Privacy & Data Retention Policy

Privacy & Data Retention Policy

 

Network Executive Limited t/a Net Recruit (“us”, “we”, or “our”) operates its recruitment business and collects, uses, shares and protects personal data in the course of providing its recruitment services, including where we confidentially promote candidates via partner platforms, online marketplaces, and integrated systems including API integration (all of which are comprised and referred to herein as the “Service”).

 

This Privacy Policy governs how we handle personal data during our recruitment operations, when such information remains confidential and how the Service uses our API system for data extraction and integration. It includes those that will access and use our Service as an authorised user (“Authorised User”), and those that we work with in the provision of our Service, all of whom are referenced as (“you” or “your”) for the purpose of this Privacy Policy.

 

This Privacy Policy is not intended to cover off the use of personal data relating to children, and we do not knowingly collect or use personal information relating to children. We may collect data relating to young persons between the ages of 16 to 18 years old as referenced further in this Privacy Policy.

 

  1. Overview

 

We are committed to ensuring that your personal data remains confidential and secure in accordance with applicable Data Protection Legislation. We are the controller of personal data obtained via the Service, meaning we are the organisation legally responsible for deciding how and for what purposes it is used.

 

This policy applies to:

  • Candidates, jobseekers and prospective candidates
  • Hiring organisations and their representatives
  • Partner recruitment agencies and talent platforms
  • Authorised API users and integrated system users
  • Website visitors and individuals interacting with our digital tools
  • Suppliers and professional contacts

 

We will only process personal information about you in accordance with the UK Data Protection Legislation which for the purposes of this Privacy Policy shall mean: all applicable data protection and privacy legislation in force from time to time in the UK including without limitation the UK GDPR; the Data Protection Act 2018 (and regulations made thereunder) and the Privacy and Electronic Communications Regulations 2003 (SI 2003/2426) as amended; and all other legislation and regulatory requirements in force from time to time which apply to a party relating to the use of personal data (including, without limitation, the privacy of electronic communications); and the guidance and codes of practice issued by the Commissioner or other relevant regulatory authority and which are applicable to a party (“Data Protection Legislation”).

 

  1. Who We Are

 

Network Executive Limited t/a Net Recruit is a company registered in England and Wales with its registered office at Unit 8, Venator House, 15-17 St. Stephens Road, Bournemouth, Dorset, England, BH2 6LA. We operate as part of a wider group of companies, including entities located in the United States and other international jurisdictions. In certain circumstances, personal data may be shared within this group to support the delivery of our recruitment services. Where this occurs, such group entities may act as independent data controllers and will process personal data in accordance with their own legal obligations. Where personal data is transferred to a group entity in the United States, that entity may act as a data controller in relation to such data.

 

  1. What Personal Data We Collect and Process

 

We will collect the minimum amount of personal data required to fulfil our obligations to you but we may collect and process the following categories of personal data:

 

  • Identity and Contact Data for account purposes: email address, postal address, telephone numbers, account identifiers.
  • Profile Data: CVs, employment history, skills, qualifications, certifications, job preferences, LinkedIn or other public profile information.
  • Technical Log Data: IP address, device information, browser type/version, login information, API credentials, platform activity, interaction logs, preferences, cookies and tracking technologies (see Cookie Policy).
  • Communication Data: messages exchanged via our Service, interactions with support or recruitment consultants, survey responses, and feedback.
  • Cookies Data we may use some “cookies” to enhance your experience and gather information about the visitors and number of visits to the Service. Please refer to our Cookie Policy about cookies, how we use them and what kind.
  • Special Category Data: Information such as racial or ethnic origin, sex and sexual orientation,

religious or philosophical beliefs, or health data (only collected when necessary for recruitment purposes or equality monitoring and in compliance with legal bases).

