PRIVACY NOTICE

Last update: January 2025

At C&G Regulatory Solutions Limited (“C&G,” “we,” “us,” “our”), we are committed to protecting the privacy and confidentiality of your personal information. This Privacy Notice explains how we collect, use, and disclose personal data when providing services in the United Kingdom. Please read this notice carefully to understand our practices regarding your personal information.

Information We Collect

We may collect and process the following types of personal information from candidates and contacts:

  • contact details (e.g. name, address, email address, phone number);
  • professional information (e.g. employment history, qualifications, skills, and experience);
  • educational background;
  • compensation details;
  • references and recommendations;
  • any other information you provide to us in connection with our services; and
  • identification documents and right-to-work status.

We may collect and process the following information from website users:

  • location data; and
  • your activities on and use of our website.

Collection and Use of Personal Information

We collect personal information from the following sources:

  • directly from you (e.g. meetings, telephone calls and email interactions);
  • indirectly (e.g. browsing activity while on our website (see “Cookies” below));
  • public sources (e.g. LinkedIn and media outlets); and
  • referees.

Executive search and recruitment services

  • To provide executive search and recruitment services.
  • To evaluate your suitability for specific job opportunities.
  • To communicate with you regarding potential job opportunities.
  • To verify your identity and right-to-work status.
  • To comply with legal and regulatory obligations.
  • To improve and enhance our services.
  • For any other purpose with your consent.

All other purposes

  • Providing services to you.
  • Conducting checks to identify and verify your identity or to help prevent and detect fraud against you or us.
  • To enforce legal rights or defend or undertake legal proceedings.
  • Customise our website and its content to your particular preferences based on a record of your selected preferences or your use of our website.
  • Retaining and evaluating information on your recent visits to our website and how you move around different sections of our website for analytics purposes to understand how people use our website so that we can make it more intuitive or to check our website is working as intended.
  • Communications with you not related to marketing, including changes to our terms or policies, services, or other important notices.
  • Protecting the security of systems and data used to provide the services.
  • To comply with our legal and regulatory obligations.
  • We may also use your personal data to ensure the security of systems and data to a standard that goes beyond our legal obligations, and in those cases, our reasons are for our legitimate interests, i.e. to protect systems and data and to prevent and detect criminal activity that could be damaging for you and/or us.
  • Statistical analysis to help us understand our customer base.
  • For our legitimate interests, i.e. to be as efficient as we can so we can deliver the best service to you at the best price.
  • Updating and enhancing customer records.
  • Disclosures and other activities necessary to comply with legal and regulatory obligations that apply to our business, e.g. to record and demonstrate evidence of your consent where relevant.
  • Marketing our services.

Legal Basis for Processing

Our processing of your personal information is based on the following legal grounds:

  • legitimate interests: pursued by us or a third party, provided your interests and fundamental rights do not override those interests. This includes providing regulatory updates, targeted marketing, or responding to inquiries where our interests do not override your rights;
  • performance of a contract with you or taking steps (at your request) before the performance of a contract;
  • consent: if you have given us specific consent to use your personal information; and
  • legal requirement: where we are legally required to disclose your personal information.

Marketing

We will use your personal data to send you updates (by email, telephone or post) about our services, including exclusive offers, promotions or new services.

We have a legitimate interest in using your personal data for marketing purposes. This means we do not need your consent to send you marketing information. If we change our marketing approach in the future so that consent is required, we will ask for this separately and clearly.

You have the right to opt out of receiving marketing communications at any time by:

  • contacting us using the details set out in the ‘Contact Us’ section of this policy; or
  • using the ‘unsubscribe’ link in emails.

We may ask you to confirm or update your marketing preferences if you ask us to provide further services in the future or if there are changes in the law, regulation, or the structure of our business.

We will always treat your personal data with the utmost respect and never sell or share it with other organisations for marketing purposes.

Data Sharing and Disclosure

We may share your personal information with the following parties as necessary and appropriate:

  • prospective employers and clients in connection with job opportunities;
  • third-party service providers who assist us in carrying out our services;
  • professional advisors, such as lawyers and auditors, as required; and
  • regulatory or governmental authorities as mandated by applicable laws.

Specifically, we share personal data with the following third parties:

  • Sendinblue SAS (“Brevo”) for email marketing. See Brevo’s privacy policy here;
  • Intuit Inc. and The Rocket Science Group LLC (“Mailchimp”) for email marketing. See Mailchimp’s privacy policy here and its data privacy certifications here; and
  • JA Creative Studio Ltd to assist with administering our website and mail clients. See JA Creative Studio’s ICO registration here.

We may also share data as required by law or to protect our legal rights.

International Transfers

Suppose we transfer your personal information outside of the United Kingdom. In that case, we will ensure appropriate safeguards to protect your privacy rights by applicable data protection laws.

As we use Brevo and Intuit Mailchimp, personal data may be transferred to the United States. These transfers are safeguarded by Standard Contractual Clauses (SCCs) and other relevant mechanisms to ensure compliance with UK GDPR.

Data Retention

We will retain your personal information for as long as necessary to fulfil the purposes outlined in this Privacy Notice or as required by applicable laws and regulations. Once the retention period expires, we will securely delete your data.

Where personal data is collected for marketing purposes, unengaged contacts will be reviewed, deleted, or archived after 24 months of inactivity.

Keeping your personal data secure

We have appropriate security measures to prevent personal data from being accidentally lost, used, or accessed unlawfully. We limit access to your personal data to those who have a genuine need to access it. We also have procedures to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so. If you want detailed information from Get Safe Online on protecting your personal data and other information and your computers and devices against fraud, identity theft, viruses and other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.

Your Rights

Under the UK GDPR, you have the following rights:

  • Right to Access: Request a copy of the personal data we hold about you;
  • Right to Rectification: Request corrections to inaccurate or incomplete data;
  • Right to Erasure: Request deletion of your personal data where applicable;
  • Right to Restrict Processing: Request that we limit the processing of your personal data in certain circumstances;
  • Right to Object: Object to processing for direct marketing purposes;
  • Right to Data Portability: Request the transfer of your data to another service provider;
  • Right to Withdraw Consent: Withdraw your consent for processing at any time; and
  • Right to Complain: Complain with the Information Commissioner’s Office (ICO) if you believe we have breached data protection laws.

If you wish to exercise these rights or have concerns about processing your personal information, please get in touch with us using the details below.

Complaints

Suppose you believe that we have not handled your personal information by this Privacy Notice or applicable data protection laws. In that case, you can complain to the Information Commissioner’s Office (ICO) or another supervisory authority. The UK’s Information Commissioner may be contacted using the details at https://ico.org.uk/make-a-complaint or by telephone: 0303 123 1113.

Updates to this Privacy Notice

We may update this Privacy Notice occasionally to reflect changes in our practices or applicable laws. The revised version will be posted on our website, and we encourage you to review it periodically.

Contact Us

If you have any questions or concerns regarding this Privacy Notice or our data practices, please get in touch with us at:

C & G Regulatory Solutions Limited

International House, George Curl Way, Southampton, SO18 2RZ, England, UK

+44 (0) 2380 302 100

enquiries@cgregulatorysolutions.com