Effective Date: December 2025

1. Statement of Intent

Global Talent Hire (“We”, “Us”, “Our”) is committed to ensuring the security and protection of the personal information that we process, and to provide a compliant and consistent approach to data protection. We have always had a robust and effective data protection program in place which complies with existing law and abides by the data protection principles. However, we recognize our obligations in updating and expanding this program to meet the demands of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Our Data Protection Principles

In accordance with GDPR, we are responsible for ensuring that the personal data we hold is:

  1. Lawful, fair, and transparent: Processed lawfully, fairly, and in a transparent manner in relation to the data subject.

  2. Purpose limitation: Collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes.

  3. Data minimization: Adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.

  4. Accuracy: Accurate and, where necessary, kept up to date.

  5. Storage limitation: Kept in a form which permits identification of data subjects for no longer than is necessary.

  6. Integrity and confidentiality: Processed in a manner that ensures appropriate security of the personal data.

3. Lawful Basis for Processing

We process personal data under the following lawful bases:

  • Contractual Necessity: For processing candidate applications, employer agreements, and student consultancy contracts.

  • Legitimate Interests: To provide recruitment services, maintain our database of skilled professionals, and improve our website services.

  • Consent: Where you have given clear consent for us to process your personal data for a specific purpose (e.g., subscribing to job alerts).

  • Legal Obligation: To comply with UK employment laws, tax laws (HMRC), and immigration laws (UKVI).

4. Data Subject Rights

Under the UK GDPR, you have the following rights regarding your data:

  • The Right to be Informed: You have the right to know how your data is being used.

  • The Right of Access: You can request a copy of the data we hold about you (Subject Access Request).

  • The Right to Rectification: You can ask us to correct inaccurate or incomplete data.

  • The Right to Erasure: You can ask us to delete your data where there is no compelling reason for its continued processing (also known as the “Right to be Forgotten”).

  • The Right to Restrict Processing: You can ask us to block or suppress the processing of your personal data.

  • The Right to Data Portability: You can request to obtain and reuse your personal data for your own purposes across different services.

  • The Right to Object: You can object to our processing of your data for direct marketing or research purposes.

5. International Data Transfers

As an international recruitment agency, we may need to transfer your data outside the United Kingdom (e.g., to an employer in another country or from an overseas student to a UK university). We ensure that such transfers are protected by appropriate safeguards, such as:

  • Transferring data to countries with an Adequacy Decision from the UK Government.

  • Using Standard Contractual Clauses (SCCs) approved by the ICO.

6. Data Security & Breach Notification

We take the security of your data seriously. We have implemented technical and organizational measures to protect against unauthorized access, alteration, disclosure, or destruction of data. In the unlikely event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Information Commissioner’s Office (ICO) within 72 hours of becoming aware of the breach, and we will notify you without undue delay.

7. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

  • Candidate Data: Retained for [Specify Time, e.g., 2 years] after the last meaningful contact, unless you request deletion sooner.

  • Financial Data: Retained for 6 years in compliance with UK tax law.

8. Contact Our Data Protection Officer (DPO)

If you have any questions about this policy or wish to exercise your rights under GDPR, please contact us.