Menu

Privacy Policy

Introduction

Distinctive People HR & OD Consultancy Ltd is committed to protecting the privacy of your data, being transparent about how we collect and use personal data and meeting our data protection obligations. This policy covers personal data provided to us by individuals and personal data provided to us by companies and other organisations for the purposes of HR, People Management and Recruitment practices linked to the purpose of Distinctive People’s activities.

This policy covers the core information required under the EU General Data Protection Regulation (GDPR) and the UK General Data Protection Regulation (UK GDPR). It sets out how and why your personal data will be used and how long it will usually be retained for. The policy applies to all clients, suppliers, job applicants and candidates, accessing our services.

Distinctive People HR & OD Consultancy Ltd (Company Registration Number 09838681) is the Data Controller, and our Data Protection Officer is Mark Glinwood, who can be contacted at [email protected].

Data protection principles

We are committed to complying with data protection laws and principles as outlined in the Data Protection Act 2018, UK GDPR, and EU GDPR. The information provided will only be shared with third parties where we are legally permitted to do so. No data will be shared for marketing purposes. This means that your personal data will be:

Used lawfully, fairly, and in a transparent way: We will ensure that your data is processed in compliance with legal requirements, in a way that is fair to you, and with transparency about how we use your data.

Collected only for specified, explicit, and legitimate purposes: Your data will only be used for purposes that we have clearly explained to you and will not be processed in any way that is incompatible with those purposes.

Adequate, relevant, and limited to what is necessary: We will only collect and process the personal data that is strictly necessary for the purposes we have communicated.

Accurate and, where necessary, kept up to date: We will take all reasonable steps to ensure the accuracy of the data we hold about you and to correct or erase it without undue delay if it is inaccurate.

Stored securely and retained only for as long as necessary: Your personal data will be protected using appropriate technical and organisational measures and retained only for as long as it is necessary for the purposes we have outlined, or as required by law.

Processed in a manner that ensures appropriate security: This includes protecting your data against unauthorised or unlawful processing, accidental loss, destruction, or damage using appropriate security measures.

What personal data do we collect about you?

We collect and use only the information necessary to carry out HR, People Management and Recruitment practices related to Distinctive People’s activities. This includes:

Information provided to us by clients: In the course of delivering our consultancy services, clients may provide personal employee data in order that services can be delivered. This will be covered by the client’s legal obligation or legitimate interest under the UK GDPR and the EU GDPR.

Information individuals provide to us: This may include name, title, address, telephone number, personal email address, educational background, qualifications, details of skills, experience, and employment history. Additionally, we may collect information about current salary, benefits, notice period, reference details, and identity/entitlement to work in the UK or Ireland. We may also ask about any employment restrictions and/or connections to us or our clients.

Information provided during interviews: This includes any information shared during interviews conducted by us or our clients.

Assessment and test results: This includes the results of any assessments or tests carried out as part of HR, People Management and Recruitment practices linked to the purpose of Distinctive People’s activities.

Interview and assessment reports: This includes feedback and reports on performance during interviews, assessments, or testing activities.

We may also collect, store and use the following “special categories” of more sensitive personal information:

Equal opportunities monitoring information: This may include details about gender, age, racial or ethnic origin, sexual orientation, health, disabilities, and religion or belief.

Information about any criminal convictions: This may involve information necessary for compliance with legal obligations or role-specific requirements.

We will only collect and process special categories of sensitive personal data where:

  • You have provided your explicit consent; or
  • Processing is necessary for reasons permitted under applicable data protection laws, such as meeting legal obligations or ensuring compliance with employment and equality laws.

Why do we collect personal data?

We collect personal data during HR, People Management and Recruitment practices linked to the purpose of Distinctive People’s activities. This includes, but is not limited to:

Delivering HR and People Management Services: To provide tailored HR support, manage employee-related processes, and advise on organisational people strategies.

Recruitment: To manage all aspects of recruitment, including assessing and confirming candidates’ suitability for roles, managing applications, conducting interviews and assessments, and supporting clients in making informed hiring decisions.

Facilitating Workforce Planning and Development: To assist organisations in planning, developing, and managing their workforce effectively.

