Data Protection and GDPR Policy

    Recruitment Direct UK Limited

    Herkimer House

    Mill Road Industrial Estate

    Linlithgow

    EH49 7SF

    Scotland

    United Kingdom

    Document Owner:Recruitment Direct UK Ltd
    Version:1.0
    Effective Date:11 June 2026
    Review Date:11 June 2027

    1. Statement

    Recruitment Direct UK Limited (“RDUK”, “we”, “our” or “us”) is committed to protecting personal data and ensuring compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 and all applicable data protection legislation.

    We recognise the importance of protecting the privacy, confidentiality, integrity and security of personal information entrusted to us by applicants, workers, clients, suppliers and website users.

    2. Purpose

    The purpose of this policy is to:

    • Protect personal information.
    • Ensure compliance with data protection legislation.
    • Promote responsible handling of personal data.
    • Establish clear responsibilities regarding data protection.
    • Reduce the risk of data breaches and unauthorised disclosure.
    • Support the lawful use of AI-assisted technologies within recruitment and compliance operations.

    3. Scope

    This policy applies to:

    • Employees
    • Workers
    • Applicants
    • Clients
    • Contractors
    • Suppliers
    • Business partners

    The policy applies to all personal data processed by Recruitment Direct UK Limited in electronic, digital and paper formats.

    4. Data Protection Principles

    Recruitment Direct UK Limited will ensure that personal data is:

    • Processed lawfully, fairly and transparently.
    • Collected for specified and legitimate purposes.
    • Adequate, relevant and limited to what is necessary.
    • Accurate and kept up to date.
    • Retained only for as long as necessary.
    • Protected through appropriate security measures.
    • Processed in accordance with individuals' rights.

    5. Types of Personal Data

    RDUK may process:

    • Names and contact details.
    • CVs and employment history.
    • Qualifications and training records.
    • Identification documents.
    • Right to work documentation.
    • Payroll and banking information.
    • References.
    • Communications and correspondence.
    • Website usage information.
    • Compliance documentation.
    • Information collected through AI-assisted recruitment and communication systems.

    6. AI-Assisted Compliance and Operations

    Recruitment Direct UK Limited may use artificial intelligence (“AI”), machine learning and automated technologies to support recruitment, communication, compliance, administration and data management activities.

    These technologies may assist with:

    • Applicant screening and assessment.
    • Skills and vacancy matching.
    • Automating communications via telephone, email, SMS and messaging platforms.
    • Document verification and compliance checks.
    • GDPR compliance monitoring.
    • Identifying incomplete, inaccurate or duplicate records.
    • Updating and maintaining recruitment database records.
    • Monitoring document expiry dates and retention periods.
    • Supporting compliance audits and reporting.
    • Recruitment workflow automation.
    • Improving operational efficiency and service delivery.

    RDUK may utilise AI-assisted GDPR compliance technologies to improve the accuracy, quality and maintenance of recruitment database records.

    AI technologies are used to support business operations and regulatory compliance and do not replace human responsibility, accountability or legal obligations.

    All AI-assisted activities remain subject to appropriate human oversight, review and compliance controls. Final recruitment, compliance and business decisions remain subject to human review where appropriate.

    7. Data Security

    Recruitment Direct UK Limited will implement appropriate technical and organisational measures to protect personal data from:

    • Unauthorised access.
    • Unauthorised disclosure.
    • Accidental loss.
    • Alteration or destruction.
    • Misuse or unlawful processing.

    Security measures may include:

    • Access controls.
    • Secure authentication procedures.
    • Encryption technologies.
    • Secure cloud-based systems.
    • Staff awareness and training.
    • System monitoring and auditing.
    • Regular review of security controls.

    8. Data Sharing

    Personal data may be shared where necessary with:

    • Clients and prospective employers.
    • Payroll providers.
    • Umbrella companies.
    • Professional advisers.
    • Technology and software providers.
    • Compliance providers.
    • Government bodies and regulators where legally required.

    All sharing of personal data will be carried out in accordance with applicable legislation and appropriate safeguards.

    9. Data Retention

    Personal data will be retained only for as long as necessary to fulfil recruitment, employment, legal, regulatory and business requirements.

    RDUK may utilise automated and AI-assisted systems to support the monitoring of retention periods and identify records due for review or deletion.

    Data will be securely deleted, destroyed or anonymised when no longer required.

    10. Individual Rights

    Individuals may have the right to:

    • Access their personal data.
    • Correct inaccurate information.
    • Request deletion of information.
    • Restrict processing.
    • Object to processing.
    • Request data portability.
    • Withdraw consent where applicable.

    Requests should be submitted to:

    11. Data Breaches

    Any actual or suspected data breach must be reported immediately.

    Recruitment Direct UK Limited will investigate incidents promptly and take appropriate corrective action.

    Where required by law, breaches will be reported to the Information Commissioner's Office (ICO) and affected individuals.

    12. Training and Awareness

    Recruitment Direct UK Limited will promote awareness of data protection obligations and encourage responsible handling of personal information.

    Employees and workers are expected to comply with data protection requirements and report concerns relating to privacy, security or compliance.

    13. Compliance

    Failure to comply with this policy may result in disciplinary action, termination of engagement, contractual action or referral to regulatory authorities where appropriate.

    14. Review

    This policy will be reviewed annually or sooner if required by legislative, regulatory, technological or business changes.

    Director Approval

    I confirm that this Data Protection and GDPR Policy has been reviewed and approved on behalf of Recruitment Direct UK Limited.

    Name:Steven Peddie
    Position:Director
    Date:11 June 2026
    Signature:
    Steven Peddie Signature__________________________________________

    Compliance, Quality & Security

    Recognised standards supporting consistent, compliant recruitment delivery.

    Constructionline Gold

    Gold Member

    1324569

    Cyber
    Essentials

    Certified

    4686a995

    ISO
    9001:2015

    Quality Management

    GB2006088

    REC
    Membership

    Corporate Member

    00207320

    Verified credentials. Transparent proof. Trusted delivery.