Executive search and selection recruitment specialists
Recruitxo specialize in connecting top talent with leading companies across various industries. Our dedicated team of recruitment experts is committed to understanding your unique needs and delivering personalized solutions that drive success. Whether you’re a job seeker looking for your next opportunity or an employer seeking the perfect candidate, we’re here to help you achieve your goals. Discover the difference with Recruitxo– where talent meets opportunity.Interested? Get in touch!
Clients worked for
Client Problems
Attracting right candidates
Engaging Qualified Candidates
Managing Time and Resources
Recruitxo Solutions
Enhanced Job Descriptions and Targeted Advertising
Targeted Proven Search & Selection Techniques
Candidate Engagement Strategies
Efficient Use of Technology
Candidate Problems
Lack of Communication
Lengthy Hiring Processes
Unclear Job Descriptions
Recruitxo Solutions
Improved Communication
Streamlined Hiring Processes
Clear and Detailed Job Descriptions
About
Our founder brings over 20 years of diverse experience across internet startups, property, construction, sales, marketing, and recruitment. This extensive background equips us with a unique perspective and a broad skill set to tackle various challenges.With more than 5 years of executive search and selection expertise, and 2 years of hands-on experience with one of the largest managed service providers at the biggest telecom company, we possess a wealth of recruiting knowledge. Our team is dedicated to connecting top talent with the right opportunities, ensuring a perfect fit for both candidates and employers.Personal TouchOur founder believes in the power of connecting people with opportunities that not only match their skills but also align with their passions and career aspirations. This philosophy drives our commitment to personalized recruitment solutions that foster long-term success for both candidates and employers.Client FocusLeveraging our extensive experience, we understand the unique challenges and needs of our clients. Our deep industry knowledge allows us to provide tailored recruitment strategies that ensure we find the best talent to drive your business forward. We are dedicated to building strong, lasting relationships with our clients, delivering exceptional service and results every time.
CLIENT SERVICES
Recruitxo play a pivotal role in ensuring that businesses find the right talent to drive their success. These services encompass a range of activities, from understanding the specific needs of a client to sourcing and vetting potential candidates. Recruitxo work closely with their clients to develop tailored strategies that align with their hiring goals, whether it’s for permanent roles, or specialized skill sets. By leveraging industry expertise, advanced technology, and a deep network of contacts, recruitxo can efficiently match candidates to job openings, saving clients time and resources. Additionally, we provide services including ongoing support, such as onboarding assistance and performance follow-ups, to ensure a seamless integration of new hires into the organization. This comprehensive approach not only enhances the client’s recruitment experience but also contributes to building long-term partnerships based on trust and mutual success.
Recruitment Process
Video Meeting: Engage in a face-to-face online video meeting to save your company time by discussing the role in detail.
Sign Terms: Benefit from our contingency recruitment model, where you pay nothing until a successful placement is made or reduced flat fee model.
Submit Job: Provide a detailed job description to ensure we understand your exact needs.
Interview Candidates: Receive a curated shortlist of 3-5 candidates within 2-4 weeks, tailored to your requirements.
Hire: Once the candidate signs the contract, payment is due within 14 days.
We’re excited to learn more about your company. Please submit your Company information in confidence and take the first step towards hiring top talent!
Candidate
Recruitxo are designed to support job seekers throughout their employment journey. These services include personalized job matching, where we align candidates’ skills and career aspirations with suitable job opportunities. Additionally, candidates receive guidance on resume writing, interview preparation, and career advice to enhance their employability. Recruitxo often provide ongoing support, such as feedback after interviews and assistance with contract negotiations. Our comprehensive support system helps candidates navigate the job market more effectively, increasing their chances of securing the right position and advancing their careers.
Recruitment Process
Submit CV: Provide a detailed application to help us understand your skills and career aspirations.
Video Meeting: Join a face-to-face online video meeting for a more in-depth discussion about the role.
Submit Application: We submit your application to the client hiring.
Interview: Participate in interviews with potential employers, receiving a curated shortlist of opportunities tailored to your profile.
Get Hired: Once you sign the contract, you’ll be on your way to your new role, with the assurance of Recruitxo assisting you all the way.
We’re excited to learn more about you. Please submit your CV in confidence and take the first step towards an exciting career!
Sectors
Recruitbuildxo specialise in the construction and civil engineering industry. We have a deep understanding of our clients needs looking to hire whether it be a sales or technical professionals ranging from builders merchants, plumbers merchants, kitchen manufacturers, roofing manufacturers to insulation companies.
