Privacy Policy
The Headhunting Company — Version 1.0 — Effective Date: 24 February 2026
Your Privacy at a Glance
We are a specialist Rec2Rec recruitment agency operating in the UK, EU, US, AUS and UAE.
We collect and use personal data to:
- Introduce candidates to recruitment businesses and agencies
- Manage client relationships
- Operate our referral scheme (up to £2,000 reward)
- Communicate relevant job opportunities
- Run and improve our website and services
We only process your data where we have a lawful basis (contract, legitimate interests, or consent).
We retain candidate and client data only for as long as necessary for recruitment and compliance purposes.
You have full data protection rights under UK GDPR and EU GDPR. You can withdraw consent or object to marketing at any time.
For privacy queries, contact: georgi@theheadhuntingcompany.com
1. Who We Are (Data Controller)
The Headhunting Company Ltd
Email: georgi@theheadhuntingcompany.com
Telephone: +44 20 3350 1086
For the purposes of:
- UK GDPR
- EU GDPR
- Data Protection Act 2018
The Headhunting Company Ltd is the Data Controller of personal data collected through our website, CRM systems, referral programme and recruitment operations.
2. Scope of This Policy
This Privacy Policy applies to:
- Candidates
- Referrers
- Clients (recruitment agencies and recruitment businesses)
- Website users
- General enquiries
It explains how we collect, use, store, transfer and protect personal data in the context of recruitment services.
3. Categories of Personal Data We Collect
3.1 Candidate Data
We collect:
- Full name
- Email address
- Phone number
- City and country
- Call availability
- Salary expectations
- Recent role
- Recent employer
- Reasons for leaving
- Career preferences
- Sector specialisations
- CVs and employment history
- Interview feedback
- Communications with us
We may also collect publicly available professional information (e.g., LinkedIn). We do not intentionally collect special category data unless voluntarily included in a CV.
3.2 Client Data
- Contact names
- Business email addresses
- Phone numbers
- Company name and registered details
- Role specifications
- Contract and billing information
- Communications
3.3 Referral Scheme Data
When operating our referral scheme (reward up to £2,000), we collect:
- Referrer name
- Referrer contact details
- Relationship to candidate
- Candidate details submitted by referrer
- Payment details (where reward becomes payable)
Referrers must confirm they have permission from the candidate to share their details.
3.4 Website & Enquiry Data
Through website forms and “Contact Us” channels:
- Name
- Phone
- Message content
- IP address
- Browser/device data (via cookies)
4. Lawful Bases for Processing
We rely on the following lawful bases:
4.1 Contract (Article 6(1)(b))
Where processing is necessary to:
- Introduce candidates to clients
- Arrange interviews
- Manage placements
- Operate recruitment services
4.2 Legitimate Interests (Article 6(1)(f))
Including:
- Matching candidates with relevant opportunities
- Sharing CVs with relevant clients
- Maintaining recruitment records
- Preventing fraud or misuse
- Operating referral programme
- Business development within recruitment industry
We conduct legitimate interest assessments where required.
4.3 Consent (Article 6(1)(a))
Where required, including:
- Marketing communications
- Certain cookies
- Where referral data requires confirmation
- Where local laws require explicit consent
You may withdraw consent at any time.
4.4 Legal Obligation (Article 6(1)(c))
Where required for:
- HMRC reporting
- Financial compliance
- Regulatory requirements
- Legal claims
5. How We Use Candidate Data
We use candidate data to:
- Assess suitability for recruitment roles
- Introduce candidates to recruitment agencies and businesses
- Arrange interviews
- Negotiate offers
- Manage placements
- Maintain records of recruitment history
- Send relevant job alerts
- Operate our referral reward scheme
We do not sell personal data.
6. Sharing of Personal Data
We may share data with:
6.1 Client Companies
Recruitment agencies and recruitment businesses considering candidates for roles. We only share relevant data necessary for assessment.
