Privacy Policy

Privacy Policy

At Futureheads Recruitment your right to privacy and our treatment of your personal data is important. We are a data controller, registered with ICO under registration number Z2016071.

This notice together with our terms of use Terms of Use and Equality Diversity and Inclusion Statement sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.

The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a new regulation which replaces the Data Protection Regulation (Directive 95/46/EC). The Regulation aims to harmonise data protection legislation across EU member states, enhancing privacy rights for individuals and providing a strict framework within which commercial organisations can legally operate.

The Brexit transition period ended on 31 December 2020 and the UK has now officially left the EU. The UK GDPR has been directly incorporated into UK law sitting alongside the Data Protection Act 2018.

Your rights under the GDPR are set out in this notice, please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

Who we are and what we do

We are a recruitment agency and recruitment business as defined in the Employment Agencies and Employment Businesses Regulations 2003. We may collect and process information about you for the purposes of our core business of providing recruitment services.

Personal information you give to us, or we may collect from you.

We collect personal data from the following people to allow us to undertake our business:

  • Prospective and placed candidates for permanent or temporary roles;
  • Prospective and live client contacts;
  • Supplier contacts to support our services;
  • Employees, consultants, temporary workers.

We collect personal information about you in various ways, such as the information you give us over the phone, email and/or social media; through the candidate portal; through job applications and in-person recruitment; at events; through our website and social media channels; and in connection with our interactions with clients and vendors.

If you are an actual or potential employee or job candidate and you apply for a position, we may collect the following types of personal information (as permitted under local law):

  • Contact information (such as name, postal address, email address and telephone number);
  • Proof of Right to Work in the UK;
  • Employment and education history;
  • Information provided by references;
  • Information contained in your resume or CV, information you provide regarding your career interests, and other information about your qualifications for employment; language proficiencies and other work-related skills;
  • Date of birth;
  • Gender;
  • Information about other individuals, such as emergency contacts;
  • Bank account information;
  • National Insurance number, national identifier or other government-issued identification number;
  • Tax-related information (P45);
  • Compliance documentation;
  • Geolocation data in connection with certain features of our Sites (Please refer to our IP addresses and Cookies section for more information).

Following client specific requests and only after obtaining your explicit consent, we may also collect the following sensitive data:

  • Relevant disabilities and health-related information;
  • Results of drug tests and criminal and other background checks.

As part of our commitment to Equality, Diversity and Inclusion (EDI), we also invite actual or potential employees and job candidates to submit further personal data on a voluntary basis. This data can be submitted via a number of methods including our secure Candidate portal, Job Applications via our website or direct sources. This information is collected for the purpose of providing anonymised insights into the make-up of our own business and the wider digital media workforce in order to help us and our clients pursue positive EDI aims. It will also enable us to measure ongoing improvements in the diversity of our advertising sources and subsequent candidate representation.

The information collected via the candidate portal and other sources, should you choose to submit it, will be about your ethnic background, gender, disability, age, sexual orientation, religion and neurodiversity. Some of this Equality, Diversity and Inclusion information is what is called ‘sensitive’ or ‘special category’ personal data and certain data protection rules apply to it and us collecting the information.

When collecting sensitive’ or ‘special category’ personal information we will always obtain your explicit consent to hold this information, and we will handle the data in accordance with the ICO’s guidance on processing ‘sensitive’ or ‘special category’ personal data.

We will always ensure that the processing of your data is generally lawful, fair and transparent and complies with all the other principles and requirements of the UK GDPR. To ensure that your processing is lawful, we have identified an Article 6 basis for processing as stated below. In addition, we can only process your ‘sensitive’ or ‘special category’ personal data if you give us your explicit consent as set out in Article 9 of the UK GDPR.

If you are a client contact, we may collect the following data from you:

  • Contact information (such as name, postal address, email address and telephone number);
  • Relevant information about your job function and your preferred recruitment process in relation to the service you requested;
  • Correspondence between us and your organisation, including Contracts, Agreements or Terms of Business entered into.

