Privacy Notice


Xcede Recruitment Solutions (company number 4740661) is committed to protecting the privacy of our candidates, clients and users of our website. We want to provide a safe and secure user experience. 

We will ensure that the information you submit to us via our website or through any of our offices or other international websites is only used for the purposes set out in this policy.

At a glance:

This policy explains when and why we collect personal information about people who enquire about roles we advertise. The policy also explains how we use that information, the conditions under which we may disclose information to others and how we keep personal information secure. At Xcede Recruitment Solutions Limited we’re committed to protecting and respecting your privacy and are transparent in everything we do. We may change this policy from time to time so please check this page to ensure that you’re happy with any changes.

Who is the controller of the data that you provide to us?

Xcede Recruitment Solutions Limited is registered as a data controller in the United Kingdom for the purposes of the Data Protection Act 1998 (soon to be 2018) and the General Data Protection Regulation. We ensure that the data you supply to us is processed fairly and lawfully, and with skill and care and used only for the purposes set out in this policy.

The Company collect your personal data (which may include sensitive personal data) and will process your personal data for the purposes of providing you with work-finding services. The legal bases we rely upon to offer these services to you are:

  • Consent
  • Legitimate interest
  • Legal obligation
  • Contractual obligation

Further details on the above can be found in Annex A.

What type of data will we collect?

We will collect data about you, both personal data (such as your name and contact details) and sensitive personal data (such as information in your CV). Depending on the relevant circumstances and applicable local laws and requirements, we may collect some or all of the information listed below to enable us to offer you employment opportunities which are tailored to your circumstances and your interests. In some jurisdictions, we are restricted from processing some of the data outlined below. In such cases, we will not process the data in those jurisdictions.

  • Name;
  • Age/date of birth;
  • Phone Number;
  • Sex/gender;
  • Photograph;
  • Marital status; details;
  • Education details;
  • Employment history;
  • Emergency contacts and details of any dependents, Referee details;
  • Immigration status (whether you need a work permit);
  • Nationality/citizenship/place of birth;
  • A copy of your driving license and/or passport/identity card;
  • Financial information (where we need to carry out financial background checks);
  • Social security number (or equivalent in your country) and any other tax-related information;
  • Diversity information including racial or ethnic origin, religious or other similar beliefs, and physical or mental health, including disability-related information;
  • Details of any criminal convictions if this is required for a role you are applying for;
  • Details about your current remuneration, pensions and benefits arrangements, Information on your interests and needs regarding future employment, both collected directly and inferred, for example from jobs viewed or articles read on our website;
  • Extra information that you choose to tell us;
  • Extra information that your referees chooses to tell us about you;
  • Extra information that our clients may tell us about you, or that we find from other third party sources such as job sites;
  • IP address;
  • The dates, times and frequency with which you access our services; and CCTV footage if you attend our premises. 
  • Telephone calls may be recorded for quality monitoring, training, compliance and security purposes. External calls made by employees may also be recorded by Xcede. These recordings will only be used for the purposes specified above.

How do we use your personal data?

The personal data and sensitive personal data will be stored, processed, used and disclosed by us in the following ways.

  • Provision of services and account management:
  • To provide our recruitment services to you and to facilitate the recruitment process
  • To assess data about you against vacancies which we judge may be suitable for you
  • To send your information to clients to apply for jobs or assess your eligibility for jobs
  • To answer your questions and enquiries
  • To pay you for employment related goods and services
  • To use your information on an anonymised basis to monitor compliance with our equalopportunities policy
  • To carry out our obligations arising from contracts entered into between you and us
  • From time to time we may seek your consent to process, use or disclose your information for any other purpose not listed above.

How do we share your personal data?

Xcede Recruitment Solutions Ltd will not pass your information to any third-party service providers, agents, subcontractors and other associated organisations except for the purposes of completing tasks and providing services to you on our behalf (for example to process products and send you mailings). These third parties may include:

  • We use third party service providers to provide a recruiting software system.
  • We also share your personal data with other third-party service providers that may assist us in recruiting talent, administering and evaluating pre-employment screening and testing, and improving our recruiting practices.
  • We use third party service providers to provide a timesheet management software system
  • To third parties where we have retained them to provide services that we, you or our client have requested including references, qualifications, credit and criminal reference checking services.
  • To third parties, regulatory or law enforcement agencies if we believe in good faith that we are required by law to disclose it in connection with the detection of crime, the collection of taxes or duties, in order to comply with any applicable law or order of a court of competent jurisdiction, or in connection with legal proceedings.