Recruittechxo specialise in the information technology industry. We have a deep understanding of our clients needs looking to hire whether it be a devops, cybersecurity professional. Telecommunications - onsite for Orange one of the largest telecommunications as a managed service provider. Experience in recruiting for hundreds of positions; Sales and Marketing, Finance, IT/Tech, Temp - support help desk.Internet Startups - over 10 years experience working with software as a service startups helping major brands such as Kigo which was acquired by Real Page ++
Recruithealthxo specialise in the healthcare industry. We have a deep understanding of our clients needs looking to hire whether it be a physiotherapist or nurse we have got your covered.
Privacy Policy
The following privacy notice describes how Recruitxo may use, process, store and disclose personal information that we collect about individuals through this website and from other sources including job sites, events, and social media.We are committed to protecting and respecting your privacy and the data you provide. Personal information submitted to us via this website is collected, handled and stored securely. This notice sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us and managed within the guidelines set out in The General Data Protection Regulation (GDPR).Please read the following to understand our views and practices regarding your personal data and how we will treat it. This notice supplements other privacy notices you may receive from us and is not intended to override them.Contact DetailsIf you have any questions about how we use your personal information, contact us at: [email protected]How do we collect information?
We will collect your personal information such as your name, address and email address, directly from you and from other sources. This includes when you upload your CV, apply for a job, engage with us on social media sites such as LinkedIn and Twitter or when you provide us with your details during a job fair, promotional, networking or training event.What information do we collect?
We receive, collect and store any information you enter on our website or provide us in any other way. In addition, we collect the Internet protocol (IP) address used to connect your computer to the Internet; login; e-mail address; password; computer and connection information and purchase history. We may use software tools to measure and collect session information, including page response times, length of visits to certain pages, page interaction information, and methods used to browse away from the page. We also collect personally identifiable information (including name, email, password, communications), comments, feedback, product reviews, recommendations, and personal profile.Candidate registration: Uploading CVs and job applicationsWe will collect your personal information when you apply for a job through our website, social media sites such as LinkedIn or registrations at job fairs, promotional, networking or training events. During our candidate registration process we will collect your information directly from you, your CV, from employment and educational referees and via online tests you may perform at our request.We may disclose your Personal Information to our clients in the UK and Europe in regards to relevant job vacancies. Our clients may request additional Personal Information about you in relation to their job vacancies and requirements. Your Personal Information will be securely stored in our online candidate database.The personal information we may collect include:Identity (your name, gender, date of birth and marital status)Evidence of your right to work in the UK in accordance with Home Office requirements (this may include a photograph, nationality, place of birth, birth certificate, driving licence, etc)Contact details (including your email, home address and phone numbers)Bank account and National Insurance number (so we can make payments to you and account for tax if you are working as a temporary worker supplied through Bodhi)Job search criteria, preferences and expectationsQualifications, skills, experience and trainingCurrent and desired salary and other benefitsEducation historyEmployment historyReferencesDetails of disabilities (where provided by you and if it is relevant);Unspent criminal / motoring convictions, court proceedings and pending court proceedings relating to an offence committed or alleged to have been committed by you;Additional information contained in your CV or that you choose to provide to us;Technical data including internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website. Please see our Cookie Policy for further details;Profile data including your preferences, feedback and customer survey responses;Usage data including information about how you use our website and services;Marketing and communications data including your marketing and communication preferences.Applying for jobs at RecruitxoIf you are applying for a role as our employee, we will collect your personal information from you via your CV, referees, professional and educational organisations and other sources. We will process your personal information for the purposes of administering the application, managing the internal hiring process and assessing your suitability. We will store your information securely in our confidential database. We ensure that your personal information is protected, secure and kept confidential. If we engage a third party to provide pre-employment screening services or testing, we will ensure that access to personal information is limited and that the service provider is contractually obliged to comply with applicable data privacy laws, confidentiality and provide adequate safeguards to keep your personal information secure until it is deleted or anonymised.By applying for employment with us, you consent to us processing your personal information for these purposes. You have the right to withdraw your consent at any time. If you withdraw your consent, we will not be able to continue with your application.
