Privacy Policy

Platinum & Partners ("we", "us", or "our") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose and safeguard your information when you visit our website or use our recruitment services. As a recruitment agency operating in the United Kingdom, we comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 and all applicable data protection legislation. By using our website and services, you acknowledge that you have read and understood this Privacy Policy and agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please do not access or use our services. Platinum & Partners is the data controller responsible for your personal data. We are committed to being transparent about how we collect and use data and to meeting our data protection obligations.

We collect several types of information from and about users of our services: Personal Identification Information: Name, email address, phone number, postal address, date of birth, national insurance number (where legally required) and emergency contact details. Professional Information: CV/resume, work experience, education qualifications, professional skills and certifications, salary expectations and history, references and right to work documentation. Sensitive Personal Data: With your explicit consent, we may process special category data including health information for reasonable adjustments, diversity monitoring data (ethnicity, disability status) and information about criminal convictions where relevant to the role. Technical Data: IP address, browser type and version, device information, operating system, time zone settings, browser plug-in types and versions and usage data about how you interact with our website. Communication Data: Records of your correspondence with us, including emails, phone call recordings (with notice), messages through our website and feedback. Cookies and Tracking Technologies: We use cookies and similar tracking technologies to track activity on our website. See our Cookie Policy for detailed information. Financial Information: For employers and clients, payment information and billing details processed through secure payment providers.

We process your personal data for the following purposes: Recruitment Services: To match candidates with suitable job opportunities, assess suitability for roles, forward applications to employers, facilitate interviews and manage the recruitment process. Communication: To respond to inquiries, send job alerts and opportunities, provide updates about applications, communicate service changes and provide customer support. Contract Performance: To fulfill our contractual obligations to candidates and employer clients, manage placements and provide ongoing support. Service Improvement: To analyze how our services are used, improve website functionality, enhance user experience and develop new features and services. Legal Compliance: To comply with legal obligations including employment law requirements, tax obligations, right to work checks and anti-money laundering regulations. Marketing: With your explicit consent, to send promotional materials, newsletters, industry insights and information about our services. You can opt out at any time. Security and Fraud Prevention: To protect against fraud, unauthorized access, verify identity and prevent illegal activities. Business Operations: To maintain records, conduct internal research, conduct data analysis and manage business performance. We do not use automated decision-making or profiling that produces legal effects without human oversight.

We process your personal data under the following lawful bases as required by UK GDPR: Consent: You have given clear, informed and freely given consent for us to process your personal data for specific purposes, such as applying for jobs, receiving marketing communications or processing sensitive personal data. You may withdraw consent at any time. Contract Performance: Processing is necessary to fulfill our contract with you (as a candidate or client) or to take steps at your request before entering into a contract, such as processing job applications or providing recruitment services. Legitimate Interests: Processing is necessary for our legitimate business interests, such as improving services, ensuring security, conducting business operations and direct marketing (where consent is not required), provided these interests do not override your fundamental rights and freedoms. Legal Obligation: Processing is necessary to comply with legal requirements, including employment law, tax law, right to work verification, anti-money laundering obligations and responding to legal requests. Vital Interests: In rare circumstances, processing may be necessary to protect vital interests of individuals. For sensitive personal data (special category data), we rely on explicit consent, legal claims, substantial public interest or other specific conditions under UK GDPR Article 9.

We may share your information with the following parties: Employers and Clients: When you apply for a position, we share your application materials, CV and relevant professional information with the employer or client for recruitment purposes. We will always inform you before sharing your information. Service Providers: Carefully selected third-party vendors who perform services on our behalf, including email delivery services, website hosting providers, analytics providers, IT support, payment processors and customer relationship management systems. All service providers are bound by data processing agreements and confidentiality obligations. Professional Advisers: Lawyers, accountants, auditors and insurance providers who require access to personal data to provide professional services. Background Check Providers: With your consent, providers who conduct reference checks, criminal record checks (DBS) or qualification verification. Business Transfers: In the event of a merger, acquisition, reorganization or sale of assets, your information may be transferred to the acquiring entity. You will be notified of any change in ownership or use of your personal information. Legal and Regulatory Authorities: When required by law, court order, regulatory authority or governmental request, or when necessary to protect our rights, property, safety or that of others, enforce our terms, investigate fraud or respond to legal process. With Your Consent: We may share information with third parties when you have given explicit consent. We do not sell, rent or trade your personal information to third parties for their marketing purposes. All information sharing is conducted securely and in compliance with data protection laws.

