Our Privacy and Data Protection Policy 


1. Who are we? and how do you access/delete your data


We value your need for the privacy and protection of your personal data:

  • Walter Everett acts as a recruitment agency and consultancy and a permanent recruitment supplier. 

  • We were established in 2006. We are a permanent niche technology recruitment supplier.

  • Our company number is 5882877.  Registered Office Address - Office 6, May Road, Rochester, Kent ME1 2HY.

  • Enquiries relating to this policy, to request to see/access you data, or to ask for your data to be removed from systems please email "attention of: Data Protection Officer", contact@waltereverett.co.uk

  • We are the primary data controllers for your services, however some information regarding salaries and fees,  client invoices are shared discretely and electronically with our accountancy service providers. We also use a reputable third party Application Tracking System called www.ismartrecruit.com to securely hold your data.

2. What is Personal Data?

Personal Data in the UK is defined  as: 

“‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.


3. What are our legal obligations as a recruitment agency ?


By Law we must ensure that our activities, records and data retention activities and policies comply with: 

  1. Employment Agencies Act 1973

  2. The conduct of Employment Agencies and Employment Businesses Regulations 2003

  3. Data Protection act 1998 (superseded by the DPA 2018) and registration with the ICO 

  4. GDPR

  5. Equality Act 2010

  6. CAP Code, regulated by the ASA: https://www.asa.org.uk/topic/Recruitment_and_work.html

  7. We are also required by the HMRC to keep our accountancy records for 6 years.


As you go through this document we will make you aware when there is a legal reason to process your data

4. Who regulates the recruitment industry?

The UK government have fair and strict rules to project you as a job seeker. 


  • The ICO also ensure compliance to all of their data protection policies our reference number is: Z3068163Their website is https://ico.org.uk/.


5. What data are we required to process by law?

We are committed to being transparent about how we collect and use your personal data to meet our data protection obligations and to uphold the law. This policy is our commitment to the General Data Protection Regulations 2018 (GDPR), and individual rights and obligations in relation to your personal data. 


Walter Everett acts as an employment agency and consultancy. As such we process data in the form of CV's verification and compliance documentation we are required to keep by law and by our clients. We are required by law to comply with General Data Protection Regulations and subsequent Data Protection Laws. As an employment agency it is important to note that we process special category data if we place you.


6. Who does this policy apply to ? and does anyone else have access to my data?

  • Work Seekers who apply for jobs that we advertise and the candidates that we approach that supply us with personal data as part of our service offering.We make applications on your behalf with consent to submit your CV to our clients, this submission often happens via our ATS, email or via a client portal. Here we may be asked by our clients to give details such as address, telephone numbers and contacts when we submit your CV. We discuss this with you when we add you to their ATS systems. 

  • Website Users who visit to our website, or that apply via our 3rd party Application Tracker System www.ismartrecruit.com

  • Clients with whom we have agreed terms and conditions to supply our services and the subsequent contacts we interact with and collect data from in order to submit, process applications, interact with and act as an intermediary for.

  • Our 3rd Party providers and suppliers whose systems and services we use to collect data . Namely our Accountancy service Provider and ATS Service provider ismart recruit. Our suppliers are subject to this policy. Read about our main providers policies on GDPR and data here: https://www.ismartrecruit.com/blog-gdpr-compliance-ats-recruiting-software.

  • CV Outsourcing company and 3rd partly advertising intermediaries - Walter Everett often uses 3rd party sourcing companies to increase the candidate pool. When using these services we engage in terms and conditions and we ask that all data be delivered via our ATS system Ismart recruit to ensure protection and transparency of our working practices.

  • Third Party Hyperlinks - Our website contains hyperlinks and connectors for advertising and for information purposes. If you open the links those companies by default may collect data about you. We are not responsible for the compliance of those websites so we encourage you to carefully read their privacy policies. 

7. What data does Walter Everett process and keep ?  


Walter Everett actively searches for candidates using Linkedin and a variety of other Jobboards and advertisements. If you apply for a job through us and if we take action to find you work we will always run through the position and send you a more detailed job description through our ATS. During this process you can view our terms and  there we will ask for explicit consent to process your data and any Special Category Data, 

Based on Government requirements for agencies we keep candidate data on those people we aim to find work for.  You will find information here: www.gov.uk/record-keeping-for-employment-agencies-and-businesses/records-about-workseekers. The list below is not exhaustive, we may at other times reserve other information from third part sources and our clients and partners.  