If your employment application is unsuccessful, we will retain your details on our database for a period of 6 months for the purposes of evidencing that we have conducted the recruitment process in a fair and transparent way and have not discriminated against applicants on prohibited grounds. At the end of the retention period, your information will be automatically deleted. We may ask if you would like us to retain your CV data if we consider that you may be suitable for future roles. We will only do this with your consent.Clients and Suppliers
If you are an existing or potential client or supplier we will collect and process information about individuals in your organisation. We may enter an individual’s name and business email address in to our database as a designated corporate point of contact for that organisation, together with the individual’s other business contact data. The source of a corporate point of contact may be the individual themselves, or their name and business details may be provided to us by a member of their HR or Procurement department or another hiring manager or existing business contact or a candidate we have placed at the organisation. We may also obtain these details from websites, social media and other sources.How do we store, use, share and disclose visitors' personal information?
Our company website is hosted on the Carrd.co platform. Your data will be stored through Carrd.co’s data storage as well as our own exclusive and confidential database.For anyone registered as a candidate, we will use, process and disclose your personal information and other data we collect in order to to provide you with job finding services. We will process your personal information in accordance with our candidate contract (provided during our candidate registration process) in line with the type of work you are seeking and we will disclose your information to our clients in relation to their job vacancies.For clients and prospective clients, we may use your information for marketing or promotional purposes in order to communicate new offers, insight or prospective candidates. We may also use your information to inform targeted online marketing campaigns.We process your personal Information for other business purposes such as producing statistics, marketing analysis, understanding visitor behaviour that complies with contractual, legal and regulatory obligations and duties. If you provide us with information about 3rd parties, we will assume that the 3rd party in question has given you permission to do so and to Recruitxo collecting, processing and transferring their personal information to the same extent as yours.We may contact you to notify you to resolve a dispute, to collect fees or monies owed, to poll your opinions through surveys or questionnaires, to send updates about our company, or as otherwise necessary to contact you to enforce our user agreement, applicable national laws, and any agreement we may have with you. For these purposes we may contact you via email, telephone, text messages, and postal mail.If you don’t want us to process your data anymore, please contact us at [email protected]How long do we retain your personal information?
Recruitxo will retain your personal information for as long as necessary to fulfil the purposes that we collected it for. This means we will keep it throughout the period of your relationship with us and whilst we are providing you with services.If you no longer wish to receive our services you can request us to delete your personal information from our database. When we have deleted your data, we may retain your name and email address on our suppression list and subject to the services we have provided, continue to retain some of your information for our legitimate business purposes described below.We are required by law to keep basic information about our candidates, clients and customers (including contracts, evidence of identity, and right to work in the UK, financial and transaction data) for up to 7 years from when our relationship ends, for legal, compliance and tax purposes.Where there is no retention period stated in law, we determine the appropriate retention period by considering the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorised use or disclosure of the data, the purposes for which we process it and whether we can achieve those purposes through other means, and the applicable legal requirements.In some circumstances we may anonymise your personal information (so that it can no longer be associated with you and we cannot identify you). We do this for resourcing, research or statistical purposes in which case we may use this anonymised data indefinitely without further notice to you.Your legal rights
The GDPR provides you with the following rights to:Access your Personal Information at any time. This enables you to receive a copy of the Personal Information we hold about you and to check that we are lawfully processing it.Request correction of the information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected, although we may need to verify the accuracy of the new data you provide to us.Request deletion/removal of your personal information. Please Note: we may not always be able to comply with your request for erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.Object to processing of your Personal Information where we are relying on a legitimate interest (or those of a 3rd party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms.Ask us not to process your personal data for marketing purposes. We will usually inform you if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes and we will collect express consent from you if legally required prior to using your personal data for marketing purposes.Request restriction of processing of your data. This enables you to ask us to suspend the processing of your personal information in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to process it.Request the transfer of your Personal Information to you or directly to another controller. This right only applies to automated information which you initially provided consent for us to use or where we used the Personal Information to perform a contract with you.Cookies
Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site.You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. For more information about the cookies we use, and to manage your cookie settings please see our Cookies Policy.Privacy policy updates
We reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it.Questions and your contact information
If you would like to: access, correct, amend or delete any personal information we have about you, you are invited to contact us at [email protected]This Privacy Notice was last updated: 02 October 2024.
