Privacy Notice

DEERFOOT RECRUITMENT SOLUTIONS LTD – PRIVACY NOTICE

Version 6.0 | February 2026

Deerfoot Recruitment Solutions Ltd ("the Company") is a recruitment business which provides work-finding services to its clients and work-seekers. The Company must process personal data (including sensitive personal data) so that it can provide these services – in doing so, the Company acts as a data controller.

1. Contact Details

If you have any questions about this Privacy Notice or how we handle your data, please contact our Data Protection Officer:

  • DPO: Ben Gordon
  • Email: dpo@deerfoot.co.uk
  • Address: 38 Rumbridge Street, Southampton, SO40 9DS

2. Collection and Use of Personal Data

The Company will collect your personal data (such as your name, contact details, and CV) and process it for the following purposes:

  • To provide you with work-finding services.
  • To enable you to apply for specific jobs.
  • To match your skills with job vacancies.
  • To fulfil our legal obligations (e.g., checking your Right to Work in the UK).

Deerfoot does not utilise fully automated individual decision-making or profiling; all candidate matching and shortlisting involves human intervention by our recruitment specialists.

3. Lawful Basis for Processing

We rely on the following legal bases under the UK GDPR to process your data:

  • Legitimate Interest: We process your CV and contact details to match you with suitable vacancies. We believe this is in the mutual interest of the candidate and the agency.
  • Contractual Necessity: To provide services under our terms of engagement with you.
  • Legal Obligation: To comply with laws such as the Conduct of Employment Agencies and Employment Businesses Regulations 2003.
  • Consent: We will seek your explicit consent before processing "Special Category" data (such as health information).

4. Disclosures & Subprocessors

The Company will share your personal data with third parties where required by law, where it is necessary to provide our recruitment services, or where we have another legitimate interest in doing so. This includes, but is not limited to:

  • Clients: Potential employers to whom we introduce you for specific vacancies.
  • Operational Subprocessors: Software providers that host our data, including but not limited to RecruitCRM (ATS), Cognito Forms (application forms), and Microsoft 365 (file storage and communications)
  • Employment Partners: Third parties necessary for your placement, such as Umbrella Companies, Payroll Providers, and Vetting/Screening services.
  • Professional Advisers: Auditors, lawyers, or recruitment bodies (e.g., the REC) for compliance purposes.

5. Data Security & Overseas Transfers 

The Company may transfer information to countries outside the UK/EEA, specifically the USA and Singapore (via RecruitCRM and Cognito Forms). To ensure your data remains protected, we have performed Transfer Risk Assessments (TRAs) and have International Data Transfer Agreements (IDTAs) in place.

Our commitment to security is verified by our Cyber Essentials certification, ensuring our systems meet government-backed security standards for technical protection. All data is encrypted using AES-256 at rest and TLS 1.3 in transit.

6. Data Retention

The Company will retain your personal data only for as long as is necessary.

  • Successful Placements: 6 years minimum (for legal and tax purposes).
  • Candidate Records (Unsuccessful/Inactive): 2 years from last engagement, unless you ask us to delete it sooner.

7. Your Rights

Under the UK GDPR, you have the following rights:

  • Right of Access: To request a copy of the data we hold about you (a Subject Access Request).
  • Right to Erasure: To request that we delete your data (the "Right to be Forgotten").
  • Right to Rectification: To have inaccurate data corrected.
  • Right to Object: To object to our processing of your data based on legitimate interest.

To exercise any of these rights, please email dpo@deerfoot.co.uk.

Further Information: We maintain a comprehensive suite of internal governance documents to ensure your data is handled lawfully. Upon request, we can provide further details regarding our Legitimate Interest Assessments, our Data Retention Schedule, and the safeguards identified in our Transfer Risk Assessments.

8. Complaints

If you are unhappy with how we have handled your data, you have the right to complain to the Information Commissioner’s Office (ICO).