Last updated 22/03/2023

Who are we?

We are Sigma Recruitment Ltd, T111 Titan House, Cardiff Bay Business Centre, Cardiff, CF24 5BS. We provide recruitment services to clients/prospective clients looking to recruit personnel for their businesses.

What does this Policy cover?

This Privacy Policy explains our use of personal data for the individuals listed in the table below.

What personal data do we collect, and why do we use it?

The table below explains who we collect personal data about, what that personal data is and the purpose we process it for.

The last column sets out the ‘lawful basis’ we rely on for processing that personal data which is a requirement of data protection rules. Essentially, companies may only process personal data if they can identify a lawful basis from a list set out in the legislation.


Individual Personal Data Source and Purpose Lawful Basis for Processing
Candidates/Prospective Candidates Name, contact details (address, email, phone numbers), CVs, identification documents, educational records, work history, employment record, video (where a video interview is completed), recording of online meetings via Teams, Zoom or similar and references, correspondence, remuneration details and other personal data provided by you as part of the recruitment or engagement process.

We rarely process special category information such as racial, disability, trade union or health information where you have made this available to us. We ask you not to supply us with special category data.

We collect this information directly from you during the recruitment, engagement and onboarding stages. Or from a third-party provider for example via job boards on which you have posted a CV or from LinkedIn (if you are a first-level connection of a current or previous member of our team or have messaged us expressing interest in a job or our services)

Sometimes we collect information from third parties such as an agent acting on your behalf such as an interim manager or from a third-party recommendation or a person giving a reference.

We do use some publicly available sources to find information about potential candidates, specifically LinkedIn and company websites.

See note below for details of software programs that may be used to source candidate data.

We use this data to make you aware of vacancies via email, LinkedIn/Social Media messages, SMS (mobile and landline), and phone calls (including voicemails). We could also use this data to make you aware of our wider recruitment services for example our, free career/CV review services or example candidate scheme. We use software settings to limit the times in which we contact you to sociable hours, however, there is a chance that due to matters outside our control, you could be contacted at unsociable hours, if this is a major concern then please opt-out – refer to opting out below for details.

Candidates/Prospective candidates should be aware that any information they share with us (verbally or in writing) could be potentially shared with our clients, during an application process or after the process if the candidate is placed in a job by us., in which case the information provided may be passed to their employer/our client.

Candidates/Prospective candidates should note that Sigma Recruitment is not under any obligation to store your details, and can remove them at any time at our discretion.

The processing is necessary for our legitimate interests of assessing suitability for potential roles, to find potential candidates for clients.

Please note we do not consider job information/job alert emails, SMS or calls to be marketing under GDPR/PECR. However, you can of course still opt out of these communications at any time. Please see opting out of communications below for details on how to opt-out.





Contact details (address, email, phone numbers) and correspondence details. Reference contact details may be given to us by candidates as part of the recruitment process.

Other personal data about referees are given to us by you directly.

Our legitimate interest as a business in obtaining references on candidates.
Individuals who contact us with general queries



Contact details provided, correspondence, and any other data supplied. This information is given to us by you.

It is used to respond to the query and keep a record of it. We could respond via LinkedIn/social media messages, email, SMS (to mobiles and landlines), and phone calls (including voicemails). We use software settings to limit the times in which we contact you to sociable hours, however, there is a chance that due to matters outside our control, you could be contacted at unsociable hours, if this is a major concern then please opt-out – refer to opting out below for details.

Our legitimate interests as a business in responding to and keeping a record of correspondence.
Clients, prospective clients, previous clients Name, contact details (address, email, phone numbers), job title, company name, correspondence and notes. recordings of Teams, Zoom or similar meetings This information is given to us by you (email or telephone enquiry), your company or publicly available information (for example on your website), LinkedIn (if you are a first-level connection of a current or previous member of our team or have engaged with us via a message/connection request) or a third-party data provider. See the list below of software programs/data suppliers that may be used to obtain data. Note that sometimes programs are used in conjunction with each other to enrich the data.


It is used for us to fulfil contracts and engage in business discussions. and also for business development and marketing to make you aware of our recruitment services and candidates via LinkedIn/social media messages, email, SMS (mobiles and landlines), and phone calls (including voicemails). It might be that we contact you on a personal mobile if you are using this in a business capacity/or if we think you are. We use software settings to limit the times in which we contact you to sociable hours, however, there is a chance that due to matters outside our control, you could be contacted at unsociable hours, if this is a major concern then please opt-out – refer to opting out below for details.

We may upload phone numbers to Selectabase or similar providers to check the number against the TPS, CTPS register.

You can opt out at any time see opting-out below.

Our legitimate interests as a business in responding to and keeping a record of correspondence. And also for our legitimate interest of direct marketing, marketing services and/or candidates to you.

Some information is also necessary for us to perform any contract we have with you.

