PHIPPS CAMERON RECRUITMENT LIMITED PRIVACY STATEMENT

Who We Are and What We Do

Phipps Cameron Recruitment Limited takes your privacy seriously. This Privacy Statement explains who we are, the personal data we collect, how we use it, and your rights under applicable data protection laws, including the UK GDPR, EU GDPR, the Data Protection Act 2018,and certain U.S. state privacy laws.

This Statement reflects our current obligations under UK, EU and international law. Some provisions of the Data (Use and Access) Act 2025 are not yet in force, and we will update this Privacy Statement as those provisions commence and regulatory guidance is published.

1. Who We Are and How to Contact Us

Controller: Phipps Cameron Recruitment Limited
Address: Level 2, Lucent, 1 Sherwood Street, London W1F 7BL
Telephone: +44 (0) 203 757 1100
Email: dataprotection@phippscameron.com
ICO Registration Number: ZA046987
EU Representative (for EEA data subjects): Corinna Taylor – dataprotection@phippscameron.com

Our supervisory authority is currently the Information Commissioner’s Office (ICO), which is transitioning to the Information Commission under the Data (Use and Access) Act 2025.

2. The Data We Collect

We collect and process different categories of data depending on the relationship:

Candidates & Prospective Candidates:

• Name, contact details, employment history, education, skills, salary expectations, right-to-work details, CV/profile information.

• Health information (to support workplace adjustments), diversity data (for equal opportunity monitoring), and unspent criminal convictions (where role-relevant).

• Sources: Directly from you (CVs, emails, calls), public sources (e.g., LinkedIn), referees, former employers, education providers, background check agencies.

Clients & Prospective Clients:

• Name, job title, contact details, company information, communication history, and feedback.

• Sources: Directly from you or publicly available sources (e.g., LinkedIn).

Suppliers:

• Name, contact details, business information.

Website Users:

• Information submitted via forms (e.g., name, email, CV).

• Cookies and analytics data. See our Cookie Notice: https://careers.phippscameron.com/cookie-details.

3. How We Use Your Data

We process personal data for the following purposes:

• Provide recruitment services to candidates and clients.

• Match candidates to suitable roles.

• Verify qualifications and right to work.

• Manage communications, contracts, and payroll (where applicable).

• Comply with legal and regulatory requirements (UK, EU, US).

• Contact prospective candidates and clients.

• Monitor equality and diversity.

• Conduct marketing in line with consent or legitimate interests.

• Improve our website and services.

• Research/statistical purposes (e.g., salary benchmarking, diversity reporting), usually with anonymised data.

Automated Decision-Making and Profiling:

Human involvement is always part of the decision-making process. Future updates under the Data (Use and Access) Act 2025 may expand your rights in this area, and we will update this section accordingly.

4. Legal Bases for Processing

We rely on:

• Legitimate Interests – recruitment activities, business development, relationship management.

• Performance of a Contract – providing recruitment services.

• Legal Obligation – verifying right to work, compliance with employment and privacy laws.

• Consent – for marketing communications and in certain circumstances (e.g., processing special category data).

Special Category Data

• Processed only where lawful, based on consent or employment obligations, with appropriate safeguards.

We have conducted Legitimate Interest Assessments to ensure these interests are not overridden by your fundamental rights.

5. Sharing your Data

We may share personal date with:

• Clients with relevant job opportunities (including US based clients).

• Background screening and reference providers.

• IT, CRM, and payroll service providers.

• Legal and regulatory bodies (where required).

We do not sell your personal data.

6. International Data Transfers

Data may be transferred outside the UK, including to the US. We ensure appropriate safeguards, such as:

• UK International Data Transfer Agreement (IDTA)

• UK Addendum to Standard Contractual Clauses (SCCs)

• Assessment of transfer risks and supplementary measures

All core systems and databases are hosted in the UK.

7. Data Retention

We will keep your personal data for as long as we need to in order to fulfil the purpose we collected it for, which may be an ongoing purpose. We keep some personal data for longer than others. Where we process your personal data for direct marketing purposes, we will keep it until opt-out or consent withdrawal.

8. Your Rights

You have the right to:

• Access, correct, or erase your personal data

• Restrict or object to processing

• Withdraw consent at any time

• Data portability

• Lodge a complaint with the ICO

Your rights may be further expanded under the Data (Use and Access) Act 2025 (DUAA) once relevant provisions come into effect.

To exercise your rights, email: dataprotection@phippscameron.com. We may request information to verify your identity. We aim to respond within one month, or two months if complex.

9. Complaints

If you are unhappy with how we process your data, please contact us at dataprotection@phippscameron.com

You also have the right to complain to the Information Commissioner’s Office (ICO) or, in the EEA, your local data protection authority.

10. Security

We implement reasonable technical and organisational measures:

• Controlled access to systems and databases

• Secure hosting in the UK

• Encryption where appropriate

• Staff confidentiality training

10. Updates to This Privacy Statement

We review this Privacy Notice periodically and update it for legal, operational, or regulatory changes, including DUAA provisions once guidance is published. Please check regularly to remain informed.