cyber security Recruitment agency
Linkchase
cyber security Recruitment agency
Book a Consultation

PRIVACY POLICY 

Introduction


This Privacy Notice outlines how we handle personal data in our business operations.

We are LINK CHASE Limited, located at 124 City Road, London, England, EC1V 2NX, and registered in England & Wales with company number 16035802.


As a business that relies on a database of pre-qualified candidates to meet our clients' needs, data is vital to our operations. Our systems and processes are designed to provide excellent service to our clients while adhering to legal standards and safeguarding individuals' data privacy rights.


We may update this Privacy Notice periodically. When necessary, we will contact you to inform you of any significant changes. You are encouraged to visit our website regularly to view the latest version of this Privacy Notice. This will help you understand (i) how we use your personal data and (ii) your legal rights regarding our data practices.


Who Should Read This Privacy Notice?

This Privacy Notice applies to any living, identifiable individual whose personal data we may process during our business activities. You should read this Privacy Notice if you are a:

-Candidate
-Client Contact
-Referee
-Supplier Representative
If you are an employee, a job applicant, or an in-house temporary worker, please refer to our internal Privacy Notice, available at www.Linkchase.co.uk


Definitions


This Privacy Notice includes the following defined terms:

Candidate: An individual registered with Linkchase Limited who is either seeking or may seek new employment or engagement. This includes those not actively job-seeking but who wish to remain in contact with Linkchase regarding potential opportunities of interest.

Client: A business that has engaged Linkchase to provide services or that Linkchase has identified as a potential client.

Client Contact: An individual employed or engaged by a Client, with whom Linkchase may communicate regarding services Linkchase is or intends to provide. In some cases, the Client Contact may also be the Client, such as in sole proprietorships.

Data Protection Legislation: Refers to (i) the General Data Protection Regulation ((EU) 2016/679), including any implementing laws, regulations, or amendments in the UK, unless and until it no longer applies, and (ii) any successor legislation to the GDPR or the UK Data Protection Act 1998.

Referee: A person who has provided a written or verbal assessment of a Candidate’s work history, skills, competency, and/or experience to Linkchase.

Supplier: A business that provides services to Linkchase, potentially processing personal data related to any Candidate, Client Contact, or Supplier Representative in the course of providing such services.

Supplier Representative: An individual employed or engaged by a Supplier, with whom Linkchase may interact regarding the services provided by that Supplier.

Third-Party Services Provider: Any relevant third-party business providing services to Linkchase, such as:
Professional advisers, including accountants, tax advisors, and lawyers;
Insurers;
IT and software service providers;
Independent consultants and subcontractors.**How We Obtain Personal Data**

We gather personal data from various sources, depending on whether you are a Candidate, Client Contact, or Supplier Representative.

**If you are a Candidate**, we may collect personal data about you:


- **Directly** if you have:
- Applied for a client vacancy through us,
- Uploaded your CV through our website,
- Requested our assistance in finding work,
- Engaged with us at networking events or activities,
- Discussed potential employment opportunities with us.

- **Indirectly** from:
- Online professional networking sites like LinkedIn,
- Social networking platforms such as Facebook or Twitter,
- Job boards such as Total Jobs, CV Library, Jobsite, Career Structure, and Gulf Talent,
- Referees who share information about your work experience, skills, and suitability,
- Your employer’s website or other industry-related sites,
- Business directories and online industry databases, such as the Construction Industry Training Board,
- Where relevant, third-party background check services like the Disclosure & Barring Service.


**If you are a Client Contact or Supplier Representative**, we may obtain personal data about you:

- **Directly** through (i) our provision of services to you or (ii) your provision of services to us, as appropriate; or
- **Indirectly** from:
- Online professional networking sites such as LinkedIn,
- Your employer’s website and other industry-related websites,
- Business directories,
- Other individuals within your organization during (i) our provision of services to you or (ii) your provision of services to us, as applicable.