We class all types of clients as “corporate subscribers” for GDPR/PECR purposes unless companies are sole traders or non-limited partnerships, in which case we try to avoid data collection from third-party sources.

Coaching clients (ie where you are a client of ours we are providing coaching services to) Contact details, correspondence, assessments, the information provided, analysis and recommendations and opinions.

Special category information such as health, disability or ethnicity or racial information is only processed if provided by you.

This information is given to us by you.


Occasionally we undertake feedback sessions as part of coaching which may involve the provision of information about you from other people known to or nominated by you.


We use the information to provide our coaching services to you.

Our legitimate interests as a business in providing coaching services. Some information may also be necessary specifically for us to perform the contract.

We only process special category data with your express consent.


Suppliers and contractors (and prospective suppliers/contractors) Contact details (address, email, phone number), any provided data and correspondence. This information is given to us by you or from publicly available information (for example on your website).


It is used for us to fulfil contracts and engage in business discussions.

Our legitimate interests as a business in responding to and keeping a record of correspondence. Some information is also necessary for us to perform our contract – for example certain contact details.
Website Visitors Information from cookies. For more details see our Cookie Policy. This information is collected via the cookies when you use our website.

Necessary, functional, analytics, performance, advertisement, and others. For more details see our Cookie Policy.

We only install non-essential cookies with your consent. For more details see our Cookie Policy.

Where we have indicated in the table above that we rely on legitimate interests for the processing of personal data, we carry out a ‘balancing’ test to ensure that our processing is necessary and that your fundamental rights of privacy are not outweighed by our legitimate interests, before we go ahead with such processing.

Where we obtain data, third-party data, and software/tools used. 

Where we collect or screen candidate/prospective candidate, and client/prospective client, previous client information through sources as set out above, we may do this with the aid of software programs or third-party data suppliers such as but not exclusive to (Cognism, Zimplify, Dun & Bradstreet, Apollo, Pipl, ZenLeads Inc, ZenProspect, ZoomInfo, BoardEx, Kaspr, Pipl, Coresignal, Sparkhire, Lusha, Selectabase Ltd, SignalHire, Rocket, LinkedIn, Lempire, NeverBounce, Zapier, People Data Labs,, Highr Pattern Inc, Deeptrace (Coresignal), ChatGPT, Gemini, Co-pilot, etc). These programs/suppliers are given parameters and search through available sources to find candidate/prospective candidates and client/prospective client data. These programs/suppliers are instructed to only output information that meets the search criteria. The parameters of this program/suppliers are restricted to only searching for information/data from sites where there is a reasonable expectation that such information may be collected and further processed by recruiters for the purpose of sourcing candidates/prospective candidates for job roles or making clients/prospective clients aware of candidates, recruitment services and market information, including direct marketing of recruitment services. Where any client data is collected, this data is treated as a “corporate subscriber”, we attempt to exclude all data from contacts at sole traders or partnerships, unless provided to us. If you would like more information on how and where we obtained your data then please email and quote “data source”. Clients and candidates (all types), should note that we may use email/messaging sequencing software to contact you examples of such programs are Mailerlite, Apollo, ZenProspect, ZenLeads Inc, Lempire List, Zimplify, Sendy, and any other similar tools, some of which may integrate with our CRM database.

Data cleaning and data input and TPS/CTPS checking

We may use tools such as NeverBouce(ZoomInfo) or similar to check the validity of emails, and we may use Zapier or similar data automation tools to move data around within our systems.

We use tools such as Selectabase to check numbers against the TPS&CTPS register.

Special Category Data

We strictly request that you do not supply us with any of the below data unless we specifically request it as part of our client’s recruitment/onboarding process (which you have the right to refuse):-

If you choose to supply us with any of the above data you agree to indemnify Sigma Recruitment and its staff against any losses or claims arising from your supply of this data.

How long do we keep your personal data for?

We keep your information only for as long as is necessary for the relevant purpose. For example, if we have a contract with you, this will be for 6.5 years after expiry in order to assist us with any contractual claims. We use a number of criteria for determining the retention period including obligations under the law, our need to defend or bring contractual claims within the statutory limitation period and consideration of the original purpose we collected it for.

Who do we share your personal data with?

Data may be shared with the following parties:-

 What happens if you do not provide us with the information we request or ask that we stop processing your information?

If you do not provide the personal data necessary, we may not be able to respond to your query or consider your application or request or match you with available role opportunities or provide the relevant services to you.

Do we make automated decisions concerning you?

Automated decisions are those made without human intervention that has a legal effect on you or another similarly significant effect (for example determining whether you are eligible for a job). For candidates, we may make automated decisions about you during the assessment stage of any recruitment process. We put candidates through a structured screening process to assess whether each candidate meets the specific criteria for a particular position. These assessments may be fully automated e.g. online pre-screening tests. As these assessments may result in a candidate being deemed not suitable for a position by means of a solely automated assessment, we only undertake this activity with the candidate’s explicit consent. We also carry out personality profiling on candidates with the candidate’s consent.

