Privacy Notice

Blue Heart Recruitment – Privacy Notice

Blue Heart Recruitment (“the Company”) is a recruitment organisation providing work-finding, staffing, and related employment services to clients and candidates. To deliver these services, we must process personal data — including certain sensitive categories of data — and in doing so, we act as a data controller.
You may provide your information directly to us through our website, registration forms, job applications, email, or telephone conversations. We may also obtain your information through third-party sources such as job boards or professional networking platforms. We only process your personal data where we have a lawful reason to do so, and always in accordance with applicable data protection legislation.
Contents
  1. Collection and use of personal data
    a. Purpose of processing and legal basis
    b. Legitimate interest
    c. Statutory/contractual requirement
    d. Recipients of data
  2. Information obtained from other sources
    a. Categories of data
    b. Sources of data
  3. Data retention
  4. Your rights
  5. Cookies
  6. Log files
  7. Links to external websites
  8. Sale or transfer of the business
  9. Data security
  10. Changes to this privacy notice
  11. Complaints or queries
  12. Data retention timescales
1. Collection and Use of Personal Data
a. Purpose of processing & lawful basis
Blue Heart Recruitment collects and processes personal data (including sensitive personal data where necessary) to provide work-finding and employment services. This includes:
  • Matching you to suitable job opportunities
  • Assessing your skills and qualifications
  • Communicating with you regarding roles, interviews, or availability
  • Submitting your details to clients
  • Updating internal systems and compliance files
  • Arranging pay, payroll, and invoicing services
  • Maintaining internal quality, audit, and regulatory compliance
If you have opted in, we may also contact you with relevant updates, job alerts, or marketing messages. You can opt out at any time by selecting “unsubscribe” in our communications.
We may also use your information when required for crime prevention, safeguarding, auditing, or to comply with legal and regulatory obligations.
We rely on the following legal bases:
  • Consent (where explicitly given)
  • Legitimate interests
  • Compliance with legal and regulatory obligations
  • Performance of a contract
b. Legitimate interests
We may process your data where we have a legitimate, fair, and balanced business reason to do so, including:
  • Maintaining accurate candidate and client databases
  • Delivering and improving our work-finding services
  • Contacting you to request consent where required
  • Providing information about similar roles, services, or opportunities
c. Statutory / contractual requirements
Certain personal data is required under legislation including (but not limited to):
  • Conduct of Employment Agencies and Employment Businesses Regulations 2003
  • Immigration, right-to-work, DBS, safeguarding, and tax requirements
  • HMRC, payroll, pension auto-enrolment, and employment legislation
Clients may also request specific compliance documentation. If you do not provide the personal data we require, we may not be able to offer work-finding services to you.
d. Recipients of personal data
Your information may be shared with:
  • Clients seeking candidates
  • Former employers (for reference verification)
  • Payroll companies, umbrella companies, or payment intermediaries
  • Other recruitment partners within a supply chain
  • Pension providers (e.g., NEST)
We will only share the minimum data necessary.
2. Information Obtained from Other Sources
a. Categories of Data Collected
Personal data:
  • Name, address, phone number, email
  • Date of birth, nationality, NI number
  • Employment history, qualifications, references
  • Right-to-work documentation
Sensitive data:
  • Health information or adjustments
  • Criminal convictions (DBS or self-disclosure)
b. Sources of Data
We may obtain personal data from:
  • Job boards (Indeed, CV-Library, TotalJobs, Reed, LinkedIn, etc.)
  • Professional networking sites
  • Former employers
  • Referees
  • Social media platforms
  • Cookies and website analytics (see section 5)
This information is not sourced from publicly available databases unless already publicly shared by you (e.g., LinkedIn).