We collect and handle your data for various reasons and some are for legal purposes. Below is a list of the legal and contractual reasons and also more about the contracts and services we offer our clients -


Identity - Legal requirement and client requirement to check you are who you say you are

  • Your title

  • Your name 

Contact information - Legal Requirement and client requirement 

  • Address and if you are under 22 your date of birth

  • Email address and telephone number, contact details 

Historical - legal requirement and client requirement to check suitability for the position

  • Any details which you openly disclose on your CV, which may include your educational history,  work history, relevant skills, training and qualifications, sometimes candidates add references and interests which may willingly contain Special Category data

  • Suitability for a given position

  • Employment data, current remuneration if our client requires us to ask, what work fills you with joy, interview feedback, if given. Sometimes this is carried our verbally.

  • Details of your relevant technical skills or training required

Verification data - Legal requirement and client requirement

  • Verification data and documents.  Documents such as: Passports and other Identity Documents. This type of data is considered to be Special Category Data *  This is considered special category as it can reveal your racial or ethnic origin. We are required to get explicit consent to process this type of data. This consent is asked for when you apply for a position through Walter Everett and shows on our ATS system as consented. If we find you didn't consent we will delete you data in due course or we will contact you if you have been placed and it was an oversight.  If we place you we collect verification data that confirms your identity (Legal requirement) . We store these on our ATS for at least 1 year (required by law)* Please note, we do not collect any other special category data such as religious beliefs, sexual orientation, political opinions or religious beliefs, trade union, membership, health and genetic info or bio metric data, unless you have openly shared it on your CV with consent. 

New employment data - legal requirement and client requirement 

  • Details of successful offers, salaries and benefits and when you start work. 

  • Details of any email correspondence between Walter Everett and yourself. Please note. For these purposes Walter Everett uses an Applicant Tracking System called www.ismartrecruit.com.

  • If you are placed in a position by Walter Everett we store your Offer of all employment details including salary benefits and start date. 

Employment checks and information that could affect employability for a specific role - Legal and  client requirement 

  • Our clients conduct background checks and DBS checks, and therefore all offers are always conditional subject to satisfactory outcomes. In some cases, our client contracts request us to share pertinent information about your previous employment history. Whilst we don't conduct reference checks the Law requires that employment agencies have certain legal obligations. In relation to work-seeker suitability the following rule applies If we introduce a work-seeker to a hirer and find out within 3 months that they may not be suitable for the job, we must tell the hirer straight away. reference to this can be found here: www.gov.uk/employment-agencies-and-businesses/protection-of-work-seekers-and-hirers

Technical data - as part of our service offering, website and systems we use - Legal requirement

  • As part of our day to day services, the systems and our website collects data: such as when you applied, visited our website, your location etc that our ATS automatically and websites log

  • We also keep email records as they create automatic records of correspondence with our ATS system. Our email is cloud based and password protected. The location of all data is protected by multiple passwords is also protected by CCTV in a secure environment. 

Website and Marketing data - day to day services

  • Our Website provider Wix collects some data, if you interact through the chat bot we save the contact and conversation history. We also collect anonymous aggregated data, information such as statistics about unique site visitors, your location and times you visit for SEO and marketing purposes on how we can improve our website if you email through the site​

​Client data we keep - Legal requirement 

  • Details of the positions the hirer wants to fill

  • Duration or likely duration of work

  • Experience, training, ability, qualifications, and authorisation required either by the hirer, by law or by any professional body

  • Details of enquiries about the hirer and the position they want to fill, including copies of all relevant documents and dates of their receipt

  • Dates of requests by the agency or employment business for fees or other payment from the hirer plus copies of statements or invoices of these when they’re paid

8. Why, where and how and source your data, what we do with it and who we share you data with  

Why: We source and collect data so that we can provide our services to you and our clients. 

  • We collect data as we have a legal basis and client agreements to work in a specific way to perform our duties to help you as a work seeker find a new job,  or to help you as a client to place a requirement.

