfers

We do not transfer your personal data outside the UK.
If this ever becomes necessary, we will apply the UK International Data Transfer Agreement (IDTA) or the UK Addendum to EU SCCs and inform you accordingly. 

  1. Data Retention

We retain personal data only as long as necessary for recruitment purposes or legal obligations:

  • Candidates:Data retained for up to [12–24 months] unless you request deletion or opt out of future updates.
  • Clients/Suppliers:Data retained for the duration of the relationship and for legally required periods.
  • Unsubscribe list:Retained solely to ensure no further contact.

You may ask us to delete your data at any time.

  1. Your Rights Under UK GDPR

You have the right to:

  • Access your data
  • Rectify inaccurate data
  • Request erasure (“right to be forgotten”)
  • Restrict or object to processing
  • Data portability
  • Withdraw consent at any time
  • Lodge complaints with the ICO (www.ico.org.uk)

Requests can be made via the contact details below.

  1. Data Security

We use a range of technical and organisational measures to secure personal data, including:

  • Secure servers and access controls
  • Staff training in data protection
  • Encryption where appropriate
  • Regular system monitoring
  • Data minimisation
  1. Automated Decision‑Making

We do not perform automated decision‑making or profiling. If we introduce such systems, we will update this policy and notify affected individuals.

  1. Cookies & Website Tracking

If the website uses cookies, analytics or tracking technologies, these will be described in our Cookie Policy, with consent gathered where required under PECR.

  1. Contact Details

For all data‑protection enquiries, rights requests, or concerns, contact our Data Protection Lead:

Email:

You may also request a copy of this policy in alternative formats.

  1. Updates to This Policy

We review and update this policy regularly to reflect legislative changes or updates in our practices. The most recent revision date is:
24 March 2026