Skip to main content

Privacy Policy

Privacy Notice

Introduction
Rebel Recruitment Ltd (“we,” “us,” or “our”) is committed to protecting the privacy and security of your personal information. This notice outlines how we collect, use, and protect your data and explains your rights under the UK General Data Protection Regulation (UK GDPR).

  1. Data Controller Information

Rebel Recruitment Ltd is the data controller of the personal information processed. Contact details are provided at the end of this notice.

  1. Types of Data Collected
  • Personal Information: Name, title, contact details (addresses, emails, phone numbers), employment history, qualifications, and proof of identity.
  • Sensitive Data: Date of birth, gender, ethnicity, and criminal history (for security clearance).
  • Website Data: IP addresses, access times, browser details, and navigation behavior on our website.
  1. Legal Basis for Processing

We process personal data based on:

  • Contractual Necessity: Processing necessary for recruitment services.
  • Legal Obligation: Compliance with employment laws and regulatory obligations.
  • Legitimate Interests: For activities such as client engagement, recruitment, and data analysis to improve our services.
  • Consent: For optional marketing communications.
  1. Purpose of Processing

Data is processed to:

  • Screen and assess candidates for recruitment opportunities.
  • Communicate with clients and candidates regarding roles.
  • Arrange interviews, issue employment offers, and handle relevant employment onboarding.
  • Send optional marketing and company updates (with opt-out available).
  1. Data Sharing and Use of Sub-Processors
  • Third-Party Sub-Processors: We may use verified third parties to process data for recruitment purposes (e.g., CRM systems, communication tools).
  • Sharing with Clients: Relevant candidate details may be shared with clients to fulfill recruitment services. This is done securely and only for legitimate purposes.
  • International Transfers: Where data is transferred outside the UK, we ensure adequate protections are in place, such as Standard Contractual Clauses.
  1. Data Retention
  • Successful Candidates: Retained for 2 years post-recruitment.
  • Unsuccessful Candidates: Retained for 9 months post-recruitment.
  1. Data Security Measures
  • Data Storage: We securely store all data on an AWS server with regular security audits, SSL encryption, firewalls, and restricted access.
  • Access Controls: Only authorized personnel access personal data, with multi-factor authentication required.
  • Incident Management: We monitor and act on data security incidents swiftly and, if needed, inform data subjects and authorities per GDPR guidelines.
  1. Automated Decision-Making and Profiling
  • Automated profiling may be used to shortlist candidates; however, final decisions are reviewed by a human recruiter to ensure fairness and accuracy.
  1. Your Data Subject Rights
  • Access and Rectification: You may request access to or correction of your data.
  • Erasure: Request deletion of data when processing is no longer necessary.
  • Restriction: Request restricted processing under certain conditions.
  • Objection: Object to processing for direct marketing.
  1. Contact Information
  • If you wish to exercise your rights or have questions, please contact us at:

Rebel Recruitment Ltd, 2nd Floor, Blenheim Court, Huntingdon Street, Nottingham, NG1 3DL

Phone: +44 115 718 0300

Email: info@rebelrecruiters.co.uk

Updated: March 2024