Skip to main content

RECRUITMENT & STAFFING PRIVACY POLICY

  1. INTRODUCTION

Fordham Talent Partnership Limited (“The Company”, “we”, “our” or “us”) is committed to protecting and respecting the privacy, confidentiality and security of personal information entrusted to us. We recognise the importance of maintaining transparency in relation to the collection, use, storage, disclosure and other processing of personal data and are committed to handling such information responsibly, lawfully and in accordance with applicable data protection legislation.

This Privacy Policy explains how we collect, use, store, share, transfer, retain and otherwise process personal data in connection with our recruitment, staffing, talent acquisition, workforce management, contractor engagement and related business activities. It also explains the rights available to individuals whose personal data we process and the measures we take to safeguard personal information.

We are committed to processing personal data in accordance with the principles of lawfulness, fairness and transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity and confidentiality, and accountability. We seek to ensure that personal information is processed only where necessary, proportionate and supported by an appropriate lawful basis.

This Privacy Policy applies to individuals who interact with us in a professional, commercial or recruitment-related capacity, including but not limited to:

  • Candidates and prospective candidates
    • Temporary workers, contractors and consultants
    • Current and former employees
    • Clients and prospective clients
    • Suppliers and service providers
    • Referees and emergency contacts
    • Website visitors
    • Other business contacts

The Company may act as a Data Controller, Joint Controller or Data Processor depending on the nature of the services being provided, the contractual arrangements in place and the specific processing activities being undertaken. Where required by law, additional privacy notices, contractual terms or supplementary information may be provided to explain specific processing activities in greater detail.

Nothing in this Privacy Policy is intended to limit any rights available under applicable data protection legislation.

  1. CONTACT DETAILS

For the purposes of applicable data protection legislation, responsibility for the processing of personal data rests with:

Data Controller:
Fordham Talent Partnership Limited

Email:
info@fordhamtalent.com

The Company takes privacy-related enquiries seriously and encourages individuals to contact us if they have questions regarding this Privacy Policy, our processing activities, the exercise of their rights, or any concerns relating to the handling of personal data.

We will endeavour to respond to privacy-related enquiries within a reasonable timeframe and in accordance with applicable legal requirements.

  1. PERSONAL DATA WE COLLECT

The categories of personal data we collect and process will depend on the nature of our relationship with you, the services being provided, legal and regulatory requirements, and the purposes for which information is required.

We seek to collect only information that is relevant, necessary and proportionate to the purposes for which it is processed.

Identity Data

Identity information may include:

  • Full name
    • Date of birth
    • Nationality
    • Gender where voluntarily provided
    • Photographs where voluntarily supplied
    • Government-issued identification details where required for compliance purposes

Contact Data

Contact information may include:

  • Email addresses
    • Telephone and mobile numbers
    • Postal addresses
    • Professional networking profiles
    • Social media information where relevant to recruitment activities
    • Preferred methods of communication

Candidate Data

In connection with recruitment and talent acquisition activities, we may collect and process:

  • Curriculum Vitae (CV) information
    • Employment history
    • Job titles and responsibilities
    • Skills and competencies
    • Professional qualifications
    • Educational background
    • Certifications and licences
    • Salary and remuneration expectations
    • Availability and notice period information
    • Career aspirations and preferences
    • Interview notes and recruiter observations
    • Assessment and testing results
    • Mobility and relocation preferences
    • Work eligibility information

Compliance Data

Where required for legal, regulatory or client compliance purposes, we may process:

  • Right-to-work documentation
    • Identity verification records
    • Background screening information
    • Professional registration details
    • Regulatory compliance records
    • References and verification checks
    • Immigration and visa-related information where applicable

Contractor and Worker Data

Where individuals are engaged through temporary, contract or workforce management arrangements, we may process:

  • Payroll information
    • Taxation information
    • Banking details
    • Timesheets and attendance records
    • Assignment records
    • Contract documentation
    • Worker performance and engagement information
    • Compliance and onboarding records

Client Data

In connection with client relationships and service delivery, we may process:

  • Business contact details
    • Job specifications
    • Hiring requirements
    • Contractual documentation
    • Communications and correspondence
    • Commercial relationship information

Technical Data

Where individuals interact with our websites, systems or digital services, we may collect:

  • IP addresses
    • Browser and device information
    • Operating system information
    • Website usage data
    • Session and analytics information
    • Cookie and similar technology data

We may also create internal records, notes, assessments and business intelligence information derived from information provided to us, provided such processing is undertaken in accordance with applicable law and for legitimate business purposes.

