Privacy Notice

Privacy Notice

This notice explains what personal data (information) we will hold about you, how we collect it, how we will use and will share information about you, and how you can check and update any of your personal information.

We are required to notify you of this information, under data protection legislation. Please ensure that you read this notice (sometimes referred to as a ‘privacy notice’) and any other similar notice we may provide to you from time to time when we collect or process personal information about you.

1. Who collects the information

Rees Draper Wright Ltd of Castle Chambers, 87A, High Street, Berkhamsted, Hertfordshire HP4 2DF (‘RDW’) is a ‘data controller’ and this means that we are responsible for deciding how we hold and use personal information about you. We are an employment agency and employment business as defined in the Employment Agencies and Employment Businesses Regulations 2003 and we collect personal data to allow us to undertake our business.

2. Who this notice applies to

This notice applies to any users of RDW’s services anywhere in the world, including any users of RDW’s website. It also applies to anyone who contacts or otherwise submits information to RDW.

3. Data protection principles

We will comply with data protection law. This says that the personal information we hold about you must be:

1. Used lawfully, fairly and in a transparent way.

2. Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.

3. Relevant to the purposes we have told you about and limited only to those purposes.

4. Accurate and kept up to date.

5. Kept only as long as necessary for the purposes we have told you about.

6. Kept securely.

4. About the information we collect and hold

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

5. What information do we collect

We may collect the following categories of information:

• Name, address, email, telephone number, gender, date of birth, NI number, social media identifier, payroll data

• Your nationality and immigration status and information from related documents, such as your passport or other identification and immigration information

• Information about your previous academic and/or employment history, including details of any conduct, grievance or performance issues, appraisals, time and attendance, from references

• Information regarding your academic and professional qualifications

• We will collect sensitive personal information when required by our clients but we will inform you what we will do with this information on a case by case basis

• For candidates working at specific clients we carry out background checks, including criminal background and credit checks.

• We will collect other data, from time to time, to help us provide you with improved services, for example we survey candidates and clients in order to improve our services

6. How we collect the information

We will collect this information about employees, workers, contractors and clients generally through the application and recruitment process, either directly from candidates or sometimes through referees (details of whom will have been provided), education provider, and relevant professional body, the Disclosure and Barring Service (DBS) and the Home Office.

This also includes information collected when you:

• We collect information about how you interact with our website, through the use of cookies, web beacons and similar technologies that create and maintain unique identifiers.

• Consent to a background check (where permitted by law)

• Contact RDW by email

• Complete surveys sent to you by RDW or on behalf of RDW

• Submit further details to RDW for onboarding purposes

• Our software allows employees to send SMS messages which are then logged on our system. Any content you send in reply will be logged.

• Use our recommended Insurance provider

• Make available your information on publicly available sources such as LinkedIn

7. Why we collect the information and how we use it

We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:

• To take steps to enter into a contract;

• For compliance with a legal obligation; and

• For the purposes of our legitimate interests, but only if these are not overridden by your interests, rights or freedoms.

We seek to ensure that our information collection and processing is always proportionate. We will notify you of any changes to information we collect or to the purposes for which we collect and process it.

The main purposes for which we may process personal information are

• To offer recruitment solutions to our clients and job seekers

• Check whether you are legally entitled to work in the UK

• Paying PAYE temporary employees and contractors

• Liaising with pension providers

• Administering any contract we may enter into with you or with a company run by you

• Making arrangements for the termination of our working relationship

• Dealing with legal disputes

• Complying with health and safety obligations

• To prevent fraud and the facilitation of tax evasion

• To ensure network and information security

• To conduct surveys with both candidates and clients

Many of the above grounds for processing will overlap and there may be several rounds which justify our use of your personal information. If we reasonably consider that we need to use personal data for another reason and that reason is compatible with the original purpose, then we may do so. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

When you use our website to apply for a role or to send us your CV we may ask you for your personal data. If you are seeking our assistance in finding you a suitable role we may ask you for your job search criteria, experience, salary expectations together with any other info we mutually believe to be relevant. We will enter this information on your candidate profile on our internal database to facilitate consultants sending you appropriate alerts. You can contact us at any time to request a copy of the information we hold or to ask for it to be removed.

Client and Suppliers

If you are a current or potential business to business contact, we will collect information about individuals in your organisation. This information may be entered into our database as a point of contact and will be visible to users of the database. Typically we will collect an individual’s name and business contact details in relation to the provision of our services, including on a speculative basis.

We may obtain these details through the organisations HR, direct contact, referral, websites, social media, publications and other sources. An individual may email to request removal from the database.

8. How we share the information

We will share some of the above categories of personal information with other parties, such as clients in order to successfully place candidates into new roles. The recipient of the information will be bound by confidentiality obligations and will have their own operational and legal obligations to meet with regards to the processing of personal data. We may also be required to share some personal information with our regulators or as required to comply with the law. We will also share data at your request. Our clients may ask for additional data as is relevant to their requirements.

