Privacy Policy

Kingswood Group Limited takes the privacy of your information very seriously and we are committed to protecting the data of our candidates, clients and users of our website. This Privacy Notice applies to our use of any data collected by us or provided by you, in relation to your use of the website and if you enter into a negotiation, contract or employment with us. We act data controllers for purposes of the General Data Protection Regulation 2016 and Data Protection Act 2018 and are responsible for the manner the data you provide us with is processed.

Who are we?

Kingswood Group Ltd is an HR Solutions company, we partner with organisations across all industries to provide bespoke HR Recruitment, HR Outsourcing and HR Consultancy solutions depending to their people needs. Our Recruitment business operates as a recruitment agency and recruitment business as defined in the Employment Agencies Act 1973. We also provide HR Consultancy and an HR Outsourced service. We are registered in the UK: Company Number 11686964 Registered Address: Woodham View, Little Baddow Road, Woodham Walter, Essex, England, CM9 6RP Our Privacy Officer is Sarah McKee-Harris You can contact us at You can call us 01245 204450 Kingswood Group Limited is registered as a Data Controller with the Information Commissioner’s Office Certificate Number ZA483620

The data we collect and how we use it:

The personal data we collect or receive includes the following as applicable:

  • Name
  • Address
  • Email and other contact details
  • Date of birth Job history (including information relating to placements through us)
  • Educational history, qualifications & skills
  • Passport or other right to work or identity information
  • Bank details
  • National insurance and tax (payroll) information
  • Next of kin and family details Contact details of referees
  • Information contained in references and pre-employment checks from third parties
  • Your marketing preferences

We obtain your personal data from the following sources (please note that this list is not exhaustive):

  • You (e.g. a Curriculum Vitae, application or registration form)
  • A client
  • Online jobsites
  • Marketing databases
  • The public domain
  • Social Media such as LinkedIn
  • Conversations on the telephone or video conferencing (which may be recorded)
  • Notes following a conversation or meeting
  • Our websites and software applications

Where you are a Candidate and we have obtained your personal data from a third party such as an online job board, it is our policy to advise you of the source when we first communicate with you. (Article 14 GDPR)

How we will use your personal data

The processing of your personal information may include:

  • Collecting and storing your personal data, whether in manual or electronic files
  • Notifying you of potential roles or opportunities
  • Assessing and reviewing your suitability for job roles
  • Introducing and/or supplying you to clients
  • Engaging you for a role with us or with our clients, including any related administration e.g. timesheets and payroll
  • Collating market or sector specific
  • Sending information to third parties with whom we have arrangements which are related to our Recruitment Services
  • Providing information to regulatory authorities or statutory bodies, and our legal or other professional advisers including insurers
  • To market our Recruitment Services
  • Retaining a record of our dealings

Lawful reasons to using your personal data

Contractual obligations

In order for us to fulfil our contractual obligations to you we will need to use your personal data For example, for us to provide our recruitment services, we will enter into a contract with you that requires certain information, such as your name and address or bank details to process payroll on your behalf

Legal or regulatory obligation

We must comply with a number of statutory provisions when providing our services, which necessitate the processing of personal data. For example, we are required to comply with statutory and regulatory obligations relating to business generally including tax, fraud/crime prevention and data protection legislation, and co-operating with regulatory authorities.

Legitimate Interests

Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service and the most secure experience. For example, we may send you information based on your previous interactions with us


We will always request your consent when we collect and process your personal data for certain purposes For example, if you apply for a specific role you may have consented to our processing purely for the purpose of progressing your application for that role. You may also have provided consent to receive marketing updates or our newsletter

Vital interest

We may need to protect the vital interests of you or another person

Automated decisions

We may use software to review the personal data of individuals recorded on our database, or who have applied for specific roles. The software, via a smart search, may determine suitability for a specific role via targeted questions relating to the role, and/or may identify and select individual personal information according to the stored characteristics. For example, the software may enable us to quickly identify individuals from our database who have specific skills.

