Last updated 21/09/2024
Who are we?
We are Sigma Recruitment Ltd, Titan House, Cardiff Bay Business Centre, Cardiff, CF24 5BS. We provide recruitment services to clients/prospective clients looking to recruit personnel for their businesses.
What does this Policy cover?
This Privacy Policy explains our use of personal data for the individuals listed in the table below.
What personal data do we collect, and why do we use it?
The table below explains who we collect personal data about, what that personal data is and the purpose we process it for.
The last column sets out the ‘lawful basis’ we rely on for processing that personal data which is a requirement of data protection rules. Essentially, companies may only process personal data if they can identify a lawful basis from a list set out in the legislation.
Individual | Personal Data | Source and Purpose | Lawful Basis for Processing |
Candidates/Prospective Candidates | Name, contact details (address, email, phone numbers), CVs, identification documents, educational records, profile picture, work history, links to social media profiles, employment record, video (where a video interview is completed), recording of online meetings via Teams, Zoom or similar and references, correspondence, remuneration details and other personal data provided by you as part of the recruitment or engagement process.
We rarely process special category information such as racial, disability, trade union or health information where you have made this available to us. We ask you not to supply us with special category data. |
We collect this information directly from you during the recruitment, engagement and onboarding stages. Or from a third-party provider for example via job boards (Totaljobs, Jobsite, CV-Library, Indeed, Reed, or similar) on which you have posted a CV or from LinkedIn (if you are a first-level connection of a current or previous member of our team or have messaged us expressing interest in a job or our services)
Sometimes we collect information from third parties such as an agent acting on your behalf such as an interim manager or from a third-party recommendation or a person giving a reference. We do use some publicly available sources to find information about potential candidates, specifically LinkedIn and company websites. See note below “Where we obtain your data” section for full details of suppliers/tools that may be used to source and process your data. We use this data to make you aware of vacancies via email, LinkedIn/Social Media messages, SMS (mobile and landline), and phone calls (including voicemails). We could also use this data to make you aware of our wider recruitment services for example our, free career/CV review services or example candidate scheme. We use software settings to limit the times in which we contact you to sociable hours, however, there is a chance that due to matters outside our control, you could be contacted at unsociable hours, if this is a major concern then please opt-out – refer to opting out below for details. Candidates/Prospective candidates should be aware that any information they share with us (verbally or in writing) could be potentially shared with our clients, during an application process or after the process if the candidate is placed in a job by us., in which case the information provided may be passed to their employer/our client. Candidates/Prospective candidates should note that Sigma Recruitment is not under any obligation to store your details, and can remove them at any time at our discretion. AI we may upload data to AI tools such as Chat GPT, Gemini, Apple AI, Co-Pilot or other AI tools for the purpose of supporting our marketing of Candidates/Prospective candidates’ details to Clients/Prospective Clients. Data Verification: we may provide details to data verification tools such as Never Bounce or other email checking tools. This is to check the data we hold is accurate. We may upload phone numbers to Selectabase or similar providers to check the number against the TPS, and CTPS register. When you give us permission to present your CV to a client, your details, including your CV, will be uploaded to a third-party online CV portal to give the client access to your details, this software uses AI tools such as ChatGPT to review your CV and suggest wording to the overview that the client sees, it does not amend your CV. |
The processing is necessary for our legitimate interests of assessing suitability for potential roles, to find potential candidates for clients.
Please note we do not consider job information/job alert emails, SMS or calls to be marketing under GDPR/PECR. However, you can of course still opt out of these communications at any time. Please see opting out of communications below for details on how to opt-out.
|
References/
referees |
Contact details (address, email, phone numbers), links to social media profiles, profile picture, and correspondence details. | Reference contact details may be given to us by candidates as part of the recruitment process.
Other personal data about referees are given to us by you directly. See note below “Where we obtain your data” section for full details of suppliers/tools that may be used to source and process your data. |
Our legitimate interest as a business in obtaining references on candidates. |
Individuals who contact us with general queries
|
Contact details provided, correspondence, links to social media profiles, profile picture, and any other data supplied. | This information is given to us by you.
