+44 (0)207 993 3368


Company Fusion Limited General Data Protection Regulation

Data protection policy

Context and overview

Key details

Policy prepared by:Company Fusion Limited
Approved by board / management on:29/03/2018
Policy became operational on:25/05/2018
Next review date:25/05/2019


This Privacy Policy is here to explain what we do with your personal data and will describe how we collect and process your personal data in order to help you find a job. In doing so we will comply with the legal obligations that apply to you.

We put your privacy first and have a responsibility in protecting all your data privacy rights.

Please note that we may adjust this policy at any time in order to stay compliant under this new regulation.

Why this policy exists

This data protection policy ensures Company Fusion Limited:

Data protection law

The General Data Protection Regulation describes how organisations — including Company Fusion Limited— must collect, handle and store personal information.

These rules apply regardless of whether data is stored electronically, on paper or any other method.

To comply with the law, personal information must be collected and used fairly, stored safely and not disclosed unlawfully.

This new regulation is underpinned by eight important principles. These say that personal data must:

  1. Be processed fairly and lawfully
  2. Be obtained only for specific, lawful purposes
  3. Be adequate, relevant and not excessive
  4. Be accurate and kept up to date
  5. Not be held for any longer than necessary
  6. Processed in accordance with the rights of data subjects
  7. Be protected in appropriate ways
  8. Not be transferred outside the European Economic Area (EEA), unless that country or territory also ensures an adequate level of protection

People, risks and responsibilities

Policy scope

This policy applies to:

What data we will collect

For our legitimate business means, we may need to collect all and/or some of the following data listed below:

How we will collect your data

At Company Fusion Limited, there are two primary ways in which we will collect your data:

1) The personal data that you, the candidate, have given to us;

We will need to have certain information in order to provide you a tailored service that will enable us to provide you with the best opportunities.

It is up to you how you would like to provide us your personal data, however best suits you. These may include:

2) The personal data that we receive from other sources;

These may include:

Please note that any personal data that you give will not be given/sold to any unauthorised third parties.

How we will use your data

As Company Fusion Limited is a recruitment agency, we will use your information only for the necessary requirements – fusing the right candidates with the right jobs with our clients. As stated in the EU Directive 95/46/EC (General Data Protection Regulation), Article 6(1)(f), we can process your data when it ‘is necessary for the purposes of the legitimate interests pursued by [Company Fusion Limited] or by a third party, except where such interests are overridden by the interest or fundamental rights or freedom of [you] which require protection of personal data’. All processes carried out by Company Fusion Limited have legitimate interests behind them.

Listed below are the various ways in which we will use and process your data:

We will use your personal data for the above means if we deem it necessary for our legitimate business interests.

All our recruitment activities involve solely human decision making end to end. Where appropriate to do so, we will seek your consent to carry out such activities and we will continue to manually review opportunities. Your profile will not be automatically considered for alternative roles without your consent.


We are required to obtain your consent for the processing of your data in relation to any recruitment activity that takes place. Article 4(11) of the legislation states that ‘opt-in’ consent is ‘any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by clear affirmative action, signifies agreement to the processing of personal data relating to him or her’. In other words, you have to give the consent freely and know what you are consenting to (we will make sure we will give you enough information) without feeling any pressure to do so.

There will be a tick box for you to check if you agree to us having your consent. This said action is thereby giving us your consent in a clear and unambiguous fashion - We will keep all records of consent.

At any point during any of the processes, you have the right to withdraw consent whereby we have to erase all your personal data (also known as Right to Erasure). This therefore means that we have to remove all the personal data that you have provided us from our database.

We will also remove any of our personal data from our database if we no longer have any necessary purpose for which it was originally collected/processed for. In addition to this, if we can no longer get hold of you from the data we have, i.e. showing silence or inactivity, this would also mean that we would have to remove your personal data from our database.

Data protection risks

This policy helps to protect you as an individual and Company Fusion Limited from data security risks, including:


Everyone who works for or with Company Fusion Limited has a responsibility for ensuring data is collected, stored and handled appropriately.

Each member of our team that handles personal data will ensure all personal data is handled and processed in line with this policy and data protection principles.

Below are the key areas of responsibility:

General staff guidelines

Data storage

These rules describe how and where data should be safely stored. Questions about storing data safely can be directed to the IT manager or data controller.

When data is stored electronically, it will be protected at all times from unauthorised access, accidental deletion and malicious hacking attempts:

Data use

When personal data has been given to Company Fusion Limited, it is our responsibility to safeguard this information when using it for legitimate business interests.

Data accuracy

The law requires Company Fusion Limited to take reasonable steps to ensure data is kept up to date.

The more important it is that the personal data is accurate, the greater the effort Company Fusion Limited should put into ensuring its accuracy.

It is the responsibility of all employees who work with personal data to take reasonable steps to ensure it is kept as accurate and up to date as possible.

Subject access requests

All individuals who are the subject of personal data held by Company Fusion Limited are entitled to:

If any individual contacts the company requesting this information, this is called a subject access request. Under the new regulation, we are then obliged to tell you all the personal data that we have for you on our database.

Subject access requests from individuals should be made by email, addressed to the data controller at GDPR@companyfusion.com. You will then be given a standard request form, although individuals do not have to use this.

We will always verify the identity of anyone making a subject access request before handing over any information.

Disclosing data for other reasons

In certain circumstances, the GDPR guidelines allows personal data to be disclosed to law enforcement agencies without the consent of the data subject.

Under these circumstances, Company Fusion Limited will disclose the requested data. However, we will ensure the request is legitimate, seeking assistance from the company’s legal advisers where necessary.

Providing information

Company Fusion Limited aims to ensure that individuals are aware that their data is being processed, and that they understand:

Please contact us for any further enquiries about our privacy policy. Company Fusion Limited will be able to provide you with more information by contacting us at GDPR@companyfusion.com - all enquiries will receive a reply within 72 hours.