GDPR Policy for The Talent Collection Ltd.
Effective Date: 22 July 2025
Introduction
The Talent Collection Ltd ("we," "us," or "our") is committed to protecting the privacy and security of personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy outlines how we collect, use, store, share, and protect personal data relating to job seekers ("Candidates"), clients ("Clients"), and other individuals we interact with in the course of our recruitment activities.
We understand the importance of transparency and accountability in data processing. This policy aims to be clear, concise, and easily accessible.
2. About Us
Data Controller:
The Talent Collection Ltd
15708797
40 Parade Ground Path, London, SE18 4BT
dan@thetalentcollection.com
07561300119
www.thetalentcollection.com
3. What Personal Data We Collect
We collect various types of personal data to effectively provide our recruitment services. The data we collect depends on your relationship with us (e.g., Candidate, Client, Supplier).
3.1. Candidates
- Identity Data: Name, date of birth, gender, nationality.
- Contact Data: Address, email address, telephone numbers (mobile and landline).
- Professional Data: CV/Resume, employment history (including job titles, companies, dates of employment, responsibilities), education history (qualifications, institutions, dates), skills, professional memberships, professional references.
- Application Data: Information provided in application forms, cover letters, interview notes, assessment results, and feedback from interviews.
- Immigration Status Data: Information required to verify your right to work in the UK.
- Financial Data (where applicable): Bank details for payroll purposes (for temporary or contract placements).
- Sensitive Personal Data (Special Category Data):
- Diversity Data: Information on racial or ethnic origin, religious or philosophical beliefs, sexual orientation, disability status. This data is collected purely for diversity monitoring purposes (where legally permissible and with explicit consent) and is anonymised where possible. Provision of this data is optional.
- Health Data: Information related to health conditions or disabilities, primarily to make reasonable adjustments during the recruitment process or for workplace health and safety (with explicit consent or where legally required).
- Criminal Convictions Data: Information about criminal convictions and offences, where relevant and legally permissible for specific roles (e.g., roles requiring DBS checks), and processed with appropriate safeguards.
3.2. Clients
- Identity Data: Name, job title.
- Contact Data: Company name, work address, work email address, work telephone numbers.
- Professional Data: Information related to your organisation's recruitment needs, job specifications, interview feedback, and contractual details.
3.3. Suppliers and Other Individuals
- Identity Data: Name, job title.
- Contact Data: Company name, work address, work email address, work telephone numbers.
- Financial Data: Bank details for payment purposes.
- Professional Data: Information related to the services you provide to us.
4. How We Collect Personal Data
We collect personal data through various methods:
- Directly from you: When you apply for a job, register on our website, send us your CV, email us, call us, attend an interview, or complete forms.
- From third parties:
- Job Boards: When you apply for a role through a job board or upload your CV to a public profile.
- Professional Networking Sites: Such as LinkedIn.
- Referrals: From other Candidates or Clients (with their knowledge and consent, where applicable).
- Publicly Available Sources: Such as company websites.
- Background Check Providers: With your consent, where legally required for specific roles.
5. How We Use Personal Data (Purposes of Processing)
We use your personal data for the following purposes:
5.1. For Candidates:
- To provide you with recruitment services and facilitate your job search.
- To match your skills and experience with suitable job vacancies.
- To communicate with you regarding job opportunities, applications, and interview arrangements.
- To submit your details to Clients for consideration for roles, with your consent (or where legitimate interest applies and we have conducted a balancing test).
- To conduct reference checks (with your explicit consent).
- To fulfil legal and regulatory obligations related to recruitment (e.g., right to work checks).
- To respond to your inquiries and requests.
- For diversity monitoring and reporting (anonymised where possible, and based on explicit consent).
- For our legitimate business interests, such as internal record keeping, data analysis, and service improvement.
5.2. For Clients:
- To provide you with recruitment services, including identifying and presenting suitable Candidates.
- To communicate with you regarding your recruitment needs and our services.
- To manage our business relationship and fulfil contractual obligations.
- For billing and accounting purposes.
- For our legitimate business interests, such as internal record keeping, business development, and service improvement.
5.3. For Suppliers and Other Individuals:
- To manage our relationship with you and receive services from you.
- To fulfil contractual obligations.
- For billing and accounting purposes.
- For our legitimate business interests, such as internal record keeping and managing our operations.
6. Lawful Bases for Processing Personal Data
Under UK GDPR, we must have a lawful basis to process your personal data. We rely on the following bases:
- Consent: Where you have given us clear, explicit consent to process your personal data for a specific purpose (e.g., sending your CV to a specific client, collecting diversity data). You have the right to withdraw your consent at any time.
- Contract: Where processing is necessary for the performance of a contract with you, or to take steps at your request before entering into a contract (e.g., to find you a job, to fulfil a service agreement with a client).
- Legitimate Interests: Where processing is necessary for our legitimate interests or those of a third party, and your interests and fundamental rights do not override those interests. We will conduct a legitimate interest assessment (LIA) to balance our interests with your rights. Examples include:
- Storing Candidate CVs for future relevant opportunities where we believe there is a strong alignment of skills and potential interest.