 

  1. How We Process Personal Data

Personal data submitted via the Service is processed for the following lawful purposes:

  • To assess candidates for employment opportunities;
  • To promote candidate profiles confidentially to relevant employers via partner platforms;
  • To facilitate communication between candidates and prospective employers with whom consent has been obtained;
  • To evaluate anonymised and aggregate data for diversity monitoring purposes.

 

 

  1. How And Why We Use Personal Data

 

We rely on the following lawful bases:

 

  • Legitimate interests.
  • Consent
  • Contractual necessity
  • Legal obligations

 

The law sets out several different reasons for which we can collect and use your personal data. We process your personal data for the following purposes and lawful bases:

 

  • Providing Recruitment Services

 

  • Assessing any role suitability
  • Matching a potential candidate to job opportunities
  • Promoting an anonymised profile of candidates to employers through the Service
    Lawful bases: Contract; Legitimate Interests

 

  • Sharing Your Identifiable Profile (Only With Consent)

 

  • Where a potential employer wishes to progress a role, we will request explicit consent before sharing identifiable details.

Lawful basis: Consent

 

  • Operating Our Service

 

  • API functionality, integrations, account creation, usage tracking, maintaining the security and performance of our systems.

Lawful bases: Legitimate Interests; Contract

 

5.4       Legal, Regulatory and Compliance Obligations

 

  • Including fraud prevention, safeguarding, reporting obligations and responding to lawful data‑access requests.

Lawful basis: Legal Obligation

 

  • Special Category Data Processing

 

  • Where required and for any legal obligations

Lawful bases: Explicit Consent; Employment Law; Vital Interests (if applicable)

We may consider you for opportunities that you did not specifically apply for but which we think might be a good fit for your skillset. We may also share your Identity and Contact Data such as name and email address with our partners and partner agencies and process your account data to facilitate finding you a job. The legal basis for this processing activity is for our legitimate interests in finding an appropriate candidate for relevant roles and vacancies.

We may also share your personal data with partner recruitment agencies for the purpose of identifying and progressing employment opportunities, including roles based outside your country of residence. Where such sharing involves your identifiable personal data, we will obtain your explicit consent prior to any disclosure.  We may also process and share personal data within our group of companies under our legitimate interests in providing recruitment services and identifying suitable employment opportunities.

However, we will then ask you if you would like to be put forward for such opportunities. If you consent to us doing so, we will pass your account data to those relevant employers.

  1. Automated Decision-Making

 

We do not make solely automated decisions that have legal or significant effects on you. The Service may highlight suitable roles, but decisions are always reviewed by humans.

 

  1. How We Share Personal Data

 

We share personal data on a need‑to‑know basis with the following third parties listed below:

 

7.1       Potential employers

When progressing a role with your explicit consent.

 

7.2       Partner Recruitment Agencies & Talent Platforms

We may share your personal data with partner recruitment agencies and talent platforms where this is necessary to provide our recruitment services and identify suitable employment opportunities. This may include partner recruitment agencies located outside the United Kingdom, including in the United States and other international jurisdictions. We will only share your identifiable personal data (such as your CV, name, or contact details) with such partners where you have provided your explicit consent for us to do so. Where your personal data is shared with partner recruitment agencies, those organisations will act as independent data controllers and will process your personal data in accordance with their own privacy policies.

 

7.3       Technology & Service Providers

Hosting providers, cloud services, analytics tools, CRM systems, communication tools, background‑check vendors, and API infrastructure providers.

 

7.4       Professional Advisors & Regulators

Lawyers, accountants, auditors, the ICO, courts, and law‑enforcement authorities when legally required.

 

7.5       Business Transfers

If we undergo restructuring, merger or acquisition, personal data may be transferred to the successor organisation.

 

7.6       Group Companies

 

We may share personal data with other companies within our corporate group, including entities based in the United States, where this is necessary to deliver our recruitment services. These entities may act as independent data controllers and will process personal data in accordance with their own privacy policies and applicable data protection laws. Unlike partner recruitment agencies, sharing within our corporate group may take place under our legitimate interests in providing recruitment services and does not require separate consent where permitted under applicable law.

