Privacy Policy


This Privacy Policy explains what, how and why we collect data from various sources for various groups in the form of a company or an individual. It describes how we process collected data and in doing so, how we comply with our legal obligations to you. We endeavour to maintain the highest level of care in safeguarding and protecting collected data for our clients, candidates, suppliers and staff, and to comply with the General Data Protection Regulations.

This is an ongoing procedure, therefore please note that we will be amending the Privacy Policy from time to time to keep up to date with any future legal / in-house changes that are relevant to data protection and processing.



WHAT do we collect?

To provide the best bespoke and most competitive service both to our candidates and clients, we rely on the relevant information gathered by all relevant parties. We only collect information that is mandatory for our business and sourced following strict procedures.


Candidate data

Below is a list of data that we may collect for a candidate depending on the relevant circumstances, to ensure that we understand and deliver the best employment search experience.

  • Name
  • Address
  • Contact details (mobile / email / social media)
  • Nationality
  • Proof of identity and right to work in the UK
  • NI number (not for all candidates, mainly for freelancers)
  • Employment history
  • Education details
  • Current remuneration
  • Referee details
  • Information on your interests and needs regarding future employment, such as your notice period, required remuneration package, choice of industry / company
  • Extra / relevant information voluntarily provided by you
  • Interview / meetings details (date and time of interview and meeting notes)
  • Employment offer details, such as new job title, remuneration, start date etc
  • Correspondence between the candidate and Media Contacts staff relating to a job vacancy, such as emails and other forms of electronic communication, interview notes, other activity events


Client data

To make sure we have a smooth workflow, we aim to ensure that we have at least one main contact for each client organisation. Sometimes, our candidates may also become a client contact.

A list of data that we may collect to deliver the best service experience to our clients (and candidates) is provided below:

  • Company name
  • Company address (physical and website)
  • Company telephone number
  • Visit notes (produced by our consultants based on any meetings with client contacts)
  • Job descriptions
  • Signed Terms & Conditions (between the client company and Media Contacts)
  • Online / printed articles / reports published about the company
  • Any newspaper articles or information in the public domain that helps to sell the idea of working for the company to prospective candidates (e.g. reviews, awards entries, CEO biographies etc)
  • Accounts payable contact details for invoicing / credit control purposes
  • Our contact within a client company:
    • Contact name
    • Contact job title
    • Contact direct telephone
    • Contact email address
    • Any other notes on the contact that they would like us to remember for business purpose
    • Correspondence between the client contact and the Media Contacts staff relating to a job vacancy, such as emails and interview feedback


Staff data

As part of our internal recruitment process, we also need to collect personal data for our staff. Data that we may collect and store for our staff is listed below:

  • Name
  • Address
  • Date of birth
  • Contact details (mobile / email / social media)
  • Education details
  • Employment history
  • Emergency contacts and details of any dependants
  • Nationality / citizenship / place of birth and right to work in the UK
  • Proof of identity
  • Bank account details
  • NI number
  • Employment start and end date, interview notes


Supplier data

We collect limited data from our suppliers – however, we store some data that is provided by the supplier. Data stored from our suppliers includes:

  • Account manager name
  • Account manager contact details – email and telephone
  • Signed T&C with suppliers
  • Main correspondence with supplier in the form of email or letter


Website data

We collect a limited amount data from our website which we then review to create a better website user experience – this enables us to develop an effective digital marketing strategy.

Data that we collect from the website:

  • Top keywords searched
  • Average length of time spent on the website
  • Number of views on various pages of the website

Any data collected from the website is anonymous.


HOW do we collect?