In addition, we may obtain information about you from other sources, such as LinkedIn, job boards and online CV libraries. In this case, we will inform you by sending you this privacy notice within 30 days of collecting your data, the source where this data originated from, whether it came from publicly accessible sources, and what purpose we intend to use and process your data for.

If you are a supplier or vendor, we may collect the following data from you:

  • Contact information (such as name, postal address, email address and telephone number);
  • Correspondence between us and your organisation, including Contracts and Agreements entered into.

Purposes and the legal basis for the processing of your Personal Data

The core service we offer to our candidates and clients is the introduction of candidates to our clients for the purpose of temporary or permanent engagement. However, our service expands to supporting individuals throughout their career and to supporting businesses’ ongoing resourcing needs and strategies. We work in long-term partnership with our candidates, clients and other suppliers and partners.

The purposes for processing your personal data are:

  • To carry out our obligations arising from any contracts we intend to enter into or have entered into between you and us and to provide you with the information, products and services that you request from us or we think will be of interest to you because it is relevant to your career or to your organisation.
  • To provide you with information about other services we offer that are similar to those that you have already purchased, been provided with or enquired about.

The legal basis for us processing your data are:

  • Our primary legal basis for the processing of personal data is our legitimate business interests, described in more detail below, although we will also rely on contract, legal obligation and consent for specific uses of data.
  • We will rely on Contract to carry out our obligations arising from any contracts we intend to enter into or have entered into between you and us and to provide you with the information, products and services that you request from us or we think will be of interest to you because it is relevant to your career or to your organisation.
  • We will rely on Legal Obligation if we are legally required to hold information on you to fulfil our legal obligations (such as HMRC Intermediary reporting).
  • We will in some circumstances rely on Consent for particular uses of your data and you will be asked for your express consent, if legally required. Examples of when consent may be the lawful basis for processing include permission to collect sensitive personal data (if you are a candidate) in accordance with a client’s Terms of Business or when an individual chooses to share EDI data with us as outlined above.

Should we want or need to rely on consent to lawfully process your data we will request your consent orally, by email or by an online process for the specific activity we require consent for and record your response on our system. Where consent is the lawful basis for our processing you have the right to withdraw your consent to this particular processing at any time.

We do not undertake automated decision-making or profiling. We do use our computer systems to search and identify personal data in accordance with parameters set by a person. A person will always be involved in the decision-making process.

Our Legitimate Business Interests

Article 6(1)(f)

Our legitimate interests in collecting and retaining your personal data is described below:

As a recruitment business and recruitment agency we introduce candidates to clients for permanent employment, temporary worker placements or independent professional contracts. The exchange of personal data of our candidates and our client contacts is a fundamental, essential part of this process.

In order to support our candidates’ career aspirations and our clients’ resourcing needs we require a database of candidate and client personal data containing historical information as well as current resourcing requirements.

To maintain, expand and develop our business we need to record the personal data of prospective candidates and client contacts. This helps us to offer a wider range of opportunities and qualified workers to our candidates and clients and to fulfil our service to you.

We publish newsletters, job alerts and other marketing communications in order to give you insight into the activities of our business, including relevant events we are hosting or participating in, and relevant wider market conditions, trends or opportunities. Such communications will be about services which are similar to the services you have asked us to provide or agreed to us providing; you can request to unsubscribe via links provided in our communication to you, as per section “Know Your Rights” below.

Article 9(a)

We will always obtain your Explicit Consent to process your sensitive’ or ‘special category’ personal data.

We use information held about you in the following ways:

If you are a candidate and you apply for a position, whether for one of our clients or internally, as permitted under local law, we use the information described in this Privacy Notice to:

  • Provide you with job opportunities and work;
  • Assess your suitability as a job candidate and your qualifications for positions;
  • Facilitate introductions and conversations which may lead to future opportunities;
  • Provide HR and financial services to you, including administration of payroll and benefits.

If you are a client contact, as permitted under local law, we use the information described in this Privacy Notice to:

  • Facilitate introductions and conversations which may lead to future opportunities or engagements;
  • Where relevant, provide HR and financial services to you, including administration of payroll and benefits.