 

As above, we will only share your personal data with other recruitment agencies or potential employers when we have received explicit consent granted by you, and for recruitment purposes only. Those third parties may also gather information about you in accordance with their own separate privacy policies. For privacy information relating to those third-party organisations, please consult their privacy policies as appropriate.

Where any of your personal data is required for such a purpose, we will take all reasonable steps to ensure that your personal data will be handled safely, securely, and in accordance with your rights, our obligations, and the obligations of the third party under the Data Protection Legislation. This type of external data processing is always subject to contractual assurances that personal data will be kept securely and used only in accordance with our specific directions.

 

We will not misuse your personal data for any other purpose other than as set out in this Privacy Policy.

 

You may contact us to request further information about the organisations we share your personal information with.

 

  1. Candidate Consent

 

Your consent is paramount in our processing activities. When your consent is required, we will request it using clear, straightforward language, explaining the purpose for processing and your right to withdraw consent at any time.

 

  1. International Transfers

 

We may use third parties to assist in the provision of our Service. Subject to us complying with the Data Protection Legislation and ensuring appropriate safeguards are in place, we may transfer your personal data to third parties providing services to us who are based outside of the UK without obtaining your specific written consent. This may include parties providing cloud hosting, IT support and analytics. These transfers are necessary for providing the Service, fulfilling our legal obligations and enhancing our operational efficiency.

Whenever we transfer your personal data outside of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

(a)        the personal data is transferred to or processed in a territory which is subject to adequacy regulations under the Data Protection Legislation that the territory provides adequate protection for the privacy rights of individuals such as the EEA further to Articles 45 of the UK GDPR; or

(b)       we participate in a valid cross-border transfer mechanism under Data Protection Legislation, so that we can ensure that appropriate safeguards (such as Standard Contractual Clauses or data sharing agreements) are in place to ensure an adequate level of protection with respect to the privacy rights of individuals as required under the Data Protection Legislation; or

(c)        the transfer otherwise complies with Data Protection Legislation.

 

Where personal data is transferred outside the United Kingdom, we implement appropriate safeguards, including the UK International Data Transfer Agreement (IDTA), together with contractual protections and appropriate technical and organisational measures to ensure that personal data is protected to a standard equivalent to that required under UK GDPR.

 

If you would like further information about data transferred outside the UK, please contact us (see ‘How to contact us’ below).

 

  1. Sharing with International Recruitment Partners

 

As part of our recruitment services, we may work with partner recruitment agencies based internationally. Where we identify a potential opportunity with such a partner, we will seek your explicit consent before sharing your identifiable personal data. You are under no obligation to provide such consent and may withdraw it at any time.

 

  1. Data Retention

 

We will only retain your personal data for as long as necessary to fulfil the purposes we originally collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements, including any cached data, and it is securely deleted or anonymised thereafter.  Our typical retention periods are 3 years for Identity and Contact Data, Technical Logs 12 months.

 

For more details of our specific retention periods, please contact us.

 

  1. Data Security

 

Data security is of great importance to us, and to protect your data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure data collected through the Service. These measures include:

 

  • Encryption: All personal data transferred via our Service is encrypted using industry-standard encryption protocols in transit and rest.

 

  • API Access Control: API usage is restricted to parties with an authorised API key and credentials. Recruitment agencies must ensure these are protected and not divulged unlawfully.

 

  • Monitoring and Audit: All personal data is subject to regular monitoring and audit procedures to ensure processing aligns with this Privacy Policy including penetration testing.

 

  • Incident Responses: for suspected breaches.

 

  1. Your Data Subject Rights

 

Under certain circumstances, you have rights under the Data Protection Legislation in relation to your personal data. These rights are set out below.  If you wish to exercise any of the rights set out below, please contact us.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

Your rights are as follows:

  • Right of access – you have the right to request a copy of the personal data that we hold about you and to check that we are lawfully processing it.