Candidate data

The majority of candidate data is received via CVs sent by the candidates. In addition, Media Contacts staff will conduct head-hunting assignments and receive advertisement responses via various job-boards. A list of data sources is provided below:

  • CV – emailed by candidates who are actively searching for jobs
  • CV – emailed by candidates when they apply for a job advertised (on various job boards such as Guardian, Monster, PR Week, Media Contacts website, Social Media platforms) by Media Contacts on behalf of clients
  • CV – dropped in by candidate in person
  • CV – sourced from an online CV database, such as CV Library, Indeed etc
  • CV – received as a referral
  • Connecting with candidates with relevant experience on various social media platforms, mainly LinkedIn
  • Personal references


Client data

Client data is mainly collected through the client directly – sometimes we will conduct online searches for business development purposes. A list of sources for client data is provided below:

  • Data provided by clients directly when the client approaches us with job vacancies / relevant queries
  • Data collected via business development where a Media Contacts consultant will get in touch with the client querying employment needs
  • Data received and saved for credit control directly via the client
  • Data received via third party sources such as online / print publishing, attending industry relevant events, and referrals


Supplier data

Supplier data is mainly received directly from the suppliers. However, sometimes we may search for a new supplier and store findings of our searches temporarily until we finalise a new supplier. We also file service and contact details of suppliers who contact us to offer their service, but we may review that specific service in the future.


Staff data

We collect staff data throughout the recruitment process directly from the applicant and their referees.


Website data

We use cookies in line with your ‘cookies’ setting on your browser to collect basic data as mentioned above. We also collect data from website users who send a query to us via our website using the ‘Contact Us’ and ‘Blog’ page. Please note that clicking on external ‘links’ may result in your transferral to other websites where the data privacy policy may be different to Media Contacts.


USAGE of collected data



  • Recruitment – We use candidates’ personal data to understand and analyse their employment requirements so that we can match these with any relevant live jobs and represent them to the client. We believe in delivering the best customer service, therefore it is very important for us to understand how the candidate intends to proceed with a vacancy, either by directly applying for a job advertised or by a consultant approaching them to brief on a vacancy. Where needed, we store a candidate’s work-related visa details according to the Home Office rules and regulations.
  • Marketing – We sometimes use collected data to send out relevant and targeted marketing materials, mainly mailshots which may contain news about interesting jobs, industry news, updates on in-house changes etc.
  • Legal – We save data that we are legally obliged to – for example, candidate data required to produce the HMRC Intermediary Reports or to meet other legal requirements. We also save data that is required to legally protect the business (e.g. permission by candidates to send CVs, and proof of sending said CVs to clients).
  • Equal Opportunities –We strictly follow a recruitment process that is aligned with the Equality Act 2010. Where appropriate and in accordance with relevant laws, we may provide diversity monitoring information to a client if contractually required to enable them to comply with their own recruitment process. In these instances, permission will be sought from candidates first.



  • Recruitment – Our aim is to connect the right candidate with the right job. We therefore filter and use the most relevant data to fulfil the most appropriate recruitment process. We store clients’ data in our system so we can communicate regarding recruitment matters, as well as to store business visit notes in order to provide a more targeted services.
  • Marketing  From time to time, we will contact our clients to update our database with more relevant and up to date recruitment contacts. We will also send tailored marketing emails that may be of interest to clients.
  • Legal – We save data that we are legally obliged to – for example, client data is required to produce the HMRC Intermediary Reports or in order to meet legal requirements. We also save data to protect the company legally, such as proof of sending CVs. We store all signed terms of business with clients in paper and online formats.



  • Business management We store supplier data to communicate regarding ongoing / future services.
  • Legal – We store latest signed Terms of Business for record keeping.



  • Internal communication and others – We store all staff CVs, application details and contact details on the database system for communication and in accordance with relevant employment laws. Holidays and sickness records are maintained for existing staff which are only accessible by an authorised manager. Bank details are forwarded to our accountants for payroll and other accounting practices. Emergency contact details are obtained and stored for current staff.
  • Legal – We produce and store employment contracts between staff and the company.



  • Marketing  We collect anonymous data such as browsing time, length, keywords searched for etc which is accessible via our Google Analytics and used to understand our digital marketing requirements.
  • Improving user experience  We also use the data collected through the website to improve user-experience of our website.