In addition, for both candidates and client contacts, we may use the information to perform the following activities (as permitted under local law):

  • Managing our client and vendor relationships;
  • Sending promotional materials, alerts regarding available positions and other communications;
  • Communicating about, and administering participation in, special events, promotions, programs, offers, surveys, contests and market research;
  • Responding to individuals’ enquiries;
  • Operating, evaluating and improving our business (including developing, enhancing, analysing and improving our services; managing our communications; and performing accounting, auditing and other internal functions);
  • Perform data analytics, such as (i) analysing our job candidate base; (ii) identifying skill shortages; (iii) using information to match individuals and potential opportunities, and (iv) identifying market trends and producing insights such as salary surveys. Outputs of such activity will only include anonymised data;
  • Protecting against, identifying and seeking to prevent fraud and other unlawful activity, claims and other liabilities;
  • Complying with and enforcing applicable legal requirements, relevant industry standards, contractual obligations and our policies.

If you are a supplier or vendor, we will only use your data to fulfil our mutual contractual obligation.

If we ever use your information in other ways, we will always provide you with a specific notice at or prior to the time of collection.


Should we want or need to rely on consent to lawfully process your data we will request your consent orally, by email or by an online process for the specific activity we require consent for and record your response on our system. Where consent is the lawful basis for our processing you have the right to withdraw your consent to this particular processing at any time.

Where processing your data that is considered sensitive’ or ‘special category’ personal data we will always obtain your explicit consent in line with the ICO’s guidance on processing ‘sensitive’ or ‘special category’ personal data.

IP addresses and cookies

Here at Futureheads, we are committed to providing you with the best online experience while visiting our website. As part of this process, we utilise standard third party cookies to collect information about how you browse the site.

Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site. For detailed information on the cookies we use and the purposes for which we use them see our Cookie Policy

A “cookie” is a piece of information that is stored on your computer’s hard drive and which records your navigation of a website so that, when you revisit that website, it can present tailored options based on the information stored about your last visit. Cookies can also be used to analyse traffic and for advertising and marketing purposes. Cookies are used by nearly all websites and do not harm your system.

We track all this information as an aggregate and therefore do not collect any personal information about you as an individual, unless you apply for a job, upload your CV, fill in an online form, or sign up for email alerts or our newsletter through the Futureheads website.

You may see a pop-up welcome message when you first visit our website. We’ll store a cookie so that your computer knows you’ve seen it and knows not to show it again.

We also use third-party analytics services on our Sites, such as Google Analytics. The analytics providers that administer these services use technologies such as cookies, web server logs and web beacons to help us analyse your use of our website. The information collected through these means (including IP address) may be disclosed to these analytics providers and other relevant third parties who use the information, for example, to evaluate use of the website.

If you do not wish us to track your cookie information you can set your browser to reject cookies, please visit the ‘Help’ menu of your internet browser to find out how to do this. This may impact your user experience on our website and restrict you from utilising certain website functionality.

What we track and how cookies are used

Futureheads specific:
Cookie Name Purpose of the cookie Data Collected Duration of cookie Cookie provider Privacy Notice
cookies_accepted Used to stop displaying the cookie message once user has dismissed it “true”/”false” 10 years Futureheads
liked_jobs Keeps track of which jobs a user has liked Array of job ID numbers 90 days Futureheads
user_location Used to initially show relevant jobs based on IP address of user, then store their selected location if they manually change it IP address (not stored), then 2 digit country code length of session Futureheads
Google analytics:
Cookie Name Purpose of the cookie Duration of cookie Cookie provider Privacy Notice
_ga Used to distinguish users 26 months
_gid Used to distinguish users 24 hours
_gat Used to throttle request rate 1 minute
_gac_ Contains campaign related information for the user. 90 days

Disclosure of your information inside and outside of the EEA

We may disclose your personal data to third parties if they have a proper interest in the disclosure, such as:

  • Clients and prospective clients for the purpose of introducing candidates to them;
  • Candidates for the purpose of arranging interviews and engagements;
  • Clients, business partners, suppliers and sub-contractors for the performance and compliance obligations of any contract we enter into with them or you;
  • Other recruitment companies, intermediaries or vendors involved in managing the supply of personnel;
  • Third parties who perform functions on our behalf and who also provide services to us, such as our timesheet provider or marketing email platform;
  • Credit reference agencies, compliance partners and other sub-contractors for the purpose of assessing your suitability for a role where this is a condition of us entering into a contract with you or a client;
  • Our insurers;
  • Analytics and search engine providers that assist us in the improvement and optimisation of our site;
  • A professional association or registration body or regulatory or law enforcement agencies if we are required by law to do so;
  • For employees, partners such as HR or Technology partners or advisors, coaches and mentors.

We will disclose your personal information to third parties:

  • In the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets;
  • If Futureheads or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets;
  • If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements; or to protect the rights, property, or safety of Futureheads, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

If we engage a third party to perform services which involve handling or processing personal data, we will take reasonable steps to prohibit the third party from using personal data except for the purposes for which it was supplied or for processing it other than in accordance with our instructions.

Unless required or permitted to do so by law, we will not otherwise share, sell or distribute any of your personal data without your consent.

The lawful basis for the third-party processing will include:

  • Their own legitimate business interests in processing your personal data, in most cases to fulfil their internal resourcing needs;
  • Satisfaction of their contractual obligations to us as our data processor;
  • For the purpose of a contract in place or in contemplation;
  • To fulfil their legal obligations.

Where your personal data is stored and processed

We maintain administrative, technical and physical safeguards designed to protect the personal information you provide against accidental, unlawful or unauthorised destruction, loss, alteration, access, disclosure or use.

All of the information you provide to us is stored within either secured, UK based datacentres or in the Frankfurt AWS ISO27001-certified data centres of our database partner Vincere. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

How long do we keep your information for?

We understand our legal duty to retain accurate data and only retain personal data for as long as we need it for our legitimate business interests and that you are happy for us to do so. Typically, this is for 6 years, due to the long-term partnerships we develop with our customers. Accordingly, we have a data retention policy and run data clean up processes to remove data that we no longer have a legitimate business interest in maintaining.

We do the following to try to ensure our data is accurate:

  • Our Candidate Portal enables you to manage your data and to review whether the details we hold about you are accurate;
  • Prior to making an introduction we check that we have accurate information about you;
  • We keep in touch with you so you can let us know of changes to your personal data.

We segregate our data so that we keep different types of data for different time periods. The criteria we use to determine whether we should retain your personal data includes:

  • The nature of the personal data;
  • Its perceived accuracy;
  • Our legal, statutory or contractual obligations.

We may archive part or all of your personal data or retain it on our financial systems only, deleting all or part of it from our main Customer Relationship Manager (CRM) system, particularly following a request for suppression or deletion of your data, to ensure that we do not re-enter your personal data on to our database unless requested to do so.

Our current Data Retention policy is available upon request.

Know your rights

Under the GDPR, you have the following rights:

  • Request access: The GDPR give you the right to access information held about you. We also encourage you to contact us to ensure your data is accurate and complete. All subject access requests should be submitted to No fee will apply and we have to respond within 30 days.
  • Request correction: If you can demonstrate that personal information we hold about you is not correct, you can ask that this information is updated or otherwise corrected.
  • Request erasure: In certain circumstances, you have the right to have your personal data deleted, where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing.
  • Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
  • Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your personal information to another party in certain formats, if practicable.
  • Make a complaint to a supervisory body which in the United Kingdom is the Information Commissioner’s Office. The ICO can be contacted through this link:

You have the right to ask us not to process your personal data for marketing purposes.

You can exercise your right to accept such processing by double opting in to marketing communications or to prevent such processing by unsubscribing (via links provided in our communication to you) or by contacting us at

Our website and any communications we send you might contain links to relevant external websites. Please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

Changes to our Privacy Notice

Any changes we make to our privacy notice in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy notice.

Contact us

We welcome any questions and comments about our Privacy Notice and these should be addressed to

You can also contact our Data Protection Representative on the same email address.