We retain your personal information only as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Active Candidates: While you actively use our services and for up to 3 years after your last engagement with us, enabling us to contact you about relevant opportunities and maintain service continuity. Inactive Candidates: For candidates who become inactive, we retain basic contact and professional information for up to 3 years. After this period, data will be deleted or anonymized unless you re-engage with our services. Successful Placements: For candidates successfully placed, we retain records for up to 6 years after placement to comply with legal obligations, handle potential claims and provide references. Employer and Client Records: Retained for up to 7 years after the relationship ends to comply with accounting, tax and legal requirements. Marketing Data: Retained until you withdraw consent or up to 3 years of inactivity, whichever is sooner. Legal and Compliance Records: Where required by law, certain records may be retained longer, including for tax purposes (minimum 6 years), legal claims (up to 6 years from potential claim arising) and regulatory requirements. Support and Complaints: Records of inquiries and complaints retained for up to 6 years. You can request deletion of your account and personal information at any time by contacting us. We will comply with deletion requests within one month unless we have legal grounds to retain data.

Under UK GDPR and data protection laws, you have comprehensive rights regarding your personal data: Right to Access: Request access to your personal information and receive a copy of the data we hold about you. You can obtain information about how we process your data and request copies free of charge. Right to Rectification: Request correction of inaccurate, incomplete or out-of-date personal information. We will update records promptly upon verification. Right to Erasure (Right to be Forgotten): Request deletion of your personal information where there is no compelling reason for continued processing, you withdraw consent, object to processing or data was unlawfully processed. Right to Restriction: Request restriction of processing your personal information where you contest accuracy, processing is unlawful but you oppose deletion, we no longer need the data but you require it for legal claims or you have objected to processing pending verification. Right to Data Portability: Request transfer of your personal information to another service provider in a structured, commonly used and machine-readable format where technically feasible. Right to Object: Object to processing of your personal information for direct marketing purposes (we will stop immediately), processing based on legitimate interests or processing for research purposes. Right to Withdraw Consent: Where processing is based on consent, you can withdraw consent at any time without affecting the lawfulness of processing conducted before withdrawal. Rights Related to Automated Decision-Making: Rights regarding automated decision-making and profiling, though we do not engage in solely automated decision-making that produces legal effects. To exercise any of these rights, please contact us using the details provided below. We will respond within one month (extendable by two months for complex requests). You will not be charged for exercising your rights unless requests are manifestly unfounded or excessive. You also have the right to lodge a complaint with the Information Commissioner Office (ICO) if you believe we have not handled your personal information appropriately.

We implement comprehensive technical and organizational security measures to protect your personal information against unauthorized or unlawful processing, accidental loss, destruction, damage, alteration or disclosure. Our security measures include: Technical Safeguards: Encryption of data in transit using TLS/SSL protocols and encryption of sensitive data at rest, secure authentication and authorization systems, regular security assessments and vulnerability testing, intrusion detection and prevention systems and malware protection. Organizational Safeguards: Access controls ensuring only authorized personnel access personal data on a need-to-know basis, employee training on data protection and security best practices, confidentiality agreements with all staff and contractors, secure backup systems and disaster recovery procedures, incident response and data breach procedures and regular security policy reviews and updates. Physical Security: Secure facilities with controlled access, protection of physical documents and media and secure disposal of physical records. Vendor Security: All third-party service providers are required to maintain appropriate security measures and comply with data protection obligations through contractual agreements. Data Minimization: We collect and process only the personal data necessary for specified purposes. Regular Audits: Periodic security audits and assessments to identify and address vulnerabilities. While we implement industry-standard security measures and strive to protect your personal information, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security but we continuously work to maintain and improve the highest security standards. Any suspected security breach will be investigated promptly and affected individuals notified as required by law.