SHARING of collected data

We take data protection seriously – we will only share your personal data in accordance with relevant rules and regulations. Below is a list of key people / organisations with whom we may share your data for various recruitment relevant reasons:

  • Candidates – Our consultants have an internal candidate ownership system in place – sometimes if they find a relevant role for you with a colleague, they may share your details with them. We also sometimes take up employment referencing. We also need to send a quarterly intermediary report to HMRC. And of course, with your permission, we will forward your details to any potential employers.
  • Client – For the purpose of recruitment, we brief our candidates with client information and a job description. In accordance with the law, we also send a quarterly intermediary report to HMRC which contains certain information about the client. In addition, without releasing the client’s ID, we advertise jobs on various job boards, our website and on social media platforms such as on our company Facebook, Twitter, and Linked In pages.
  • Staff – We share staff details at various stages of the recruitment process and while they continue to be our employees, we store employment referencing (with referees provided by the applicants),with our accountants and with HMRC
  • Website – Sometimes, we will share data collected through the website with outsourced third party digital marketing consultants




SAFEGUARDING personal data

We understand the importance of handling data correctly and therefore follow strict procedures on safeguarding data that we must keep in our system. We already have appropriate procedures to safeguard data, some of which are listed below. We are also constantly working on how to improve protecting data according to company rules, employment law and regulations. We adhere to the following:

  • No paper copies of CV or ID document onsite for more than a week after registration date (allowing us time to transfer the information to our secure database)
  • No paper CVs carried by consultants for interviews outside our office
  • No unauthorised persons entering our office
  • 24/7 intruder alarm and monitoring system in place
  • Computers and database system have multiple gatekeeping systems in place
  • Computers, emails and database systems have individual log in security with strict user procedures
  • Database server is remotely managed and backed up by our third party IT provider


HOW LONG do we keep the data?

  • We regularly send out mailshots to client and candidates for marketing and database cleansing. We delete personal data in the system upon request to do so based on the mailshot results.
  • We delete records that have been inactive for over two years in our database management system. However, we keep candidate records based on a ‘meaningful contact’ policy, when a candidate continues communicating with us in the format of sending CVs, emails, telephone conversations etc on an ongoing basis.
  • To comply with the government’s limited rules, we save financial records and other records relevant to this (mainly placement forms where we have a candidate’s details whom we have placed within a client company) for six years.
  • We keep ‘Staff’ records in the system for six years.


HOW DO WE STORE data internally?

  • We have a secure and password protected database management system where we store all client, candidate, and staff records. We also have Gatekeeper protected IT system and drives which are only accessible with special permission and by directors only.


WHO is responsible for processing your data?

  • We take data protection very seriously and train our consultants accordingly. Consultants only have access to data that is mandatory in the event of dealing with a recruitment workflow. All other data is only accessible by the authorised person within the company. Should you have any concerns or would like to know details of who takes care of data at Media Contacts, please contact us here.



  • Legitimate interest: There are three elements to the legitimate interest basis, i) identify a legitimate interest; ii) showing that the data processing is necessary and iii) balance the reason of data processing against the individual’s interest, rights and freedom. Keeping these in mind and in accordance with the GDPR requirements, we have a ‘legitimate interest in practice’ checklist that is followed for data collection / maintenance.
  • Candidates – We collect data from direct applications made by candidates for a job advertised by us (Media Contacts). Similarly, we run searches on CV databases and social media platforms where candidates upload / register with CVs. Moreover, we regularly receive CVs through our website from candidates querying potential job matches. We believe that it is reasonable for us to assume that the candidates approaching us through the above-mentioned sources are happy for us to collect and store their personal data for continuing the recruitment process with them and contact them when required. It is important that we collect most relevant data from candidates to create a bespoke recruitment experience for them. To ensure our business runs smoothly, we also need to store candidates’ personal data for a certain period – for example, for payroll / invoicing etc.
  • Clients and suppliers – To make sure we deliver the most effective and professional services to our clients, we save important data such as up to date contact details for quicker communication and to process other activities that are relevant to recruitment.
  • Consent – The GDPR sets a high standard for consent where genuine consent puts the individual in control and strengthens business relationships by increasing trust and transparency. In recruitment circumstances, we (Media Contacts) obtain clear consent to process data.
  • Opt-in consent – According to GDPR article (4)(11), opt-in consent is identification data that has been freely given based on specific information provided to the individual. This means, we (Media Contacts) will provide relevant and specific information to clients / candidates through which they can opt for us to use their data. For example, as part of our business procedure, we obtain consent from every candidate that we interview by asking them to complete a registration form – this provides us with mandatory information that allows us to understand their employment requirements. We brief the candidate should we match a job with their profile and ask for their permission before sending these details to the client.
  • Soft opt-in consent – We are permitted to run marketing communication campaigns for the business and in some cases, we rely on soft opt-in consent. This means, we will contact you with recruitment related services and news on a regular basis as long as you do not request us to opt-out of this communication.
  • Record keeping of consents – We record all consents that you give us. However, you have the right to withdraw you consent at anytime.
  • Establishing, exercising or defending legal claims – According to Article 9 (2)(f) of the GDPR, this may be necessary in the case of processing sensitive personal data in connection with exercising or defending legal claims – or whenever courts are acting in their judicial capacity.