  • When performing our day to day duties and services we will have both a legal basis and a client service obligation for collecting data  

Where  and how we source your data:

  • Applications: We receive your online application from advertisements we place online job-boards. Where we can we use an external URL's which directs you to our ATS system/ database. Sometimes these online job-boards don't offer an external URL. On these occasions your application will come through our email system (Outlook 365) or will remain on an online portal such as CV Library. There we will review your application. We have made every effort to ensure this is encrypted and of course password encrypted.

  • Online social media websites: such as Linkedin, facebook, instragram, where you are responsible for your privacy settings and security. We may at times try and contact you in this way if we deem you suitable for a position and the website allows us to approach you through inmail. 

  • Job-boards: We regularly use Job -boards to source  work seekers. When you upload your CV to an online Job-board we access this data if we subscribe to their services. These Job-boards are responsible for their own data and privacy policies. These websites all have 2 step verification set up for subscribers to protect your data and privacy. If you have applied for a job via a third party site your information will automatically be stored by then and used and collected by us as you will have given that consent when you added your profile details. The Job boards will have data on what you supply during that application. It is our opinion that if you post your details on a job board or a professional networking site you are happy for us to collect your information and to provide our services to you and to share with consent that information with prospective clients. As you go through the recruitment process you will be asked for more personal data and at the end we will ask for a store special category data as explained in clause 7. You can also expect that our clients will conduct background, reference and criminal records checks. 

  • Work of mouth and networking.  As part of our day to day services we will often ask candidates that we place to recommend people that are actively looking for work or introduce people they know may be looking for a position. If we are given this information we will generally contact you through linkedin if you are open to contact, otherwise we would ask the referrer to check. We also receive recommendations from people we have worked with and candidates will often send their CV's speculatively 

  • Our website: you can apply for jobs through our website which automatically connects to our applicant Tracking system, if you interact through website chat it will also save your contact details. 

  • 3rd party CV and outsourcing services. We often use 3rd party advertisers to improve our recruitment reach and  we also engage the services of a CV sourcing company to help our clients find the technical staff they need. We regularly review their policies to ensure they are both legal and compliant 

  • Referees, background and security checking .We are a permanent recruitment supplier which means that our end clients engage there own security and background checking. We may however at times be made aware certain sensitive information if you or our clients disclose it. Our clients often ask us to collect referee information and they will specify that we must tell you that you are going to be subject to a criminal and financial records check. 

What we do with your data 

  • We only use your date when we have consent (detailed in point 9 below) and also when the law requires us. 

  • We use it to perform our recruitment services, legal and contractual obligations. These may include supplying salary information if asked, your location, your reason for looking for work, the role/s that you have applied for, your suitability for the advertised position and technical skill/training. The reason you are looking for work, what you want in your next role , 

  • To match your details to job vacancies in order to assess your suitability 

  • to help you find a job by applying 

  • Applying for jobs as an intermediary and therefore sending your details to or clients 

  • We use it to guide your data to guide you through the recruitment process with the client, to provide feedback and any information you want sharing with the client  to answer any questions you may have, to help you and our clients and to make you aware of any pertinent industry information. 

  • We may anonymously send diversity questionnaires and ask if we can share some special category data to improve diversity and inclusion in the work place. We will email you and ask for your consent if we do this. 

  • to check we have all the information we need for monitoring purposed where we are legally obliged to do so

  • to provide information about our company, and  client opportunities 

  • We may use website data to try and improve our reach , our marketing and our services

  • we may use you information to email you to provide feedback, send marketing emails, send details of vacancies and to renew consent, for market research or to make you aware of any changes to our policies. 

  • verification purposes that are required by law and our clients 

Who we share your data with:

  • Walter Everett's Directors have access to your data 

  • Our third party ATS supplier www.ismartrecruit.com 

  • Our accountancy partner  for invoicing and accounting purposes: RTS chartered accountancy. they have access to basic information on candidates such as:  name, salary information, start dates , position title. Our accountants also have basic data on clients rates, invoice amounts, fees etc. 

  • We share your data with prospective employers or interviewers

  • Web site provider has access to web chat contacts and history, and some statistical website data.

  • We do not consent for our third party providers to use our data for any purpose other than providing a service to us. 