GDPR DATA PROTECTION POLICY
ScopeRecruitxo, its management and the Board of Directors, with a registered address at 86-90 Paul Street, London, EC2A 4NE are committed to being fully compliant with all applicable UK and EU data protection legislation in respect of personal data, as well to safeguarding the “rights and freedoms” of persons whose information. Recruitxo collects pursuant to the General Data Protection Regulation (‘GDPR’) through the use of a Customer Record Management System (‘CRMS’), which is developed, implemented, maintained and periodically reviewed and amended by Recruitxo's Board of Directors.The CRMS shall take into consideration the following: organisational structure, management responsibility, jurisdiction and geographical location and may comprise of a defined part of Recruitxo or Recruitxo as a whole.ObjectivesRecruitxo’s objectives for the CRMS are as follows:To enable Recruitxo to meet its personal data obligations in relation to how personal information is managed;To support Recruitxo’s objectives;To set appropriate systems and controls according to Recruitxo’s risk appetite;To ensure that Recruitxo is compliant with all applicable obligations, whether statutory, regulatory, contractual and/or professional; andTo safeguard personnel and stakeholder interests.Good practiceRecruitxo shall ensure compliance with data protection legislation and good practice, by at all times:Processing personal information only when to do so is absolutely necessary for organisational purposes;Ensuring that the least possible amount of personal data is collected, and that personal data is never processed unduly;Informing individuals of how their personal data is or will be used and by whom;Processing only pertinent and adequate personal data;Processing personal data in a lawful and fair manner;Keeping a record of the various categories of personal data processed;Ensuring that all personal data that is kept is accurate and up-to-date;Retaining personal data no longer than required by statute or regulatory body, or for organisational purposes;Giving individuals the right of ‘subject access’, as well as all other individual rights pertaining to their personal data;Ensuring that all personal data is maintained securely;Transferring personal data outside of the EU only in situations where it shall be appropriately secured;Applying various statutory exemptions, where appropriate;Implementing a CRMS, pursuant to this Policy;Identifying stakeholders, both internal and external, and ascertaining their involvement within the operation of the CRMS; andIdentifying personnel that are responsible and accountable for the CRMS.NotificationRecruitxo has registered with the Information Commissioner as a Data Controller and a Data Processor that engages in processing personal information of data subjects. Recruitxo has identified all of the personal data that it processes and recorded it in its Data Inventory Schedule.The Data Controller shall retain a copy of all notifications made by Recruitxo to the Information Commissioner’s Office (“ICO”) at its offices and the ICO Notification Handbook shall be used as a record of all notifications made.The ICO notification shall be reviewed on an annual basis on Insert date and the Directors shall be responsible for each annual review of the details of the notification, keeping in mind any changes to Recruitxo’s activities. These changes shall be ascertained by reviewing the Data Inventory Schedule and the management review. Data protection impact assessments shall be used to ascertain any additional relevant requirements.This policy applies to all employees of Recruitxo, including contractors and subcontractors. Breaches of the GDPR policy, including this policy, shall be dealt with according to Recruitxo’s Disciplinary Procedure. If there is a possibility that the breach could amount to a criminal offence, the matter shall be referred to the relevant authorities.All third parties working with or for Recruitxo who have or may have access to personal data are required to read, understand and fully comply with this policy at all times. All aforementioned third parties are required to enter into a Data Processing Agreement prior to accessing any personal data. The data protection obligations imposed by the Data Processing Agreement shall be equally onerous as those to which Recruitxo has agreed to comply with. Recruitxo shall at all times have the right to audit any personal data accessed by third parties pursuant to the confidentiality agreement.GDPR backgroundThe purpose of the GDPR is to ensure the “rights and freedoms” of living individuals, and to protect their personal data by ensuring that it is never processed without their knowledge and, when possible, their consent.Definitions (as per the GDPR)Data controller may be a natural or legal person, whether a public authority, agency or other body which, individually or jointly with others, is in charge of ascertaining the purposes and means by which personal data shall be processed. Where EU or Member State law predetermines the purposes and means of processing personal data, the data controller or, if appropriate, the specific criteria for selecting the data controller, may be provided for by EU or Member State law.Data subject refers to any living person who is the subject of personal data (see above for the definition of ‘personal data’) held by an organisation. A data subject must be identifiable by name, ID, address, online identifier or other factors such as physical, physiological, genetic, mental, economic or social.Data subject consent refers to any specific indication by the data subject that signifies consent to the processing of personal data. Consent may take place by way of a written or oral statement or by clear, unambiguous action and must be given freely at all times, without duress, with the data subject being properly informed.refers to the administrative head office of the ‘data controller’ in the EU, where the main decisions regarding the purpose of its