We use third-party service providers such as Invenias, DocuSign, Survey Monkey, Call Credit and Care Check to process personal data. We also use third-party service providers to provide payroll services, administer pensions, benefits provision and IT services. We require third parties to respect the security of your data and to treat it in accordance with the law.

RDW has an office in New York and employees have read only access to personal data that resides on the UK servers. This is governed by an Intra Group Agreement based on Model Contractual Clauses provided by the EU Commission and New York employees do not routinely access this personal data as there is no requirement to. We may transfer your data outside the EU but if we do so you can expect a similar degree of protection in respect of your personal information. Where applicable, we ensure contractual clauses are in place between either controller or processor and/or the recipient of the personal data in the third country or international organisation that have been authorised by a competent supervisory authority.

9. Sensitive personal information and criminal records information

“Special categories” of particularly sensitive personal information require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal information. We have identified two circumstances where we may process special categories of personal information in the following circumstances:

• In limited circumstances, with your explicit written consent.

• Where we need to carry out our legal obligations.

We may only use information relating to criminal convictions where the law allows us to do so. We envisage that we will hold information about criminal convictions if it is appropriate given the nature of the role and where we are legally able to do so. Where appropriate, we will collect information about criminal convictions as part of the recruitment process or we may be notified of such information directly by you in the course of the recruitment process.

10. Where information is held

Information will be held at the offices of our group companies, and third party agencies, service providers, representatives and agents as described above.

11. Automated Decision-Making

Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. We do not use automated decision-making in the course of our business.

12. How long we keep your information

We keep the personal information that we obtain about you during the recruitment process for no longer than is necessary for the purposes for which it is processed. How long we keep personal information will depend on whether we are successful in placing you with a client and the nature of the information concerned.

Different laws require us to keep different data for different periods of time. The Conduct of Employment Agencies and Employment Businesses Regulations 2003, require us to keep work-seeker records for at least one year from (a) the date of their creation or (b) after the date on which we last provide you with work-finding services.

We must also keep payroll records, holiday pay, sick pay and pensions auto-enrolment records for as long as is legally required by HMRC and associated national minimum wage, social security and tax legislation. We have built our retention policy around these regulations and with our customers in mind.

If there is a clear business reason for keeping recruitment records for a significant period of time, we will do so but will first consider whether the records can be pseudonymised, and the longer period for which they will be kept.

Further information can be found in our Records management guidance - Retention Schedule upon request.

13. Your rights to correct and access your information and to ask for it to be erased

Please contact us at, or if you would like to correct or request access to information that we hold relating to you or if you have questions about this notice. You also have the right to ask for some but not all of the information we hold and process to be erased (the ‘right to be forgotten’) in certain circumstances. We will provide you with further information about the right to be forgotten, if you ask for it.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information. This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

14. Keeping your personal information secure

We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

15. How to complain

We hope that we can resolve any query or concern you raise about our use of your information, please contact us at, or If we are unable to resolve your concerns, please contact the Information Commissioner at for further information about your rights and how to make a formal complaint.

Appendix A Legal Bases for processing

What we use your personal data for

Our lawful bases for processing personal data


To manage our relationship with you

Our legitimate interests

Keeping our candidate records up to date, working out which of our clients and roles may interest you and telling you about them

To carry out survey feedback activities

Our legitimate interests

Evaluating whether our services meet expectations and how to continually improve

To enter into any contract with you or your company and to set up the facilitation of pay and bill services

Fulfilling contracts / our legitimate interests

Enabling you to onboard with us and work at our client

To administer any contract we have entered into with you or your company and facilitate pay and bill services

Fulfilling contracts / our legitimate interests

Enabling you to work at our client and for us to bill the client

Check whether you are legally entitled to work in the UK

Our legitimate interests

Ensuring we meet our contractual requirements with our clients

Dealing with legal disputes

Our legal obligations

Ensuring legal disputes are resolved swiftly

To develop new relationships with potential customers

Our legitimate interests

Defining services that will be applicable for new customers

To offer recruitment solutions to commercial customers

Our legitimate interests

Managing the ongoing service provision

To develop innovative ways to meet our customers' requirements and to grow our business

Our legitimate interests

Being efficient about how we fulfil our legal and contractual duties

To deliver our services

Our legitimate interests

Being efficient about how we fulfil our legal and contractual duties

To prevent fraud and the facilitation of tax evasion

Our legal obligations

Complying with rules and guidance from regulators

To respond to complaints and effectively resolve them

Our legitimate interests

To continuously improve our services

To fulfil our operational requirements by retaining candidate data

Our legitimate interests

To ensure that we meet operational audit requirements and to comply with HMRC requirements

To ensure network and information security

Our legal obligations

Complying with Data Protection regulations