Information Security Policy

    Recruitment Direct UK Limited

    Herkimer House

    Mill Road Industrial Estate

    Linlithgow

    EH49 7SF

    Scotland

    United Kingdom

    Document Owner:Recruitment Direct UK Ltd
    Version:1.0
    Effective Date:11 June 2026
    Review Date:11 June 2027

    1. Statement

    Recruitment Direct UK Limited (“RDUK”, “we”, “our” or “us”) is committed to protecting the confidentiality, integrity and availability of information entrusted to the business.

    We recognise that information security is essential to maintaining the trust of applicants, workers, clients, suppliers and business partners and to ensuring compliance with legal, regulatory and contractual obligations.

    2. Purpose

    The purpose of this policy is to:

    • Protect company information and data assets.
    • Prevent unauthorised access, disclosure, loss or misuse of information.
    • Support compliance with UK GDPR and data protection legislation.
    • Promote secure working practices.
    • Reduce information security risks.
    • Support business continuity and operational resilience.

    3. Scope

    This policy applies to:

    • Employees
    • Workers
    • Directors
    • Contractors
    • Consultants
    • Suppliers
    • Third parties with authorised access to company systems or information

    The policy applies to all information held or processed by Recruitment Direct UK Limited in electronic, digital and physical formats.

    4. Information Security Principles

    Recruitment Direct UK Limited is committed to ensuring that information is:

    • Protected against unauthorised access.
    • Accurate and reliable.
    • Available when required for legitimate business purposes.
    • Processed securely and lawfully.
    • Retained and disposed of appropriately.

    5. AI-Assisted Information Security

    Recruitment Direct UK Limited may utilise artificial intelligence (“AI”), machine learning and automated technologies to support information security, compliance and operational activities.

    These technologies may assist with:

    • Monitoring system activity.
    • Identifying duplicate, incomplete or inaccurate records.
    • Supporting GDPR compliance activities.
    • Monitoring document expiry dates and compliance requirements.
    • Supporting recruitment database maintenance.
    • Identifying potential security or compliance risks.
    • Supporting audit and reporting processes.

    All AI-assisted activities remain subject to appropriate human oversight and review.

    6. Access Control

    Access to company systems, databases and information will be restricted to authorised individuals who require access for legitimate business purposes.

    Users are responsible for:

    • Protecting passwords and login credentials.
    • Preventing unauthorised access.
    • Reporting suspected security incidents.
    • Following company security procedures.

    7. Information Handling

    Information must be:

    • Stored securely.
    • Shared only where authorised and necessary.
    • Protected against loss, theft or unauthorised disclosure.
    • Disposed of securely when no longer required.

    Particular care must be taken when handling personal data, confidential information and commercially sensitive information.

    8. Cyber Security

    Recruitment Direct UK Limited will implement appropriate technical and organisational measures to protect information systems.

    These measures may include:

    • Secure authentication controls.
    • Access management procedures.
    • Antivirus and malware protection.
    • System monitoring.
    • Secure cloud-based systems.
    • Data backup procedures.
    • Software updates and security patching.

    9. Incident Reporting

    Any actual or suspected information security incident must be reported immediately.

    Examples include:

    • Data breaches.
    • Unauthorised access.
    • Phishing attempts.
    • Loss of devices or information.
    • Malware or cyber security incidents.

    Incidents will be investigated and managed appropriately.

    10. Compliance

    Failure to comply with this policy may result in disciplinary action, termination of engagement, contractual action or referral to relevant authorities where appropriate.

    11. Review

    This policy will be reviewed annually or sooner if required by legislative, regulatory, technological or business changes.

    Director Approval

    I confirm that this Information Security Policy has been reviewed and approved on behalf of Recruitment Direct UK Limited.

    Name:Steven Peddie
    Position:Director
    Date:11 June 2026
    Signature:
    Steven Peddie Signature__________________________________________

    Compliance, Quality & Security

    Recognised standards supporting consistent, compliant recruitment delivery.

    Constructionline Gold

    Gold Member

    1324569

    Cyber
    Essentials

    Certified

    4686a995

    ISO
    9001:2015

    Quality Management

    GB2006088

    REC
    Membership

    Corporate Member

    00207320

    Verified credentials. Transparent proof. Trusted delivery.