Home  /  GDPR Policy
Legal

GDPR Policy

How we collect, use, store, disclose and protect personal data, in full compliance with the UK GDPR and the Data Protection Act 2018.

1. Introduction

Oakmyre Limited (“we”, “us”, or “our”) is dedicated to protecting the privacy and security of personal information in full compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This policy explains how we collect, use, store, disclose, and protect personal data relating to job seekers (“Candidates”), clients (“Clients”), suppliers, and other individuals we interact with during our recruitment and business activities.

We take our data protection responsibilities seriously and aim to be transparent, fair, and accountable in everything we do.

2. About Us

  • Data Controller: Oakmyre Limited
  • Company Registration Number: 16609903
  • Registered Address: 71 to 75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom
  • Email: info@oakmyre.com
  • Telephone: 07980 012671
  • Website: www.oakmyre.com

3. What Personal Data We Collect

The information we collect depends on your relationship with us, for example, whether you are a Candidate, Client, or Supplier.

3.1. Candidates

We may collect:

  • Identity Information: Full name, date of birth, gender, nationality.
  • Contact Information: Address, email address, and telephone numbers.
  • Employment and Education Data: CV or resume, career history, job titles, employers, dates of employment, qualifications, training, professional memberships, and references.
  • Application Details: Cover letters, interview notes, assessment results, and feedback.
  • Right to Work Information: Documents required to confirm your eligibility to work in the UK.
  • Financial Data (where relevant): Bank details for payment or payroll (temporary or contract placements only).

Special Category (Sensitive) Data

  • Diversity Information: Ethnicity, religion or belief, sexual orientation, and disability status, collected only with explicit consent for diversity monitoring, anonymised where possible, and entirely optional.
  • Health Information: Details of any health conditions or disabilities that help us provide reasonable adjustments or comply with health and safety law.
  • Criminal Record Data: Where legally permissible and relevant to certain roles (e.g., DBS checks).

3.2. Clients

We may collect:

  • Identity Information: Name and job title.
  • Contact Information: Company name, address, email, and telephone numbers.
  • Professional Information: Recruitment requirements, job descriptions, interview feedback, and contractual details.

3.3. Suppliers and Other Third Parties

We may collect:

  • Identity and Contact Information: Name, job title, company name, address, email, and phone numbers.
  • Financial Information: Bank details for invoicing and payment.
  • Professional Information: Service-related data and communications.

4. How We Obtain Personal Data

Personal data may be collected in the following ways:

Directly from you: When you send your CV, apply for a job, contact us by phone or email, attend interviews, or complete online forms.

From third-party sources:

  • Job boards or recruitment platforms where you post your CV.
  • Professional networks such as LinkedIn.
  • Referrals from other Candidates or Clients (with consent).
  • Publicly available information, including company websites.
  • Background screening or reference providers, with your consent.

5. How We Use Personal Data

5.1. For Candidates

We use personal data to:

  • Deliver recruitment services and assist with job searches.
  • Match your experience and skills to appropriate roles.
  • Communicate about job opportunities, applications, and interviews.
  • Share your details with Clients for potential roles (with your consent or where legitimate interest applies).
  • Conduct background or reference checks with your approval.
  • Comply with legal and regulatory duties such as right-to-work verification.
  • Support internal record keeping, service analysis, and business improvement.
  • Monitor diversity and equality (using anonymised data and explicit consent).

5.2. For Clients

We process Client data to:

  • Provide recruitment and consultancy services.
  • Maintain communication about vacancies, placements, and contracts.
  • Manage and fulfil business relationships.
  • Carry out billing, accounting, and administration.
  • Improve our services and maintain client records for legitimate business purposes.

5.3. For Suppliers and Other Individuals

We process data to:

  • Manage service delivery and contractual obligations.
  • Handle invoicing and payments.
  • Maintain business and operational records.