Who we share personal data with

We shall not share your personal information unless we are entitled to do so. The categories of persons with whom we may share your personal information include:

  • Individuals, hirers and other third parties, necessary for the provision of our services
  • Any regulatory authority or statutory body pursuant to a request for information or any legal obligation which applies to us
  • Parties who process data on our behalf, for example our CRM system
  • Storage service providers including cloud
  • Background screening providers
  • Legal and professional advisers
  • Insurers

We make thorough enquiries to ensure that all service providers process data in accordance with the appropriate laws and will never sell, trade, or rent your personal information with other companies

Transfer of data to other jurisdictions

In the course of the provision of our services we may transfer data to countries or international organisations outside of the European Economic Area (EEA). This may, for example, be to clients or third parties who provide support services to us. Where information is transferred, it may be to a country in respect of which there is an adequacy decision from the EU Commission. However, if this is not the case, it is our policy to take steps to identify risks and in so far as is reasonably practicable, ensure that appropriate safeguards are in place.

Data Security and Confidentiality

Protecting the confidentiality and integrity of your personal data is a responsibility that we take seriously. We use appropriate technical and organisational measures to keep personal data secure against unauthorised or unlawful processing, and against accidental loss, destruction or damage. For example

  • Kingswood Group employees have received training in GDPR and how to handle your personal data
  • Access to your personal data is restricted to the relevant employees that are required to process your data
  • Where hard copies are created, these are securely kept.
  • According to each department’s process and procedure, your personal data will be periodically reviewed and securely deleted if required
  • Internal systems and networks are regularly tested

How long will we keep your personal data for?

We will only retain your personal data for as long as necessary to fulfil the purposes in which we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. For example, invoices will be kept for 7 years for legal obligations. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. For any further enquiries please contact the Company for details of our Retention Policy.

Your legal rights over your personal data

You have the rights under the data protection laws in relation to your personal data including:

  • Request access to your personal data (commonly known as a ‘data subject access request’).  This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
  • Request correction of the personal data that we hold about you. This enables you to have any incomplete or out of date data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
  • Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no business or legal reason for us continuing to process it.
  • Object to processing of your personal data where we are relying on a Legitimate Interest (or those of a third party) and there is something about your situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms.
  • Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
  • Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
  • Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent.

Please email us at to request a Data Subject Access Request if you wish to exercise any of these rights.

  • No fee in most cases – You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. There is the possibility that we will refuse to comply with your request in these circumstances.
  • What we may need from you – to protect your personal data we will ask you to verify your identity before proceeding with your request to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
  • If you have authorised a third party to submit a request on your behalf, we will request proof that they have your permission to do so.
  • Time limit to respond – We will respond to all legitimate requests within 1 month from the date of receipt of your request. Occasionally it may take us longer if your request is particularly complex or you have made several requests. In this case, we will notify you and keep you updated.  Where you are sending us a request via post rather than email, we recommend you send it via recorded delivery to guarantee safe delivery.


We take any complaints about our collection and use of personal information very seriously. If you think that our collection or use of personal information is unfair, misleading, or inappropriate, or have any other concern about our data processing, please raise this with us in the first instance. To make a complaint, please contact our Privacy Officer. Alternatively, you can make a complaint to the Information Commissioner’s Office:

  • Report a concern online at
  • Call 0303 123 1113
  • Or write to: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Contact us

If you have any questions, concerns or would like more information about anything mentioned in this privacy notice, please contact our Privacy Officer: Phone: 01245 204450 Email: Due to the decision of the UK to leave the EU on the 31st December 2020, the way your data is transferred from the UK to other countries may change to ensure continuing compliance with data protection regulations but it will not change the security of your data .We may therefore update this Privacy Policy from time to time and we advise that you regularly check this page to ensure you are happy with the changes; we will however notify you of any significant changes.