It is used to respond to the query and keep a record of it. We could respond via LinkedIn/social media messages, email, SMS (to mobiles and landlines), and phone calls (including voicemails). We use software settings to limit the times in which we contact you to sociable hours, however, there is a chance that due to matters outside our control, you could be contacted at unsociable hours, if this is a major concern then please opt-out – refer to opting out below for details. AI we may upload data to AI tools such as Chat GPT, Gemini, Apple AI, Co-Pilot or other AI tools for the purpose of supporting our marketing Data Verification we may provide details to data verification tools such as Never Bounce or other email checking tools. This is to check the data we hold is accurate. We may upload phone numbers to Selectabase or similar providers to check the number against the TPS, CTPS register. See note below “Where we obtain your data” section for full details of suppliers/tools that may be used to source and process your data. |
Our legitimate interests as a business in responding to and keeping a record of correspondence. |
Clients, prospective clients, previous clients | Name, contact details (address, email, phone numbers), job title, company name, correspondence and notes. recordings of Teams, Zoom or similar meetings, profile picture, links to social media profiles. | This information is given to us by you (email or telephone enquiry), your company or publicly available information (for example on your website), LinkedIn (if you are a first-level connection of a current or previous member of our team or have engaged with us via a message/connection request), a third-party data provider (for example Apollo), from an email signature or an out of office email from another person within your company. See the list below of software programs/data suppliers that may be used to obtain data. Note that sometimes programs are used in conjunction with each other to enrich the data.
It is used for us to fulfil contracts and engage in business discussions. And also for business development and marketing to make you aware of our recruitment services and candidates via LinkedIn/social media messages, email, SMS (mobiles and landlines), and phone calls (including voicemails). It might be that we contact you on a personal mobile if you are using this in a business capacity/or if we think you are. We use software settings to limit the times in which we contact you to sociable hours, however, there is a chance that due to matters outside our control, you could be contacted at unsociable hours, if this is a major concern then please opt-out – refer to opting out below for details. AI we may upload data to AI tools such as Chat GPT, Gemini, Apple AI, Co-Pilot or other AI tools; these tools are not used for fully automated decision-making regarding candidates or prospective candidates. Generally, these tools are used to help us evaluate data and improve job adverts, marketing, CV profiles and overviews, and candidate focus profiles (where we have consent to produce a profile). We may also use these tools as part of the recruitment process, including assessing candidate/prospective candidate suitability, but a human will make the final decision. Data Verification we may provide details to data verification tools such as Never Bounce or other email and data checking tools. This is to check the data we hold is accurate. We may upload phone numbers to Selectabase or similar providers to check the number against the TPS, CTPS register. See note below “Where we obtain your data” section for full details of suppliers/tools that may be used to source and process your data. You can opt out at any time see opting-out below. |
Our legitimate interests as a business in responding to and keeping a record of correspondence. And also for our legitimate interest of direct marketing, marketing recruitment services and/or candidates to you.
Some information is also necessary for us to perform any contract we have with you. We class all types of clients as “corporate subscribers” for GDPR/PECR purposes unless companies are sole traders or non-limited partnerships, in which case we try to avoid data collection from third-party sources. |
Coaching clients (ie where you are a client of ours we are providing coaching services to) | Contact details, correspondence, assessments, profile picture, links to social media profiles, the information provided, analysis and recommendations and opinions.
Special category information such as health, disability or ethnicity or racial information is only processed if provided by you. |
This information is given to us by you.
Occasionally we undertake feedback sessions as part of coaching which may involve the provision of information about you from other people known to or nominated by you.
We use the information to provide our coaching services to you. See note below “Where we obtain your data” section for full details of suppliers/tools that may be used to source and process your data. |
Our legitimate interests as a business in providing coaching services. Some information may also be necessary specifically for us to perform the contract.
We only process special category data with your express consent.
|
Suppliers and contractors (and prospective suppliers/contractors) | Contact details (address, email, phone number), profile picture, links to social media profiles, any provided data and correspondence. | This information is given to us by you or from publicly available information (for example on your website).
