Head Office : 0161 828 8726

Privacy Policy

As a recruitment company McCarthy Recruitment processes personal data in relation to it own staff, candidates and individual client contacts. It is vitally important that we abide by the principles of the General Data Protection Regulations set out below.

McCarthy Recruitment holds data on individuals for the following general purposes:

  • Staff administration
  • Accounts and records
  • Administration and processing of candidate & client personal data for the purposes of work finding services
  • To fulfil contractual obligations with 3rd parties


The General Data Protection Regulations require McCarthy Recruitment as a data controller to process data in accordance with the principles of data protection. These require that the data shall be:

  • Processed lawfully, fairly and in a transparent manner in relation to individuals
  • Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes shall not be considered to be incompatible with the initial purposes
  • Accurate and where necessary kept up to date. Every reasonable step must be taken to ensure that the personal data that is inaccurate is erased or rectified without delay
  • Kept in a form which permits identification of a data subject for no longer than is necessary for the purposes for which the personal data is processed. Personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest or statistical purposes in order to safeguard the rights and freedoms of individuals
  • Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or lawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures

“Personal data” means data relating to a living individual who can be identified from the data, or from the data in combination with other freely available information.

“Processing” is defined as obtaining, recording or holding the data or carrying out and operation or set of operations on the data. It includes organising, adapting or amending the date. All of the data within McCarthy Recruitment will have been processed in order to be added to the database or computer network. Data processing can happen on any type of computer or digital device, this includes but is not limited to Desktop PC’s, Laptops, Tablets & Smart Phones.

Data should be reviewed on a regular basis to ensure that it is accurate, relevant and up to date and those people listed in the appendix shall be responsible for doing this.

Data may only be processed if it falls into the 2 lawful basis for processing personal data for McCarthy Recruitment these are;

  • Explicit Consent

Explicit Consent will apply to all marketing activity sent to you through our web database

  • Legitimate Business Interests

Legitimate Business Interests will apply to all recruitment & employee activity

However, caution should be exercised before forwarding personal details of any individuals on which the data is held to any third party such as past, current or prospective employers; suppliers; customers and clients or any other third party. You must ensure you have either the candidate, client or employee’s consent before forwarding personal data out of the business.

As a recruitment business we are bound by Regulation 28 of the Conduct of Employment Agencies and Employment Business Regulations 2003 to obtain the prior consent of an individual before disclosing any information relating to them other than for the purposes of finding them work, or in relation to legal proceedings or to a professional body where they are a member. Prior explicit consent must be obtained before disclosing any information relating to an individual work seeker to their current employer.

Data in respect of the following is “sensitive personal data” and any information held on any of these matters MUST not be passed on to any third party without the express written consent of the individual:

  • Any offence committed or alleged to be committed by them
  • Proceedings in relation to any offence and any sentence passed
  • Physical or mental health or condition
  • Racial or ethnic origins
  • Sexual life or origins
  • Political opinions
  • Religious beliefs or beliefs of a similar nature

All employees should ensure that adequate safety measures are in place. For example:

  • Computer screens and PC’s should not be left unlocked by individuals who have access to personal data
  • Passwords should not be shared or disclosed
  • Emails should be used and sent with care
  • Personnel files and other personal data should be stored in a place in which any unauthorised attempts to access them will be noticed. They should not be removed from their usual place of storage without good reason
  • Personnel files should be locked away when not in use and when in use should not be left unattended
  • Any breaches of security should be reported to the Data Protection Officer and may be treated as a disciplinary issue
  • Care should be taken when sending personal data in internal or external mail
  • Destroying or disposing of personal data counts as processing. Therefore care should taken in the disposal of any personal data to ensure that it is appropriate. All hard copies of personal data must be shredded prior to disposal

It should be remembered that incorrect processing of personal data may give rise to a breach of contract and/or negligence leading to a claim against McCarthy Recruitment. A failure to observe the contents of this policy will be treated as a disciplinary offence.

Data subjects are entitled to obtain access to their data on request and after payment of a processing fee. All requests to access data by data subjects should be referred to the DPO.

Any requests for access to a reference given by a third party must be referred to your line manager and should be treated with caution if the reference was given in relation to the individual making the request. This is because the person writing the reference also has a right to have their personal details protected in line with the GDPR and not disclosed without their consent.

Finally it should be remembered that all individuals have the following rights under the Human Rights Act 1988 and in dealing with personal data these should be respected at all times:

  • Right to respect for private and family life (Article 8)
  • Freedom of thought, conscience and religion (Article 9)
  • Freedom of expression (Article 10)
  • Freedom of assembly and association (Article 11)
  • Freedom from discrimination (Article 14)

McCarthy Recruitment recognises the importance of Information Security to ensure business continuity and minimize business damage by preventing and reducing the impact of security breaches.

This policy is raised by the Managing Director to protect the company’s information assets from all threats whether internal or external, deliberate or accidental.

It is the policy of the company to ensure that:

  • Information will be protected against unauthorised access
  • Confidentiality of information will be assured
  • Integrity of information will be maintained
  • Information will be available as required by the business processes
  • Regulatory, legislative and contractual security requirements will be met
  • Information security training will be available to staff

All breaches of security, whether actual or suspected, will be reported to, and investigated by the DPO.

It is the responsibility of the DPO to provide guidance on the implementation of this policy.

It is the responsibility of all staff to adhere to this policy

This policy does not constitute a contract and McCarthy Recruitment reserves the right to change its terms at any time. Failure to comply with this policy may lead to disciplinary action up to and including dismissal.