Your information is primarily processed and stored within the United Kingdom and European Economic Area (EEA). However, some information may be transferred to and processed in countries outside the UK/EEA where our service providers operate. When we transfer personal data internationally, we ensure appropriate safeguards are in place to protect your information: Adequacy Decisions: Transfers to countries recognized by the UK government as providing adequate data protection standards. Standard Contractual Clauses (SCCs): We use UK International Data Transfer Agreements or EU Standard Contractual Clauses approved by regulatory authorities when transferring data to countries without adequacy decisions. Binding Corporate Rules: Where applicable, we rely on binding corporate rules for intra-group transfers. Supplementary Measures: Additional technical, organizational and contractual measures to ensure data protection standards equivalent to UK GDPR. Transfer Impact Assessments: We conduct assessments of the laws and practices in destination countries to ensure adequate protection. You can obtain further information about international transfers and the safeguards in place by contacting us. We take all reasonable steps to ensure your data is treated securely and in accordance with this Privacy Policy and applicable data protection laws.

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16 without appropriate consent. Recruitment services are intended for individuals of working age and legally able to enter into employment contracts. Most roles require candidates to be 18 or older. If you are a parent or guardian and believe your child has provided us with personal information without appropriate consent, please contact us immediately using the contact details below. If we become aware that we have collected personal information from a child under 16 without proper parental consent, we will take immediate steps to delete that information from our servers. For candidates aged 16-18, we may require additional consent or verification before processing applications for certain roles or before processing sensitive personal data.

Our website may contain links to third-party websites, services, social media platforms or applications that are not operated or controlled by us. We are not responsible for the privacy practices, content or security of these third parties. When you click on third-party links or interact with third-party services, you leave our website and this Privacy Policy no longer applies. Your interactions with third-party websites are governed by their respective privacy policies and terms of service. Third-party services we may link to include: - Social media platforms (LinkedIn, Twitter, etc.) - Job boards and career sites - Professional networking sites - Industry news and resources - Partner websites and services We encourage you to read the privacy policies and terms of service of any third-party sites you visit or services you use. We do not endorse or make any representations about third-party websites or services. This Privacy Policy applies only to information collected by our website and services operated by Platinum & Partners.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, business operations or for other operational reasons. We review our Privacy Policy regularly to ensure compliance with evolving data protection laws. When we make changes to this Privacy Policy: Notification: We will update the Last Updated date at the top of this policy and, where changes are material or significant, provide additional notice such as by email to registered users, a prominent notice on our website homepage or through an in-app notification. Material Changes: For material changes that expand how we use your personal data, we will seek your consent where required by law. Review Opportunity: We will provide reasonable time for you to review changes before they take effect for material modifications. Continued Use: Your continued use of our services after the effective date of changes constitutes acceptance of the updated Privacy Policy. If you do not agree with changes, you should discontinue use of our services and contact us regarding deletion of your data. Archived Versions: Previous versions of this Privacy Policy may be available upon request. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information and your data protection rights.

If you have questions, concerns or requests regarding this Privacy Policy, our data practices or wish to exercise your data protection rights, please contact us: Platinum & Partners Data Protection Contact Email: info@platinumandpartners.com Phone: +44 (0)203 9419113 For data protection inquiries, privacy requests or to exercise your rights, please mark your correspondence as Data Protection for priority handling. We aim to respond to all legitimate requests within one month. Occasionally it may take longer than one month if your request is particularly complex or you have made multiple requests, in which case we will notify you and keep you updated. Right to Complain: If you believe we have not handled your personal information appropriately or in accordance with data protection law, you have the right to lodge a complaint with the supervisory authority: Information Commissioner Office (ICO) Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF Telephone: 0303 123 1113 Website: www.ico.org.uk We would appreciate the opportunity to address your concerns before you contact the ICO, so please contact us first if possible.