How can you ACCESS, AMEND OR REQUEST DELETING your personal data collected by us?

The EU General Data Protection Regulations (GDPR) is aimed to protect all EU citizens from privacy and data breaches. Consequently, you have the right to request access, amend or delete any data that we may have on our records. You have rights and your right to object enables you to object to us processing your data where we do so in the following circumstances:

  1. Our (Media Contacts) Legitimate Interest – we must cease activity in question if you object to a given circumstance, unless we prove that we have strong legitimate grounds to process your data and / or we are processing your data for the establishment, exercise or defence of a legal claim.
  2. Enable Media Contacts to perform a task in the public interest or exercise official authority
  3. To send you (candidates & clients) direct marketing materials – if your objection is relevant to our marketing activities, upon receiving your objection, we will cease the activity immediately.
  4. For Scientific, Historical, Research or Statistical purposes

Consent – You have the right to withdraw any consent given to us (Media Contacts) given we have no alternative reason to justify the continuation of using your consent / relevant data.

Data Access Request – You have the right to ask us what information we have stored, also to request to amend, or delete. We will need to verify your ID before going ahead with any of these requests.

Right to erasure – You have the right to request us to erase your data, providing, i) the data is no longer relevant; ii) you have withdrawn consent; iii) the data collection does not comply with GDPR rules and regulations

Right to restrict processing – You can request to restrict your data processing by us which means we can only continue to store your data and will not be able to process unless, i) you consent; ii) further processing is required for legal reasons; iii) one of the circumstances listed below is resolved:

  1. you object to our legitimate interest
  2. you object that the data is not accurate
  3. processing of data is unlawful, and you would prefer us to restrict instead of erase
  4. we don’t need the data, but you require the data to establish, exercise or defend legal claims

Right to rectification – We conduct regular mailshots to keep our data up to date and accurate, however, should this be different to your case, you have the right to request that we rectify any inaccurate personal data.

Right of data probability – You have the right to transfer personal data from Media Contacts. You will need to ask for this information using the correct form and you will be asked to produce relevant ID prior to us processing your request.

Should you wish to exercise any of the rights above, please contact us and we will act immediately.




You can contact us by:

  • The ‘Contact Us’ page on the website
  • Email to the Directors, details can be found here
  • Our postal address is 15 The Windsor Centre, Windsor Street, Islington N1 8QG




GDPR – The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union.

Personal Data – any information relating to an identifiable person who can be directly or indirectly identified by reference to an identifier.

Sensitive data – Special categories of personal data, such as genetic data, and biometric data where processed to uniquely identify an individual.

Clients – Organisations to whom Media Contacts provide recruitment (and relevant) service based on agreed and signed Terms of Business.

Candidate – Direct and indirect job applicants for vacancies advertised by Media Contacts and Headhunted or referred individuals who eventually get registered with Media Contacts as candidates.

Supplier – Third party onsite / outsourced companies, individuals and services that provide various services to Media Contacts to operate the business.

Staff – Employees and industrial placement students recruited by Media Contacts.