 

  • Right of rectification – you have a right to request that we correct personal data that we hold about you that is inaccurate or incomplete.
  • Right to be forgotten / erasure – in certain circumstances you can ask for the data we hold about you to be erased from our records i.e., when there is no good reason for us continuing to process it.

 

Please keep in mind that some information may remain in our records after deletion. We may use any aggregated/encrypted data derived from or incorporating your personal data after you update or delete it, but not in a manner that would identify you personally.

 

  • Right to restriction of processing – where certain conditions apply, you have a right to restrict or suspend the processing, for example if you want us to establish its accuracy or the reason for processing it.

 

  • Right of portability – you have the right to have the data we hold about you transferred to another organisation.

 

  • Right to object – you have the right to object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms.

 

There are some exceptions to the above rights.

  • Right to withdraw consent. In the limited circumstances where you have provided your consent to the collection, processing and transfer of the personal data referred to above, you may withdraw that consent at any time. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent, or to processing carried out on other legal grounds. If you withdraw your consent, we may not be able to provide all of our services to you. We will advise you if this is the case at the time you withdraw your consent.

 

All the above requests will be forwarded to the relevant party should there be a third party involved in the processing of your personal data.

 

  1. Special Category Data

 

Some of the information we may require depending on our relationship with you in the Service, may be referred to as ‘special category’ data. Special category data is personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, together with the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning the individual in relation to sexual orientation.

 

The processing of special category data is subject to restrictions and enhanced duties of care.

 

Where the data processed by us is special category data (for example your health data) we will rely upon the additional bases for processing that data, namely that it is:

  • for the purpose of carrying out our obligations and exercising our rights in relation to your employment and the safeguarding of your fundamental rights;

 

  • to protect your vital interests, or those of another person, where you are incapable of giving your consent;

 

  • in order to process personal data which is manifestly made public by you.

 

We will only do this where we have a lawful basis to do so, and extra care will be taken when collecting, processing or sharing this type of data.  We confirm that your personal data will only be used for the purposes for which it was collected, except in those circumstances where we reasonably consider that it needs to be used for another reason and that reason is compatible with the original purpose. Should we need to use your personal data for an unrelated purpose, we will notify you, and we will explain the legal basis which allows us to do so.

 

  1. Data Protection Impact Assessments

 

In light of the nature of how we collect personal data, we shall conduct regular privacy impact assessments where high-risk processing of API-extracted personal data occurs, including but not limited to automated decision-making, profiling, or large-scale processing of special categories of personal data.

 

We shall review and update privacy impact assessments whenever there are material changes to the processing of API Data or when new risks are identified.

 

  1. Cookies

 

A cookie is a small text file which is placed onto your device (e.g. computer, smartphone or other electronic device) when you access the Service. We may use cookies within our platform.

For further information on cookies, our use of cookies and similar technologies, when we will request your consent before placing them and how to disable them, please see our cookie policy.

  1. Collection of Data from young persons aged 16 to 18

 

Where we need to collect personal data from young persons aged 16 to 18, we will do so only where they demonstrate sufficient understanding of this Privacy Policy and how their personal data will be collected, processed and used. Such processing will rely on the legal bases set out in this Privacy Policy and will be carried out in accordance with the requirements of applicable Data Protection Legislation.

 

  1. Changes To This Privacy Policy

 

We may update our Privacy Policy from time to time. Where changes materially affect your rights or how we process your personal data, we will notify you directly via the Service.

 

  1. Complaints to the Information Commissioner’s Office

 

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance by emailing us at support@netrecruit.com.

 

  1. Contact Us

 

You can contact us and/or our Data Protection Officer by post, email or telephone if you have any questions about this privacy policy or the information we hold about you, to exercise a right under data protection law or to make a complaint.

Our contact details are shown below:

Our contact details
Unit 8 Venator House

15-17 St. Stephens Court,

St Stephens Road,

Bournemouth, Dorset,

BH2 6LA

 

Email: support@netrecruit.com