 

  1. SOURCES OF PERSONAL DATA

We may obtain personal data directly from you, indirectly through third parties, or through publicly available sources where such collection is lawful and appropriate for our business activities.

Sources from which we may obtain personal data include:

  • Job boards and recruitment platforms
    • Professional networking sites, including LinkedIn
    • Referrals, recommendations and introductions
    • Existing candidates, clients and business contacts
    • Publicly available information sources
    • Background screening providers
    • Workforce management providers
    • Payroll and payment service providers
    • Educational institutions and professional bodies where appropriate
    • Previous employers and referees where authorised
    • Third-party recruitment agencies and recruitment partners
    • Information provided during interviews, assessments and onboarding processes

Where personal data is obtained from sources other than the individual concerned, we will seek to provide appropriate privacy information in accordance with applicable legal requirements and within applicable statutory timeframes.

We take reasonable steps to ensure that information obtained from third parties is relevant, accurate and lawfully obtained.

  1. HOW WE USE YOUR INFORMATION

We process personal data for a variety of legitimate business purposes associated with recruitment, staffing, workforce management and business operations.

These purposes may include:

Recruitment and Talent Acquisition

  • Assessing suitability for vacancies and assignments
    • Matching candidates with employment opportunities
    • Managing recruitment campaigns and selection processes
    • Submitting candidate profiles to clients with appropriate authorisation
    • Arranging interviews, assessments and evaluations
    • Managing talent pools and candidate pipelines
    • Communicating with candidates regarding opportunities and recruitment activity

Compliance and Verification

  • Conducting right-to-work checks
    • Verifying qualifications and professional registrations
    • Performing background screening where legally permitted
    • Meeting regulatory and legal obligations
    • Preventing fraud and misrepresentation

Placement and Workforce Management

  • Managing placements, assignments and engagements
    • Administering temporary worker and contractor arrangements
    • Managing attendance, timesheets and performance-related information
    • Processing payroll and payments
    • Managing contractual relationships

Business Operations

  • Responding to enquiries and requests
    • Maintaining client and supplier relationships
    • Improving services, systems and operational processes
    • Conducting business planning and reporting activities
    • Managing disputes and legal claims
    • Protecting the security of our systems, people and assets

We may also process personal data where necessary to establish, exercise or defend legal rights and claims, investigate complaints, respond to regulatory enquiries, or comply with applicable legal obligations.

  1. LAWFUL BASIS FOR PROCESSING

The Company will only process personal data where an appropriate lawful basis exists.

Contract

Processing may be necessary in order to:

  • Enter into a contract with you
    • Perform contractual obligations
    • Take steps at your request before entering into a contract
    • Administer placements, assignments or employment-related arrangements

Legitimate Interests

We may process personal data where such processing is necessary for our legitimate business interests, provided those interests are not overridden by the rights and freedoms of the individual.

Legitimate interests may include:

  • Recruitment and staffing activities
    • Candidate sourcing and engagement
    • Client relationship management
    • Business development and growth
    • Workforce management
    • Service improvement and quality assurance
    • Fraud prevention and detection
    • Network and information security
    • Internal administration and record keeping

When relying on legitimate interests, we seek to ensure that processing remains proportionate, necessary and appropriately balanced against individual privacy rights.

