Privacy Policy




This Privacy Policy (hereinafter referred to as »Policy«) relates to the collection and use of personal data by the Data Privacy Recruitment Ltd, 85 Great Portland Street, First Floor, London, England, W1W 7LT  (hereinafter referred to as »DPR«).

Our UK ICO registration number is ZA721647.

DPR is a recruitment company and this Policy describes what we do with the personal data we collect and process while providing our Services to our Clients. This may range from the data that is collected from the potential Candidates to data exchanged with our Clients during the whole recruitment process. 

We value your privacy and we are committed to protecting and safeguarding your data privacy rights. We process and store personal data in a secure way and we do not share or sell personal data to third parties without consent or another legal basis.



Capitalized terms and expressions used in this Agreement shall have the following meaning:


Services mean whole or partial part of attracting, shortlisting, selecting and appointing suitable candidates for jobs (either permanent or temporary), any related marketing activities;


Clients mean organisations or individuals that have a contractual relationship with DPR with regards to provision of Services on their behalf;


Candidate is a person potentially suited to a specific position with regards to the provision of Services by DPR on behalf of a Client;


Website user means anyone who visits and browses website.

The terms used in this Policy shall have the meaning as set out by the  General Data Protection Regulation.



This Policy applies to the personal data of our Candidates, Clients, Suppliers, Website Users, and other people whom we may come in contact with during the provision of our Services.


We offer our Services worldwide and this Policy applies in all of the relevant countries.




In order to provide our Services in accordance with the highest level of professional standards we need to collect and process personal data. DPR is a small team of recruitment specialists and all of its employees, contractual and other associates are bound by confidentiality agreements, a breach of which may lead to criminal or civil penalty. Below you may find details on how and what kinds of personal data we collect and process. 

Personal data about the Candidates 

We collect the information about our Candidates either from the Candidates themselves with their consent or from publicly available resources pursuant to our legitimate business interest. 

As part of our Services we examine information that people have made public such as user profiles on LinkedIn or other websites. The purpose we use such publicly available information for is to contact people to enquire whether they are interested in being introduced as potential Candidates for job opportunities generated by our Clients. 

In order to bring these opportunities to Candidates’ attention, it is necessary to use this information. We will never pass on personal information to a Client without the permission of the person to whom it belongs. 

We always endeavor to balance our interests and those of our Clients with the interest of the people we contact. We only reach out to Candidates who we believe may be interested in the positions we recruit for, based on our professional experience and manual evaluation of each Candidates professional experience. 

We only ask for and collect details that are necessary for provision of our Services, such as name, age, contact details, education details, employment history, financial information (current salary details and expectations), Curriculum Vitae (CV). 

Where appropriate and in accordance with local laws and requirements, we may also collect information related to an individual’s health, diversity information or details of any criminal convictions. In such instances we will notify the Candidates beforehand, unless prohibited to do so by applicable legislation.

Personal data about the Client

During the provision of our Services to our Clients (e.g. Candidate search) we collect and use information about our Clients. This means that we also collect and process data of the individuals working for or in a direct relation to a specific organisation for the purposes of delivering our Services. 

Personal data we receive from other sources 

For the provision of our Services we may sometimes receive personal data from third parties. We only receive data from trusted and verified sources and in case we process this data we ask the specific Candidate’s consent prior to any further processing, such as sending a CV to a Client. If a Candidate does not wish his or her personal data processed, we shall not do so and we will delete such data.

Website users


When a person fills in the Contact form on our website we will process the provided personal data only in accordance with the purpose for which the personal data was provided (e.g. to respond the user’s query). Personal data collected via the Contact form will not be further processed without consent or other legal basis. 



We process personal data only in accordance with the law. Below you may find descriptions of which kinds of legal bases for lawful processing of personal data we use.


Legitimate interests


We process publicly available information about people, which is often personal, in pursuit of our legitimate interests, as described under “Personal data about the Candidates” above.


