Skip to content
The Headhunting Company

Privacy Policy

The Headhunting Company — Version 1.0 — Effective Date: 24 February 2026

Your Privacy at a Glance

We are a specialist Rec2Rec recruitment agency operating in the UK, EU, US, AUS and UAE.

We collect and use personal data to:

  • Introduce candidates to recruitment businesses and agencies
  • Manage client relationships
  • Operate our referral scheme (up to £2,000 reward)
  • Communicate relevant job opportunities
  • Run and improve our website and services

We only process your data where we have a lawful basis (contract, legitimate interests, or consent).

We retain candidate and client data only for as long as necessary for recruitment and compliance purposes.

You have full data protection rights under UK GDPR and EU GDPR. You can withdraw consent or object to marketing at any time.

For privacy queries, contact: georgi@theheadhuntingcompany.com

1. Who We Are (Data Controller)

The Headhunting Company Ltd
Email: georgi@theheadhuntingcompany.com
Telephone: +44 20 3350 1086

For the purposes of:

  • UK GDPR
  • EU GDPR
  • Data Protection Act 2018

The Headhunting Company Ltd is the Data Controller of personal data collected through our website, CRM systems, referral programme and recruitment operations.

2. Scope of This Policy

This Privacy Policy applies to:

  • Candidates
  • Referrers
  • Clients (recruitment agencies and recruitment businesses)
  • Website users
  • General enquiries

It explains how we collect, use, store, transfer and protect personal data in the context of recruitment services.

3. Categories of Personal Data We Collect

3.1 Candidate Data

We collect:

  • Full name
  • Email address
  • Phone number
  • City and country
  • Call availability
  • Salary expectations
  • Recent role
  • Recent employer
  • Reasons for leaving
  • Career preferences
  • Sector specialisations
  • CVs and employment history
  • Interview feedback
  • Communications with us

We may also collect publicly available professional information (e.g., LinkedIn). We do not intentionally collect special category data unless voluntarily included in a CV.

3.2 Client Data

  • Contact names
  • Business email addresses
  • Phone numbers
  • Company name and registered details
  • Role specifications
  • Contract and billing information
  • Communications

3.3 Referral Scheme Data

When operating our referral scheme (reward up to £2,000), we collect:

  • Referrer name
  • Referrer contact details
  • Relationship to candidate
  • Candidate details submitted by referrer
  • Payment details (where reward becomes payable)

Referrers must confirm they have permission from the candidate to share their details.

3.4 Website & Enquiry Data

Through website forms and “Contact Us” channels:

  • Name
  • Email
  • Phone
  • Message content
  • IP address
  • Browser/device data (via cookies)

4. Lawful Bases for Processing

We rely on the following lawful bases:

4.1 Contract (Article 6(1)(b))

Where processing is necessary to:

  • Introduce candidates to clients
  • Arrange interviews
  • Manage placements
  • Operate recruitment services

4.2 Legitimate Interests (Article 6(1)(f))

Including:

  • Matching candidates with relevant opportunities
  • Sharing CVs with relevant clients
  • Maintaining recruitment records
  • Preventing fraud or misuse
  • Operating referral programme
  • Business development within recruitment industry

We conduct legitimate interest assessments where required.

4.3 Consent (Article 6(1)(a))

Where required, including:

  • Marketing communications
  • Certain cookies
  • Where referral data requires confirmation
  • Where local laws require explicit consent

You may withdraw consent at any time.

4.4 Legal Obligation (Article 6(1)(c))

Where required for:

  • HMRC reporting
  • Financial compliance
  • Regulatory requirements
  • Legal claims

5. How We Use Candidate Data

We use candidate data to:

  • Assess suitability for recruitment roles
  • Introduce candidates to recruitment agencies and businesses
  • Arrange interviews
  • Negotiate offers
  • Manage placements
  • Maintain records of recruitment history
  • Send relevant job alerts
  • Operate our referral reward scheme

We do not sell personal data.

