Privacy Policy Last Updated: 19th January 2026

1. Introduction Hardhatheads Recruitment Ltd ("Hardhatheads", "we", "us", "our") is committed to protecting the privacy and security of your personal information. This privacy notice describes how we collect and use personal information about you during and after your relationship with us, in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Hardhatheads Recruitment Ltd is registered in England and Wales.

For data protection purposes, Hardhatheads Recruitment Ltd is the data controller. Our Data Protection contact can be reached at: dataprotection@hardhatheads.com

2. Information We Collect We collect and process the following categories of personal information:

For Candidates:

  • Identity data: name, date of birth, National Insurance number, proof of identity documents

  • Contact data: address, email address, telephone numbers

  • Professional data: CV, employment history, skills, qualifications, professional memberships

  • Competency data: safety tickets and certifications (CSCS, PTS, SMSTS, CPCS, Lantra, etc.), training records, expiry dates

  • Financial data: bank details (for payroll purposes), salary history, rate expectations

  • Right to work data: passport, visa, share code verification, immigration status

  • Reference data: details of referees, reference content

  • Assessment data: interview notes, test results, skills assessments

  • Special category data: health information (only where necessary for role requirements or reasonable adjustments), diversity monitoring data (provided voluntarily)

For Clients:

  • Business contact data: name, job title, email, telephone, business address

  • Contract data: terms agreed, fees, placement history

  • Communication data: correspondence records, meeting notes

For Website Visitors:

  • Technical data: IP address, browser type, device information

  • Usage data: pages visited, time on site, navigation paths

  • Cookie data: as detailed in our Cookie Policy

3. How We Collect Your Information We collect personal information through:

  • Direct interactions: when you apply for a role, register with us, submit your CV, complete forms, or correspond with us

  • Automated technologies: when you interact with our website, we may automatically collect technical data

  • Third parties: job boards, LinkedIn, referrals, previous employers (references), background check providers, CSCS/Sentinel verification systems

  • Publicly available sources: professional networking sites, Companies House, regulatory registers

4. How We Use Your Information We process your personal information for the following purposes:

Candidates:

  • To provide recruitment services and match you with suitable roles

  • To verify your identity, qualifications, and right to work in the UK

  • To verify and monitor safety tickets and competency certifications

  • To submit your details to prospective employers (with your consent)

  • To process payroll (where we are your employer for contract work)

  • To comply with legal obligations (tax, employment law, health and safety)

  • To communicate with you about opportunities, market insights, and our services

Clients:

  • To provide recruitment services and supply candidates

  • To manage our contractual relationship

  • To process invoices and payments

  • To communicate about services, market insights, and opportunities

Legal Bases for Processing:

  • Providing recruitment services: Performance of contract / Legitimate interests

  • Verifying identity and right to work: Legal obligation

  • Verifying safety tickets: Legitimate interests / Legal obligation

  • Payroll processing: Performance of contract / Legal obligation

  • Marketing communications: Consent / Legitimate interests

  • Compliance with law: Legal obligation

5. Sharing Your Information We share personal information with:

  • Prospective employers: We will only share your CV and personal details with clients after obtaining your consent for each specific opportunity

  • Payroll providers and umbrella companies: Where you work through us on contract assignments

  • Background check providers: For verification of qualifications, references, and compliance checks

  • Competency verification systems: CITB (CSCS), Network Rail Sentinel (PTS), and other industry databases

  • Professional advisers: Accountants, lawyers, and auditors where necessary

  • Regulatory bodies: HMRC, Home Office, Health and Safety Executive where legally required

  • Technology providers: CRM systems, website hosting, email systems (with appropriate data processing agreements)

We do not sell your personal information to third parties.

6. International Transfers Your personal information may be transferred to, and processed in, countries outside the UK. Where we transfer data internationally, we ensure appropriate safeguards are in place, including:

  • Transfers to countries with adequate data protection laws

  • Standard contractual clauses approved by the UK Information Commissioner

  • Other lawful transfer mechanisms

7. Data Retention We retain personal information for as long as necessary to fulfil the purposes for which it was collected:

  • Candidate data (placed): 6 years from end of placement

  • Candidate data (registered, not placed): 2 years from last meaningful contact

  • Client data: 6 years from end of contract

  • Payroll and tax records: 6 years from end of tax year

  • Right to work documents: 2 years from end of employment

  • Website analytics: 26 months

After the retention period, data is securely deleted or anonymised.

8. Your Rights Under UK data protection law, you have the following rights:

  • Right of access: Request a copy of your personal information

  • Right to rectification: Request correction of inaccurate or incomplete data

  • Right to erasure: Request deletion of your data (subject to legal obligations)

  • Right to restriction: Request limitation of processing in certain circumstances

  • Right to data portability: Receive your data in a structured, machine-readable format

  • Right to object: Object to processing based on legitimate interests or for direct marketing

  • Right to withdraw consent: Where processing is based on consent

To exercise any of these rights, contact us at: dataprotection@hardhatheads.co.uk We will respond to your request within one month.

9. Marketing Communications We may send you information about job opportunities, market insights, and our services. You can opt out at any time by:

  • Clicking the unsubscribe link in any email

  • Emailing: dataprotection@hardhatheads.com

10. Cookies Our website uses cookies to improve your experience. Please see our separate Cookie Policy for full details.

11. Security We have implemented appropriate technical and organisational measures to protect your personal information, including:

  • Encrypted data storage and transmission

  • Access controls and authentication

  • Regular security assessments

  • Staff training on data protection

12. Changes to This Policy We may update this privacy notice from time to time. The latest version will always be available on our website with the "last updated" date shown.

13. Complaints If you have concerns about how we handle your personal information, please contact us first at dataprotection@hardhatheads.co.uk. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO): Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF Tel: 0303 123 1113 Website: www.ico.org.uk

14. Contact Us Hardhatheads ltd Email: dataprotection@hardhatheads.com