Every time we contact a Candidate we describe the purpose of the intended processing of personal data (e.g. to check compatibility of a certain Candidate for a specific role or to forward Candidate’s CV to our Clients, etc.) and bring this Privacy Policy to the attention of the data subject. Before we send a resume to a Client, we ask for the individual’s consent to do so. 

We also process personal data for marketing purposes based on consent (e.g. to send newsletters to our subscribers). 

Data subjects may always object to processing of their personal data and may withdraw their consent at any time. They may do so by contacting us at DPR will examine each objection or withdrawal of the data subject no later than 30 days after receiving an individual request. Provided we are not under a legal obligation to continue processing, we shall cease processing activities following a successful examination of the request.

Contractual obligations

We also process personal data based on contracts agreed upon with our Clients, Candidates and/or third parties. We only carry out the processing when it is necessary for the performance of a specific contract to which the data subject is a party to or in order to take steps at the request of the data subject prior to entering into a contract (e.g. to negotiate a Candidate employment contract). 

Depending on the type of personal data in question and the grounds on which we may be processing it, should an individual decline to provide us with such data, we may not be able to fulfil our contractual obligations.

Legal Requirements

A number of elements of the personal data we collect are required to enable us to fulfil our legal requirements and obligations. In some cases, rocessing of personal data is required by statute or other laws (e.g. Candidate's National Insurance Number).


We may share your personal data where appropriate and in accordance with local laws and requirements. We may, thus share personal data with past or prospective employers, examining bodies, for tax and audit purposes, and where we believe that law or other regulation requires us to share data (e.g. for litigation purposes).

We may also share personal data with third party service providers who perform functions on our behalf, such as software providers, external consultants, business associates and professional advisers such as lawyers, auditors and accountants, IT consultants. All of the third party service providers we collaborate with are trustworthy, maintain a high level of data security and are bound by a non-disclosure agreement. Our service providers have contractually guaranteed their compliance with data protection law and the protection of data subject personal data in particular.

We may also share personal data with referees and third parties who provide services such as reference, qualification and criminal convictions checks. We do this only with the explicit consent of the Candidate. 

If DPR merges with or is acquired by another business or company in the future, we may share personal data with the (prospective) new owners of the business or company. We will notify all relevant data subjects in such circumstances without undue delay.


We incorporate a range of technical and organisational measures to ensure the security of the personal data we store. We take all reasonable and proportionate steps to protect the personal information from misuse, loss, or unauthorised access. 

In you become aware of any actual or potential data breach concerning your personal data processed by us, please contact us immediately at

We store personal data only for as long as necessary to fulfil the purposes for which it was collected (e.g. to fulfil the Client’s recruitment needs) and we delete outdated personal data from our systems periodically. Given our long-lasting Client relationships, we may need to store Candidate information after a successful placement. We will not do so without permission. 

We may need to retain some personal data in accordance with time periods we believe in good faith that the law or relevant regulators require us to preserve such data. 

The general retention period for data of candidates based on their consent and for spontaneously received applications / CVs is maximum 3 years before we seek to renew the consent of the individual.




Data subjects have a number of qualified rights in respect of the data we process on their behalf. These are described below. In order to exercise these rights please contact us at We will deal with your request with undue delay and in any case no later than 30 days after we receive it. Please note that we may keep a record of the communications to help us resolve any issues which you raise.


With respect to your personal data processed by DPR, please see below a summary of your rights under data protection law:


the right to be informed

the right toaccess

the right torectification

the right to erasure

the right to restrictprocessing;

the right to object toprofiling

the right to dataportability

the right to complain to a supervisory authority

the right to withdrawconsent.


For more information about data subject rights, please visit the website of the  Information Commissioner’s Office .


Where we are legally permitted to do so, we may refuse your request. We will do so while clearly stating the reasons for our decision.




We may change this Policy from time to time. We will post any privacy policy changes on our Website and, if the changes are significant, we will provide a more prominent notice.