Privacy Policy | Hamlyn Williams

PRIVACY NOTICE

Hamlyn Williams ("We") are committed to protecting and respecting your privacy.

Any mention of "Our Group" means our subsidiaries, our ultimate holding company and its subsidiaries, and our associated companies as defined in section 1159 of the UK Companies Act 2006 (our Group).

This notice, together with our terms of use, sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.

The UK General Data Protection Regulation (UK GDPR) (Regulation (EU) 2016/679) replaces the Data Protection Regulation (Directive 95/46/EC). The Regulation harmonises data protection legislation across EU member states, enhancing privacy rights for individuals and providing a strict framework within which commercial organisations can legally operate. The UK GDPR has been directly incorporated into UK law and sits alongside the Data Protection Act 2018.

Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

For the purposes of data protection legislation in force from time to time, the data controller is Hamlyn Williams Ltd. of Clockwise, Brunel House, 2 Fitzalan Rd, Cardiff CF24 0EB.

For any GDPR-related queries, please contact: dpo@hamlynwilliams.com

Who We Are and What We Do

We are a recruitment agency and recruitment business as defined in the Employment Agencies and Employment Businesses Regulations 2003. We also provide outsourcing, consultancy, statement of work (SoW), and market intelligence services. We collect the personal data of the following types of individuals:

Prospective and placed candidates for permanent or temporary roles;
Prospective and current client contacts;
Supplier contacts;
Employees, consultants, and temporary workers.

We collect this information to carry out our core business and related activities.

Information You Give to Us or We Collect About You

The personal data we collect from you may include, but is not limited to:

Name, contact information, email addresses (private and corporate), and phone numbers;
Financial information, compliance documentation, references, CVs, and photographs;
Data verifying your right to work, qualifications, and professional profiles (e.g., LinkedIn);
Technical data from website usage (e.g., IP address, browser/device type, pages visited).

We may also collect criminal conviction data for compliance purposes, subject to your explicit consent or where authorised by law.

Information We Obtain from Other Sources

We may gather data from:

LinkedIn and job board websites;
Online CV libraries and company websites;
Recommendations and publicly available professional content.

We may also receive personal data by word of mouth or via other companies in our Group.

Purposes and Legal Bases for Processing

We use your data:

To fulfil contracts or service requests;
To send career-relevant or service-related updates;
For legitimate interests, including recruitment, consultancy, and business development;
Where legally required or under consent (e.g., marketing communications).

Our legal basis for processing personal data includes:

Contractual obligations (e.g., placement agreements);
Legal obligations (e.g., right-to-work checks);
Legitimate interests;
Consent (e.g., marketing).

Processing of Special Category Data

In accordance with Article 9 of the UK GDPR, we will process sensitive data only:

With explicit consent;
Where necessary for legal claims;
For employment or social protection law purposes;
Where in the public interest and legally authorised.

International Data Transfers

Where we transfer personal data outside the UK/EEA:

We use Standard Contractual Clauses (SCCs) or similar safeguards;
Rely on adequacy decisions or explicit consent where applicable;
You may request a copy of these safeguards.

Data Retention

Candidate personal data: Retained for 5 years from the last contact or placement. Contractor financial data: Retained for 7 years from the last payment. Personal data may be stored longer for legal or regulatory purposes and will be restricted from operational use.

Data Security

We store data on secure servers with encryption and access controls. While we use SSL technology, online transmission is not fully secure, and any transmission is at your own risk. Suspected breaches should be reported to dpo@hamlynwilliams.com.

Your Rights

You have the right to:

Access your data;
Request rectification;
Request erasure;
Restrict processing;
Data portability;
Object to processing;
Withdraw consent at any time;
Lodge a complaint with the ICO or relevant EU authority.

Automated Decision-Making

We may use automated tools in recruitment. All such decisions are reviewed by a human and we can explain the logic, outcomes, and options upon request.

Cookies and Website Tracking

We use cookies for website functionality, analytics, and personalisation. Types include essential, performance, and functionality cookies. Google Analytics cookies (_ga, _gid, _gat) may be set. Cookie settings can be adjusted in your browser.

Third Party Sharing

We may share your data with: clients, payroll providers, job boards, verification and insurance companies, analytics platforms, legal advisors, or others in our Group or service providers where necessary.

Contact Preferences

You may be contacted by phone, SMS, or email. To update preferences, email: dpo@hamlynwilliams.com.

External Links

We are not responsible for the privacy practices of external websites linked on our site. Please review their policies before submitting data.

Supervisory Authority Contact Details

If you have concerns, you may contact:

Information Commissioner’s Office (ICO)
Phone: 0303 123 1113
Email: casework@ico.org.uk
Post: Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

For EU-based data subjects, you may contact your national data protection authority such as the Dutch DPA (Autoriteit Persoonsgegevens).

Contacting Us

Please contact info@hamlynwilliams.com or dpo@hamlynwilliams.com with any questions or concerns.