It is used for us to fulfil contracts and engage in business discussions. See note below “Where we obtain your data” section for full details of suppliers/tools that may be used to source and process your data. |
Our legitimate interests as a business in responding to and keeping a record of correspondence. Some information is also necessary for us to perform our contract – for example certain contact details. |
Website Visitors | Information from cookies. For more details see our Cookie Policy. | This information is collected via the cookies when you use our website.
Necessary, functional, analytics, performance, advertisement, and others. For more details see our Cookie Policy. |
We only install non-essential cookies with your consent. For more details see our Cookie Policy. |
Where we have indicated in the table above that we rely on legitimate interests for the processing of personal data, we carry out a ‘balancing’ test to ensure that our processing is necessary and that your fundamental rights of privacy are not outweighed by our legitimate interests, before we go ahead with such processing.
Where we obtain data, third-party data, and software/tools used.
Data and third-party data
Where we collect, enhance, compare or screen data through third parties, we may do this with the aid of software tools or third-party data suppliers and websites such as but not exclusive to (Cognism, Zimplify, Dun & Bradstreet, Apollo, Pipl, ZenLeads Inc, ZenProspect, ZoomInfo, BoardEx, Kaspr, Pipl, Coresignal, Sparkhire, Lusha, Selectabase, Clearbit, Hubspot, SignalHire, Rocket, LinkedIn, X/Twitter, Facebook, TikTock, Instagram, Lempire, NeverBounce, Zapier, People Data Labs, Woo.io, Highr Pattern Inc, Angellist, Gravatar, Deeptrace (Coresignal), ChatGPT, Gemini, Co-pilot, etc). These programs/suppliers are given parameters and search through available sources to find candidate/prospective candidates and client/prospective client data. These programs/suppliers are instructed to only output information that meets the search criteria. The parameters of this program/suppliers are restricted to only searching for information/data from sites where there is a reasonable expectation that such information may be collected and further processed by recruiters for the purpose of sourcing candidates/prospective candidates for job roles or making clients/prospective clients aware of candidates, recruitment services and market information, including direct marketing of recruitment services. Where any client data is collected, this data is treated as a “corporate subscriber”, we attempt to exclude all data (for marketing) from contacts at sole traders or partnerships, unless provided to us.
If you would like more information on how and where we obtained your data, please email info@sigmarecruitment.co.uk and quote “data source”. Many of the listed suppliers also allow you to opt-out if you contact them directly.
Email Tools
Note that we may use email/messaging sequencing software to contact you examples of such programs are Mailerlite, Apollo, Superhuman Email, ZenProspect, ZenLeads Inc, Lempire List, Zimplify, Sendy, Bullhorn Automation/Herefish and any other similar tools, some of which may also integrate with our CRM database. Many of the suppliers listed will also enable you to opt-out if you contact them directly.
Note with Superhuman Email: Publicly available information, such as publicly available social media information about users and Non-Users and other details that may be aggregated and provided to Superhuman by third-party data providers. The types of data they receive may depend on your privacy settings with the relevant social networks and the types of data available to their data providers. Therefore, the data being pulled in by Superhuman will be restricted by your user account settings, which you configure within your social media profiles. You can opt-out from Clearbit Data by emailing privacy@clearbit.com.
Data cleaning/data input and TPS/CTPS checking software tools
We may use tools such as NeverBouce(ZoomInfo) or similar to check the validity of emails, and we may use Zapier or similar data automation tools to move data around within our systems.
We use tools such as Selectabase to check numbers against the TPS&CTPS register.
AI Software Tools
ChatGPT (including via Candide.ly CV portal, Gemini, Co-Pilot, Apple AI, Superhuman Email and similar AI tools- these tools are not used for fully automated decision-making regarding candidates or prospective candidates. Generally, these tools are used to help us evaluate data, marketing, to improve job adverts, CV profiles and overviews, and candidate focus profiles (where we have consent to produce a profile). We may also use these tools as part of the recruitment process, including assessing candidate/prospective candidate suitability, but a human will make the final decision.
