Privacy Policy

Talent Torch Recruitment Ltd

1. What this covers

This Policy explains what we collect, why we collect it, how long we keep it, who we share it with, international transfers, your rights, and how to contact us.

2. The data we collect

Candidates: name, contact details, CV/portfolio, work history, education, skills, salary expectations, location/time-zone, interview notes, test results, right-to-work status (where applicable), offer/acceptance info.

Clients & prospects: name, role, company, contact details, meeting notes, role requirements, commercial history.

Referees/introducers: name, role, contact details, relationship to candidate.

Website & comms: IP address, device/browser, cookie IDs, page activity; emails and messages (including attachments).

Special categories / criminal data: We do not seek health, ethnicity, religious, biometric or criminal-records data. If a role legally requires checks, we’ll only process them where lawful and necessary, with suitable safeguards.

3. Where we get it

Directly from you (forms, CVs, calls, email, interviews, tests).

From clients, referees, public sources (LinkedIn, Github, portfolios), job boards and recruitment platforms.

From assessment providers (test scores) where you choose to complete them.

4. Why we use it (lawful bases)

Recruitment services (finding, introducing and placing candidates; managing interviews/offers): Contract (Art. 6(1)(b)) and Legitimate interests (6(1)(f)).

Client relationship management (BD, proposals, account support): Legitimate interests.

Assessments & screening you opt into: Legitimate interests; in some cases Consent.

Comms & support (responding to enquiries): Legitimate interests.

Legal/finance (invoices, record-keeping, compliance): Legal obligation (6(1)(c)) and Legitimate interests.

Marketing to business contacts (email/LinkedIn, reasonable B2B outreach): Legitimate interests. You can opt out anytime.

We rely on consent only where required (e.g., optional marketing to non-business addresses). You can withdraw consent at any time.

5. Who we share it with (processors/recipients)

Client companies considering you for roles (only relevant information).

Service providers acting on our instructions: cloud hosting, ATS/CRM, skills testing, video-interview tools, background-check vendors, email/SMS tools, document e-sign tools, productivity suites.

Professional advisers (legal, accounting), and authorities where required by law.

We don’t sell personal data.

6. International transfers

We often source and place Philippines-based talent. Where data moves outside the UK (or EEA), we use approved transfer safeguards, e.g. the UK International Data Transfer Agreement (IDTA) and/or EU Standard Contractual Clauses with the UK Addendum, plus vendor due-diligence and access controls.

7. How long we keep data (retention)

Candidates: up to 3 years from last meaningful contact, or sooner if you ask us to delete (unless we must keep limited data for legal reasons).

Clients/prospects: for the duration of our relationship and up to 6 years after (contracts/claims limitation).

Financial records: 6–7 years to meet tax and accounting rules.

We may keep minimal suppression records (email/opt-out) so we don’t contact you again by mistake.

8. Your rights

You have the right to access, rectify, erase (Right to be Forgotten), restrict or object to processing, and to data portability. You can withdraw consent where we rely on it.

To exercise your rights, email dom@thetalenttorch.com

. We’ll respond within one month (extendable for complex requests; we’ll tell you). You also have the right to complain to the UK ICO: ico.org.uk.

Right to Erasure (summary): You may ask us to delete your personal data where, for example, it’s no longer needed or you withdraw consent and there’s no other legal basis. We may retain limited data where required by law or to establish, exercise or defend legal claims.

9. Automated decision-making

We don’t make solely automated decisions with legal or similarly significant effects. We may use tools to help shortlist (e.g., skills tests/keyword search), but a human makes hiring recommendations and decisions.

10. Security

We use reasonable technical and organisational measures: role-based access, MFA, encryption in transit, vendor due-diligence, least-privilege access, and staff confidentiality obligations. No method is 100% secure, but we aim for appropriate protection relative to risk.

11. Cookies

We use cookies and similar tech for site functionality, analytics and to improve our services. See our Cookie Notice for details and how to manage preferences.

12. Children

We don’t target our services to children. Please don’t submit data for anyone under 16.

13. Changes

We may update this Policy. If changes are material, we’ll note it here and, where appropriate, notify you by email or on the website. The “Last updated” date tells you the current version.

13. Contact

Questions or requests: Dom@thetalenttorch.com

Data Protection lead: Dominic Watson, Talent Torch Recruitment Ltd.