3. Data Retention
We retain your data only for as long as necessary or as required by law. For example:
  • Work-seeker records: minimum 1 year after last provision of services
  • Payroll, wage, tax, and pension records: 3–6 years
  • DBS, safeguarding, compliance records: kept in line with statutory obligations
  • Right-to-work records: 2 years after engagement ends
Where data is processed under consent, we will seek renewed consent when your retention period expires. If consent is not renewed, we will securely delete your information unless another legal basis permits retention.
(See the full retention schedule at the end of this notice.)
4. Your Rights
You have the following rights regarding your personal data:
  • Right to be informed
  • Right of access
  • Right to rectification
  • Right to erasure (in certain circumstances)
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing based on legitimate interest
  • Right not to be subject to automated decision-making
  • Right to withdraw consent at any time
To exercise your rights, contact the Blue Heart Recruitment Data Protection Lead.
Withdrawal of consent does not affect processing already completed before withdrawal or processing justified by another lawful basis
5. Cookies
We use cookies to enhance your experience and improve Website functionality. Cookies may collect usage patterns, browser types, or preference data. For full details, please refer to our Cookie Policy.
6. Log Files
We may use IP addresses to analyse trends, administer the Website, track user navigation, and gather broad demographic data. IP addresses are not linked to identifiable personal information.
7. Links to External Websites
Our Website may include links to external sites. Blue Heart Recruitment is not responsible for the privacy practices of external providers. We encourage users to review privacy policies on any site that collects personal data.
8. Sale or Transfer of the Business
If Blue Heart Recruitment is sold, merges, or transfers part of its operations, your personal data may be disclosed to advisors, prospective buyers, or new owners as part of the business transfer.
9. Data Security
We take appropriate measures to safeguard your personal information, including:
  • Firewalls and secure servers
  • Encryption technologies
  • Cyber Essentials controls
  • Access-restricted systems
  • Password and multi-factor protection
However, internet and email transmission cannot be fully guaranteed as secure. Where possible, please avoid sharing sensitive information over unsecured networks.
10. Changes to This Privacy Notice
We may update this Privacy Notice periodically. All updates will be displayed on this page with a revision date. Material changes will be communicated where appropriate.
11. Complaints or Queries
If you have concerns or wish to make a complaint regarding how we process your data, please contact:
Email: info@blueheartrecruitment.co.uk
Phone: 01633 646900
Address: Unit 31, Orion Suite, Enterprise Way, Newport , NP20 2DX
You may also contact the Information Commissioner’s Office (ICO):
https://ico.org.uk/make-a-complaint/
0303 123 1113
12. Data Retention Timescales
(Rewritten to match Blue Heart Recruitment but keeping legal requirements intact)
Personnel & Work-Seeker Records
  • Application forms, CVs, ID checks, interview notes, assignment records, opt-out notices
    Retention: Minimum 1 year after last work-finding activity
    Source: Conduct Regulations 2003
Terms of Engagement / Terms of Business
  • Agreements with temporary workers or clients
    Retention: 6 years
    Source: Limitation Act 1980
Working Time Records
  • 48-hour opt-out, annual leave records
    Retention: 2 years
Appraisal / Assessment Records
  • No statutory retention; kept 3 years for internal, CIW, NMC, or audit purposes
References
  • Required to be kept 1 year following assignment or introduction
Right-to-Work Documents
  • 2 years after employment/engagement ends
DBS Information
  • Retained only as necessary in line with DBS Code of Practice and Data Protection Act
National Minimum Wage Documentation
  • Wage, hours, deductions, absence, accommodation records
    Retention: 3 years
    Source: NMW Act 1998
Sickness, Maternity, Paternity, Adoption Pay
  • Records retained 3 years (aligned with payroll)
Pension Auto-Enrolment
  • Contribution records: 6 years
  • Opt-out notices: 4 years
Gender Pay Gap Reports
  • 1 year (reports must remain published for 3 years)
Financial Records
  • Payroll & CIS: 3 years after the tax year
Intermediaries Legislation (IR35)
  • Records retained 3 years after the tax year