data processing activities are made. ‘Data controllers’ based outside of the EU are required to appoint a representative within the jurisdiction in which they operate to act on its behalf and liaise with the relevant regulatory and supervisory authorities.Filing system refers to any personal data set which is accessible on the basis of certain benchmarks, or norms and can be centralised, decentralised or dispersed across various locations.Personal data – means any information relating to a data subject.Personal data breach refers to a security breach which results in the disclosure, alteration, destruction or loss of personal data, as well as unauthorised access to personal data that is stored, transmitted or processed by any other means, whether accidentally or unlawfully. All personal data breaches must be reported to relevant regulatory authority by the ‘data controller’ at all times, whereas the data subject need only be informed of a data breach when it is likely that the breach will have an adverse effect on his or her privacy or personal data.refers to any action taken in relation to personal data, including but not limited to collection, adaptation or alteration, recording, storage, retrieval, consultation, use, disclosure, dissemination, combination or deletion, whether by automated means or otherwise.refers to any form of personal data processing that is automated, with the intention of assessing personal aspects of a data subject or analysing a data subject’s employment performance, economic status, whereabouts, health, personal preferences and behaviour. The data subject has a right to object to profiling and a right to be informed of the fact that profiling is taking place, as well as the intended outcome(s) of the profiling.Special categories of personal data refers to personal data covering such matters as racial or ethnic origin, beliefs - whether religious, political or philosophical - membership of a trade-union and data relating to genetics, biometric identification, health, sexual orientation and sex life.Territorial scope the GDPR applies to all EU based ‘data controllers’ who engage in the processing of data subjects’ personal data as well as to ‘data controllers’ located outside of the EU that process data subjects’ personal data so as to provide goods and services, or to monitor EU based data subject behaviour.Third party is a natural or legal person other than the data subject who is authorised to process personal data, whether a public authority, agency or other body controller, processor or any other person(s) under the direct authority of the controller or processor.Responsibilities under the GDPRRecruitxo is a Data Controller and Data Processor pursuant to the GDPR.Appointed employees of Recruitxo with managerial or supervisory responsibilities are responsible for ensuring that good personal data handling practices are developed, reviewed and encouraged within Recruitxo, as per their individual job descriptions.Data ControllerThe position of Data Controller which involves the management of personal data within Bodhi as well as compliance with the requirements of the DPA and demonstration of good practice protocol, is to be taken up by an appropriately qualified and experienced member of Recruitxo’s senior management team.The Data Controller reports to Recruitxo’s Board of Directors and, amongst other things, is accountable for the development and implementation of the CRMS and for day-to-day compliance with this policy, both in terms of security and risk management. In addition, the Data Controller, is directly responsible for ensuring that Recruitxo is GDPR compliant and that managers and executive officers of Recruitxo are compliant in respect of data processing that occurs within their field of responsibility and/or oversight.The Data Controller shall at all times be the first point of contact for any employees of Recruitxo who require guidance in relation to any aspect of data protection compliance.The Data Controller is also responsible for other procedures, such as the Subject Access Request Procedure.It is not merely the Data Controller who is responsible for data protection, indeed all members of Recruitxo who process personal data are responsible for ensuring compliance with data protection laws. Recruitxo’s GDPR Training Policy provides for specific training for both such employees as well as for general members of Recruitxo.General members of Recruitxo are personally responsible for ensuring that all personal data they have provided and has been provided about them to Recruitxo is accurate and up-to-date.Risk AssessmentIt is vital that Recruitxo is aware of all risks associated with personal data processing and it is via its risk assessment process that Recruitxo is able to assess the level of risk. Recruitxo is also required to carry out assessments of the personal data processing undertaken by other organisations on its behalf and to manage any identified risks, so as to mitigate the likelihood of potential non-compliance with this policy.Where personal data processing is carried out by using new technologies, or when a high risk is identified in relation to the “rights and freedoms” of natural persons, Recruitxo is required to engage in a risk assessment of the potential impact. More than one risk may be addressed in a single assessment, also known as a ‘Data Protection Impact Assessment’ (“DPIA”).If the outcome of a DPIA points to a high risk that Recruitxo’s intended personal data processing could result in distress and/or may cause damage to data subjects, it is up to the Data Controller to decide whether Recruitxo ought to proceed and the matter should be escalated to him or her. In turn, the Data Controller may escalate the matter to the regulatory authority if significant concerns have been identified.It is the role of the Data Controller to ensure that appropriate controls are in place to ensure that the risk level associated with personal data processing is kept to an acceptable level, as per the