Compliance with Legal Obligations: To ensure compliance with employment, equality, immigration, and other relevant laws and regulations.

Maintaining Accurate Records: To document activities related to HR, People Management and Recruitment practices for accountability, auditing, and compliance purposes.

Equal Opportunities: To monitor diversity and inclusion initiatives, comply with equality legislation, and evaluate the effectiveness of equal opportunities policies.

Responding to Legal or Contractual Requirements: To address and respond to legal claims, disputes, or other contractual obligations related to HR, People Management and Recruitment services.

We process personal data to fulfil our legitimate interests, comply with legal obligations, and deliver effective HR, People Management and Recruitment services.

How is your personal data collected?

Directly from our clients: In the course of delivering our consultancy services, clients may provide personal employee data in order that services can be delivered. This will be covered by the client’s legal obligation or legitimate interest under the UK GDPR and the EU GDPR.

Directly from you: Information you provide, for example an application form, CV, covering letter, or other communications.

During assessments or interactions: Information collected through conversations, interviews, or other forms of assessment, including online tests.

From identity documents: Information obtained from your passport or other identity documentation.

References: Details provided by former employers or other referees.

From third parties or agencies: Information supplied by agencies or other third parties acting on your behalf.

Background checks: Data obtained from employment background check providers.

Criminal records checks: Information from appropriate checks where legally permitted and necessary.

Publicly available sources: Information from publicly accessible platforms, such as social media or professional networking sites.

Word of mouth: Information shared by individuals who may provide recommendations or referrals.

Your personal data will be securely stored in a variety of locations, including:

  • IT systems, including email.
  • Application records.
  • HR management systems.

How do we use your personal data?

HR and People Management Services

  • Communicate with clients and individuals about HR and People Management Practices aligned with the purpose of Distinctive People’s activities.
  • Provide tailored HR advice, training, and support to clients.
  • Facilitate workforce planning, development, and training programs to enhance employee skills and organisational effectiveness.

Recruitment

  • Notify individuals about suitable roles and opportunities.
  • Assess individuals skills, qualifications, and suitability for specific roles or work.
  • Carry out background and reference checks, where applicable.

Compliance and Record-Keeping

  • Maintain records related to HR, People Management and Recruitment activities.
  • Collate and analyse relevant monitoring information, such as diversity and inclusion data, to promote equal opportunities.
  • Comply with legal, regulatory, and contractual obligations.

Marketing

  • Promote or market our services, including sharing information about potential future opportunities, training programs, or organisational initiatives.

Personal data is processed to fulfil our legitimate interests, comply with legal requirements, and deliver effective HR, People Management and Recruitment services in alignment with Distinctive People’s objectives.

Automated decision making

We do not use automated decision making in any part of our HR, People Management and Recruitment practices linked to the purpose of Distinctive People’s activities.

How long do we keep personal data for?

We will only retain personal data for as long as is necessary for us to use information as described above, or to comply with our legal obligations.

In most circumstances we retain data provided by clients for up to 3 years.

In terms of recruitment activity, we will retain individuals personal data for a period of 6 months from the closing date of the specific job application. We retain job applicants personal data for that period so that we can demonstrate, in the event of a legal claim, that we have not discriminated against candidates on prohibited grounds and that we have conducted HR, People Management and Recruitment practices linked to the purpose of Distinctive People’s activities in a fair and transparent way.

After this period, we will securely destroy personal data in accordance with our data retention procedure and applicable laws and regulations.

Who do we share personal data with?

We may provide personal data to the following third parties:

Service Providers: Third-party organisations that assist us in providing services to clients or are otherwise involved in delivering these services.

IT Service Providers: Third parties that provide IT services, data processing, or functionality, including email, and cloud storage solutions.

Auditors and Advisers: Professional advisers and auditors, as required by law or in the management and operation of our business.

Legal Authorities: Where required to comply with legal obligations, such as law enforcement requests or other statutory requirements.

We will only share personal data with third parties, including clients or suppliers, for purposes directly related to conducting HR, People Management and Recruitment activities in line with Distinctive People’s objectives.