**If you are a Referee**, we may collect personal data about you:

- **Directly** from you in any communications between us; or
- **Indirectly** from the Candidate who has designated you as their Referee.**Types of Information We Hold**


**If you are a Candidate**, we may collect, store, and process the following types of personal information about you:

- Personal contact details, including name, title, addresses, telephone numbers, and email addresses;
- Your gender, date of birth, nationality, and place of residence;
- Your professional skills and work experience;
- Qualifications, training, and certifications;
- Proof of your eligibility to work in the United Kingdom, such as copies of your passport and, where relevant, visa, residence permit, or other government documents;
- Proof of identity and address, such as copies of your driving license, utility bills, or similar documents;
- Details of your current or most recent position, including job title, department, reporting line, responsibilities, salary, benefits, and notice period;
- Your motivations and reasons for seeking new employment;
- Any information contained in your CV or required application documents as specified by a Client;
- Background information you share with us in the course of our interactions;
- Records of Clients to whom you have been introduced by us;
- Records of any interviews attended and feedback from our Clients regarding those interviews;
- Details of any position accepted with a Client, including your role, duties, remuneration, department, and work location;

For freelance or contract services:
- Details of any limited company through which you contract and the nature of your relationship with that company;
- Information about the days and times worked;
- Your bank details, tax code, and National Insurance number;
- Records of services provided, including comments, feedback, and any issues related to those services.


In some cases, we may ask for your consent to collect, store, and use the following “special categories” of sensitive personal information:

- Information regarding your race or ethnicity;
- Health-related information, including medical conditions, health and sickness records; and
- Information on any criminal convictions and offences.


**If you are a Client Contact**, we will collect, store, and use the following categories of personal information about you:

- Personal contact details, including name, title, addresses, telephone numbers, and email addresses;
- Your job title and position within the Client organization; and
- Any background information relating to your personal circumstances, work history, and your role within the Client organization, as provided during the course of our interactions.

We do not collect, store, or use “special categories” of sensitive personal information if you are a Client Contact.


**If you are a Referee**, we will collect, store, and use the following categories of personal information about you:

- Personal contact details, including name, title, addresses, telephone numbers, and email addresses;
- Your job title and position within your employer’s organization; and
- Any background information you may provide during our interactions.

We do not collect, store, or use “special categories” of sensitive personal information if you are a Referee.


**If you are a Supplier Representative**, we will collect, store, and use the following categories of personal information about you:

- Personal contact details, including name, title, addresses, telephone numbers, and email addresses;
- Your job title and position within the Supplier organization; and
- Any background information relating to the role you perform within the Supplier organization, as provided during the course of our interactions.

We do not collect, store, or use “special categories” of sensitive personal information if you are a Supplier Representative.
**How We Use Personal Data**


**If you are a Candidate,** we may use your personal data to:

- Assess and verify your suitability for potential employment with a Client;
- Contact you regarding employment opportunities with a Client;
- Introduce you to Clients and potentially arrange placements for Client vacancies;
- Maintain regular contact to understand your current position, career goals, and motivations for seeking new employment;
- Where applicable, facilitate payments to you or coordinate with any third-party company through which you may contract;
- Reach out to you for potential referrals;
- Generate anonymized statistical data;
- Comply with legal obligations, defend or initiate legal proceedings, and prevent fraud or other criminal activities; and
- Conduct equal opportunities monitoring.


**If you are a Client Contact,** we may use your personal data to:

- Contact you for information about Client requirements;
- Communicate effectively to provide services to the Client;
- Obtain a reference for a Candidate;
- Contact you for invoicing and credit control purposes;
- Comply with legal obligations, defend or initiate legal proceedings, and prevent fraud or other criminal activities.


**If you are a Referee,** we may use your personal data to:

- Contact you for a reference on a Candidate;
- Share a copy of the reference with our Client;
- Comply with legal obligations, defend or initiate legal proceedings, and prevent fraud or other criminal activities.


**If you are a Supplier Representative,** we may use your personal data to:

- Coordinate with you regarding the services provided by the Supplier;
- Contact you about billing matters;
- Comply with legal obligations, defend or initiate legal proceedings, and prevent fraud or other criminal activities.