Opting out of communications – you can opt-out or pause communications at any time. 

Flexible opt-out

If you wish to opt out of one or more methods of contact but are happy to be contacted by another please email with your full name, and state which methods you want to unsubscribe from, for example, please unsubscribe from SMS/text, but continue to email and call me. Or please unsubscribe from email and SMS but continue to call me.

Caution on opt-out

If you opt out, but we see you are active again on the job boards, apply for a position handled by Sigma Recruitment, submit details on our website, engage with us on LinkedIn or submit details via email. We may contact you again, as it is reasonable to assume that you wish to be made aware of new jobs, and recruitment services again. If you don’t want to be contacted by Sigma or other recruitment agencies, remove your details from all the job boards you registered with; if you are active on the job boards, there is a risk that recruiters will contact you. If you don’t want to be contacted specifically by Sigma Recruitment, then email with “permanent unsubscribe”. For clients or prospective clients, it’s likely that we will contact you again if you move to a new company with a new business email address, and or new telephone numbers. 


If you opt out of all communications, we will not be able to keep you updated with our latest jobs, and you may miss out on some fantastic opportunities.

Call Recording

We may record telephone calls in and out of our organisation for training and monitoring purposes.

Do we transfer your data outside the UK and Europe?

We may sometimes transfer your personal data to countries outside the UK and European Economic Area, for example, to our group companies, or suppliers, if we are either using a supplier or working with a client based elsewhere. You can find the list of European member states by clicking on the following link: The privacy laws in countries outside the UK and European Economic Area may be different from those in your home country.

At present, we transfer personal data to the following countries outside of the UK and European Economic Area: including South Africa, The Philippines, Australia, India, the USA, and Canada.

Where we transfer data to a country that has not been deemed to provide adequate data protection standards, we always have security measures and approved model clauses or other adequate safeguards in place to protect your personal data. Please contact us if you would like more details about our safeguards for data transfers.

What rights do you have in relation to the data we hold on you?

By law, you have a number of rights when it comes to your personal data. Further information and advice about your rights can be obtained from the data protection regulator in your country. In the UK this is the Information Commissioner.

We usually act on requests and provide information free of charge, but may charge a reasonable fee to cover our administrative costs of providing the information for:

Alternatively, we may be entitled to refuse to act on the request in some circumstances.

Please consider your request responsibly before submitting it. We’ll respond as soon as we can. Generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we’ll come back to you and let you know.


Rights What does this mean?
1.         The right to be informed You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we’re providing you with the information in this Privacy Policy. If you have any additional questions, for example regarding transfers and locations of data or our legitimate interests basis, do please get in touch.
2.         The right of access You have the right to obtain access to your information (if we are processing it), and certain other information (similar to that provided in this Privacy Policy).

This is so you’re aware and can check that we’re using your information in accordance with data protection law.

3.         The right to rectification You are entitled to have your information corrected if it’s inaccurate or incomplete.
4.         The right to erasure This is also known as the right to be forgotten and, in simple terms, enables you to request the deletion or removal of your information where there is no compelling reason for us to keep using it. This is not a general right, there are exceptions.
5.         The right to restrict processing You have rights to ‘block’ or suppress further use of your information. When processing is restricted, we can still store your information, but may not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in future.
6.         The right to data portability You have rights to obtain and reuse your personal data for your own purposes across different services. This is not a normal scenario for companies of our nature but if you have any questions you can contact us.
7.         The right to object to processing You have the right to object to certain types of processing, including processing for direct marketing or where we are relying on our legitimate interests for processing (e.g. if you no longer want to be contacted with potential role opportunities).
8.         The right to lodge a complaint You have the right to lodge a complaint about the way we handle or process your personal data with your national data protection regulator.
9.         The right to withdraw consent


If you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal data with your consent up to that point is unlawful). This includes your right to withdraw consent to us using your personal data for marketing purposes.


All individuals listed in the table above and who agree to this policy, for example, Candidates, Prospective Candidates, Clients, Prospective Clients and Previous Clients, agree that all communication between Sigma Recruitment Ltd and them is confidential and that communications will not be shared with any third party unless there is a legal obligation for them to do so.

Updating this Privacy Policy

This Privacy Policy may be updated periodically to reflect changes in personal data protection legislation and best practices. When we make changes to this Privacy Policy, we will change the “last updated” date above and our communications will always link to the latest version.

How can you contact us?

If you are unhappy with how we’ve handled your information or have further questions on the processing of your personal data, or how we obtained it, please contact us via or 02920 450 100

© Sigma Recruitment Ltd. 2020 Company Number 5659374 | VAT No: 869514188 | Terms of Service | Cookie Policy | Privacy Policy