Data Protection Policy
Recruitment Direct UK Ltd
Last updated: 10 February 2026
1. Policy Statement
Recruitment Direct UK Limited is committed to protecting the personal data of candidates, clients, workers, employees, and business contacts.
We recognise our responsibilities under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 and are committed to processing personal data lawfully, fairly, and transparently.
2. Scope
This policy applies to:
- All personal data processed by Recruitment Direct UK Ltd
- All employees, consultants, contractors, and representatives
- All systems, platforms, and services used to process personal data, including AI-assisted technologies
3. Data Protection Principles
We process personal data in accordance with the UK GDPR principles:
- Lawfulness, fairness, and transparency
- Purpose limitation
- Data minimisation
- Accuracy
- Storage limitation
- Integrity and confidentiality (security)
- Accountability
4. Types of Personal Data Processed
Recruitment Direct UK Ltd may process:
- Candidate and worker data
- Client and business contact data
- Employee and contractor data
- Payroll, compliance, and right-to-work data
- Communication records (email, phone, WhatsApp, SMS, AI-assisted calls)
5. Lawful Bases for Processing
Personal data is processed under one or more of the following lawful bases:
- Legitimate interests
- Contractual necessity
- Legal obligation
- Consent (where required)
6. Use of Technology & AI
Recruitment Direct UK Ltd uses technology, including AI-assisted systems, to support recruitment and operational processes.
AI may assist with:
- Candidate communication (including AI phone calls)
- CV parsing and skills matching
- Scheduling and administrative processes
- Analytics and service improvement
We confirm that:
- AI systems support, not replace, human decision-making
- No personal data is used to make solely automated decisions producing legal or significant effects
- Human oversight is maintained at all times
7. Data Security
We implement appropriate technical and organisational measures to protect personal data, including:
- Secure IT systems and access controls
- Password protection and role-based access
- Encryption where appropriate
- Staff training on data protection
- Secure storage and disposal of records
8. Data Sharing & Third Parties
Personal data may be shared with trusted third parties, including:
- Clients
- Payroll and compliance providers
- IT and system providers
- Legal and regulatory authorities (where required)
All third parties are required to process data in accordance with UK GDPR and contractual obligations.
9. Data Retention
Personal data is retained only for as long as necessary to fulfil recruitment, contractual, and legal obligations.
Data is securely deleted or anonymised when no longer required.
10. Individual Rights
Individuals have rights under UK GDPR, including:
- Right of access
- Right to rectification
- Right to erasure (where applicable)
- Right to restrict or object to processing
- Right to data portability
Requests can be made using the contact details on our website.
11. Data Breaches
Recruitment Direct UK Ltd has procedures in place to:
- Identify and investigate personal data breaches
- Mitigate risks to individuals
- Notify the Information Commissioner’s Office (ICO) where required
- Inform affected individuals where there is a high risk
12. Responsibilities
All staff and representatives of Recruitment Direct UK Ltd are responsible for:
- Protecting personal data
- Following this policy
- Reporting suspected data breaches immediately
Senior management is responsible for ensuring compliance with this policy.
13. Complaints
Any concerns relating to data protection should be raised using our Complaints Policy.
Individuals also have the right to complain to the Information Commissioner’s Office (ICO).
14. Review of This Policy
This policy is reviewed periodically and updated as required to reflect legal or operational changes.
Management Approval & Signature
This policy has been approved by senior management of Recruitment Direct UK Limited and is reviewed regularly to ensure ongoing compliance with legal and regulatory requirements.
Signed:
Name: Steven Peddie
Title: Director
Company: Recruitment Direct UK Limited
Date: 10th of February 2026