top of page

MENU

Tierpoint2025 - White Logo.png

GDPR and Data Privacy

1. Introduction

 

Tierpoint Partners Limited is committed to ensuring that your privacy is protected. This policy outlines how we collect, use, and protect the personal data of individuals in accordance with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018. This policy applies to the personal data of clients, candidates, employees, suppliers, and other stakeholders.

 

2. Definitions

 

  • Personal Data: Any information relating to an identified or identifiable natural person (data subject), such as names, addresses, contact information, employment details, and other personal identifiers.

  • Processing: Any operation performed on personal data, such as collection, storage, use, alteration, or deletion.

  • Data Subject: The individual whose personal data is processed.

  • Data Controller: Tierpoint Partners Limited, who determines the purposes and means of processing personal data.

  • Data Processor: A third party that processes personal data on behalf of the data controller.

  • GDPR: The General Data Protection Regulation, which governs the processing of personal data in the EU and UK.

 

3. Data Collection

 

Tierpoint Partners Limited collects personal data for specific, legitimate purposes that are necessary for our recruitment services and business operations. We may collect personal data directly from individuals or indirectly through third parties (such as job boards or social media platforms).

 

Types of Data Collected:
 

  • Contact information (e.g., name, email address, phone number)

  • Employment history and qualifications

  • Identification documents (e.g., passport, driving license)

  • Salary expectations and benefits information

  • References and performance feedback

  • Sensitive personal data (where required and with explicit consent, such as criminal record checks)

  • Technical data (e.g., IP address, browser type)

 

4. Legal Basis for Processing

 

Tierpoint Partners Limited will only process personal data where there is a legal basis for doing so. These bases include:

 

  • Consent: When the data subject has given clear consent for us to process their personal data for a specific purpose.

  • Contract: Processing necessary for the performance of a contract, such as an employment or service contract.

  • Legal Obligation: Where processing is necessary to comply with a legal obligation (e.g., reporting to tax authorities).

  • Legitimate Interests: Where processing is necessary for our legitimate interests, provided these do not override the rights and freedoms of the data subject.

 

5. Purpose of Data Processing

 

We process personal data to:

 

  • Provide recruitment services, including the identification and placement of candidates with clients

  • Facilitate employment contracts and payroll administration

  • Fulfil legal obligations, such as right-to-work checks and tax reporting

  • Respond to inquiries and provide information about our services

  • Improve our website, services, and communications

  • Maintain our internal records

  • Ensure compliance with legal and regulatory requirements

 

6. Data Subject Rights

 

Under GDPR, data subjects have several rights with regard to their personal data. These include:

 

  • Right to Access: The right to request access to the personal data we hold about you.

  • Right to Rectification: The right to have inaccurate or incomplete data corrected.

  • Right to Erasure: The right to request the deletion of personal data in certain circumstances, also known as the “right to be forgotten.”

  • Right to Restrict Processing: The right to request that we limit the processing of your personal data.

  • Right to Data Portability: The right to obtain and reuse your personal data for your own purposes across different services.

  • Right to Object: The right to object to processing based on legitimate interests or direct marketing.

  • Right to Withdraw Consent: Where consent is the legal basis for processing, you have the right to withdraw your consent at any time.

 

To exercise any of these rights, please contact us at dataprivacy@tierpointpartners.com.

 

7. Data Retention

 

We will retain personal data only for as long as necessary for the purposes for which it was collected, or to comply with legal and regulatory requirements. When personal data is no longer needed, it will be securely deleted or anonymised.

 

  • Candidates: Personal data will be retained for a maximum of 2 years after the last meaningful contact, unless we are required to retain it for legal reasons.

  • Clients: Client data will be retained as long as the business relationship continues and for a period necessary to fulfil contractual and legal obligations.

  • Suppliers: Supplier data will be retained for the duration of the supplier relationship and any necessary legal retention periods thereafter.

 

8. Data Security

 

Tierpoint Partners Limited is committed to safeguarding personal data against unauthorised access, alteration, disclosure, or destruction. We implement appropriate technical and organisational measures, including:

 

  • Encryption of sensitive personal data

  • Secure storage of physical and digital records

  • Access controls to limit access to personal data to authorised personnel only

  • Regular review and testing of our data security measures

  • Secure disposal of personal data when no longer required

 

9. Data Sharing

 

We will only share personal data with third parties when necessary and in compliance with GDPR. These third parties may include:

 

  • Clients seeking candidates for employment

  • External payroll providers and financial institutions

  • Government authorities or law enforcement (when required by law)

  • Data processors who provide services on our behalf, such as IT support or marketing services

 

We ensure that any third-party data processors we engage comply with GDPR and have appropriate security measures in place to protect personal data.

 

10. International Data Transfers

 

In some cases, personal data may be transferred to countries outside the European Economic Area (EEA). Where this occurs, we will ensure that appropriate safeguards are in place to protect the data, such as:

 

  • The use of standard contractual clauses approved by the European Commission

  • Transfers to countries deemed to have an adequate level of data protection by the European Commission

  • The use of binding corporate rules (BCRs) for intra-group transfers

 

11. Data Breaches

 

In the event of a data breach that poses a risk to the rights and freedoms of individuals, Tierpoint Partners Limited will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. We will also inform affected data subjects without undue delay if there is a high risk to their personal data.

 

12. Complaints

 

If you believe your data protection rights have been violated or you have a concern about how we handle your personal data, you can file a complaint with our Data Protection Officer (DPO) at dataprivacy@tierpointpartners.com or the Information Commissioner’s Office (ICO), the UK’s data protection authority.

 

13. Changes to this Policy

 

We may update this policy from time to time to reflect changes in our practices or legal obligations. We will notify you of any significant changes and post the revised policy on our website.

 

Contact Us

 

If you have any questions about this GDPR and Data Privacy Policy or wish to exercise your rights, please contact us at:

 

Data Protection Officer

Tierpoint Partners Limited 

Email: dataprivacy@tierpointpartners.com 

Phone: 01216301231

Address: 6a, Little Aston, Sutton Coldfield, B74 3UF

bottom of page