Data Protection Policy

1. Introduction

This policy sets out the obligations of Mindful Hiring Intelligence (“the Company”) regarding data protection and the rights of candidates, clients, employees and others (“data subjects”) in respect of their personal data under the Data Protection Act 2018 (“the Act”) and the EU General Data Protection Regulation (“the GDPR”).

The policy applies to all personal data processed by the Company and applies to all staff of the Company. Any breach of this policy will be taken seriously and may result in disciplinary action.

2. Definitions

Personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing means any operation or set of operations performed on personal data such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, use, disclosure, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

3. Data Protection Principles

Under the Act and the GDPR, the data protection principles set out the main responsibilities for organisations when processing personal data. Article 5 of the GDPR requires that personal data shall be:

a) processed lawfully, fairly and in a transparent manner in relation to individuals;
b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
d) accurate and, where necessary, kept up to date;
e) kept for no longer than is necessary for the purposes for which the personal data are processed;
f) processed in a manner that ensures appropriate security of the personal data.

The Company is responsible for and must be able to demonstrate compliance with the data protection principles listed above.

4. Fair and lawful processing

The Company shall only process personal data where it has one of 5 ‘lawful bases’ (legal reasons) available to the Company under Article 6 of the GDPR:

– The data subject has given consent to the processing of his or her personal data for one or more specific purposes;
– Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
– Processing is necessary for compliance with a legal obligation to which the Company is subject;
– Processing is necessary in order to protect the vital interests of the data subject or of another natural person;
– Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Company;
– Processing is necessary for the purposes of the legitimate interests pursued by the Company or by a third party (except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data).

5. Processing for specified purposes

The Company collects and processes personal data. This is data the Company receives directly from a data subject (for example, by completing forms or by corresponding with the Company by mail, phone, email or otherwise) and data the Company receives from other sources (including, for example, clients, suppliers, sub-contractors, business partners, payment and delivery services, credit reference agencies, recruitment agencies, etc).

The Company only processes personal data for the specific purposes set out in the Company’s privacy notices provided to data subjects and/or for any other purposes expressly permitted by the Act and the GDPR.

6. Adequate, relevant and limited data processing

The Company will only collect and process personal data to the extent that it is required for the specific purpose(s) notified to data subjects.

7. Accuracy of data and keeping data up to date

The Company shall ensure that personal data held is accurate and kept up to date. The Company shall check the accuracy of any personal data at the point of collection and at regular intervals afterwards. The Company shall take all reasonable steps to destroy or amend inaccurate or out-of-date data.

8. Timely processing

The Company shall not keep personal data longer than is necessary for the purpose or purposes for which it was collected. The Company shall take all reasonable steps to destroy or erase from its systems, all data which is no longer required.

9. Processing in line with data subjects’ rights

The Company shall process all personal data in line with data subjects’ rights, including their right to:

a) request access to any data held about them by the Company (see also Clause 10 Subject Access Requests);
b) object to processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling); direct marketing (including profiling); and processing for purposes of scientific/historical research and statistics;
c) ask to have inaccurate data amended;
d) ask to have data erased;
e) restrict processing;
f) request the transfer of data to another party; and
g) withdraw consent where given.

10. Subject Access Requests

Data subjects may make subject access requests (“SARs”) to find out more about the data the Company holds about them.

The Company shall normally respond to a SAR within one month of receipt but will ensure it does not exceed the maximum period of two months from receipt.

11. Data portability

The Company shall provide data subjects with their personal data, following a subject access request, in a structured, commonly used and machine-readable format. Data subjects have the right to pass such data to another controller.

12. Right to object

Data subjects have the right to object to the Company processing their personal data on grounds relating to their particular situation, unless the processing is necessary for the performance of a task carried out for reasons of substantial public interest.

Where personal data is processed for direct marketing purposes, data subjects have the right to object at any time to that processing.

13. Privacy by design

The Company shall implement appropriate technical and organisational measures, having regard to the state of the art, cost of implementation and nature, scope, context and purposes of processing, as well as the risk of varying likelihood and severity for the rights and freedoms of data subjects, in order to ensure that all processing is performed in accordance with the Data Protection Act and GDPR.

Appropriate measures include pseudonymising and encrypting Personal Data, ensuring confidentiality, integrity, availability and resilience of processing systems, ensuring that availability of and access to personal data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by the Company.