Legal Obligations

We may process personal data where necessary to comply with legal obligations, including obligations arising under:

  • Employment legislation
    • Taxation legislation
    • Immigration requirements
    • Right-to-work verification obligations
    • Health and safety requirements
    • Regulatory and compliance frameworks
    • Court orders and lawful governmental requests

Consent

In certain circumstances, we may rely upon consent, including:

  • Certain marketing communications
    • Certain categories of special category data
    • Candidate representation activities where consent is required
    • Optional surveys and voluntary initiatives

Where consent is relied upon, individuals may withdraw their consent at any time, although such withdrawal will not affect the lawfulness of processing undertaken before withdrawal.

  1. SPECIAL CATEGORY DATA

Certain categories of personal information are afforded additional protection under applicable data protection legislation.

Where necessary and lawful, we may process special category personal data, including:

  • Health information
    • Disability information
    • Occupational health information
    • Diversity and equality monitoring information
    • Information relating to adjustments or accommodations
    • Criminal conviction and offence information where legally permitted

Such information will only be processed where a valid lawful basis and an appropriate additional legal condition applies.

The Company seeks to limit the collection and use of special category data to circumstances where it is genuinely necessary for recruitment, workforce management, legal compliance, safeguarding, equality monitoring or other legitimate business purposes.

Access to such information is restricted to individuals who require access for authorised purposes.

  1. ARTIFICIAL INTELLIGENCE AND AUTOMATED PROCESSING

The Company may utilise artificial intelligence (AI), machine learning technologies, large language models (LLMs), automation tools and other technology-assisted systems to support recruitment and workforce management activities.

Examples may include:

  • CV parsing and information extraction
    • Skills identification and categorisation
    • Candidate matching and ranking assistance
    • Talent pool searching
    • Candidate sourcing support
    • Job description drafting
    • Communication assistance
    • Interview note summarisation
    • Workflow automation
    • Compliance monitoring and reporting

These technologies are generally designed to support human decision-making rather than replace it.

The Company seeks to ensure that technology-assisted processing is implemented responsibly, proportionately and in a manner consistent with applicable legal requirements.

Where automated decision-making or profiling may produce legal or similarly significant effects, appropriate safeguards will be implemented, which may include providing additional information, facilitating human review and allowing individuals to exercise applicable rights.

To request human review of a decision made with the assistance of automated or AI-assisted processing, or to obtain further information about how such technologies have been applied to your data, please contact us using the details set out in the Contact Details section of this Privacy Policy.

The Company reserves the right to introduce new technologies as operational requirements evolve and will update this Privacy Policy where appropriate.

  1. SHARING OF PERSONAL DATA

We may share personal data with trusted third parties where necessary for legitimate business purposes, service delivery, legal compliance or contractual performance.

Recipients may include:

  • Clients and prospective employers
    • Applicant Tracking System (ATS) providers
    • Recruitment CRM providers
    • Payroll providers
    • Workforce management providers
    • Background screening providers
    • Professional advisers
    • Cloud hosting providers
    • Communication platform providers
    • Technology and software providers
    • AI and automation service providers
    • Government agencies and regulators
    • Law enforcement authorities where legally required

Before engaging service providers, we seek to implement appropriate contractual, organisational and technical safeguards designed to protect personal data.

Information will not be sold to third parties.

  1. INTERNATIONAL TRANSFERS

In the course of providing services, personal data may be transferred to, stored in or accessed from countries outside the United Kingdom, European Economic Area (EEA) or an individual’s country of residence.

Such transfers may arise through the use of international clients, service providers, technology platforms, cloud-based systems or workforce management arrangements.

Where international transfers occur, the Company seeks to implement appropriate safeguards, including:

  • UK International Data Transfer Agreements (IDTA)
    • UK Addendum to EU Standard Contractual Clauses
    • EU Standard Contractual Clauses
    • Adequacy Regulations or Adequacy Decisions
    • Other legally recognised transfer mechanisms

We seek to take reasonable steps to ensure that transferred personal data continues to receive an appropriate level of protection consistent with applicable legal requirements.

 

  1. DATA RETENTION

The Company retains personal data only for as long as reasonably necessary to fulfil the purposes for which it was collected, satisfy legal and regulatory obligations, resolve disputes and establish, exercise or defend legal claims.

