Last updated: October 2025

Aspired Careers Limited

Website: www.aspiredcareers.com

 

1. Purpose

The purpose of this policy is to ensure that Aspired Careers Limited (“we”, “us”, “our”) complies with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other relevant legislation in the way we collect, store, use, and protect personal data.

This policy applies to all employees and representatives of Aspired Careers Limited who handle personal data relating to candidates, clients, suppliers, or other individuals.

2. Scope

This policy covers:

All personal data processed by us in the course of recruitment and business activities.
Data stored in our Applicant Tracking System (ATS) and Customer Relationship Management (CRM) system, provided by Vincere, as well as emails, spreadsheets, cloud storage, and physical files.
Data relating to candidates, clients, suppliers, and employees.

 

3. Data protection principles

We adhere to the seven key principles of UK GDPR:

Lawfulness, fairness and transparency – We process data lawfully and clearly explain how we use it.
Purpose limitation – We collect data only for specified, explicit, and legitimate purposes.
Data minimisation – We only collect data necessary for recruitment and business purposes.
Accuracy – We keep data accurate and up to date.
Storage limitation – We retain data only as long as necessary (see retention policy).
Integrity and confidentiality – We keep data secure through appropriate technical and organisational measures.
Accountability – We take responsibility for complying with data protection law and can demonstrate compliance.

 

4. Lawful bases for processing

We process personal data under the following lawful bases:

Consent (e.g., sending marketing communications).
Contract (e.g., processing candidate/client data to provide recruitment services).
Legal obligation (e.g., compliance with tax or right-to-work checks).
Legitimate interests (e.g., maintaining client and candidate relationships).

 

5. Roles & responsibilities

Data Controller: Aspired Careers Limited.
Data Processor: Third parties acting on our behalf (e.g., our CRM/ATS provider, payroll providers, IT/cloud services).
All staff: Responsible for handling personal data in accordance with this policy.
Data Protection Lead: Mr Kamaljeet Singh Jassal – Responsible for monitoring compliance, handling subject access requests, and liaising with the Information Commissioner’s Office (ICO).

 

6. Data security

We implement appropriate technical and organisational measures to protect personal data, including:

Secure passwords and multi-factor authentication.
Encryption of data in transit and at rest where possible.
Restricted access based on role and need-to-know.
Regular monitoring of ATS/CRM security compliance.
Secure disposal of data (digital deletion, shredding of physical documents).

 

7. Data retention

We only keep data for as long as necessary for recruitment or legal purposes:

Candidate data: up to 6 years from last contact, unless deletion is requested earlier.
Client data: up to 6 years from the end of the business relationship.
Financial and payroll records: at least 6 years for HMRC compliance.
Emails: reviewed and deleted regularly when no longer needed.

 

8. Data subject rights

We respect the rights of individuals under UK GDPR, including:

Right of access
Right to rectification
Right to erasure (“right to be forgotten”)
Right to restrict processing
Right to data portability
Right to object
Right to withdraw consent

All requests must be handled promptly, and within one month as required by law.

 

9. Data breaches

Any actual or suspected data breach must be reported immediately to the Data Protection Lead.
Serious breaches will be reported to the ICO within 72 hours, where required.
Affected individuals will be informed if there is a high risk to their rights and freedoms.

 

10. International data transfers

Data stored in our ATS/CRM system may be transferred outside the UK.
Such transfers will only take place where adequate safeguards are in place (e.g., UK International Data Transfer Agreement (IDTA), UK Addendum to SCCs).
We ensure that third-party processors comply with UK GDPR requirements.

 

11. Training & awareness

All employees handling personal data will receive appropriate training on data protection and this policy.

 

12. Monitoring & review

This policy will be reviewed annually, or sooner if there are significant changes in law, regulation, or business practices.

 

13. Contact

If you have any questions about this policy or how we handle personal data, please contact:

Aspired Careers Limited

Email: Hello@aspiredcareers.com

Registered Office: 573 Chester Road, Sutton Coldfield, B73 5HU

Registered in England & Wales: Company number | 16718646