- Maintaining records of Client interactions for business development.
- Using analytics to improve our website and services.
- Legal Obligation: Where processing is necessary for us to comply with a legal or regulatory obligation (e.g., right to work checks, tax requirements, responding to law enforcement requests).
- Vital Interests: Where processing is necessary to protect an individual's life (rarely applicable in recruitment).
- Public Task: Where processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority (not typically relevant for a private recruitment agency).
For Special Category Data: We process special category data only when a specific additional condition applies, such as:
- Explicit Consent: For diversity monitoring or where you have given us explicit permission to process health data for adjustments.
- Employment, Social Security, and Social Protection Law: Where processing is necessary for our obligations or rights in the field of employment law.
- Substantial Public Interest: Where processing is necessary for reasons of substantial public interest, on the basis of UK law.
7. Who We Share Personal Data With
We may share your personal data with the following categories of recipients:
- Clients: We share Candidate personal data (e.g., CVs, interview notes, relevant application details) with our Clients for specific job opportunities, always with your consent (or where legitimate interest has been clearly identified and a balancing test performed).
- Service Providers/Third Parties: Third parties who provide services on our behalf, such as IT support, HR software providers (ATS - Applicant Tracking Systems), payroll providers, background check providers, or professional advisors (e.g., lawyers, accountants). We ensure these third parties are contractually bound to protect your data.
- Regulatory Bodies & Law Enforcement: Where legally required or necessary to comply with legal obligations, enforce our policies, or protect our rights, property, or safety.
- Professional Advisers: Lawyers, auditors, and insurers who provide professional services to us.
- Potential Purchasers: In the event of a merger, acquisition, or sale of all or part of our business.
We do not sell your personal data to any third parties.
8. International Transfers of Personal Data
We generally store and process personal data within the UK. If we need to transfer your personal data outside the UK (e.g., to a Client or service provider located in another country), we will ensure that appropriate safeguards are in place, such as:
- Transferring to countries deemed to provide an adequate level of protection for personal data by the UK government.
- Using standard contractual clauses (SCCs) approved by the ICO.
- Relying on your explicit consent for the specific transfer.
9. Data Security
We implement appropriate technical and organisational measures to protect your personal data from unauthorised access, unlawful processing, accidental loss, destruction, or damage. These measures include:
- Access Controls: Limiting access to personal data to only those employees, agents, contractors, and other third parties who have a legitimate business need to know.
- Data Encryption: Encrypting data where appropriate, especially during transmission.
- Network Security: Using firewalls and other network security measures.
- Regular Backups: Regularly backing up data to prevent loss.
- Staff Training: Providing regular data protection and security training to our staff.
- Physical Security: Securing physical documents and equipment.
10. How Long We Keep Personal Data (Data Retention)
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.
- Candidates:
- If you are successfully placed, your data will form part of your employment record with the Client (and our records if you are a temporary or contract worker), and will be retained in accordance with legal and contractual obligations.
- If you are an unsuccessful candidate, or we have collected your data speculatively, we will retain your data for a period of [e.g., 24 months] from the last meaningful contact or application date, after which it will be securely deleted or anonymised, unless you provide explicit consent for us to retain it for a longer period for future opportunities. We will periodically contact you to renew your consent if we wish to retain your data beyond this period.
- Clients & Suppliers: We retain data for the duration of our business relationship and for a period of [e.g., 7 years] thereafter to comply with legal obligations (e.g., tax, accounting) and for potential future business engagement.
11. Your Data Protection Rights
Under UK GDPR, you have the following rights regarding your personal data:
- The Right to Be Informed: To be informed about how your personal data is collected and used (this privacy policy serves this purpose).
- The Right of Access: To request access to the personal data we hold about you.
- The Right to Rectification: To request that inaccurate or incomplete personal data we hold about you is corrected.
- The Right to Erasure ("Right to Be Forgotten"): To request the deletion or removal of your personal data where there is no compelling reason for its continued processing (e.g., where consent is withdrawn, or data is no longer necessary for the purpose for which it was collected).
- The Right to Restrict Processing: To request the restriction or suppression of your personal data.
- The Right to Data Portability: To obtain and reuse your personal data for your own purposes across different services in a structured, commonly used, and machine-readable format.
- The Right to Object: To object to the processing of your personal data based on legitimate interests or direct marketing.
- Rights in relation to automated decision making and profiling: To object to decisions being made about you that are based solely on automated processing (including profiling) that produces legal or similarly significant effects concerning you.
To exercise any of these rights, please contact us using the details provided in Section 2. We will respond to your request within one month.
12. Changes to This Policy
We may update this GDPR Policy from time to time to reflect changes in our practices or legal requirements. Any updates will be posted on our website and, where appropriate, notified to you directly. We encourage you to review this policy periodically.
13. How to Make a Complaint
If you have concerns about how we have handled your personal data, please contact us in the first instance at [Your Contact Email Address for Data Protection enquiries]. We will do our best to resolve the issue.
If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues.
Information Commissioner's Office (ICO):
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
ICO website: www.ico.org.uk