All third-party clients, suppliers, or service providers are required to:

  • Take appropriate security measures to protect personal data in compliance with our policies and applicable data protection laws.
  • Process personal data only for the specific purposes and in accordance with our instructions.

International data transfers

Some external third parties may be located outside the European Economic Area (EEA) or the United Kingdom, which means their processing of personal data may involve a transfer of data to countries with potentially lower levels of data protection.

Where such transfers occur, we will ensure that:

  • Appropriate safeguards, such as Standard Contractual Clauses (SCCs) or other mechanisms recognised under the UK GDPR and EU GDPR, are in place to protect personal data.
  • Any transfer is conducted in compliance with applicable data protection laws and follows best practices to maintain the security and confidentiality of personal data.

We do not share personal data with third parties unless:

  • Required by law.
  • Necessary to perform our contractual obligations.
  • You have provided explicit consent.

By implementing these measures, we ensure that personal data is handled securely, transparently, and in full compliance with data protection regulations.

What if you do not provide personal data?

You are under no statutory or contractual obligation to provide personal data as part of our services, however, if you choose not to provide certain information, we may not be able to fully carry out the relevant HR, People Management and Recruitment practices or other related activities linked to the purpose of Distinctive People’s services.

For equal opportunities monitoring purposes, you are under no obligation to provide such information. There will be no negative consequences for any of our services or processes if you decide not to provide details for monitoring purposes.

How do we safeguard personal data?

We take the security of personal data very seriously and have implemented appropriate technical and organisational measures to protect it from unauthorised access, loss, or misuse, in line with the Data Protection Act 2018, the EU GDPR, and the UK GDPR.

Access to personal data is restricted to employees, third-party clients, or suppliers who have a legitimate business need to know. These parties will only process personal data in accordance with our instructions and are bound by confidentiality obligations.

In the event of a suspected data security breach, we have established procedures to identify, manage, and mitigate risks. Where required by the UK GDPR, the EU GDPR, or the Data Protection Act 2018, we will notify you and any relevant regulatory authorities, such as the Information Commissioner’s Office (ICO), without undue delay and within the timeframe set by law.

What rights do you have in relation to the data we hold on you?

Under both the UK GDPR and EU GDPR, you have several rights concerning your personal data:

The right to be informed: You have the right to be provided with clear, transparent, and easily understandable information about how we collect and use your personal data, and your rights. This is why we are providing you with the information in this Privacy Policy.

The right of access: You have the right to access and obtain a copy of your personal data and certain other information (similar to that provided in this Privacy Policy). This allows you to verify that we are processing your data in accordance with data protection laws.

The right to rectification: You have the right to ask us to correct or delete personal information you think is inaccurate or incomplete

The right to erasure: Also known as “the right to be forgotten,” you can request the deletion or removal of your personal data where there is no compelling reason for us to continue processing it. This right is not absolute, and there are exceptions (e.g., when data is needed for compliance with a legal obligation or the establishment, exercise, or defence of legal claims).

The right to restrict processing: You have the right to request the restriction or suppression of processing of your personal data. When processing is restricted, we can store your data but cannot use it further. We keep lists of individuals who have requested restrictions to ensure the request is respected in the future.

The right to data portability: You have the right to obtain your personal data in a structured, commonly used, and machine-readable format and have the right to transmit that data to another data controller, where technically feasible.

The right to object to processing: You have the right to object to certain types of processing, including processing for direct marketing purposes. In cases of legitimate interests or public tasks, we must stop processing unless we can demonstrate compelling legitimate grounds for the processing that override your rights and freedoms.

The right to lodge a complaint: You have the right to lodge a complaint about how we handle or process your personal data with the Information Commissioner’s Office (ICO) in the UK or your National Data Protection Regulator

The right to withdraw consent: If you have given your consent to the processing of your personal data, you have the right to withdraw that consent at any time. Withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal. This includes withdrawing consent for marketing purposes or other activities based on consent.

If you would like to exercise any of your rights, please contact Mark Glinwood at [email protected].

Further Policies:

Distinctive People Data Protection Policy

Data Protection Policy