URecruit Global
URecruit GlobalTalent Intelligence

Privacy Policy

URecruit Global

Last Updated: October 10, 2025
Effective Date: October 10, 2025

Introduction and Scope

URecruit Global is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our recruitment services, visit our website, or interact with us.

We specialise in construction and data centre engineering recruitment across the United Kingdom, Ireland, Netherlands, Germany, France, Sweden, and Norway. Our services include permanent placements, contract staffing, executive search, career consultation, and market intelligence.

This policy applies to all individuals whose personal data we process, including:

  • Job candidates and potential candidates
  • Client contacts and hiring managers
  • Newsletter subscribers and job alert recipients
  • Website visitors
  • Business partners and suppliers

We comply with the UK General Data Protection Regulation (UK GDPR), Data Protection Act 2018, and Privacy and Electronic Communications Regulations (PECR).

Data Controller Identity

Legal Name: URecruit Global

Industry: Recruitment Services (Construction & Data Centre Engineering)

Address: Carr House, 46 Carr Street, Ipswich, Suffolk, IP4 1EW, United Kingdom

Website: https://urecruitglobal.com

Email: info@urecruitglobal.com

As the data controller, we determine the purposes and means of processing your personal data and are responsible for ensuring compliance with applicable data protection laws.

Types of Data We Collect

We collect and process the following categories of personal data:

Candidate Data

  • Identity Information: Full name, professional titles, LinkedIn profile
  • Contact Details: Email address, phone number, postal address
  • Professional Information: Current position, work experience, education, skills, qualifications, certifications
  • Career Information: Salary expectations, career objectives, availability, notice period
  • CV/Resume: Complete employment history, achievements, references
  • Interview Records: Notes from interviews, assessments, and communications

Client and Partner Data

  • Business Contact Information: Company name, contact person name, email, phone number
  • Commercial Information: Industry sector, hiring needs, service requirements, project details
  • Communication Records: Meeting notes, email correspondence, service agreements

Job Alert Subscribers

  • Contact Information: Name, email address, phone number (for SMS alerts)
  • Preferences: Job types, locations, salary ranges, industry sectors
  • Subscription Status: Opt-in date, communication preferences

Website Visitors

  • Technical Data: IP address, browser type and version, device information, operating system
  • Usage Data: Pages visited, time spent on site, click patterns, referral sources
  • Location Data: General geographic location based on IP address

Email Communication Data

  • Email Threads: Complete conversation history between candidates, clients, and our team
  • Response Tracking: Email open rates, click-through rates, response times
  • AI-Generated Content: Email drafts and responses created using AI tools
  • Pipeline Tracking: Candidate and client status updates, stage progression

How We Collect Your Data

We collect personal data through various methods:

Direct Collection

  • CV Uploads: Through our website forms (PDF, DOC, DOCX files up to 5MB)
  • Contact Forms: Talent inquiry forms and client inquiry forms on our website
  • Subscription Forms: Job alerts and newsletter sign-ups via EmailOctopus integration
  • Telephone Calls: During recruitment consultations and client meetings
  • Email Communication: Direct correspondence with candidates and clients
  • Face-to-Face Meetings: During interviews, client meetings, and networking events

Automated Collection

  • Website Analytics: Google Analytics tracking of website usage
  • Cookies: Essential session cookies and analytics cookies
  • Email Tracking: Automated tracking of email interactions for conversation management

Third-Party Sources

  • LinkedIn: Professional profile information (with your consent)
  • Client Referrals: Candidate recommendations from existing clients
  • Professional Networks: Industry contacts and referrals
  • Public Sources: Professional profiles on company websites or industry directories

Purposes of Processing

We process your personal data for the following purposes:

Recruitment Services

  • Matching candidates with suitable job opportunities
  • Managing the recruitment process from application to placement
  • Conducting interviews, assessments, and reference checks
  • Providing career consultation and CV enhancement services
  • Salary benchmarking and market intelligence research

Client Services

  • Understanding client hiring requirements and preferences
  • Sourcing and screening candidates for specific roles
  • Managing client relationships and project delivery
  • Providing market insights and recruitment analytics

Communication and Marketing

  • Sending job alerts and relevant opportunities
  • Newsletter distribution with industry insights
  • Email thread management and response generation
  • Internal team notifications via Slack

Business Operations

  • Managing our candidate and client database (Manatal CRM)
  • Website analytics and performance monitoring
  • Financial administration and invoicing
  • Compliance with legal and regulatory requirements

AI-Powered Services

  • CV Parsing: Extracting key information from uploaded documents
  • Salary Calculator: Providing market-based salary estimates
  • Email Generation: Creating professional correspondence
  • Candidate Matching: Identifying suitable opportunities using AI algorithms

