Skip to main content
AR Recruitment

 GDPR Compliance Policy

 

**Last Updated: 25 February 2025**

 

   1. Introduction

 

AR Recruitment ("we," "our," or "us"), a trading name of Nejobsne1 Ltd, is committed to protecting the personal data of our clients, candidates, employees, and website users in accordance with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.

 

This GDPR Compliance Policy explains our approach to data protection, your rights under the GDPR, and how we implement the principles of data protection by design and default throughout our operations.

 

   2. Data Protection Principles

 

We comply with the data protection principles set out in the GDPR, which require that personal data shall be:

 

a) Processed lawfully, fairly and in a transparent manner

b) Collected for specified, explicit and legitimate purposes

c) Adequate, relevant and limited to what is necessary

d) Accurate and, where necessary, kept up to date

e) Kept for no longer than is necessary

f) Processed in a secure manner

g) Accountable and demonstrably compliant with these principles

 

   3. Lawful Basis for Processing

 

We only process personal data where we have a lawful basis to do so. The lawful bases we rely on include:

 

   3.1 Consent

Where you have given clear consent for us to process your personal data for a specific purpose.

 

   3.2 Contract

Where processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract.

 

   3.3 Legal Obligation

Where processing is necessary for us to comply with the law.

 

   3.4 Legitimate Interests

Where processing is necessary for our legitimate interests or the legitimate interests of a third party, provided your interests and fundamental rights do not override those interests.

 

For recruitment activities, we primarily rely on:

- Consent (for marketing communications and certain processing activities)

- Contract (for providing recruitment services)

- Legitimate interests (for matching candidates with suitable roles)

 

   4. Individual Rights

 

Under the GDPR, individuals have the following rights regarding their personal data:

 

   4.1 Right to be Informed

You have the right to be informed about the collection and use of your personal data, which we address in our Privacy Policy.

 

   4.2 Right of Access

You have the right to request a copy of the personal data we hold about you and supplementary information about how we process it.

 

   4.3 Right to Rectification

You have the right to have inaccurate personal data rectified, or completed if it is incomplete.

 

   4.4 Right to Erasure

You have the right to have your personal data erased in certain circumstances, such as where the personal data is no longer necessary for the purpose for which it was collected.

 

   4.5 Right to Restrict Processing

You have the right to request the restriction or suppression of your personal data in certain circumstances.

 

   4.6 Right to Data Portability

You have the right to obtain and reuse your personal data for your own purposes across different services in a safe and secure way.

 

   4.7 Right to Object

You have the right to object to the processing of your personal data in certain circumstances, including processing for direct marketing purposes.

 

   4.8 Rights Related to Automated Decision Making and Profiling

You have rights related to automated individual decision-making (making a decision solely by automated means without any human involvement) and profiling (automated processing of personal data to evaluate certain things about an individual).

 

   5. How to Exercise Your Rights

 

You can exercise your rights by contacting our Data Protection Officer:

 

- By email: dpo@arrecruitment.co.uk

- By phone: 0800 123 4567

- By post: Data Protection Officer, AR Recruitment, Collingwood Buildings, Collingwood Street, Newcastle Upon Tyne, England, NE1 1JF

 

We will respond to all legitimate requests within one month. Occasionally, it may take us longer than a month if your request is particularly complex or you have made several requests. In this case, we will notify you and keep you updated.

 

   6. Data Protection Officer

 

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to this GDPR Compliance Policy and our privacy practices. Our DPO can be contacted using the details provided in Section 5.

 

   7. Data Security

 

We have implemented appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

 

- Encryption of personal data where appropriate

- Regular testing of security measures

- Restricted access to personal data

- Staff training on data protection

- Secure management of third-party processors

- Documented data protection procedures

- Regular security assessments

 

   8. Data Breaches

 

In the event of a personal data breach, we will:

 

1. Notify the Information Commissioner's Office (ICO) without undue delay and, where feasible, not later than 72 hours after becoming aware of it, unless the breach is unlikely to result in a risk to the rights and freedoms of individuals

2. Notify affected individuals directly if the breach is likely to result in a high risk to their rights and freedoms

3. Document all breaches, including the facts relating to the breach, its effects, and the remedial action taken

 

   9. Data Protection Impact Assessments

 

We carry out Data Protection Impact Assessments (DPIAs) when using new technologies or when processing is likely to result in a high risk to the rights and freedoms of individuals. DPIAs help us to identify and minimise data protection risks.

 

   10. International Data Transfers

 

We may transfer personal data to countries outside the UK in connection with our recruitment services. When we do so, we ensure appropriate safeguards are in place, which may include:

 

- Standard contractual clauses approved by the UK Government

- Binding corporate rules

- Adequacy decisions

- Explicit consent in specific circumstances

 

   11. Data Retention

 

We retain personal data only for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

 

Our retention periods for different types of personal data are:

 

- Candidate CVs and application data: 2 years after last contact

- Client contact details: Duration of relationship plus 6 years

- Marketing contacts: Until consent is withdrawn or 2 years after last interaction

- Website user data: According to our Cookie Policy

 

   12. Third-Party Processors

 

We may engage third-party processors to process personal data on our behalf. We ensure that:

 

1. All third-party processors provide sufficient guarantees to implement appropriate technical and organisational measures

2. Processing is governed by a contract that ensures the protection of your personal data

3. Third-party processors act only on our documented instructions

4. Regular compliance checks are conducted

 

   13. Staff Training and Awareness

 

All our staff receive regular training on data protection and GDPR compliance. This includes:

 

- Induction training for new employees

- Annual refresher training

- Role-specific training where applicable

- Updates on changes to data protection law

- Awareness of procedures for handling data subject requests

 

   14. Complaints

 

If you have a complaint about our data processing activities, please contact our DPO in the first instance using the contact details in Section 5.

 

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues. The ICO can be contacted at:

 

Information Commissioner's Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

 

Telephone: 0303 123 1113

Website: https://ico.org.uk/

 

   15. Changes to This Policy

 

We may update this GDPR Compliance Policy from time to time. When we do, we will revise the "Last Updated" date at the top of this policy.

 

We encourage you to review this policy periodically to stay informed about our data protection practices.

 

   16. Contact Us

 

If you have any questions about this GDPR Compliance Policy or our data protection practices, please contact our Data Protection Officer using the details provided in Section 5.