6. Sharing of Personal Data

We may share data with:

6.1 Client Companies

Recruitment agencies and recruitment businesses considering candidates for roles. We only share relevant data necessary for assessment.

6.2 Third-Party Processors

Including:

  • CRM providers
  • Email marketing platforms
  • Cloud hosting providers
  • Document storage providers
  • Payment processors (for referral rewards)
  • Website hosting and analytics providers

All processors operate under written Data Processing Agreements compliant with Article 28 GDPR.

6.3 Professional Advisors

Lawyers, accountants, insurers where required.

7. International Data Transfers

We operate in the UK, EU, US and UAE. Where personal data is transferred outside the UK or EEA, we ensure appropriate safeguards including:

  • UK International Data Transfer Agreement (IDTA)
  • EU Standard Contractual Clauses (SCCs)
  • Adequacy decisions (where applicable)
  • Transfer risk assessments
  • Encryption and access controls

Where transfers involve the US, we use SCCs and additional technical safeguards.

8. Data Retention

We retain personal data only as long as necessary for recruitment and legal purposes.

Candidate Data Retention Table

Data TypeRetention PeriodRationale
Candidate CVs2 years from last meaningful contactOngoing recruitment opportunities
Interview notes2 yearsRecruitment record keeping
Placed candidate records6 yearsContract and legal limitation periods
Referral reward records6 yearsFinancial and tax compliance
Client contract data6 yearsLegal and accounting obligations
Marketing dataUntil opt-out or 2 years inactivityLegitimate interest/consent
Website enquiry data12 monthsOperational follow-up

We may retain data longer where required by law or for legal claims.

9. Automated Processing & AI

We may use CRM tools and AI-assisted systems to:

  • Match candidates to roles
  • Screen CVs against job criteria
  • Suggest relevant opportunities

These tools assist human decision-making. We do not make solely automated decisions that produce legal or similarly significant effects without human involvement. You may request human review of any automated assessment.

10. Cookies & Tracking

Our website uses cookies to:

  • Ensure functionality
  • Analyse traffic
  • Improve performance
  • Track marketing effectiveness

We use:

  • Essential cookies
  • Analytics cookies
  • Marketing cookies (where consented)

You can manage cookie preferences via our cookie banner.

11. Security Measures

We implement appropriate technical and organisational measures including:

  • Encrypted data transmission (HTTPS)
  • Role-based CRM access controls
  • Two-factor authentication
  • Secure cloud storage
  • Access logging
  • Regular software updates
  • Data minimisation principles
  • Confidentiality agreements

We restrict access to authorised personnel only.

12. Your Rights

Under UK GDPR and EU GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Erase your data (“right to be forgotten”)
  • Restrict processing
  • Object to processing
  • Data portability
  • Withdraw consent at any time
  • Object to direct marketing

To exercise your rights, email: georgi@theheadhuntingcompany.com. We may require identity verification.

13. Marketing Communications

We may send:

  • Job alerts
  • Industry insights
  • Recruitment updates
  • Business communications

You may unsubscribe at any time by:

  • Clicking “unsubscribe”
  • Emailing us
  • Contacting us directly

Unsubscribing from marketing does not affect service-related communications.

14. Referral Scheme Privacy

When operating our referral scheme:

  • Referrers must confirm candidate permission.
  • Referral rewards are processed via secure payment systems.
  • Payment details are retained for tax compliance (6 years).
  • If a referred candidate objects to processing, we will cease use unless lawful basis overrides.
  • We reserve the right to verify referral eligibility.

15. Complaints

If you are dissatisfied with how we handle your data, contact us first at: georgi@theheadhuntingcompany.com

You also have the right to lodge a complaint with your supervisory authority:

  • UK: Information Commissioner's Office (ICO) — www.ico.org.uk
  • EU: Your local Data Protection Authority

16. Updates to This Policy

We may update this Privacy Policy periodically. The latest version will always be published on our website with an updated version date.

17. Contact Information

The Headhunting Company Ltd
Email: georgi@theheadhuntingcompany.com
Telephone: +44 20 3350 1086