Data Sharing and Third-Party Processors

We share your personal data with carefully selected third parties who help us deliver our services:

Technology Partners

  • Supabase: Database hosting and file storage (EU servers)
  • Manatal CRM: Candidate and client relationship management
  • OpenAI: AI services for CV parsing and email generation (US servers - see International Transfers)
  • N8N: Workflow automation platform
  • EmailOctopus: Email marketing and newsletter distribution (EU-based)
  • Google Analytics: Website traffic analysis (anonymised data)

Internal Communications

  • Slack: Team notifications containing candidate names and contact details for internal coordination

Clients and Partners

  • Hiring Managers: Sharing candidate profiles for suitable opportunities (with candidate consent)
  • Partner Agencies: Collaboration on specific recruitment projects
  • Professional References: Verification of candidate employment history and qualifications

Legal and Regulatory

  • HMRC: Tax obligations and statutory reporting
  • Employment Tribunals: If required for legal proceedings
  • ICO: Data protection compliance investigations (if requested)

Data Processing Agreements: We maintain written agreements with all data processors to ensure they provide appropriate guarantees regarding data security and compliance with UK GDPR.

International Data Transfers

Some of our service providers are located outside the UK and European Economic Area (EEA):

Transfers to the United States

  • OpenAI (GPT-4/GPT-5 APIs): We use Standard Contractual Clauses and have conducted Transfer Risk Assessments to ensure adequate protection
  • Other US Providers: We verify Data Privacy Framework certification or implement appropriate safeguards

Transfers within the EU/EEA

  • Supabase: Data hosted in EU regions with GDPR compliance
  • EmailOctopus: EU-based email service provider

Safeguards

  • Standard Contractual Clauses approved by the ICO
  • Transfer Risk Assessments for high-risk destinations
  • Encryption in transit and at rest
  • Regular review of adequacy decisions and certification status

Data Retention Periods

We retain personal data only as long as necessary for the purposes outlined in this policy and in accordance with UK legal requirements for recruitment agencies:

Candidate Data

Successful Candidates:

  • Core recruitment records: Duration of placement plus statutory retention period
  • CV and application materials: Retained for business purposes and legal compliance
  • Interview notes and assessments: Retained for a reasonable period following placement

Unsuccessful Candidates:

  • CV and application materials: Retained for future opportunities (typically up to several years)
  • Interview notes and assessments: Retained for a limited period following application
  • General inquiries: Retained for business development purposes

Job Alert Subscribers:

  • Contact details and preferences: Until consent is withdrawn
  • Communication history: Retained for business purposes

Client Data

  • Contact information and project details: Duration of business relationship plus statutory period
  • Communication records: Retained for business purposes
  • Commercial agreements: Retained in accordance with financial and legal requirements

Website and Analytics Data

  • Google Analytics data: Automatically deleted according to Google's retention settings
  • Server logs: Retained for security and operational purposes
  • Cookie data: As specified in our Cookie Policy

Email Communication Data

  • Email threads and correspondence: Retained for business and legal purposes
  • AI-generated content logs: Retained for a limited period for quality assurance
  • Pipeline tracking data: Duration of active engagement plus reasonable period

Special Circumstances:

  • Legal holds: Data retained until matter resolution
  • Regulatory investigations: Extended retention as required by authorities
  • Active disputes: Retention until final resolution plus applicable limitation period

You may request information about how long we retain your specific data by contacting our Data Protection Officer.

Your Rights Under UK GDPR

As a data subject, you have the following rights:

Right of Access (Article 15)

You can request a copy of the personal data we hold about you and information about how we process it.

Right to Rectification (Article 16)

You can request correction of inaccurate or incomplete personal data.

Right to Erasure (Article 17)

You can request deletion of your personal data in certain circumstances, including:

  • The data is no longer necessary for the original purpose
  • You withdraw consent (where consent is the legal basis)
  • The data has been unlawfully processed
  • You object to processing based on legitimate interest (and we have no overriding legitimate grounds)

Right to Restrict Processing (Article 18)

You can request limitation of processing in specific situations, such as while we verify data accuracy.

Right to Data Portability (Article 20)

You can request transfer of your data to another service provider in a structured, machine-readable format (where processing is based on consent or contract).

