Privacy Policy


1. Purpose of this notice
This notice describes how we collect and use personal data about you, in accordance with the General Data Protection Regulation (GDPR), the Data Protection Act [1998 OR 2018] and any other national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK ('Data Protection Legislation').

Please read the following carefully to understand our practices regarding your personal data and how we will treat it.

2. About us
Yellow Hat (UK) Ltd is registered in England and Wales as a company under number: 07178572, and our registered office is at Lyne House Farm, Godstone Road, Lingfield, Surrey RH7 6JG.  We are a recruitment business which provides work-finding services to our clients and work-seekers.  We must process personal data (including sensitive personal data) so that we can provide these services – in doing so, for the purpose of the Data Protection Legislation and this notice, we act as a ‘data controller’.

You may give your personal details to us directly, such as on an application or registration form or via our website, or we may collect them from another source such as a job board.  We must have a legal basis for processing your personal data.  For the purposes of providing you with work-finding services and/or information relating to roles relevant to you, we will only use your personal data in accordance with the terms of the following statement.

3. Collection and use of personal data
Purpose of processing and legal basis
We will collect your personal data (which may include sensitive personal data) and will process this for the purposes of providing you with work-finding services.  This includes, for example, contacting you about job opportunities, assessing your suitability for those opportunities, updating our databases, putting you forward for job opportunities and developing and managing our services and relationship with you and our clients.

In some cases, we may be required to use your data for the purposes of investigating, reporting and detecting crime and also to comply with laws that apply to us. We may also use your information during internal audits to demonstrate our compliance with certain industry standards.

The legal bases we rely upon to offer these services to you are:
  • where we have a legitimate interest;
  • to comply with a legal obligation that we have;
  • to fulfil a contractual obligation that we have;
  • your consent for direct marketing related to non work-finding services.
Legitimate interest
As a recruitment business, we have a legitimate interest in identifying suitable individuals for work opportunities with our clients provided it is reasonable and does not go against what you would reasonably expect from us.  We are also interested in trends in recruitment and the development of reports that help us to advise our clients on recruitment strategies for hiring the best staff.

This can include:
  • managing our databases and keeping work-seeker records up to date;
  • contacting you to seek your consent where needed;
  • providing work-finding services to you, including sending your information to our clients where you have demonstrated an interest in doing that work.

Legal obligations
Given the nature of recruitment, we have a large number of legal obligations to various individuals, clients and public bodies.  Our activity is regulated and obliges us to take reasonable steps to ensure your suitability for any work opportunities that we introduce you for.  As a recruiter in the healthcare sector, we also have important obligations relating the safeguarding of vulnerable individuals and certain information, such as (but not limited to) copies of your DBS certificate, are used to determine whether you can lawfully and/or safely engage in certain types of work or activities.

Contractual obligations
In the course of our activities, we may assume certain contractual obligations, which may include certain audit rights that a client may have in relation to the services we provide.  If we are unable to obtain or hold the information necessary to meet our legal or contractual obligations, we will not be able to provide work-finding services to you.

If we wish to contact you about other products or services not related to the provision of work-finding services, we will seek your explicit consent before doing so.  We will not be required to obtain such consent where you have voluntarily expressed an interest in services or where you have requested that we contact you.

From time to time, we may ask you to undertake a customer satisfaction survey.  You do not have to do so but this assists in providing the best recruitment services to you.

4. Sharing of personal data
We are not a job board or a commercial database and will not sell access to your data to other businesses for marketing or any other purpose.  We may share your data with the following people or companies:

We will share relevant data with our clients only when introducing you for work opportunities or supplying your services to them.  We will share your information with our suppliers or partners only when it is necessary for providing you the benefit of our services.  We may also share data with your former and/or prospective new employers in order to obtain or provide references

Public bodies
We may be required by law to share your information with certain public bodies or regulatory authorities.  For example, this may include a local authority in respect of information required for safeguarding purposes.

Third parties who ensure our business is run correctly
Third parties with whom we engage to ensure we run our business correctly include:
  • accountants/auditors;
  • legal advisors;
  • insurers;
  • Government departments.
5. Overseas transfers
Our data centre is located in the United Kingdom, and our staff with access to your data are all based in the United Kingdom.  We will always notify you if any of your personal information will be transferred or stored in countries outside of the European Economic Area (‘EEA’).

6. Protection of your data
We are committed to taking all reasonable and appropriate steps to protect the personal information that we hold from misuse, loss or unauthorised access.

Access to your data is restricted to ensure that it can only be accessed by authorised users.  We have minimised the need for data to be accessed unless this is strictly necessary to meet our obligations or to respond to any reasonable and lawful request and information is regularly backed up to reduce the risk of loss or corruption.

7. Data retention
We will retain your personal data only for as long as is necessary for the purpose we collect it.  Different laws may also require us to keep different data for different periods of time

8. Your rights
Please be aware, you have the following rights:
  • the right to be informed about the personal data that we process on you;
  • the right of access to the personal data that we process on you;
  • the right to rectification of your personal data;
  • the right to erasure of your personal data in certain circumstances;
  • the right to restrict processing of your personal data;
  • the right to data portability in respect of any data that has been provided to us directly by you;
  • the right to object to the processing of your personal data that was based on a public or legitimate interest;
  • the right not to be subjected to automated decision making and profiling;
  • the right to withdraw consent (where consent has been freely and lawfully provided by you) at any time.

Where you have consented to us processing your personal data, you have the right to withdraw that consent at any time by contacting your recruitment consultant.

There may be circumstances where we still need to process your data for legal or official reasons.  We will inform you if this is the case, and in such a situation we will restrict the data to only what is necessary for meeting those specific reasons.

You can also contact us if you want us to restrict the type or amount of data we process for you, access your personal data or exercise any of the other rights listed above.

9. Changes to the Privacy Notice
This Privacy Notice was last updated on 24 May 2018.  If it is necessary for us to alter the terms of this Privacy Notice, we will post the revised policy on our website.

10. Complaints or queries
We are committed to meeting the highest standards when collecting and using personal information and expect all our staff to share this commitment.  For this reason, we take complaints very seriously.  We encourage you to bring it to our attention if you think that our collection or use of your information is unfair, misleading or inappropriate.

This Privacy Notice was drafted with brevity and clarity in mind.  It does not provide exhaustive detail of all aspects of Yellow Hat’s collection and use of personal information.  However, we are happy to provide any additional information or explanation needed.  Any requests for this should be sent to the email address below.

If you wish to complain about this Privacy Notice or any of the procedures set out in it, please contact Dean Todd –

You also have the right to raise concerns with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues, at any time if you believe that your data protection rights have not been adhered to. The ICO's contact details are as follows:

Information Commissioner's Office
Wycliffe House
Water Lane
Cheshire SK9 5AF

Telephone - 0303 123 1113 (local rate) or 01625 545 745