requirements of the GDPR and Recruitxo’s documented risk acceptance criteria.Principles of data protectionThe principles of personal data processing are as follows:1. All personal data must be processed lawfully and fairly at all times, as per Recruitxo’s Fair Processing Policy.2. Policies must also be transparent, meaning that Recruitxo must ensure that its personal data processing policies, as well as any specific information provided to a data subject, are readily available, easily accessible and clear, drafted using clear and plain language.3. The data subject must be provided with the following information:- the identity and contact details of the Data Controller and any of its representatives;- the purpose or purposes and legal basis of processing;Storage period - the length of time for which the data shall be stored;- confirmation of the existence of the following rights:Right to request access;Right of rectification;Right of erasure; and theRight to raise an objection to the processing of the personal data;- the categories of personal data;- the recipients and/or categories of recipients of personal data, if applicable;- if the controller intends to make a transfer of personal data to a third country and the levels of data protection provided for by the laws of that country, if applicable; andFurther information - any further information required by the data subject in order to ensure that the processing is fair and lawful.4. Personal data may only be collected for specified, explicit and legitimate reasons. When personal data is obtained for specific purposes, it must only be used in relation to that purpose and cannot be different from the reasons formally notified to the Information Commissioner, as part of Recruitxo’s GDPR ICO registration.5. Personal data must be adequate, relevant and restricted to only what is required for processing. In relation to this, the Data Controller shall at all times:Ensure that personal data which is superfluous and not necessarily required for the purpose(s) for which it is obtained, is not collected;Approve all data collection forms, whether in hard-copy or electronic format;Carry out an annual review of all methods of data collection, checking that they are still appropriate, relevant and not excessive; andSecurely delete or destroy any personal data that is collected in a manner that is excessive or unnecessary according to Recruitxo’s GDPR policies.6. Personal data must be accurate and up-to-date:Data should not be kept unless it is reasonable to assume its accuracy and data that is kept for long periods of time must be examined and amended, if necessary;All staff must receive training from the Recruitxo’s Head of HR to ensure they fully understand the importance of collecting and maintaining accurate personal data;Individuals are personally responsible for ensuring that the personal data held by Recruitxo is accurate and up-to-date. Recruitxo will assume that information submitted by individuals via data collection forms is accurate at the date of submission;All employees of Recruitxo are required to update the HR department as soon as reasonably possible of any changes to personal information, to ensure records are up-to-date at all times;The Data Controller must ensure that relevant and suitable additional steps are taken to ensure that personal data is accurate and up-to-date;The Data Controller shall, on an annual basis, carry out a review of all personal data controlled by Recruitxo, referring to the Data Inventory Register and ascertain whether any data is no longer required to be held for the purpose notified to the ICO, arranging for that data to be deleted or destroyed in a safe manner.
The Data Controller shall also ensure that where inaccurate or out-of-date personal data has been passed on to third parties, that the third parties are duly informed and instructed not to use the incorrect or out-of-date information as a means for making decisions about the data subject involved. The Data Controller shall also provide an update to the third party, correcting any inaccuracies in the personal data.7. The form in which the personal data is stored must only be identifiable when it is necessary to do so for processing purposes. The following principles apply:Personal data that is kept beyond the processing date must be either encrypted or pseudonymised and kept to an absolute minimum, to ensure the protection of the data subject’s identity should a data breach incident occur;Personal data must be retained according to the Government's Records Management and Retention and Disposal Policy and must be destroyed or deleted in a secure manner as soon as the retention date has passed; andShould any personal data be required to be retained beyond the retention period set out in the Records Retention Procedure, this may only be done with the express written approval of the Data Controller, which must be in line with data protection requirements.8. The processing of personal data must always be carried out in a secure manner.9. Personal data should not be processed in an unauthorised or unlawful manner, nor should it be accidentally lost or destroyed at any time and Recruitxo shall implement robust technical and organisational measures to ensure the safeguarding of personal data.Security controlsSecurity controls are necessary to ensure that risks to personal data identified by Recruitxo are appropriately mitigated as much as possible to reduce the potential for damage or distress to data subjects whose personal data is being processed and are subject to regular audit and review.Personal data shall not be transferred to a country outside of the EU unless the country provides appropriate protection of the data subject’s ‘rights and freedoms’ in relation to the processing of personal data.Adequacy of transferThe following safeguards and exceptions are in place to ensure that data is not transferred to a country outside of the EU, with the transfer being off limits, unless one or more of the safeguards or exemptions