Recruitment Privacy Policy

We value transparency, fairness, and responsible data handling.
Protecting candidate privacy is an essential part of our recruitment integrity and corporate responsibility. 

Compliance-Oriented UK Recruitment Privacy Policy of Square Root 

Square Root is committed to protecting the privacy, confidentiality, and integrity of personal data collected throughout our recruitment and hiring processes. We recognise that applying for a role requires trust, and we treat candidate information with the same level of security and responsibility as client and corporate data. 

This Recruitment Privacy Policy explains how we collect, use, store, disclose, and protect personal data relating to job applicants in accordance with the UK General Data Protection Regulation and the Data Protection Act 2018. 

This policy applies to candidates applying through: 

  • Our website (Square-root.co.uk) 
  • Recruitment agencies 
  • Professional networking platforms 
  • Direct referrals 
  • Email applications 

1. Data Controller 

Square Root acts as the Data Controller for all personal data processed during the recruitment process. This means we determine how and why your personal data is processed. 

For data protection queries, you may contact: 

Square Root
Website: https://square-root.co.uk
Email: info@square-root.co.uk

2. Categories of Personal Data We Collect

We only collect data that is relevant and necessary to assess your suitability for employment.

2.1 Identity and Contact Information
  • Full name
  • Residential address
  • Email address
  • Telephone number
  • Nationality (where required for right-to-work verification)
2.2 Professional and Employment Information
  • Curriculum Vitae (CV) or résumé
  • Employment history
  • Job titles and responsibilities
  • Salary expectations
  • Notice period
  • Education and academic qualifications
  • Professional memberships or certifications
2.3 Assessment & Recruitment Data
  • Interview notes
  • Skills assessment results
  • Technical test submissions
  • Portfolio submissions
  • Psychometric testing results (if applicable)
  • Hiring manager feedback
2.4 Compliance & Background Information
  • Right-to-work documentation
  • Identity verification documents
  • References
  • Criminal record checks, done only where legally required for specific roles
2.5 Special Category Data

In limited cases, we may process special category data, for example, health information for reasonable adjustments or diversity monitoring data, strictly where:

  • Required by employment law
  • Necessary for equal opportunity monitoring
  • Explicit consent has been provided

Such data is processed with enhanced safeguards and strict access controls.

3. Lawful Basis for Processing

We process recruitment data under one or more of the following lawful bases:

  • Legitimate Interests to evaluate candidates and manage the recruitment process effectively
  • Contractual Necessity to take steps at your request prior to entering into an employment contract
  • Legal Obligation to comply with UK employment, immigration, and anti-discrimination laws
  • Consent where retaining your CV for future roles or processing special category data

Where consent is relied upon, you may withdraw it at any time without affecting the lawfulness of prior processing.

4. How We Use Your Information

We use recruitment data to:

  • Review and assess your suitability for a specific role
  • Communicate with you regarding your application
  • Schedule interviews and assessment tests
  • Conduct background checks and verify qualifications
  • Make hiring decisions
  • Maintain recruitment records for audit and compliance purposes
  • Improve our recruitment processes

We do not use recruitment data for marketing purposes.

We do not rely solely on automated decision-making in our recruitment process. All decisions involve meaningful human review.

5. Data Sharing & Disclosure

Your personal data may be shared internally on a need-to-know basis with:

  • HR personnel
  • Hiring managers
  • Technical assessors
  • Senior leadership, only where appropriate

We may also share data externally with:

  • Recruitment agencies
  • Background screening providers
  • IT system providers, for example, applicant tracking systems
  • Legal or regulatory authorities where required by law

All third-party processors are contractually obligated to protect personal data and comply with UK data protection requirements.

6. International Data Transfers

Where recruitment data is transferred outside the UK, for example, through cloud-based recruitment tools, we ensure appropriate safeguards are in place, including:

  • UK-approved International Data Transfer Agreements (IDTAs)
  • Adequacy regulations
  • Contractual data protection clauses

7. Data Retention

If your application is unsuccessful, we may retain your personal data for up to 6–12 months after the recruitment process concludes, unless you request earlier deletion.

This allows us to:

  • Consider you for future suitable roles
  • Respond to legal claims or regulatory requirements

If you are successfully hired, your recruitment data will become part of your employee record and be retained in accordance with our Employee Privacy Policy.

Data is securely deleted or anonymised once retention periods expire.

8. Data Security Measures

Square Root implements appropriate technical and organisational measures to protect recruitment data from unauthorised access, disclosure, alteration, or destruction.

These measures include:

  • Secure cloud-based systems with restricted access
  • Role-based access controls
  • Multi-factor authentication
  • Encrypted data transmission
  • Secure document storage
  • Confidentiality obligations for all recruitment personnel

Access to candidate data is limited strictly to individuals involved in the recruitment process.

9. Your Rights Under UK Data Protection Law

Under UK data protection legislation, you have the right to:

  • Request access to your personal data
  • Request correction of inaccurate or incomplete data
  • Request erasure (where applicable)
  • Request restriction of processing
  • Object to processing based on legitimate interests
  • Request data portability
  • Withdraw consent where consent is the lawful basis

Requests should be submitted via the contact details provided above. We will respond within the statutory timeframe, typically one month.

You also have the right to lodge a complaint with the UK supervisory authority:

Information Commissioner's Office
Website: www.ico.org.uk

10. Equal Opportunities Monitoring

Where applicable, we may collect diversity-related information to support equal opportunity monitoring. This data:

  • Is collected separately from hiring decisions
  • Is anonymised where possible
  • Does not influence recruitment outcomes
  • Is used strictly for statistical and compliance purposes

Providing such information is voluntary unless required by law.

11. Changes to This Policy

We may update this Recruitment Privacy Policy periodically to reflect changes in law, operational updates, or improvements in our recruitment practices. The latest version will always be published on our website.

12. Contact Information

If you have any questions regarding this Recruitment Privacy Policy or how your data is handled, please contact:

Square Root
Website: https://square-root.co.uk
Email: info@square-root.co.uk