Privacy Policy

. Information We Collect

1.1. Personal Data

We may collect and process the following personal data about you:

• Identity Data: Name, date of birth, gender, and identification documents.

• Contact Data: Address, email address, phone number.

• Employment Data: CVs, employment history, references, qualifications, and certifications.

• Financial Data: Bank account details, payment information.

• Technical Data: IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.

• Usage Data: Information about how you use our website.

• Marketing and Communications Data: Your preferences in receiving marketing from us and your communication preferences.

1.2. Special Categories of Data

We may also collect and process special categories of personal data, such as:

• Health information, including physical or mental health conditions, where relevant to job roles in the social care sector.

• Criminal offense data, including DBS checks or disclosures where legally required for employment screening.

2. How We Collect Your Data

We collect data through:

2.1. Direct Interactions You may provide us with your data by:

• Applying for roles or registering with us.

• Booking staff via contact request forms.

• Filling in forms on our website.

• Communicating with us via post, phone, email, or otherwise.

• Requesting marketing or information.

• Participating in surveys or feedback processes.

2.2. Automated Technologies When you use our website, we may automatically collect Technical Data using:

• Cookies.

• Server logs.

• Other similar technologies.

3. How We Use Your Data

3.1. We use your personal data lawfully and fairly for the following purposes:

• To perform our contract with you: e.g., processing applications, matching to jobs, onboarding, and payroll.

• To comply with legal obligations: e.g., verifying identity, right to work checks, DBS reporting, and HMRC reporting.

• For our legitimate interests: e.g., to run our business, improve services, protect IT systems, and conduct AI-based CV screening (as planned for the future).

• With your consent: e.g., for specific marketing communications or processing sensitive data not required by law.

4. Use of AI and Automated Tools

4.1. In the future, we plan to use automated tools, including artificial intelligence (AI), to support our recruitment process. This may include:

• Screening CVs and matching candidates to roles based on keywords, experience, and qualifications.

• Scoring or ranking applications to support shortlisting.

Important: Automated tools will not make final decisions. All recruitment outcomes are and will remain subject to human review and final decision-making. You have the right to request human intervention and challenge any decision made with the help of automated processing. We regularly assess our AI tools to ensure accuracy, relevance, fairness, non-discrimination, transparency, and compliance with data protection laws.

5. Lawful Basis for Processing

5.1. We rely on the following lawful bases under the UK GDPR:

• Contract – to fulfill our obligations to you (e.g., job placement, payroll).

• Legal obligation – where required by law (e.g., right to work, DBS checks).

• Legitimate interests – for efficient recruitment, client services, and business operations, including the use of AI tools. We conduct assessments to ensure these do not override your rights.

• Consent – where required (e.g., for certain special category data, or for marketing).

You can object to processing based on legitimate interests at any time.

6. How We Share Your Data

6.1. We may share your data with:

• Clients and potential employers for recruitment opportunities.

• Third-party service providers for IT systems (e.g., Zoho), cloud storage, background checks (e.g., uCheck), payroll, etc.

• Professional advisers such as lawyers, accountants, and insurers.

• Regulatory authorities such as the HMRC or DBS where legally required.

All third parties must comply with data protection laws and only process your data under our instructions.

7. Data Security

7.1. We implement appropriate technical and organizational measures to protect your personal data, including:

• Secure servers, encryption (where applicable and proportionate), and restricted access.

• Staff training and confidentiality agreements.

• Regular system monitoring and penetration testing.

8. Data Retention

8.1. We retain your personal data only as long as necessary for the purposes set out above, including:

• Usually 12 months from your last active engagement with us (unless you request deletion earlier).

• Longer where required for legal, tax, or regulatory reasons.

• We may anonymize data for statistical purposes, in which case it is no longer considered personal data.

9. Your Legal Rights

9.1. You have rights under UK data protection law, including the right to:

• Request access to your data.

• Request correction of inaccurate data.

• Request erasure (“right to be forgotten”).

• Object to processing (especially profiling or marketing).

• Request restriction of processing.

• Request data portability (in applicable cases).

• Withdraw consent at any time (where consent is the basis).

• To exercise your rights, contact us using the details below.

10. Changes to this Privacy Policy

We may update this policy from time to time. Changes will be posted on this page and dated, and, where appropriate, notified by email. Please check this page periodically to stay informed.

11. Contact Information

If you have any questions about this Privacy Policy or our use of your data, please contact:

Paul Adepoju

Director

Email: paul@kitchenflow.co.uk