6.2 Third-Party Processors
Including:
- CRM providers
- Email marketing platforms
- Cloud hosting providers
- Document storage providers
- Payment processors (for referral rewards)
- Website hosting and analytics providers
All processors operate under written Data Processing Agreements compliant with Article 28 GDPR.
6.3 Professional Advisors
Lawyers, accountants, insurers where required.
7. International Data Transfers
We operate in the UK, EU, US and UAE. Where personal data is transferred outside the UK or EEA, we ensure appropriate safeguards including:
- UK International Data Transfer Agreement (IDTA)
- EU Standard Contractual Clauses (SCCs)
- Adequacy decisions (where applicable)
- Transfer risk assessments
- Encryption and access controls
Where transfers involve the US, we use SCCs and additional technical safeguards.
8. Data Retention
We retain personal data only as long as necessary for recruitment and legal purposes.
Candidate Data Retention Table
| Data Type | Retention Period | Rationale |
|---|---|---|
| Candidate CVs | 2 years from last meaningful contact | Ongoing recruitment opportunities |
| Interview notes | 2 years | Recruitment record keeping |
| Placed candidate records | 6 years | Contract and legal limitation periods |
| Referral reward records | 6 years | Financial and tax compliance |
| Client contract data | 6 years | Legal and accounting obligations |
| Marketing data | Until opt-out or 2 years inactivity | Legitimate interest/consent |
| Website enquiry data | 12 months | Operational follow-up |
We may retain data longer where required by law or for legal claims.
9. Automated Processing & AI
We may use CRM tools and AI-assisted systems to:
- Match candidates to roles
- Screen CVs against job criteria
- Suggest relevant opportunities
These tools assist human decision-making. We do not make solely automated decisions that produce legal or similarly significant effects without human involvement. You may request human review of any automated assessment.
10. Cookies & Tracking
Our website uses cookies to:
- Ensure functionality
- Analyse traffic
- Improve performance
- Track marketing effectiveness
We use:
- Essential cookies
- Analytics cookies
- Marketing cookies (where consented)
You can manage cookie preferences via our cookie banner.
11. Security Measures
We implement appropriate technical and organisational measures including:
- Encrypted data transmission (HTTPS)
- Role-based CRM access controls
- Two-factor authentication
- Secure cloud storage
- Access logging
- Regular software updates
- Data minimisation principles
- Confidentiality agreements
We restrict access to authorised personnel only.
12. Your Rights
Under UK GDPR and EU GDPR, you have the right to:
- Access your personal data
- Rectify inaccurate data
- Erase your data (“right to be forgotten”)
- Restrict processing
- Object to processing
- Data portability
- Withdraw consent at any time
- Object to direct marketing
To exercise your rights, email: georgi@theheadhuntingcompany.com. We may require identity verification.
13. Marketing Communications
We may send:
- Job alerts
- Industry insights
- Recruitment updates
- Business communications
You may unsubscribe at any time by:
- Clicking “unsubscribe”
- Emailing us
- Contacting us directly
Unsubscribing from marketing does not affect service-related communications.
14. Referral Scheme Privacy
When operating our referral scheme:
- Referrers must confirm candidate permission.
- Referral rewards are processed via secure payment systems.
- Payment details are retained for tax compliance (6 years).
- If a referred candidate objects to processing, we will cease use unless lawful basis overrides.
- We reserve the right to verify referral eligibility.
15. Complaints
If you are dissatisfied with how we handle your data, contact us first at: georgi@theheadhuntingcompany.com
You also have the right to lodge a complaint with your supervisory authority:
- UK: Information Commissioner's Office (ICO) — www.ico.org.uk
- EU: Your local Data Protection Authority
16. Updates to This Policy
We may update this Privacy Policy periodically. The latest version will always be published on our website with an updated version date.
17. Contact Information
The Headhunting Company Ltd
Email: georgi@theheadhuntingcompany.com
Telephone: +44 20 3350 1086