14. Data breaches

All data breaches must be reported immediately to the Person responsible for compliance.

If a personal data breach occurs and that breach is likely to result in a risk to the rights and freedoms of data subjects (e.g. financial loss, breach of confidentiality, discrimination, reputational damage, or other significant social or economic damage), the Person responsible for compliance must ensure that the Information Commissioner’s Office is informed of the breach without delay, and in any event, within 72 hours.

15. International data transfers

The Company shall not transfer personal data to countries or territories outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

16. Compliance

Compliance with this policy shall be monitored by the Person responsible for compliance. That Person shall review this policy at regular intervals for adequacy and monitor its application.

17. Training

Staff shall be adequately trained on provisions of data protection law specific for their role. Staff shall be informed when changes are made to this Policy and other data protection provisions applying to staff.

Privacy Policy

Mindful Hiring Intelligence Ltd (“MHI”, “we”, “us”, “our”) takes privacy seriously. This policy covers how we collect, use, disclose, transfer and store your personal information. Please review this privacy policy carefully.

Information We Collect

We collect personal information about candidates, clients and visitors to our website which includes:

  • Contact details – such as name, email address, postal address, phone number
  • Identifiers – such as date of birth, national insurance number
  • Recruitment data – such as CV, education, employment history
  • Website usage data – such as IP addresses, cookies

How We Use Information

We use your personal information to:

  • Provide recruitment services to candidates and clients
  • Contact you regarding recruitment opportunities
  • Establish and manage your online account with us
  • Analyze website usage and improve our website
  • Comply with applicable laws and corporate reporting

How We Disclose Information

We may disclose your personal information to:

  • Clients – for the purpose of placements
  • Recruitment partners – to find opportunities if we cannot place you
  • Service providers – to conduct our recruitment services
  • Public authorities – to comply with lawful requests when required

Your Choices

You can opt out of non-essential communications from us by contacting us. You can access, amend or delete your personal information by contacting us.

Data Security

We implement security safeguards designed to protect your data, such as HTTPS, firewalls, access controls, encryption and monitoring.

Changes to this Policy

We may change this policy from time to time and will post updated versions on our website. We recommend you review this page periodically.

Contact Us

If you have any questions about this Privacy Policy or want to exercise your rights, please email us at

Equal Opportunities Policy

Equal Opportunities Policy

Mindful Hiring is committed to equal opportunities for all. We prohibit discrimination in recruitment, promotions, compensation, access to training and other aspects of employment, based on characteristics like gender, race, disability, religion, sexual orientation or age. All candidates will be evaluated objectively based on skills, qualifications and suitability for the role, in line with relevant laws. We aim to create a culture that respects and values each other’s differences.

Anti-Bribery & Corruption Policy

Mindful Hiring has a zero tolerance approach to any form of bribery and corruption. Offering or accepting bribes or any inducement for improper business gain or advantage is strictly prohibited. We conduct business in an ethical and honest manner and expect all staff and third parties acting for us to maintain high standards in accordance with relevant anti-bribery laws.

Conflict of Interest Policy

Mindful Hiring will take reasonable steps to identify and manage all conflicts of interest that may arise in the course of providing services to our clients and candidates. We commit to only represent one company per sector at any given time to avoid bias. All staff have a duty to report any actual, potential or perceived conflicts of interest immediately so that appropriate action can be taken.

Health & Safety Policy

Mindful Hiring is committed to ensuring the health, safety and welfare of our employees and all those visiting or working at our premises. We comply with all relevant health and safety laws and provide training, equipment, and safe systems of work to enable our people to work safely. Employees are responsible for cooperating on health and safety matters, following policy and procedures, and reporting any issues or concerns.

Corporate Social Responsibility Policy

Mindful Hiring aims to conduct business ethically and sustainably. We strive to balance profitability with a conscience by considering our impact on people, communities and the environment. This means operating with transparency, accountability and business integrity to build trust with our stakeholders. We aim to embed social responsibility into all activities.

Modern Slavery Policy

We are committed to acting ethically, with zero tolerance for modern slavery and human trafficking in our business operations and supply chains. We aim to implement controls and due diligence processes seeking to prevent and combat exploitation, in compliance with modern slavery laws