**Our Lawful Basis for Processing Data**

We have established a legitimate interest in processing your personal data under the following circumstances:


- **If you are a Candidate,** we process your data to maintain a pool of individuals who are (i) actively seeking employment or (ii) potentially suitable for employment with a Client. Processing your data and reaching out periodically allows us to understand your current role (where relevant), skills, experience, and career aspirations. This benefits:
- **You,** by enabling us to inform you of employment opportunities you may not have been aware of and to offer general career support;
- **Our Clients,** who depend on us to provide access to qualified candidates who meet their needs; and
- **Link Chase Limited,** as a business that depends on introducing candidates to Clients.

Additionally, if you are a Candidate, we may process sensitive (special) personal data about you, including:
- Medical conditions or disabilities relevant to the work you are proposing to undertake;
- Information about unspent criminal convictions or, where relevant to the role, spent convictions, police warnings, etc.;
- Membership in a trade union (only when relevant to employment claims or working conditions on a Client site).

As an employment agency/employment business, processing this sensitive data is necessary to fulfill our obligations in accordance with Article 9 (2)(b) of the GDPR. We only use sensitive data for this purpose and delete it in accordance with our data retention policy. We may also process equal opportunities information about you, but it will be anonymized and no longer considered personal data.


- **If you are a Client Contact,** we process your data to maintain effective communication with individuals employed or engaged by our Clients. This enables us to provide services effectively, understand client needs, and support our business operations.


- **If you are a Referee,** processing your personal data is necessary to obtain references in line with our contractual obligations to third parties. In some cases, we are legally required to gather these references, making it reasonable and essential to process your personal data strictly for compliance.


- **If you are a Supplier Representative,** we process your data to maintain effective communication with individuals employed or engaged by our Suppliers. This enables us to ensure high-quality service from our Suppliers, which directly benefits both our Candidates and Clients

.
**Where We Process Personal Data**

Your personal data is stored and processed by Link Chase Limited within the United Kingdom.

In addition to our database, we may also use Microsoft OneDrive to securely store personal data. We have verified that this data remains within a UK-based data centre.

We have established appropriate safeguards to ensure that any data transferred is only to jurisdictions with enforceable data subject rights and effective legal recourse in case of data privacy breaches. As such, we will only transfer your data outside of the EEA under the following conditions:


- **Binding Corporate Rules:** Transfers within Link Chase Limited’s corporate group adhere to Binding Corporate Rules, complying with Article 47 of the GDPR, and approved by the European Commission.
- **Adequacy Decisions:** Transfer to jurisdictions recognized by the European Commission for adequate data protection. Current approved jurisdictions include Andorra, Argentina, Canada (for commercial entities), Faroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Switzerland, Uruguay, and certain organizations within the United States under the Privacy Shield framework.
- **Standard Contractual Clauses:** Transfers are governed by data-sharing agreements based on European Commission’s model contractual clauses.
- **Informed Consent:** Where you have explicitly consented to data transfer, understanding that the receiving jurisdiction may not offer EEA-equivalent protection.

**Parties with Whom We May Share Data**


**If you are a Candidate,** we may share your data with:

- Clients, when you have expressed interest in an introduction or assignment with them;
- Third-parties assisting Clients in the recruitment process, such as managed service providers or recruitment outsourcing firms;
- Any contracting third-party company;
- Any third-party company at your request, such as an insurance or umbrella company;
- Background verification services (e.g., Disclosure & Barring Service);
- Industry organizations (e.g., the Construction Industry Training Board) relevant to your sector;
- Third-party service providers who may use subcontractors and sub-processors;
- Our banks and recruitment finance providers;
- Government departments or agencies as legally permitted or required.

In some cases, we may share anonymized data with Clients for statistical reporting purposes.


**If you are a Client Contact,** we may share limited data with Candidates when necessary for the recruitment process (e.g., direct Candidate contact) and with Third-Party Service Providers for legitimate business purposes.


**If you are a Referee,** we may share reference details, including your name, job title, and employer with our Clients. With your consent, we may also provide your contact details if our Client wishes to verify or obtain additional reference information. Your personal data may also be shared with Third-Party Service Providers for legitimate business purposes.