listed below apply:Safeguards1. Assessing the adequacy of the transfer, by reference of the following:The nature of the personal data intended to be transferred;The country of origin and country of intended destination;The nature and duration of the personal data use;The legislative framework, codes of practice and international obligations of the data subject’s country of residence; and(UK only) the security measures to be implemented in the country of intended destination in relation to the personal data.2. Binding corporate rulesRecruitxo is free to implement approved binding corporate rules in relation to personal data transfer outside of the EU, however only with prior permission from the relevant regulatory body.3. Model contract clausesRecruitxo is free to implement model contract clauses in relation to personal data transfer outside of the EU and there will be an automatic recognition of adequacy of transfer, should the model contract clauses receive approval from the relevant regulatory body.ExceptionsIn the absence of an adequacy decision, including binding corporate rules and model contract clauses, no transfer of personal data to a third country may take place unless one of the following preconditions is satisfied:Explicit consent has been provided by a fully informed data subject, who has been made aware of all possible risks involved in light of appropriate safeguards and an adequacy decision;The personal data transfer is a prerequisite to the performance of a pre-existing contract between the data controller and the data subject or when the data subject requests that pre-contractual measures are implemented;The personal data transfer is a prerequisite to the conclusion or performance of a pre-existing contract between the data controller and another person, whether natural or legal, if it is in the interest of the data subject;The personal data transfer is in the public interest;The personal data transfer is required for the creation, exercise or defence of legal claims;The data subject is not capable of giving consent, whether due to physical or legal limitations or restrictions and the personal data transfer is necessary for the protection of the key interests of the data subject or of other persons;The personal data transfer is made from an approved register, confirmed by EU or Member State law as having the intention of providing public information and which is open to consultation by the public or by an individual demonstrating a legitimate interest, but only so far as the legal requirements for consultation are fulfilled.AccountabilityAccording to the GDPR accountability principle, the data controller is responsible both for ensuring overall compliance with the GDPR and for demonstrating that each of its processes is compliant with the GDPR requirements. To this extent data controllers are required to:Maintain all relevant documentation regarding its processes and operations;Implement proportionate security measures;Carry out Data Processing Impact Assessments (“DPIAs”);Comply with prior notification requirements;Seek the approval of relevant regulatory bodies.The rights of data subjectsData subjects enjoy the following rights in relation to personal data that is processed and recorded:The right to make access requests in respect of personal data that is held and disclosed;The right to refuse personal data processing, when to do so is likely to result in damage or distress;The right to refuse personal data processing, when it is for direct marketing purposes;The right to be informed about the functioning of any decision-making processes that are automated which are likely to have a significant effect on the data subject;The right not to solely be subject to any automated decision-making process;The right to claim damages should they suffer any loss as a result of a breach of the provisions of the GDPR;The right to take appropriate action in respect of the following: the rectification, blocking and erasure of personal data, as well as the destruction of any inaccurate personal data;The right to request that the ICO carry out an assessment as to whether any of the provisions of the GDPR have been breached;The right to be provided with personal data in a format that is structured, commonly used and machine-readable;The right to request that his or her personal data is sent to another data controller; andThe right to refuse automated profiling without prior approval.Data access requestsThe Subject Access Request Procedure sets out the procedure for making data access requests to data subjects and outlines how Recruitxo will comply with the requirements of the GDPR regarding this.ComplaintsAll complaints about the Recruitxo’s processing of personal data may be lodged by a data subject directly with the Data Controller, by filling in the appropriate form providing details of the complaint. The data subject must be provided with a Fair Processing Policy at this stage.ConsentWhere consent to the processing of personal data is the applicable lawful reason for processing, the data subject must be:Freely given and should never be given under duress, when the data subject is in an unfit state of mind or provided on the basis of misleading or false information;Explicit;Specific;A clear and unambiguous indication of the wishes of the data subject;Informed;Provided either in a statement or by unambiguous affirmative action;Demonstrated by active communication between the data controller and the data subject and must never inferred or implied by omission or a lack of response to communication;In relation to sensitive data, consent may only be provided in writing, unless there is an alternative legitimate basis for the processing of personal data.Data securityAll employees of Recruitxo are personally responsible for keeping secure any personal data held by Recruitxo for which they are responsible. Under no circumstances may any personal data be disclosed to any third party unless Recruitxo has provided express authorisation.Accessing and storing