Appropriate Policy document 


Walter Everett employment agency and consultancy  and as such we must comply with the Data Protection act 1998 (superseded by the DPA 2018) and  also GDPR​. Because we process Special Category data if we place you in a job, and we are required by law to keep records, this is our Appropriate Policy Document as recommeded by the ICO, so you understand clearly how and why we store it/ 


What is Personal Data?

“‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.


What is special category data  

Some of the personal data you process can be more sensitive in nature and therefore requires a higher level of protection. The UK GDPR refers to the processing of these data as ‘special categories of personal data’. This means personal data about an individual’s:

  1. race;

  2. ethnic origin;

  3. political opinions;

  4. religious or philosophical beliefs;

  5. trade union membership;

  6. genetic data;

  7. biometric data (where this is used for identification purposes);

  8. health data;

  9. sex life; or

  10. sexual orientation.


Why do we process special category data 

By Law we are required to comply with The Employment Agencies Act 1973 and The conduct of Employment Agencies and Employment Businesses Regulations 2003 this means that we have to keep compliance documents such as passports, driving licences, offer including salary details for the people that we place, this can infer peoples race or ethnic origin. From the categories above only 1 and 2 apply . We do not collect data from 3 through to 10 unless you have openly disclosed information on you application documents. We follow the government guidance on recruitment agency  records which can be found here: Right to Work Purposes:

What are our procedures to ensure compliance to the Law,  GDPR and ICO principles. We also follow CAP guidance when placing adverts. 

We have Terms and conditions for both or Clients and Work-seekers that are clearly listed when you apply to a job. If we approach you or you apply via an advertisement, you will be asked to apply for the position. You will be sent a link to the position which takes you an online application portal. This portal, clearly provides our work-seeker, our client terms and, our legal obligations for storing your data. The advertisement clearly states we are an agency and follows the government guidelines for how to place job adverts as a recruitment agency.  the portal contains other information about our legal requirements and a clear link our privacy and data policies. When you apply  we ask that you read these terms carefully. We also run through them on the phone if we take action to find you work.  If you agree, you can consent to the policies out-lined in this and our privacy policy by ticking the consent box. Some of our terms go beyond consent. This only happens when we are legally required to store data that validates your identity. Often candidates send Passports,  BRP;s, Driving Licences, Birth certificates ec, so this is considered special category data, 


Security and technology

Our clients require that we send then documentation that proves you right to work in the UK, and proof of address. We store this data on the employment record within our secure ATS.  This ATS merges with a password and VPN protected network and  email account,

The Applicant Tracking System is also secure and password protected. The passwords are regularly changed. Access to the system is through encrypted PCs which again have another layer of Password protection. 

Data Minimization, Security reviews with suppliers 

As a company we try to keep our data at a minimum, We therefore only keep records that we are required to do by law to keep and when candidates have expressly agreed to having their CV on our database. We review this annually. 

We work extensively with our ATS system to ensure that are data is kept securely. We discuss and review this with the provider every 3 months when we renew. They are also aware of their legal requirements to make us aware if their system was breached. 


Retention and erasure policies


If you ask us to we will erase your data if we are not legally required to keep it. Its simple and easy just email 



APD review date - Jan 2022