We reserve the right to transfer your information to a third party in the event of a sale, merger, liquidation, receivership or transfer of all or substantially all the assets of our company, provided that the third party agrees to adhere to the terms of this Privacy Policy and provided that the third party only uses your Personal Data for the purposes that you provided it to us. You will be notified in the event of any such transfer and you will be afforded an opportunity to opt-out.

How do we safeguard your personal data?

Data security is of great importance to Xcede Recruitment Solutions Ltd and to protect your Data we have put in place suitable physical, electronic and managerial procedures including gaining our ISO 27001 certification to safeguard and secure Data collected via this Website. Non-sensitive details (your email address etc.) are transmitted normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk.

Once we receive your information, we make our best effort to ensure its security on our systems. Where we have given (or where you have chosen) a password, which enables you to access certain parts of our websites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

We are concerned to protect the privacy of children aged 18 or under. If you are aged 18 or under‚ please get your parent/ guardians permission beforehand whenever you provide us with personal information. If we learn that we have collected the personal information of a child under the relevant minimum age without parental consent, we will take steps to delete the information as soon as possible. Parents who believe that their child has submitted personal information to us and would like to have it deleted may contact us at privacy@xcede.co.uk.

How do we keep your personal data?

We will hold your data for no longer than it is required and in accordance with our data retention and disposal policy (Annex B). Where required by law we hold your information for as long as is necessary to comply with our statutory and contractual obligations and in accordance with our legitimate interests as a data controller. We will use reasonable endeavours to ensure that your Personal Data is maintained and up to date. We rely on you to inform us of all changes to your Personal Data to ensure that it is up to date and we will update or delete your Personal Data accordingly.

How do we access/amend your personal data?

The accuracy of your information is important to us. We’re working on ways to make it easier for you to review and correct the information that we hold about you.

In the meantime, if you change email address, or any of the other information we hold is inaccurate or out of date, please email us at:  privacy@xcede.co.uk

You have the right to ask for a copy of the information we hold about you that you may not already have been in receipt of. Please request a subject access request form by emailing privacy@xcede.co.uk. You will need to provide proof of identity before we can provide anything to you.

If you wish to raise a complaint on how we have handled your personal data, you can contact our Data Protection Officer who will investigate the matter. Our Data Protection Officer is Samantha Knight and you can contact them at privacy@xcede.co.uk.

If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the Information Commissioner’s Office (ICO).

How do we store and transfer your personal data?

The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (”EEA”). It may be transferred to third parties outside of the EEA for the purpose of our recruitment services. It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. This includes staff engaged in, among other things, our recruitment services and the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy notice.

All information you provide to us is stored on our secure servers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

What are cookies and how are they used?

Like many other websites, Xcede Recruitment Solutions’ website uses cookies. Cookies are small pieces of information sent by an organisation to your computer and stored on your hard drive to allow that website to recognise you when you visit. They collect statistical data about your browsing actions and patterns and do not identify you as an individual. For example, we use cookies to store your country preference. This helps us to improve our website and deliver a better more personalised service. It is possible to switch off cookies by setting your browser preferences. Turning cookies of may result in a loss of functionality when using our website.


We may analyse your personal information to create a profile of your interests and preferences so that we can contact you with information relevant to you.

We may make use of additional information about you when it is available from external sources to help us do this effectively.  We may also use your personal information to detect and reduce fraud and credit risk.

Links to other websites

Our website may contain links to other websites run by other organisations. This privacy policy

applies only to our website‚ so we encourage you to read the privacy statements on the other

websites you visit. We cannot be responsible for the privacy policies and practices of other sites even if you access them using links from our website.

In addition, if you linked to our website from a third-party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party site and recommend that you check the policy of that third party site.