personal dataAccess to personal data shall only be granted to those who need it.All personal data must be stored:In a locked room, the access to which is controlled; and/orIn a locked cabinet, drawer or locker; and/orIf in electronic format and stored on a computer, encrypted according to the Recruitxo’s IT procedures; and/orIf in electronic format and stored on removable media, encrypted as per Recruitxo’s IT procedures.Before being granted access to any organisational data, all staff of Recruitxo must understand and have a copy of Access Policy.Computer screens and terminals must not be visible to anyone other than staff of Recruitxo with the requisite authorisation. All employees must be familiar with and comply with the Recruitxo’s Clear Desk Policy.No manual records may be accessed by unauthorised employees of Recruitxo and may not be removed from the business premises in the absence of explicit written authorisation. Manual records must be removed from secured archiving when access is no longer needed on a day-to-day basis.All deletion of personal data must be carried out in accordance with Recruitxo’s Retention Requirements. Manual records which have passed their retention date must be shredded and disposed of as ‘confidential waste’ and any removable or portable computer media such as hard drives as USB sticks must be destroyed as per Recruitxo’s IT procedures.Personal data that is processed ‘off-site’ must be processed by authorised Recruitxo staff, due to the increased risk of its loss, damage or theft.Data access rightsData subjects have the right to access all personal data in relation to them held by Recruitxo, whether as manual records or electronic format. Data subjects therefore may at any time request to have sight of confidential personal references held by Recruitxo as well as any personal data received by Recruitxo from third-parties. To do so, a data subject must submit a Subject Access Request, as per Subject Access Request Procedure.Disclosure of dataRecruitxo must take appropriate steps to ensure that no personal data is disclosed to unauthorised third parties. This includes friends and family members of the data subject, governmental bodies and, in special circumstances, even the Police. All employees of Recruitxo are required to attend specific training in order to learn how to exercise due caution when requested to disclose personal data to a third party.Disclosure is permitted by the GDPR without the consent of the data subject under certain circumstances, namely:In the interests of safeguarding national security;In the interests of crime prevention and detection which includes the apprehension and prosecution of offenders;In the interests of assessing or collecting a tax duty;In the interests of discharging various regulatory functions, including health and safety;In the interests of preventing serious harm occurring to a third party; andIn the interests of protecting the vital interests of the data subject i.e. only in a life and death situation.The Data Controller is responsible for handling all requests for the provision of data for these reasons and authorisation by the Data Controller shall only be granted with support of appropriate documentation.Data retention and disposalRecruitxo must not retain personal data for longer than is necessary and once an employee has left Recruitxo, it may no longer be necessary for Recruitxo to retain all of the personal data held in relation to that individual. Some data will be kept longer than others, in line with Recruitxo’s data retention and disposal procedures.Personal data must be disposed of according to Recruitxo’s secure disposal procedures, to ensure that the “rights and freedoms” of data subjects it protected at all times.Data BreachesAll personal data breaches must be reported immediately to a Company Director. Failing to report a breach will amount to a disciplinary offence, which will be dealt with under the Company’s disciplinary procedure.Significant or deliberate breaches of this policy, such as accessing personal data without authorisation or a legitimate reason to do so, will constitute gross misconduct and will result in dismissal without notice.If a personal data breach occurs which is likely to result in a risk to the rights and freedoms of data subjects the Company must ensure that the Information Commissioner’s Office is informed of the breach without undue delay, and where feasible, within 72 hours after having become aware of it. Where the notification is not made to the Information Commissioner’s Office within 72 hours, it shall be accompanied by reasons for the delay.In the event that a personal data breach is likely to result in a high risk to the rights and freedoms of data subjects, the Company must ensure that all affected data subjects are informed of the breach directly and without undue delay.Data breach notifications shall include the following information:The categories and approximate number of data subjects concerned;The categories and approximate number of personal data records concerned;The name and contact details of the individual with the Company where more information can be obtained;The likely consequences of the breach;Details of the measures taken, or proposed to be taken, by the Company to address the breach including, where appropriate, measures to mitigate its possible adverse effects.Document ownerThe Data Controller is the owner of this policy document and must ensure that it is periodically reviewed according to the review requirements contained herein.The latest version of this policy document dated Insert date is available to all employees of Recruitxo on the organisation’s shared drive.This policy document was approved by Recruitxo's Board of Directors and is issued on a version-controlled basisThis Privacy Notice was last updated on 02 October 2024
Contact
We are delighted to assist both candidates in finding exceptional new opportunities and clients in hiring top-tier talent.
86-90 Paul Street, London, EC2A 4NE
[email protected]