6. Legal Bases for Processing Personal Data

Under UK GDPR, we must identify a lawful basis for each processing activity. Oakmyre Limited relies on the following:

  • Consent: Where you have provided clear permission for a specific purpose (e.g., forwarding your CV to a Client, collecting diversity information). You can withdraw consent at any time.
  • Contract: When processing is necessary to perform or prepare a contract (e.g., introducing Candidates to Clients, or delivering agreed services).
  • Legitimate Interests: When processing is necessary for our business interests or those of a third party, provided your rights are not overridden. We carry out Legitimate Interest Assessments (LIAs) to ensure fairness. Examples include maintaining a talent database for future roles, keeping Client contact records for business development, and analysing data to improve our services and systems.
  • Legal Obligation: To comply with laws such as employment, tax, and immigration regulations.
  • Vital Interests: To protect an individual’s life (used only in rare cases).
  • Public Task: Generally not applicable to Oakmyre Limited as a private company.

Special Category Data is processed only under additional lawful grounds, including:

  • Explicit Consent;
  • Employment and Social Protection Law obligations;
  • Substantial Public Interest in accordance with UK law.

7. Sharing Personal Data

We may share personal data with:

  • Clients: For the purpose of considering Candidates for roles (with consent or under legitimate interest).
  • Service Providers and Business Partners: Including IT, CRM and ATS providers, payroll processors, professional advisers, and background screening companies. All are bound by confidentiality and data protection agreements.
  • Regulatory or Legal Authorities: Where disclosure is required by law or necessary to protect legal rights.
  • Professional Advisers: Accountants, auditors, legal representatives, and insurers.
  • Potential Buyers or Investors: If Oakmyre Limited undergoes a merger, sale, or restructuring.

We never sell or rent personal data to third parties.

8. International Data Transfers

Oakmyre Limited primarily stores and processes personal data in the UK. If we transfer data outside the UK, we ensure appropriate safeguards are in place, including:

  • Transfers to countries with UK adequacy decisions;
  • Use of ICO-approved Standard Contractual Clauses (SCCs); or
  • Your explicit consent for the transfer.

9. Data Security

We maintain robust security standards to protect data from unauthorised access, alteration, loss, or misuse. Measures include:

  • Controlled staff access to systems and records;
  • Encryption of sensitive data where appropriate;
  • Secure network and firewall configuration;
  • Regular data backups and recovery planning;
  • Ongoing staff training on data protection;
  • Secure storage of physical records and devices.

10. Data Retention

We retain personal data only for as long as needed to meet the purposes outlined in this policy and any legal, contractual, or reporting requirements.

Candidates

  • Successful placements: data forms part of the employment or assignment record and is retained as required by law or contract.
  • Unsuccessful or speculative Candidates: data is retained for 24 months from the last contact, then securely deleted or anonymised unless consent is renewed for future opportunities.

Clients and Suppliers

Data is retained for the period of our working relationship and for seven (7) years afterwards to meet accounting and legal requirements.

11. Your Data Protection Rights

You have the following rights under UK GDPR:

  • Right to be Informed, about how we collect and use your data.
  • Right of Access, to request copies of your personal data.
  • Right to Rectification, to correct inaccurate or incomplete information.
  • Right to Erasure (“Right to be Forgotten”), to request deletion where data is no longer required or consent withdrawn.
  • Right to Restrict Processing, to limit how we use your data.
  • Right to Data Portability, to obtain and reuse your data across different services.
  • Right to Object, to processing based on legitimate interests or direct marketing.
  • Rights relating to Automated Decision-Making and Profiling, to object to decisions made solely by automated means.

Requests to exercise these rights can be made by contacting us via the details in Section 2. We aim to respond within one month.

12. Updates to This Policy

We may update this GDPR Policy to reflect legal changes or operational developments. The latest version will always be available on our website, and where appropriate, we will notify you of significant updates.

13. Complaints

If you have any concerns about how we process your personal data, please contact us at: Email: info@oakmyre.com, Telephone: 07980 012671.

If you are not satisfied with our response, you can contact the Information Commissioner’s Office (ICO):

  • Information Commissioner’s Office (ICO)
  • Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
  • Helpline: 0303 123 1113
  • Website: www.ico.org.uk