Service improvements:

  • to ensure that content from our site is presented in the most effective manner for you;
  • to administer our site and for internal business administration and operations, including
  • troubleshooting, data analysis, testing, research, statistical and survey purposes;
  • to notify you about changes to our service;
  • as part of our efforts to keep our site safe and secure

Consent - Your individual rights

Please be aware that you have the following data protection rights:

  • The right to be informed about the personal data the Company processes on you;
  • The right of access to the personal data the Company processes on you;
  • The right to rectification of your personal data;
  • The right to erasure of your personal data in certain circumstances;
  • The right to restrict processing of your personal data;
  • The right to data portability in certain circumstances;
  • The right to object to the processing of your personal data that was based on a public or legitimate interest
  • The right not to be subjected to automated decision making and profiling; and
  • The right to withdraw consent at any time.

The accuracy of your information is important to us. We’re working on ways to make it easier for you to review and correct the information that we hold about you. In the meantime, if you change your email address, or any of the other information we hold is inaccurate or out of date, please contact us at: info@xcede.co.uk

Complaints or Queries 

If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law you can complain to the Information Commissioner’s Office (ICO). Details can be found here: https://ico.org.uk/concerns.

Changing and reviewing this Privacy Policy

Xcede Recruitment Solutions Ltd reserves the right to change this privacy policy as we may deem necessary from time to time or as may be required by law. Any changes will be immediately posted on the Website and you are deemed to have accepted the terms of the privacy policy on your first use of the Website following the alterations.

We keep this Policy under regular review. This Policy was last updated in 2nd May 2018.

You may contact Xcede Recruitment Solutions by email at info@xcede.co.uk             

Any questions regarding our privacy policy should be sent to: privacy@xcede.co.uk


Lawful Basis for Collecting Data

    The lawfulness of processing conditions for personal data are:

a. Consent of the individual for one or more specific purposes.

b. Processing is necessary for the performance of a contract with the individual or in order to take steps at the request of the individual to enter into a contract.

c. Processing is necessary for compliance with a legal obligation that the controller is subject to.

d. Processing is necessary for the purposes of legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests or fundamental rights or freedoms of the individual which require protection of personal data, in particular where the individual is a child.

The lawfulness of processing conditions for sensitive personal data are:

a. Explicit consent of the individual for one or more specified purposes, unless reliance on consent is prohibited by EU or Member State law.

b. Processing is necessary for carrying out data controller’s obligations under employment, social security or social protection law, or a collective agreement, providing for appropriate safeguards for the fundamental rights and interests of the individual.

c. In the course of its legitimate activities, processing is carried out with appropriate safeguards by a foundation, association or any other not-for-profit body, with a political, philosophical, religious or trade union aim and on condition that the processing relates only to members or former members (or those who have regular contact with it in connection with those purposes) and provided there is no disclosure to a third party without the consent of the individual.

d. Processing relates to personal data which are manifestly made public by the individual.

e. Processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity.

f. Processing is necessary for reasons of substantial public interest on the basis of EU or Member State law which shall be proportionate to the aim pursued, respects the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and interests of the individual.

g. Processing is necessary for the purposes of preventative or occupational medicine, for assessing the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of EU or Member State law or a contract with a health professional and subject to the necessary conditions and safeguards.

h. Processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of healthcare and of medicinal products or medical devices, on the basis of EU or Member State law which provides for suitable and specific measures to safeguard the rights and freedoms of the individual, in particular professional secrecy.


Type of Record

Minimum Retention Period - then destroyed

Who has access


Lawful basis

Reason for Length of Period

Data Subject Application Data6 yearsXcedeCRMGDPR Article 6.1(f)
https://gdpr-info.eu/art-6-gdpr/ - Legitimate interest
For the purposes of sourcing information for prospective new roles or opportunities that my from time to time become appropriate
Data Subject Compliance Data6 yearsCompliance ManagerSecure ServerGDPR Article 6.1(c)
https://gdpr-info.eu/art-6-gdpr/ - Legal or regulatory obligation
6 years after contract end unless the authority for awarded contracts depends on the nature or value of contract Limitation Act 1980 s.5 or Limitation Act 1980 s.8 or Limitation Act 1980 s.14B
Data Subject in a new Job Role6 yearsFinance Dept; Operations DepartmentSecure ServerGDPR Article 6.1(c)
https://gdpr-info.eu/art-6-gdpr/ - Legal or regulatory obligation
6 years after contract end unless the authority for awarded contracts depends on the nature or value of contract Limitation Act 1980 s.5 or Limitation Act 1980 s.8 or Limitation Act 1980 s.14