Special Category Data
We strictly request that you do not supply us with any of the below data unless we specifically request it as part of our client’s recruitment/onboarding process (which you have the right to refuse):-
- personal data revealing racial or ethnic origin;
- personal data revealing political opinions;
- personal data revealing religious or philosophical beliefs;
- personal data revealing trade union membership;
- genetic data;
- biometric data (where used for identification purposes);
- data concerning health;
- data concerning a person’s sex life; and
- data concerning a person’s sexual orientation.
- details of criminal allegations, proceedings or convictions
If you choose to supply us with any of the above data, you agree to indemnify Sigma Recruitment and its staff against any losses or claims arising from your supply of this data.
How long do we keep your personal data for?
We keep your information only for as long as is necessary for the relevant purpose. For example, if we have a contract with you, this will be for 6.5 years after expiry in order to assist us with any contractual claims. We use a number of criteria for determining the retention period including obligations under the law, our need to defend or bring contractual claims within the statutory limitation period and consideration of the original purpose we collected it for.
Who do we share your personal data with?
Data may be shared with the following parties:-
- Where you are a candidate/prospective candidate, we share your personal data with the client who has a position to fill in order to determine with the client whether you are a good fit for an available position;
- With professional advisors;
- In the event of a sale of the company or its assets;
- With suppliers but only subject to contractual protections;
- Various software tools see list above “software tools used”; examples include AI tools and data verification tools.
- Other companies in our group;
What happens if you do not provide us with the information we request or ask that we stop processing your information?
If you do not provide the personal data necessary, we may not be able to respond to your query or consider your application or request or match you with available role opportunities or provide the relevant services to you.
Do we make automated decisions concerning you?
Automated decisions are those made without human intervention that has a legal effect on you or another similarly significant effect (for example determining whether you are eligible for a job). For candidates, we may make automated decisions about you during the assessment stage of any recruitment process. We put candidates through a structured screening process to assess whether each candidate meets the specific criteria for a particular position. These assessments may be fully automated e.g. online pre-screening tests. As these assessments may result in a candidate being deemed not suitable for a position by means of a solely automated assessment, we only undertake this activity with the candidate’s explicit consent. We also carry out personality profiling on candidates with the candidate’s consent.
Opting out of communications – you can opt-out or pause communications at any time.
- Pause – to pause messages via email or SMS, please reply “pause” to the email or SMS we’ve sent stating the number of months to pause for.
- Email – to unsubscribe to emails, please click unsubscribe at the bottom of the email that we’ve sent you or reply with unsubscribe.
- SMS – to unsubscribe, please reply “end” or “stop” to any SMS we’ve sent you.
- Calls – email “no calls” to info@sigmarecruitment.co.uk
Flexible opt-out
If you wish to opt out of one or more methods of contact but are happy to be contacted by another please email info@sigmarecruitment.co.uk with your full name, and state which methods you want to unsubscribe from, for example, please unsubscribe from SMS/text, but continue to email and call me. Or please unsubscribe from email and SMS but continue to call me.
Removal of details
- Delete your details – if you wish us to delete your details from our database, please email info@sigmarecruitment.co.uk with your full name and state “delete”. This will not apply to personal data provided to us as a result of recruitment services we have provided to you or a potential employer.
Caution on opt-out & deletion for candidates
If you opt out, or delete your details but we see you are active again on the job boards, apply for a position handled by Sigma Recruitment, submit details on our website, engage with us on LinkedIn or submit details via email. We may contact you again, as it is reasonable to assume that you wish to be made aware of new jobs, and recruitment services again. If you don’t want to be contacted by Sigma or other recruitment agencies, remove your details from all the job boards you registered with; if you are active on the job boards, there is a risk that recruiters will contact you. If you don’t want to be contacted specifically by Sigma Recruitment, then email info@sigmarecruitment.co.uk with “permanent unsubscribe”. For clients or prospective clients, it’s likely that we will contact you again if you move to a new company with a new business email address, and or new telephone numbers.
Requesting Further Information
If you want to know where we obtained your data, email “data source” to info@sigmarecruitment.co.uk.
Note
If you opt out of all communications, we will not be able to keep you updated with our latest jobs, and you may miss out on some fantastic opportunities.
