PRIVACY POLICY

Effective Date: 15/09/2025

Bis Henderson Ltd (trading as Bis Henderson Recruitment) (“we”, “our”, “us”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services or visit www.bis-hendersonrecruitment.com (“the Site”). By using the Site or our services, you agree to the practices described in this Policy.

WHO WE ARE

Bis Henderson Ltd is a specialist recruitment consultancy registered in the United Kingdom (Company Number: 03123810). We act as both a data controller (when handling candidate, client, or supplier information) and, in some cases, as a data processor (when processing information on behalf of clients).

WHAT DATA WE COLLECT

We may collect and process the following categories of personal data:

  • Candidate data: name, contact details, CV, work history, qualifications, references, right-to-work information, salary details, remuneration expectations, ID checks, payroll records.
  • Client data: business contact details, role requirements, correspondence.
  • Supplier data: contact details and correspondence.
  • Website usage data: IP address, browser type, device information, cookies (see our Cookie Policy), referral source, navigation paths, and analytics data.
  • Marketing and communications data: newsletter subscriptions, downloads (e.g.,whitepapers, insights, brochures), preferences, and opt-in records.
  • Other information: any details you voluntarily provide (e.g., in emails, forms, calls, or during service delivery).

We may obtain this data directly from you or indirectly from job boards, social networking sites, or other public sources, always in accordance with the law.

HOW WE USE YOUR DATA

We use your personal data to:

  • Provide recruitment services, including matching candidates with opportunities.
  • Assess candidate suitability against vacancies.
  • Contact candidates and clients regarding opportunities or roles.
  • Process enquiries and deliver requested services.
  • Communicate with you about roles, applications, services, or downloads.
  • Comply with legal and regulatory obligations (e.g., right-to-work checks, tax records).
  • Maintain business relationships with clients, candidates, and suppliers.
  • Improve our services, website, and user experience.
  • Send you marketing communications (only where you have consented or where we have a legitimate interest, with the option to opt out at any time).
  • Keep records up to date and maintain audit/compliance trails.
  • Ensure website and IT systems security.

LEGAL BASIS FOR PROCESSING

We rely on the following lawful bases under the UK GDPR and Data Protection Act 2018:

  • Consent – where you agree to us holding or using your data (e.g., for marketing).
  • Contract – where processing is necessary to perform our services for you.
  • Legal obligation – to comply with employment, tax, or other regulations.
  • Legitimate interests – to operate as a recruitment business, balanced against your rights and freedoms.

SHARING YOUR DATA

We may share your personal data with:

  • Clients/employers (only with your prior consent before CV submission).
  • Third-party service providers such as IT, hosting, database, compliance, reference checking, or background screening partners.
  • Professional advisers and auditors.
  • Regulators, government bodies, or law enforcement (where required by law).
  • Group companies within Bis Henderson, where reasonably necessary.

In the event of a business sale, merger, or restructuring, your data may be transferred subject to the same protections. We will never sell your personal data.

INTERNATIONAL TRANSFERS

We may transfer data outside the UK/EEA in connection with international recruitment services. Where we do so, we will:

  • Obtain verbal and/or written consent where required.
  • Use safeguards such as adequacy decisions, standard contractual clauses, or equivalent protections.

DATA RETENTION

We will retain personal data only for as long as necessary:

  • Candidates – typically for up to 7 years after last contact, unless you request deletion sooner.
  • Clients & suppliers – for as long as services are provided and as required by law.
  • Legal records – certain documents (e.g., payroll, ID checks, right-to-work evidence) must be retained for statutory periods.

We regularly review our records and securely delete data that is no longer needed.

YOUR RIGHTS

You have the following rights under the UK GDPR:

  • Access – request a copy of the personal data we hold about you.
  • Rectification – correct inaccurate or incomplete data.
  • Erasure (“right to be forgotten”) – request deletion of your data (subject to legal obligations).
  • Restriction – request restriction of processing in certain circumstances.
  • Objection – object to processing based on legitimate interests or direct marketing.
  • Data portability – request your data in a structured, machine-readable format.
  • Withdraw consent – withdraw consent at any time where processing is based on consent.
  • Rights in relation to automated decision-making – we will always seek consent before applying any automated decisions.

We will respond to requests within one month (extendable by two months for complex cases). You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO): www.ico.org.uk

SECURITY

We use appropriate technical and organisational measures to protect your data against unauthorised access, misuse, loss, or disclosure. Data is stored on secure servers in UK- based GDPR-compliant facilities. Access is restricted to staff and trusted third parties who require it for service delivery. While we apply strong protections, data transmission over the internet cannot be guaranteed 100% secure.

COOKIES

Our Site uses cookies to improve functionality, analyse traffic, and personalise content. Some cookies are necessary, while others require your consent. For details, please see our Cookie Policy.

DIRECT MARKETING

We will only send marketing communications where we have your explicit consent or a legitimate interest. You can unsubscribe at any time via the link in emails or by contacting us directly.

DATA BREACHES

If we suffer a personal data breach, we will notify the ICO as required. If there is a high risk to your rights and freedoms, we will also inform you without undue delay.

LINKS TO OTHER SITES

Our Site may contain links to third-party websites. We are not responsible for their privacy practices. We recommend you review the privacy policies of any external sites you visit.

CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time. Updates will be posted on this page with the “Last updated” date.

CONTACT US

If you have questions about this Privacy Policy or your data rights, contact:

Bis Henderson Limited
Griffin House
Barley Castle Trading Estate
Appleton
Warrington
WA4 4ST

dataprotection@bis-henderson.com

Alternative contact: enquiries@bis-henderson.com

You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO): www.ico.org.uk.