Retention periods may vary depending on:

  • The nature of the relationship • The purpose of processing • Applicable legal requirements • Regulatory obligations • Industry standards • Ongoing business needs • The exercise or defence of legal claims

Retention decisions are made using a risk-based approach which considers operational requirements, compliance obligations and individual privacy rights.

Where information is no longer required, it will be securely deleted, anonymised, archived or otherwise disposed of in accordance with applicable procedures.

  1. DATA SECURITY

The Company maintains technical and organisational measures designed to protect personal data from accidental or unlawful destruction, loss, alteration, unauthorised disclosure or unauthorised access.

Security measures may include:

  • Access controls • Role-based permissions • Encryption technologies • Secure hosting environments • Multi-factor authentication • Monitoring and logging systems • Data minimisation practices • Employee awareness training • Vendor due diligence processes • Regular security reviews

Although no security system can guarantee absolute security, we seek to implement safeguards appropriate to the nature, scope, context and purposes of processing.

  1. YOUR RIGHTS

Subject to applicable law, individuals may have the right to:

  • Be informed about the processing of personal data • Access personal information held about them • Request correction of inaccurate or incomplete information • Request erasure of personal data in certain circumstances • Restrict processing in certain circumstances • Object to processing based on legitimate interests • Receive personal data in a portable format where applicable • Withdraw consent where consent is relied upon • Object to direct marketing communications • Request review of certain automated decisions

The availability of individual rights may vary depending upon the lawful basis relied upon and the circumstances of the processing activity.

Requests may be submitted using the contact details provided in this Privacy Policy.

The Company may request information necessary to verify identity before responding to rights requests.

In responding to subject access requests, the Company will conduct searches that are reasonable and proportionate to the nature and scope of the request. Where additional information is required from the individual to clarify or process a request, the response period will be paused until that information is received; we will notify you promptly if this occurs and explain why.

  1. DATA BREACHES

The Company maintains procedures designed to identify, assess, investigate, manage and respond to personal data breaches and security incidents.

Where a breach occurs, the Company will assess the nature, scope and potential impact of the incident and take appropriate remedial action.

Where required by law, breaches may be reported to relevant supervisory authorities and affected individuals within applicable statutory timeframes.

The Company continually seeks to improve incident response procedures and organisational resilience through ongoing monitoring and review.

  1. COOKIES AND WEBSITE TECHNOLOGIES

Our websites, portals and digital platforms may utilise cookies, analytics tools, tracking technologies and similar mechanisms designed to improve functionality, enhance user experience, support website security and provide operational insights.

Cookies may be used for purposes including:

  • Website functionality • Performance monitoring • Analytics and reporting • Security and fraud prevention • User preference management

Where required by law, consent will be obtained prior to the placement of non-essential cookies and similar technologies.

Additional information regarding cookies and tracking technologies is available within our Cookie Policy.

  1. COMPLAINTS

Individuals who have concerns regarding the manner in which their personal data has been processed are encouraged to contact the Company in the first instance.

We take complaints seriously and seek to investigate and respond to concerns fairly, objectively and within a reasonable timeframe.

We will acknowledge complaints within 30 days of receipt. To raise a data protection complaint, please contact us by email at info@fordhamtalent.com, marking your message with the subject line “Data Protection Complaint”, or by post to the address set out in the Contact Details section of this Privacy Policy.

Individuals may also have the right to lodge a complaint with a supervisory authority.

For UK data subjects:

Information Commissioner’s Office (ICO) www.ico.org.uk

For EU data subjects:

Individuals may contact the supervisory authority in their country of residence, place of work or place of the alleged infringement.

Nothing in this Privacy Policy affects any statutory rights available under applicable law.

  1. CHANGES TO THIS PRIVACY POLICY

The Company reserves the right to amend, update or revise this Privacy Policy from time to time in order to reflect changes in legal requirements, regulatory guidance, operational practices, technological developments or business activities.

Any updates will become effective upon publication unless otherwise stated.

The most current version of this Privacy Policy will be made available through our website, systems or other appropriate communication channels.

Individuals are encouraged to review this Privacy Policy periodically to remain informed about how personal data is processed and protected.