Privacy Policy

Last updated: 12 May 2026

This policy explains how GTP Tech Recruitment collects, uses, stores and protects your personal data. It applies to candidates, clients and website visitors and is compliant with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

GTP Tech Recruitment is a specialist technology recruitment agency focusing on Microsoft Dynamics 365, Power Platform and related Microsoft technologies. We operate as a data controller in respect of personal data we collect about candidates and client contacts.

If you have any questions about this policy or how we handle your data, please contact us:

2. What Personal Data We Collect

Candidates

When you register with us, apply for a role, or otherwise engage with us as a candidate, we may collect:

  • Full name, email address, phone number and home location
  • Professional profile: current job title, skills, specialisms, years of experience, employment history and CV
  • Job preferences: desired role type, working arrangement, salary expectations, notice period and availability
  • Right to work information: nationality, visa/immigration status and any work restrictions
  • LinkedIn profile URL
  • Whether you hold a driving licence or are willing to travel or relocate
  • Whether you are currently working with other recruitment agencies
  • Adjustments required for interviews or the workplace (where voluntarily provided)
  • Your digital signature and declaration confirming consent to our terms

Equal Opportunities Data (Special Category)

We may ask you to voluntarily provide equal opportunities information including gender, age range, ethnicity and disability status. This data is collected solely for monitoring purposes to ensure our processes are fair and inclusive. It is:

  • Entirely voluntary - you are not required to provide it
  • Not shared with clients or used in any hiring decisions
  • Processed under Article 9(2)(b) UK GDPR (employment law obligations) and our Equality Act 2010 monitoring duties

Clients and Hiring Managers

For clients, we collect business contact information (name, job title, company, email, phone) and information about your recruitment requirements.

Website Visitors

We do not use tracking cookies or analytics tools. Standard server logs may record your IP address and browser type for security and diagnostic purposes only.

3. How We Use Your Personal Data

Purpose Legal Basis (UK GDPR)
Registering you as a candidate and maintaining your profile Legitimate interests / contract performance
Matching your skills and preferences to suitable vacancies Legitimate interests
Submitting your CV and profile to prospective employers with your consent Consent (explicit, given at registration)
Communicating with you about roles, interviews and offers Legitimate interests / contract performance
Verifying your right to work in the UK Legal obligation
Keeping records of placements for compliance and legal purposes Legal obligation / legitimate interests
Equal opportunities monitoring Equality Act 2010 / explicit consent
Responding to enquiries submitted via our contact form Legitimate interests

We will never sell your personal data to third parties. We will not use your data for automated decision-making or profiling.

4. Sharing Your Data

We will only share your personal data with prospective employers if you have given us explicit consent to do so (confirmed through your registration declaration). Before submitting your details to any employer, we will always:

  • Discuss the role and employer with you
  • Obtain your specific consent for each submission
  • Ensure the employer is aware of their own data protection obligations

We may also share your data in the following limited circumstances:

  • Third-party service providers who process data on our behalf (e.g. email delivery, document storage) - subject to data processing agreements
  • Legal or regulatory authorities where required by law or court order
  • Professional advisers (e.g. lawyers, accountants) under obligations of confidentiality

5. How Long We Keep Your Data

Data Type Retention Period
Active candidate profiles 2 years from last contact or activity
Placed candidate records 6 years from placement (legal/compliance)
Unsuccessful application records 12 months from last contact
Right to work documentation 2 years after employment ends (legal requirement)
Equal opportunities data Anonymised after 12 months; not retained individually
Client contact data 6 years from last business interaction
Website enquiries 12 months

After these periods, your data will be securely deleted or anonymised unless we are required by law to retain it longer.

6. Your Rights Under UK GDPR

You have the following rights in relation to your personal data:

  • Right of access - to obtain a copy of the personal data we hold about you
  • Right to rectification - to have inaccurate data corrected
  • Right to erasure - to request deletion of your data where there is no lawful basis for us to continue holding it
  • Right to restrict processing - to request that we limit how we use your data
  • Right to data portability - to receive your data in a structured, machine-readable format
  • Right to object - to object to processing based on legitimate interests
  • Right to withdraw consent - where processing is based on consent, to withdraw it at any time without affecting the lawfulness of prior processing

To exercise any of these rights, please contact us at gemma@gtptech.co.uk. We will respond within one month. There is no charge for making a request.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113 if you believe we have not handled your data appropriately.

7. Data Security

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction or disclosure. These include:

  • Secure, password-protected systems for storing candidate information
  • Restricting access to personal data to those who need it
  • Using trusted third-party providers who are themselves GDPR compliant
  • Regular review of our security practices

In the event of a data breach that is likely to affect your rights and freedoms, we will notify the ICO within 72 hours and inform affected individuals without undue delay.

8. Transfers Outside the UK

We aim to process and store all personal data within the UK or EEA. Where any third-party services involve transfers outside the UK, we ensure appropriate safeguards are in place (such as UK adequacy decisions or standard contractual clauses) before any transfer takes place.

9. Digital Signatures

Where you provide a digital signature through our candidate registration form, this constitutes a valid electronic signature under the Electronic Communications Act 2000. Your signature is stored securely and forms part of your registration record.

10. Children

Our services are intended for adults in the context of employment. We do not knowingly collect data from anyone under 18 years of age. If you believe a minor has submitted data to us, please contact us immediately so we can delete it.

11. Changes to This Policy

We may update this policy from time to time to reflect changes in law or our practices. The "Last updated" date at the top of this page will always reflect the current version. Where changes are material, we will take reasonable steps to inform you.

12. Contact Us

For any privacy-related queries, requests to exercise your rights, or to withdraw consent, please contact: