Privacy & GDPR Policy For Boardman Recruitment

Boardman Recruitment Ltd

1. Introduction

Boardman Recruitment Ltd (“we”, “us”, “our”) is committed to protecting and respecting your privacy.

As a recruitment consultancy, we process personal data in order to:

  •  Provide work-finding and recruitment services to candidates
  •  Provide recruitment and talent services to clients
  •  Operate our website and business effectively

This Privacy & GDPR Policy explains how we collect, use, store, and protect personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Who We Are

Boardman Recruitment Ltd is the data controller of the personal data we process in connection with our recruitment services and business operations.

For data protection enquiries, please contact:
Email: [email protected]

3. The Personal Data We Collect

We may collect and process the following types of personal data:

A. Candidates

  • Name, address, email address and telephone number
  • CV, employment history, qualifications, skills and references
  • Application records and interview notes
  • Salary expectations and availability
  • Right-to-work documentation where legally required
  • Public professional profile information (e.g. LinkedIn)
  • Information submitted via job boards and recruitment platforms (including Indeed)
  • Communications with us

In limited circumstances, we may process special category data (such as diversity information) where required by law or where you provide it voluntarily.

B. Clients and Business Contacts

  • Name, job title and company details
  • Business contact information
  • Job vacancy information
  • Contractual and billing data
  • Communications relating to recruitment services

C. Website Users

  • IP address and technical identifiers
  • Website usage data
  • Cookie data (where applicable)

4. How We Collect Personal Data

We collect personal data:

  • Directly from you
  • From referees (where provided)
  • From clients in connection with recruitment services
  • From publicly available sources
  • From job boards and recruitment platforms where you have made your data available for recruitment purposes
  • Through our website

Where we obtain candidate information from job boards, we process that information solely for recruitment-related purposes and in accordance with applicable platform terms and data protection laws.

5. Lawful Bases for Processing

We process personal data under one or more of the following lawful bases:

  • Performance of a contract – where processing is necessary to provide recruitment services or take steps at your request prior to entering into a contract.
  • Legitimate interests – to match candidates with suitable roles, provide recruitment services, manage our business, and maintain records.
  • Consent – where required, including where we need permission to share your CV with a specific employer.
  • Legal obligation – to comply with employment, tax, right-to-work, equality, or regulatory requirements.

Where we rely on legitimate interests, we ensure that our interests are balanced against your rights and freedoms.

6. How We Use Personal Data

We use personal data to:

  • Assess suitability for employment opportunities
  • Match candidates with relevant roles
  • Submit candidate details to clients where appropriate
  • Communicate about applications, vacancies and recruitment updates
  • Conduct right-to-work checks
  • Administer contracts, invoicing and payments
  • Maintain internal business records
  • Improve our services and website functionality
  • Comply with legal and regulatory requirements

We do not sell personal data.

We do not use personal data for unrelated marketing without a lawful basis.

7. Sharing Personal Data

We may share personal data:

  • With prospective employers or clients for recruitment purposes
  • With trusted third-party service providers (such as IT systems, CRM platforms, payroll, compliance providers and professional advisers)
  • With regulatory authorities or law enforcement where legally required

All third parties processing data on our behalf are required to implement appropriate security measures and process data in accordance with UK GDPR.

8. International Transfers

Where personal data is transferred outside the UK, we ensure appropriate safeguards are in place, such as adequacy regulations or approved contractual clauses, in accordance with UK GDPR.

9. Data Retention

We retain personal data only for as long as necessary to fulfil recruitment and business purposes, comply with legal obligations, and protect against potential legal claims.

Candidate data is typically retained for up to 24 months from the date of last meaningful contact, unless a longer period is required by law or consent is refreshed.

Where personal data is no longer required, it is securely deleted or anonymised.

10. Data Security

We implement appropriate technical and organisational measures to protect personal data, including:

  • Secure electronic storage systems
  • Access controls and restricted permissions
  • Password protection and encryption where appropriate
  • Staff confidentiality obligations and data protection training

Access to personal data is limited to authorised personnel who require it for legitimate business purposes.

11. Automated Decision-Making

We do not make recruitment decisions based solely on automated processing. All candidate shortlisting and placement decisions involve human review.

12. Your Rights

Under UK GDPR, you have the right to:

  • Be informed about how your data is used
  • Access the personal data we hold about you
  • Request correction of inaccurate or incomplete data
  • Request deletion where there is no lawful basis for retention
  • Restrict or object to certain processing
  • Withdraw consent where processing is based on consent
  • Request data portability (where applicable)
  • Lodge a complaint with the UK Information Commissioner’s Office (ICO)

To exercise your rights, please contact:
[email protected]

If you are not satisfied with how your data has been handled, you have the right to lodge a complaint with the Information Commissioner’s Office.

13. Changes to This Policy

We may update this Privacy & GDPR Policy from time to time to reflect legal, regulatory, or operational changes. The most current version will always be available on our website.