GDPR Candidate Agreement

GDPR Candidate Agreement

GDPR Candidate Agreement

Last Updated: May 2026

This notice explains how RSSW Ltd collects, uses, stores, and processes your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

About UK GDPR and Data Protection Law

The UK General Data Protection Regulation (UK GDPR), alongside the Data Protection Act 2018, sets out the rules organisations must follow when processing personal data. These laws are designed to protect your privacy and ensure your personal information is handled fairly, securely, and transparently.

This notice reflects your rights and our responsibilities as of May 2026.

Data Controller Information

RSSW Ltd is the data controller responsible for your personal data.

Registered Address:
Head Office
The Maltings
East Tyndall Street
Cardiff
South Glamorgan
CF24 5EA
United Kingdom

If you have any questions regarding this notice or how your data is processed, please contact us directly through our website at www.rhinorecruitment.com .

The Information We Collect

To support our recruitment and onboarding services, we may collect and process personal data relevant to your application, employment suitability, placement, onboarding, and ongoing work-related requirements, including:

  • Name, address, and postcode
  • Personal and professional email addresses and telephone numbers
  • CVs and employment history, including salary expectations and job preferences
  • Educational qualifications and reference details
  • Right to work documentation, including passports and visas
  • Payroll, financial, and compliance information, including IR35-related information where applicable
  • Links to publicly available professional profiles, including LinkedIn
  • Photographs voluntarily provided by you
  • Site onboarding and compliance information, which may include health and safety records, training certifications, medical declarations relevant to site access, diversity monitoring information, or criminal conviction checks where required by clients or legislation
  • Additional information relevant to a specific vacancy, client requirement, compliance obligation, or onboarding process where reasonably necessary for recruitment or employment purposes

How We Collect Your Information

Your personal data may be collected through:

  • Direct interactions, including registering on our website, applying for vacancies, telephone conversations, meetings, and emails
  • Participation in our recruitment services, including job alerts, interviews, onboarding processes, and events
  • Engagement with our website, digital forms, surveys, or social media platforms
  • Third-party sources such as job boards, CV databases, LinkedIn, referrals, or publicly accessible professional platforms

Where personal data is obtained from a third-party source or publicly available platform, we will notify you within 30 days of obtaining the information. This will include the source of the data and how we intend to use it.

How We Share Your Information

We may share relevant personal data with clients, payroll providers, compliance partners, onboarding providers, reference providers, and other third parties where reasonably necessary for recruitment, placement, employment, onboarding, or legal and regulatory obligations.

Our Legal Basis for Processing Your Data

We process personal data under one or more of the following lawful bases:

  • Legitimate Interests: Where processing is necessary for the operation of our recruitment and staffing services
  • Contract: Where processing is necessary to enter into or fulfil a contract with you
  • Legal Obligation: Where processing is required to comply with legal or regulatory requirements, including right-to-work checks and employment legislation
  • Special Category Data Conditions: Where we process health information, diversity monitoring data, or criminal conviction information for onboarding, site compliance, or legal obligations, this is processed only where permitted under UK GDPR and the Data Protection Act 2018, with appropriate safeguards in place

Further information on lawful bases can be found on the ICO website: ICO Guide to Data Protection

Where Your Data Is Stored

Your personal data is stored securely within our recruitment systems and associated technologies, including systems hosted on Microsoft Azure infrastructure located within European data centres.

These systems are protected using a range of technical and organisational security measures, including restricted access controls, encryption, monitoring systems, and physical security protections.

International Data Transfers

Some of the systems or service providers we use may process or store data outside the United Kingdom.

Where personal data is transferred internationally, we ensure appropriate safeguards are in place in accordance with UK GDPR requirements, including adequacy regulations or approved contractual safeguards where required.

Data Retention Policy

We retain candidate data for as long as reasonably necessary to provide recruitment services, maintain accurate records, support future employment opportunities, comply with legal obligations, and protect legitimate business interests.

Retention periods are determined based on factors including:

  • The nature and sensitivity of the data
  • The accuracy and ongoing relevance of the information
  • Your engagement with our services
  • Legal, regulatory, financial, and contractual obligations

Candidate records may therefore be retained for longer periods where there is an ongoing legitimate business reason to do so, including maintaining recruitment histories, placement records, compliance documentation, or future employment suitability records.

Where data is no longer required, it may be securely deleted, archived, anonymised, or suppressed to prevent further processing where appropriate.

Automated Decision-Making

We do not make recruitment decisions based solely on automated decision-making or profiling without human involvement.

Cookies and Website Tracking

Our website may use cookies, analytics tools, and tracking technologies to improve user experience, analyse website performance, and support recruitment marketing activities.

Further information about website tracking technologies can be found in our Cookie Policy.

Your Rights Under UK GDPR

Under UK GDPR, you have the right to:

  • Be informed about how your personal data is used
  • Access the personal data we hold about you
  • Request correction of inaccurate or incomplete information
  • Request deletion of your personal data in certain circumstances
  • Restrict or object to certain processing activities
  • Request transfer of your personal data to another organisation
  • Object to automated decision-making and profiling

You may also update or manage your information through your candidate profile where applicable.

Complaints

If you have concerns about how your personal data is handled, we encourage you to contact us directly so we can try to resolve the matter.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO): https://ico.org.uk