9. Your Consent - Legal obligation

  • We ask for your consent to collect your data in several ways and are explicit about or policies when doing so. We ensure all work seekers go through our application portal, discuss the roles verbally and on email with you. During this process we ask for your permission and consent to send your details to our clients. We only send your details to our clients after a suitability check based on your technical skills and experience, When we have both agreed to make an application on your behalf.  As well as through the ATS, this may be carried our on email and verbally to ensure you have understood. If for any reason you haven't consented to us having your data on the ATS we may not be able to represent you. We regularly check placement data so you would be contacted if consent was overlooked.  If you are unable to provide the information we are legally obliged to gather as part of our services we may not be able to work with you. 


10. Cookies and Cookie Policy 

  • HTTP cookies are small blocks of data created by a web server while a user is browsing a website and placed on the user's computer or other device by the user’s web browser. Cookies are placed on the device used to access a website, and more than one cookie may be placed on a user’s device during a session.

  • There are strictly necessary cookies that are requires to help our website to function and ones you can control with your web browser

  • We collect information regarding the computer used by a visitor. We may use cookies where appropriate to gather information about your computer in order to assist us in improving our website. We may gather information about your general internet use by using the cookie. Where used, these cookies are downloaded to your computer and stored on the computer’s hard drive. Such information will not identify you personally; it is statistical data which does not identify any personal details whatsoever. Our advertisers and third parties may also use cookies, over which we have no control. Such cookies (if used) would be downloaded once you click on advertisements on the associated website.

  • You can adjust the settings on your computer to decline any cookies if you wish. This can be done within the “settings” section of your computer. For more information please read the advice at AboutCookies.org.

11. Where do we store your data and what do we do if it were breached ? 

  • We use a company that is a global service provider. They store and process their data in Frankfurt, Germany so there is no cross border transfer. Last GDPR contractual review was 24/10/2021

  • We store all of our data in the cloud and electronic format for extra security. We have a private VPN, all devices are double encrypted and every application passport protected. The premises where you data is accessed are secure and monitored by  CCTV. 

  • We  perform regular checks and reviews to ensure your data is checked and that your consent has been given. 

  • If the users of any devices are not present, all applications are logged out of and the system also safeguards this by shutting down or sleeping. Users are then asked to submit a pin number to access the device again. 


What happens if the data we hold is breached/ hacked

  • If any of our third parties have a data breach they are contractually obliged to inform us immediately.

  • If any breach should occur that could affect the rights and freedoms of any individuals we keep data on. we would inform you without delay by email or phone and record this correspondence.

  • We will understand and do our best to address the breach and any concerns you may have.

  • All our systems can be accessed remotely and all passwords will be immediately changed.

  • We chose to only keep verification documents for candidates we place for this reason. This limits the amount of special category data and information on our systems. 

  • if we had a data breach we would record it if we are not required to notify an authorities

  • Data Breaches would be dealt with by the directors of Walter Everett. 

  • We would inform the ICO within 72 hours of a breach occurring.

How long do we keep your data for?

  • If we place you, we like to stay in touch and see how you progress, so the times can range. We have a legal obligation to keep our recruitment records for at least 1 year from when we last provided services to a client.

  • We don't have any legal requirement to keep your details of workers if we don't take action to find you work. We may delete your record if :  you remove consent, we cant help you to find work because your technical skills/ assessment does not match our client requirements or if consent hasn't being given during our interactions with you. 

  • If we place you we keep some of your data for 6 years, as this data is relevant for HMRC legal accounting reason and tax purposes.

Legal rights to the data we handle 

You have:

  • have the right to access your data and to understand how we process your data 

  • have the “right to be forgotten” and have your data deleted/ 

  • Can ask us to restrict you data 

  • You can port your data to another organisation 

  • The right to object to us handling your data

  • you can withdraw consent or permission that you have previously given.

  • You can complain – in all circumstances in relation to how we are processing your data

  • us in relation to the handling of your personal data; or

  • You can contact the relevant bodies in relation to how we process your data.

  • Contact us if you want to exercise your legal rights.  

  • the right to pay any fees associated with your rights to question how we handle your data. 

  • We might need to request certain information from you to help us verify and process your data.

  • Response time – We aim to respond to any requests within 1 month.