Headhunter's Intelligent Matching System gives you access to more of the best people than with any other UK recruitment agency

You can hope the right person will walk through your door. Or you can ask us to go out and find them

Look in the same places as everyone else and you'll get the same results. That's why we do things differently

If where you are and what you're doing isn't a match for your powers, we've a whole new set of challenges awaiting you

GDPR Policy

Company Information

GDPR Responsible Contact Chris Hyde
Company Name Headhunter Group Limited
Address Lancaster House
Amy Johnson Way
Blackpool FY4 2RP
Policy Date 04/04/18
Policy Revision 1.0
Policy review date 04/10/18


This GDPR policy covers the following:

  1. Identified Areas of Sensitive Data table
    1a. Notes relating to the sensitive data
  2. Security considerations
    2a. Comms and Broadband
    2b. AntiVirus
    2c. Password Policies
    2d. Cyber Essentials
  3. Right to delete and retention
  4. Staff and training
  5. Breach conditions and procedure



1.    Identified Areas of Sensitive Data

Data Location Risk Access Protection Right 2 Delete
Sage Data Local Sage Low Claire Davies(accounts) Physical + Encyption No
Customer information Web based Recruit so Simple Low Limited access for staff

Chris Hyde Administrator

Password & 6 monthly change Yes, unless contracted
Candidate information Web based Recruit so Simple High Limited access for staff

Chris Hyde Administrator

Password & 6 monthly change Yes, unless contracted
Email Cloud based Medium Individual access or associated groups Encryption + separate to logon passwords Yes
Online Backups Cloud based Low Convene IT Ltd Encryption No
Physical Files Local Low Very limited physical files Physical No

1a. Notes relating to above table

Sage Data Company accounts information, no personal information held
Customer information Business to Business details only, contacts relate to company, work contact details
Candidate information CV’s and associated data, right to delete unless placed by headhunter
Email Sensitive emails sent via recruit so simple audit trail can be found there
Online Backups Encrypted online backups, keys held with Convene
Physical Files Few physical files shredder in place when required

2.    Security

2a Broadband/Communications

Broadband Connection Leased Line, provided by business first
Router/Firewall Supplied by business first
Open Ports Convene have remote access for support reasons

2b AntiVirus

Server Antivirus Eset Endpoint protection
Client Antivirus Eset Endpoint Protection & USB Lockdown

2c Password Policies

User Passwords 6 monthly prompt to change
Email Passwords 6 monthly prompt to change

2d Cyber Essentials

Qualification Cyber Essentials has been looked into and will be reviewed



3.    Right to delete and data retention

Types of data Headhunter group holds

Retention period

Candidate address, email data, phone & CV Candidate data is held for as long as individuals are happy for us to do so. This for the sole purpose of keeping them alerted to new job opportunities. Every 6 months our whole database will be emailed asking if they wish to remain on our database. If they choose to stay on the database we will action this. All of our email correspondence also offers the option to unsubscribe from receiving emails from us. We can also delete any individual from our system at their direct request.
Customer information Customer data is held while we work with the customer
Staff Payroll information Gaffney’s accountants run payroll

Information request

Candidate address, email data, phone & CV Anyone can request information we hold at any time
Customer information Anyone can request information we hold at any time
Staff Payroll information Anyone can request information we hold at any time


4.    Staff Training

Areas of risk

Training Provided

Handling of sensitive information In house training provided to staff, explaining importance of how we work with data and how we keep this data secure
Information we are allowed to keep There is only data relevant to the candidate or client helping with recruitment. We also purge this data frequently to ensure we are only holding relevant information
Staff understanding We ask the staff to speak with Line managers if they are not sure of any areas


5.    Breach Conditions and Reporting

Breach Conditions


External data hack In the unlikely event of a data breach, Headhunter Group has strict procedures in place to report this to customers, and the ICO within 72 hours of discovery.
Internal data breach If any data breach was caused by a staff member again we would report within 30 days and also find ways of limiting this type of breach again
Customer breach which would affect Head Hunter Group If we find any of our customers have experienced a data protection issue we would check if this has any impact on the data we hold for them or with them


This Policy aims to comply with GDPR and we will be reviewing this policy in 6 months’ time or if any of these conditions/areas of risk change

We are always looking at ways to secure data and limit any risk of exposure


I Confirm that all the details provided above are true and we constantly strive to improve and move forward with compliance.


Chris Hyde


Headhunter Group Limited