Call Recording
We may record telephone calls in and out of our organisation for training and monitoring purposes.
Do we transfer your data outside the UK and Europe?
We may sometimes transfer your personal data to countries outside the UK and European Economic Area, for example, to our group companies, or suppliers, if we are either using a supplier or working with a client based elsewhere. You can find the list of European member states by clicking on the following link: https://europa.eu/european-union/about-eu/countries/member-countries_en. The privacy laws in countries outside the UK and European Economic Area may be different from those in your home country.
At present, we transfer personal data to the following countries outside of the UK and European Economic Area: including South Africa, The Philippines, Australia, India, the USA, and Canada.
Where we transfer data to a country that has not been deemed to provide adequate data protection standards, we always have security measures and approved model clauses or other adequate safeguards in place to protect your personal data. Please contact us if you would like more details about our safeguards for data transfers.
What rights do you have in relation to the data we hold on you?
By law, you have a number of rights when it comes to your personal data. Further information and advice about your rights can be obtained from the data protection regulator in your country. In the UK this is the Information Commissioner.
We usually act on requests and provide information free of charge, but may charge a reasonable fee to cover our administrative costs of providing the information for:
- baseless or excessive/repeated requests, or
- further copies of the same information.
Alternatively, we may be entitled to refuse to act on the request in some circumstances.
Please consider your request responsibly before submitting it. We’ll respond as soon as we can. Generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we’ll come back to you and let you know.
Steps we take to secure your data
- Sophos endpoint anti-virus.
- Company devices only: staff don’t use their own devices to access your data.
- Microsoft Entra ID is used to manage access to data.
- Where possible, all software holding personal data is configured to use MFA and or IP locks.
- Monitoring software ensures staff compliance with GDPR and data security policies.
- Secure password management software is used to control and generate passwords.
Rights | What does this mean? |
1. The right to be informed | You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we’re providing you with the information in this Privacy Policy. If you have any additional questions, for example regarding transfers and locations of data or our legitimate interests basis, do please get in touch. |
2. The right of access | You have the right to obtain access to your information (if we are processing it), and certain other information (similar to that provided in this Privacy Policy).
This is so you’re aware and can check that we’re using your information in accordance with data protection law. |
3. The right to rectification | You are entitled to have your information corrected if it’s inaccurate or incomplete. |
4. The right to erasure | This is also known as the right to be forgotten and, in simple terms, enables you to request the deletion or removal of your information where there is no compelling reason for us to keep using it. This is not a general right, there are exceptions. |
5. The right to restrict processing | You have rights to ‘block’ or suppress further use of your information. When processing is restricted, we can still store your information, but may not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in future. |
6. The right to data portability | You have rights to obtain and reuse your personal data for your own purposes across different services. This is not a normal scenario for companies of our nature but if you have any questions you can contact us. |
7. The right to object to processing | You have the right to object to certain types of processing, including processing for direct marketing or where we are relying on our legitimate interests for processing (e.g. if you no longer want to be contacted with potential role opportunities). |
8. The right to lodge a complaint | You have the right to lodge a complaint about the way we handle or process your personal data with your national data protection regulator. In the UK this is the ICO; you can contact them here Information Commissioner’s Office (ICO) |
9. The right to withdraw consent
|
If you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal data with your consent up to that point is unlawful). This includes your right to withdraw consent to us using your personal data for marketing purposes. |
Confidentiality
All individuals listed in the table above and who agree to this policy, for example, Candidates, Prospective Candidates, Clients, Prospective Clients and Previous Clients, agree that all communication between Sigma Recruitment Ltd and them is confidential and that communications will not be shared with any third party unless there is a legal obligation for them to do so.
Updating this Privacy Policy
This Privacy Policy may be updated periodically to reflect changes in personal data protection legislation and best practices. When we make changes to this Privacy Policy, we will change the “last updated” date above and our communications will always link to the latest version.
How can you contact us?
If you are unhappy with how we’ve handled your information or have further questions on the processing of your personal data, or how we obtained it, please contact us via info@sigmarecruitment.co.uk or 02920 450 100