1. Introduction
Edge Harbour Recruitment Company Ltd (“we”, “us”, “our”) is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use the Edge Harbour platform. We are registered with the Information Commissioner's Office (ICO), registration number [PENDING — insert real ICO number].
2. Data Controller
Edge Harbour Recruitment Company Ltd is the data controller for personal data processed through the Platform. Contact: privacy@edgeharbour.co.uk · 1 Harbour Place, London, EC2A 1AB.
3. What Data We Collect
We collect the following categories of personal data:
- All users: name, email address, password (hashed), IP address, usage data, device information
- Candidates additionally: date of birth, address, phone number, Right to Work documents (passport, visa, biometric residence permit), DBS certificate number and issue date, professional registration numbers (NMC PIN, HCPC number), employment history, professional references, sector-specific certifications, profile photograph (optional)
- Employers additionally: company name, Company Registration Number (CRN), registered address, VAT number (optional), billing contact details
4. How We Use Your Data
We process your personal data for the following purposes and legal bases:
- Contract performance: to provide the recruitment platform service, verify identities, and facilitate candidate-employer matching
- Legal obligation: to perform Right to Work checks as required by the Immigration Act 2014; to conduct DBS checks as required by the Rehabilitation of Offenders Act 1974
- Legitimate interests: to improve platform security, prevent fraud, and maintain audit trails
- Consent: for optional communications such as marketing emails (you may withdraw consent at any time)
5. Special Category Data
DBS certificates and certain professional registration data may constitute special category data under UK GDPR Article 9. We process this data under Article 9(2)(b) (legal obligations in employment law) and Article 9(2)(h) (health or social care purposes for Healthcare candidates). This data is accessible only to our compliance team and to employers once verification is complete.
7. Data Retention
We retain personal data for as long as your account is active. Upon account deletion: candidate documents are deleted within 30 days; employer data is retained for 6 years for legal compliance (Companies Act 2006). Compliance audit logs are retained for 7 years.
8. Your Rights
Under UK GDPR, you have the right to:
- access your personal data (Subject Access Request);
- rectify inaccurate data;
- erasure (“right to be forgotten”) where no legal basis for retention exists;
- restrict or object to processing;
- data portability;
- withdraw consent at any time.
To exercise your rights, contact privacy@edgeharbour.co.uk. We will respond within 30 days.
9. Data Security
We implement technical and organisational measures to protect your data including:
- encrypted storage via Supabase (AES-256);
- TLS encryption in transit;
- role-based access controls;
- regular security audits.
In the event of a data breach affecting your rights, we will notify you and the ICO within 72 hours as required by UK GDPR Article 33.
11. International Transfers
Your data is primarily processed within the UK and EEA. Where data is transferred outside these areas (e.g., Supabase infrastructure), we ensure appropriate safeguards are in place including Standard Contractual Clauses (SCCs) and adequacy decisions.
12. Children
The Platform is not intended for individuals under the age of 18. We do not knowingly collect data from children.
13. Changes to This Policy
We may update this Privacy Policy to reflect changes in law or our practices. We will notify you of material changes via email. The current version is always available at edgeharbour.co.uk/legal/privacy.
14. Contact & Complaints
For privacy enquiries: privacy@edgeharbour.co.uk. If you are unsatisfied with our response, you have the right to lodge a complaint with the ICO: ico.org.uk · 0303 123 1113.