Right to Object (Article 21)

  • General Processing: Object to processing based on legitimate interest
  • Direct Marketing: Absolute right to opt-out of marketing communications
  • Automated Decision-Making: Object to decisions made solely by automated means

Rights Related to Automated Decision-Making (Article 22)

  • Right not to be subject to decisions based solely on automated processing
  • Right to human intervention in automated processes
  • Right to contest automated decisions

How to Exercise Your Rights

To exercise any of your data protection rights:

Contact Methods

Email: info@urecruitglobal.com

Subject Line: "Data Protection Request - [Your Name]"

Post: Data Protection Officer, URecruit Global, Carr House, 46 Carr Street, Ipswich, Suffolk, IP4 1EW

Information Required

  • Full name and contact details
  • Description of your request
  • Proof of identity (copy of passport or driving licence)
  • Specific data or processing activities you're concerned about

Response Times

  • Access Requests: Within 1 month (extendable to 3 months for complex requests)
  • Other Requests: Within 1 month of receipt
  • Urgent Requests: We will prioritise based on circumstances

No Fee Policy

We do not charge for most data protection requests unless they are manifestly unfounded, excessive, or repetitive.

Right to Complain

If you're not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (see ICO Complaints section below).

Data Security Measures

We implement comprehensive technical and organisational measures to protect your personal data:

Technical Safeguards

  • Encryption: All data encrypted in transit (HTTPS/TLS) and at rest
  • Access Controls: Role-based permissions in our admin dashboard
  • Database Security: Supabase enterprise-grade security with EU hosting
  • File Storage: Secure cloud storage with time-limited public URLs (1-hour expiry)
  • API Security: Authenticated and encrypted API connections
  • Regular Backups: Automated daily backups with secure off-site storage

Organisational Measures

  • Staff Training: Regular data protection training for all team members
  • Access Management: Principle of least privilege for data access
  • Incident Response: Documented procedures for data breach response
  • Third-Party Vetting: Due diligence on all data processors
  • Policy Review: Annual review of security policies and procedures

Monitoring and Auditing

  • System Monitoring: 24/7 monitoring of our technical infrastructure
  • Access Logging: Comprehensive logs of data access and modifications
  • Regular Assessments: Periodic security assessments and penetration testing
  • Compliance Audits: Annual data protection compliance reviews

Data Breach Response

In the event of a personal data breach:

  • Internal Reporting: Immediate notification to senior management
  • ICO Notification: Within 72 hours (if likely to result in high risk)
  • Individual Notification: Without undue delay (if high risk to rights and freedoms)
  • Breach Register: Maintained record of all data breaches

Automated Decision-Making and Profiling

We use automated systems and AI technology in our recruitment processes:

AI-Powered CV Parsing

  • Purpose: Extracting key information from uploaded CVs for database entry
  • Technology: OpenAI GPT-4/GPT-5 APIs
  • Human Oversight: All extracted information is reviewed and verified by our recruitment consultants
  • Your Rights: You can request human review of any automated processing of your CV

Automated Candidate Matching

  • Purpose: Identifying relevant job opportunities based on skills and preferences
  • Process: Algorithm matches candidate profiles with job requirements
  • Human Oversight: All matches are reviewed by recruitment consultants before contact
  • Your Rights: You can object to automated matching and request manual review

Email Response Generation

  • Purpose: Creating initial draft responses using AI for efficiency
  • Process: AI generates draft emails based on conversation context
  • Human Oversight: All AI-generated emails are reviewed and approved by team members before sending
  • Your Rights: You can request clarification on whether any communication was AI-assisted

Salary Calculator

  • Purpose: Providing market-based salary estimates
  • Data Used: Job role, experience level, location (anonymised)
  • Process: AI analysis of market data to generate salary ranges
  • Human Oversight: Results are validated against market intelligence
  • Your Rights: You can request explanation of how estimates are calculated

Important Safeguards

  • No Solely Automated Decisions: We do not make employment-related decisions based solely on automated processing
  • Human Intervention: All significant decisions involve meaningful human review
  • Transparency: We inform you when AI is used in processing your application
  • Right to Object: You can object to any automated processing of your data

Special Categories of Data

CVs and application materials may contain special categories of personal data (sensitive data):

Types of Sensitive Data

  • Health information (medical conditions, disabilities)
  • Ethnic origin or racial information
  • Religious or philosophical beliefs
  • Trade union membership
  • Criminal conviction data

Legal Basis for Processing

  • Explicit Consent: We obtain clear, informed consent for processing sensitive data
  • Employment Purposes: Processing necessary for employment law obligations
  • Equality Monitoring: Anonymous statistical analysis for diversity reporting

Enhanced Protection

  • Separate Storage: Sensitive data stored with additional security measures
  • Limited Access: Only authorised personnel can access sensitive information
  • Retention Limits: Sensitive data deleted sooner than general recruitment data
  • Anonymisation: Where possible, sensitive data is anonymised for statistical purposes

Your Rights

  • Withdraw Consent: You can withdraw consent for processing sensitive data at any time
  • Data Minimisation: We only process sensitive data when strictly necessary
  • Right to Object: You can object to processing of sensitive data

Children's Data

Age Restriction: Our recruitment services are not intended for individuals under 16 years of age.

No Knowing Collection: We do not knowingly collect or process personal data from children under 16.

Parental Notification: If we become aware that we have collected data from a child under 16, we will:

  • Delete the information immediately
  • Not use the data for any purpose
  • Notify parents/guardians if contact information is available

Educational Partnerships: Any work experience or apprenticeship programmes involving under-18s will require:

  • Parental/guardian consent
  • Enhanced data protection measures
  • Limited data collection and retention

Cookies and Website Analytics

We use cookies and similar technologies on our website. Please refer to our separate Cookie Policy for detailed information.

Essential Cookies

  • Session Management: Maintaining user sessions during website visits
  • Security: Preventing cross-site request forgery attacks
  • Form Functionality: Ensuring contact forms work properly

Analytics Cookies

  • Google Analytics: Understanding website usage patterns (anonymised data)
  • Performance Monitoring: Identifying technical issues and improvements

Cookie Consent

  • Clear Notice: Cookie banner explaining our use of cookies
  • Granular Control: Options to accept/reject different types of cookies
  • Easy Withdrawal: Simple process to change cookie preferences

Your Rights

  • Browser Settings: Configure your browser to block or delete cookies
  • Opt-Out Tools: Use Google Analytics opt-out browser add-on
  • Contact Us: Request information about our cookie usage

Email Marketing and Communications (PECR)

We process electronic communications in compliance with Privacy and Electronic Communications Regulations (PECR):

Business-to-Business (B2B) Communications

  • Client Communications: We can send business-related emails to corporate email addresses
  • Professional Updates: Industry news and recruitment insights to business contacts
  • Service Information: Updates about our recruitment services

Business-to-Consumer (B2C) Communications

  • Explicit Consent Required: We obtain clear consent before sending marketing emails to personal addresses
  • Soft Opt-In: For existing candidates, we may send similar service communications
  • Easy Unsubscribe: One-click unsubscribe option in all marketing emails

Job Alert Services

  • Email Alerts: Sent based on your subscription preferences
  • SMS Alerts: Only with explicit consent and clear opt-out instructions
  • Preference Management: Easy-to-use system for updating communication preferences

Newsletter Communications

  • EmailOctopus Integration: Professional email marketing platform
  • Consent-Based: All subscriptions require explicit opt-in
  • Unsubscribe Rights: Immediate processing of unsubscribe requests

Your Communication Rights

  • Opt-Out: Absolute right to opt-out of marketing communications
  • Preference Control: Choose which types of communications you receive
  • Contact Method: Specify preferred communication channels
  • Frequency Control: Manage how often you receive communications

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in:

  • Our business practices
  • Legal requirements
  • Technology or security measures
  • Service offerings

Notification of Changes

  • Website Notice: Updated policy posted on our website with new effective date
  • Email Notification: Significant changes communicated to registered users
  • Version Control: Previous versions available upon request

Material Changes

For substantial changes that affect your rights:

  • 30-day notice before implementation
  • Renewed consent may be required for certain processing activities
  • Right to object to new uses of your existing data

Review Schedule

We review this Privacy Policy annually and update as necessary to ensure ongoing compliance and clarity.

Contact Information

Data Protection Queries

Email: info@urecruitglobal.com

Subject: "Privacy Policy Inquiry"

Post: Privacy Team, URecruit Global, Carr House, 46 Carr Street, Ipswich, Suffolk, IP4 1EW, United Kingdom

General Business Inquiries

Website: https://urecruitglobal.com

Email: info@urecruitglobal.com

Response Times

  • Data protection requests: Within 1 month
  • General inquiries: Within 5 business days
  • Urgent matters: Within 24 hours during business days

Business Hours

Monday to Friday: 9:00 AM - 5:30 PM GMT

*Emergency data protection matters can be reported outside business hours*

ICO Complaints Procedure

If you believe we have not handled your personal data in accordance with data protection law, you have the right to lodge a complaint with the UK's supervisory authority:

Information Commissioner's Office (ICO)

Website: https://ico.org.uk/

Telephone: 0303 123 1113

Email: casework@ico.org.uk

Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

When to Contact the ICO

  • You're not satisfied with our response to your data protection request
  • You believe we're processing your data unlawfully
  • You have concerns about our data security practices
  • We have failed to respond to your request within the required timeframe

Information to Provide

  • Details of your complaint
  • Steps you've taken to resolve the matter with us
  • Any correspondence or reference numbers
  • What outcome you're seeking

Alternative Resolution

Before contacting the ICO, we encourage you to contact us directly. We're committed to resolving data protection concerns promptly and fairly.

This Privacy Policy demonstrates our commitment to protecting your personal data and maintaining transparency about our data processing practices.

If you have any questions or concerns, please don't hesitate to contact us.

© 2025 URecruit Global. All rights reserved.