**If you are a Supplier Representative,** we may share your personal data with other Third-Party Service Providers for legitimate business purposes.


**Our Website**

If you engage with our website, any information processed regarding your site usage is anonymized unless you submit information as a Candidate or Client Contact, in which case it will be handled in accordance with Data Protection Legislation.

**Automated Decision-Making**

We do not employ fully automated decision-making in our business processes. All significant decisions involve human review and oversight, ensuring that no decisions are made about you through automated systems alone, regardless of whether you are a Candidate, Client Contact, Referee, or Supplier Representative.
**Data Security**

We have implemented robust security measures to protect your personal information from accidental loss, unauthorized access, use, alteration, or disclosure. Access to your personal information is limited strictly to employees, agents, contractors, and other third parties who have a business need to know. These individuals will only process your personal information according to our instructions and are bound by confidentiality obligations. For additional details about our security protocols, please contact the Operations Director.

Procedures are also in place to address any suspected data security breaches. If a breach is identified, we will notify you and any relevant regulatory authorities as legally required.

**Data Retention**

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, including compliance with legal, accounting, and reporting obligations. To determine the appropriate retention period, we assess the volume, nature, and sensitivity of the data, the risk of harm from unauthorized use or disclosure, the purpose of processing, and applicable legal requirements.

Typically, personal data is retained for three years from the last point of contact. After this period, we usually delete your personal data from our records. However, if information is required (i) for audit or compliance, (ii) to meet contractual obligations, or (iii) for actual or potential legal proceedings, it is retained as strictly necessary—often up to seven years for records related to audits or compliance, such as those required by HMRC.


In some cases, personal information may be fully anonymized and used in such a way that it no longer identifies you.

**Rights of Access, Correction, Erasure, and Restriction**

**Your Duty to Inform Us of Changes:** It is crucial that the personal information we hold about you remains accurate and up-to-date. Please notify us if your personal information changes during your association with us.

**Your Rights Concerning Personal Information:** Under certain circumstances, you have the right to:

- **Request Access** (Subject Access Request): Obtain a copy of the personal information we hold about you and confirm its lawful processing. Generally, access is provided without charge, although a reasonable fee may apply if the request is clearly unfounded, repetitive, or excessive, or we may refuse to comply in such instances.

- **Request Correction** of inaccurate or incomplete personal information we hold about you.

- **Request Erasure** of your personal information, for instance, if the data is no longer necessary for the purposes it was initially collected, or if you object to processing and there is no overriding legitimate basis for continuing.

- **Object to Processing** based on a legitimate interest where it impacts your personal situation.

- **Request Restriction of Processing** to block or suppress your personal data under specific circumstances, such as when verifying data accuracy or contesting its processing.

- **Request Data Transfer** to another party, applicable only when processing is consent-based and automated. This right does not apply to any processing performed by Link Chase Limited.

If you wish to exercise any of these rights, please contact the Operations Director in writing. We will review your request and confirm any actions taken in response.

To verify your identity and secure your personal data, we may request specific information before granting access or processing any requests regarding your rights.


**Withdrawing Consent**
Where you have provided consent for specific data collection, processing, or transfer, you may withdraw this consent at any time by contacting the Operations Director. Upon notification of your withdrawal, we will cease processing the information unless legally permitted or required otherwise. We will confirm any actions taken in response to such requests.

If you are dissatisfied with our handling of your personal data or our response to your rights, you have the right to lodge a complaint with the UK’s Information Commissioner’s Office:


**Information Commissioner’s Office**


Wycliffe House Water Lane Wilmslow, Cheshire SK9 5AF


**Email:** info@linkchase.co.uk

**Contacting Us**

For questions regarding this Privacy Notice, please contact our Managing Director at Link Chase Limited, 124 City Road, London, England, EC1V 2XN. Alternatively, you may reach out via email at Sabri.b@linkchase.co.uk


Connect with us!


cyber security Recruitment agency

Copyright © All Rights Reserved