0113 537 4042
Contact us
Sign in
Get a demo
0113 537 4042
Contact us
Sign in
Get a demo

SmartSearch Candidate Privacy Notice

Last updated 5th January 2026

This Candidate Privacy Notice outlines how SmartCredit collects, uses, and protects personal information about candidates during the recruitment process. We are committed to ensuring that your privacy is protected and that we comply with the UK General Data Protection Regulation and other applicable data protection laws. 

This policy promotes transparency, fairness and accountability in handling your data, including communication by email, telephone and SMS.  We will comply with data protection laws, which says that the personal information we hold about you must be: 

  1. Used lawfully, fairly and in a transparent way.
  2. Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
  3. Relevant to the purposes we have told you about and limited only to those purposes.
  4. Accurate and kept up to date.
  5. Kept only as long as necessary for the purposes we have told you about.
  6. Kept securely. 

Information We Collect: 

We may collect and process the following personal information about you: 

  • Identity data such as name, title, gender, date of birth 
  • Personal contact details such as, addresses, telephone numbers and personal email addresses 
  • Professional and academic data such as CV/resume and cover letter, employment history, education, skills and qualifications, skills, references, interview notes and assessments  
  • Communications data such as SMS correspondence, call notes and recorded messages  
  • Diversity data such as voluntary disclosures (for example gender, race or ethnicity, disability, religious beliefs, sexual orientation) used solely for equal opportunities monitoring 
  • Verification data such as copies of identity documents, right to work documentation and, where required, pre-employment screening results 
  • Publicly available social media  
  • Photographs 
     

We may also collect, store and use the following further sensitive types of personal information: 

  • Political opinions 
  • Criminal convictions and offences 

 

How is our personal information collected and our communication methods 

We collect personal information about employees, workers and contractors through the application and recruitment process, either directly from candidates or sometimes from an employment agency or background check provider. We may sometimes collect additional information from third parties including former employers, credit reference agencies or other background check agencies as follows: 

  • Online applications submitted via our career portal on our website 
  • Recruitment platforms such as LinkedIn 
  • Direct referrals 
  • Telephone or SMS contact for arranging interviews, or confirming application details 
  • Video or in-person interviews 

All phone and SMS communications comply with the Privacy and Electronic Communications Regulations 2003 (PECR). 

How We Use Your Information: 

We use your personal information for the following purposes: 

  • Assessing your suitability for job roles 
  • Communicating with you about job opportunities 
  • Verifying your identity and eligibility to work 
  • Carrying out background checks where necessary 
  • Keeping records related to our hiring process 
  • We will not use your personal information for automated decision-making  

Legal Basis for Processing: 

We process your personal information based on one or more of the following legal grounds: 

  • Contractual necessity: The processing is necessary for the performance of a contract with you or in order to take steps at your request prior to entering into a contract. 
  • Legal obligation: To comply with immigration, tax, or employment laws. 
  • Legitimate interests: Our legitimate interests in managing the recruitment process and ensure the suitability of candidates. 
  • Consent: When processing optional information such as diversity or background check data (where required by law).  

Data Security: 

We are committed to ensuring that your information is secure. We have implemented appropriate technical and organizational measures to protect your personal information from unauthorized access, disclosure, alteration, and destruction including: 

  • Encrypted data transmission and storage. 
  • Role-based access controls – so that only those who need access to your data for the recruitment process will have access to it. 
  • Secure servers and password policies. 
  • Regular audits and staff data protection training. 

Data Sharing: 

Your personal information may be shared with: 

  • Internal stakeholders involved in the recruitment process: HR staff and relevant department heads. 
  • Authorised third-party service providers assisting in the recruitment process including Cezanne Recruitment and Occupop. All third parties must adhere to data protection and confidentiality obligations equivalent to those of SmartSearch and may involve processing your data outside the UK and EU. 
  • Regulatory or governmental authorities, when legally required. 
  • We will not sell, distribute, or lease your personal information to any other third parties 

Retention Period: 

We will retain your personal information for as long as necessary for the purposes outlined in this notice or as required by law. If your application is unsuccessful, we may retain your data for future opportunities provided you have consented to this. You have the right to withdraw your consent at any time by giving written notice.  

Candidate data will be retained for 3 months after the recruitment process concludes unless you have given us consent to keep it for longer up to a maximum of 1 year or unless we are required by law to keep it for a longer period. 

Successful candidates’ data will be transferred to their personnel file upon employment and retained in line with SS employee privacy policy. 

SMS and call records will be retained for 90 days unless required longer for audit or compliance purposes. 

After the retention period, personal data will be securely deleted or anonymised. 

Your Rights: 

You have the right to: 

  • Access the personal information we hold about you 
  • Correct inaccuracies or incomplete data in your personal information 
  • Request erasure of your personal information where legally permissible 
  • Object to the processing of your personal information 
  • Request limitation of data processing 
  • Request a copy of your data  
  • To exercise these rights or if you have any questions, please contactdpo@smartsearch.com 

Data breach management 

In the event of a personal data breach involving candidate information: 

  • The incident will be reported to the data protection officer immediately 
  • A risk assessment will be carried out by the IT and security teams to determine the impact 
  • SmartSearch will notify the Information Commissioner’ Office (ICO) within 72 hours, if required 
  • We will promptly inform affected candidates where the breach poses a high risk to their rights and freedoms   

Acknowledgement 

All employees and external recruiters handling candidate information must confirm that they have read, understood and agree to comply with this policy. Non-compliance may result in disciplinary or contractual action.  

Changes to this Privacy Notice: 

This notice was last updated on 8th December 2025. This privacy notice may be updated from time to time. Please check our website for the latest version. 

Contact Information: 

We have appointed a DPO to oversee compliance with this privacy notice. If you have any questions about this privacy notice or how we handle your personal information, please contact dpo@smartsearch.comor people@smartsearch.com. 

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO) with respect to data protection issues. 

SmartCredit Limited t/a SmartSearch 

Mayfield House, Lower Railway Road, Ilkley, LS29 8FL