Itchyfeet Recruitment Agency – Privacy Policy
Updated: November 2025
1. Introduction
• Itchyfeet Recruitment Agency (“Itchyfeet”, “we”, “us”, “our”) is a recruitment business providing work-finding services to candidates and clients. In doing so, we collect and process personal data and act as a data controller.
• This Privacy Policy explains how we collect, use, store, share and protect your personal data in accordance with the Data Protection Laws applicable in each of the jurisdictions in which we operate:
• Guernsey – Data Protection (Bailiwick of Guernsey) Law, 2017
• Jersey – Data Protection (Jersey) Law, 2018
• Isle of Man – Data Protection Act 2018, including the Data Protection (Application of GDPR) Order 2018
• These laws are collectively referred to in this Policy as the Data Protection Laws.
• This Policy applies to:
• Candidates
• Clients
• Suppliers
• Website users
• Emergency contacts and referees
• Anyone whose personal data we process during our business activities
• If you are a member of staff at Itchyfeet, please refer to our Staff Privacy Policy.
________________________________________
2. How we collect your personal data
• We collect personal data in various ways, including:
• Direct interactions (telephone, email, in-person communication, postal correspondence)
• Contact forms on our website
• CVs and application documents you provide
• Forms completed during registration or the recruitment process
• Publicly available sources (e.g. LinkedIn, job boards, company registries, social media)
• Client organisations providing information about hiring needs
• Referees, emergency contacts or colleagues providing your information
• Website analytics, cookies and similar technologies
• Credit reference agencies and pre-employment screening providers (where appropriate)
________________________________________
3. The personal data we collect
3.1 Candidate Data
• Depending on the role, local legal requirements and client needs, we may collect:
• Name, address, email, phone numbers
• Date of birth, gender, marital status, dependants
• Social security or national insurance numbers
• Bank details (if payroll or contracting arrangements require it)
• Tax information, salary and remuneration history
• Right-to-work documents and identification (passport, visa, driving licence)
• CVs, qualifications, certificates, training records
• Employment history and references
• Start dates, working patterns, workplace details
• Performance, disciplinary or grievance information (where relevant)
• Information relating to your use of our systems
• Website usage data collected via cookies
• Emergency contact details
• Referee details
• We may also collect special category data and criminal record information, where lawful and necessary, such as:
• Health or disability information
• Racial or ethnic origin (e.g. for equality monitoring)
• Trade union membership (where applicable)
• Criminal convictions and offences (only where appropriate and lawful)
• Where required by Data Protection Laws, special category or criminal record data will only be processed where:
• you have given explicit consent, or
• it is necessary for employment-related purposes, legal claims, substantial public interest, safeguarding, or where otherwise permitted by local law.
________________________________________
3.2 Client Data
• We typically collect:
• Names and contact details of individuals within your organisation
• Job titles, roles and responsibilities
• Information relating to your recruitment needs
• Records of correspondence and instructions
________________________________________
3.3 Supplier Data
• We collect:
• Contact details of relevant individuals
• Business details
• Contracts and payment information
________________________________________
3.4 Website Users
• We collect:
• IP address
• Browser type and version
• Device information
• Website usage statistics and analytics
• Cookie data (see our Cookie Policy for full details)
________________________________________
4. Why we use your personal data (lawful bases for processing)
• We will only process your personal data where permitted by law. The lawful bases we rely on include:
4.1 Performance of a contract
• To deliver recruitment services, including:
• assessing suitability for roles
• matching candidates with clients
• managing ongoing communication
• administering placements
4.2 Legal obligations
• To comply with laws including:
• employment legislation
• right-to-work checks
• tax and social security obligations
• audit and regulatory requirements
4.3 Legitimate interests
• For purposes such as:
• providing recruitment services efficiently
• improving our website and services
• managing relationships with clients, candidates and suppliers
• ensuring business continuity and security
• We always balance our legitimate interests against your rights.
4.4 Consent
• Where the law requires consent, such as:
• sending marketing communications
• processing some types of special category data
• You may withdraw consent at any time.
________________________________________
5. Marketing communications
• With your consent, or where permitted by law under legitimate interests, we may send:
• job alerts
• updates about our services
• newsletters or industry insights
• You can unsubscribe at any time using the link in our emails or by contacting us.
________________________________________
6. Sharing your personal data
• We may share your data with:
• Prospective employers and clients
• Our group entities (if relevant)
• IT and system providers (CRM, email, cloud hosting)
• Background screening providers
• Professional advisers (legal, accountancy, auditing)
• Payroll and benefits providers (where applicable)
• Regulatory or law-enforcement authorities, where required
• We do not sell your data.
________________________________________
7. International transfers
• We process and store your data primarily within:
• Guernsey
• Jersey
• Isle of Man
• European Economic Area (EEA)
• These jurisdictions are all recognised as providing an adequate level of data protection, meaning data can flow freely between them.
• If data is transferred outside these territories, we ensure appropriate safeguards are in place, such as:
• Standard Contractual Clauses (SCCs)
• Adequacy regulations/decisions
• Other legally recognised protections
• You may request details of the safeguards used for international transfers.
________________________________________
8. Data retention – how long we keep your information
• We retain personal data only for as long as necessary for our business purposes and legal obligations.
• For candidates, if we have had no meaningful contact for six (6) years, we will:
• delete, anonymise or securely archive your data, or
• ask if you wish to remain on our systems
• Meaningful contact includes:
• submitting an updated CV
• communication about potential roles
• clicking through or engaging actively with job alerts or marketing
• discussing opportunities with our consultants
• Some data may be retained longer where necessary for legal or regulatory purposes.
________________________________________
9. Your rights
• Under the Data Protection Laws, you have the right to:
• access your personal data
• rectify inaccurate or incomplete data
• erase your data (“right to be forgotten”)
• restrict processing
• object to processing based on legitimate interests
• object to direct marketing
• data portability
• not be subject to automated decision-making that has legal or significant effects
• To exercise your rights, contact us using the details below.
• You may also lodge a complaint with your local data protection authority:
• Guernsey – Office of the Data Protection Authority
• Jersey – Jersey Office of the Information Commissioner
• Isle of Man – Information Commissioner
________________________________________
10. Security
• We take appropriate technical and organisational measures to protect personal data, including:
• secure IT systems
• access controls
• staff training
• encryption where appropriate
• monitoring and testing of systems
________________________________________
11. Contact details
• If you have questions about this Policy or wish to exercise your rights, contact:
• Data Controller
Email: accounts@itchyfeet.gg
• We will respond within one month, unless an extension is permitted under law.
________________________________________
12. Updates to this Privacy Policy
• We may update this Policy from time to time to reflect:
• changes in law
• Updates to our services
• feedback from regulators or users
• The updated version will always be available on our website, with the revised “Updated” date above.
