Privacy Policy

Last updated: June 2026

This Privacy Policy explains how Recruitment Fee Recovery Ltd collects, uses, stores and protects personal data.

Recruitment Fee Recovery Ltd is a company registered in Northern Ireland. Company number: NI741234.

Email: [rasa@recruitmentfeerecovery.co.uk](mailto:rasa@recruitmentfeerecovery.co.uk)
Website: [www.recruitmentfeerecovery.co.uk](http://www.recruitmentfeerecovery.co.uk)

ICO registration number: ZC171851

We provide audit and recovery-support services to UK recruitment agencies. Our work involves helping agencies review historic candidate introductions, client terms, ownership periods and hiring activity to identify potential missed placement fees or backdoor hire opportunities.

We are not a law firm and we do not provide legal advice.

1. Our role

We are the controller for personal data we collect directly through our website, email communications, calls, meetings and business enquiries.

Where we process personal data supplied by a recruitment agency as part of an audit or recovery-support engagement, our role and responsibilities will be governed by the written engagement agreement with that agency.

2. Personal data we collect

From website visitors and business contacts

When you contact us, submit an enquiry, book a call, email us, speak with us, or communicate with us, we may collect your name, email address, phone number, company name, job title, message content, meeting details and communication history.

Please do not submit candidate personal data, CVs, confidential recruitment records or client dispute details through the website contact form.

From recruitment agencies we work with

Where a recruitment agency instructs us to provide audit or recovery-support services, we may receive personal data from that agency as part of the engagement.

This may include candidate introduction records, CV-send logs, client records, hiring activity, placement records, job roles, dates, communications and related evidence.

This data is provided to us by the recruitment agency, not directly by the candidates or clients concerned.

The recruitment agency remains responsible for ensuring it collected, stored, used and shared that data lawfully.

3. How we use personal data

We use personal data to:

* respond to enquiries
* arrange calls and meetings
* assess whether our services may be suitable
* provide audit and recovery-support services where instructed by a recruitment agency
* review historic recruitment records
* prepare findings and commercial recovery assessments
* manage client relationships
* maintain business records
* comply with legal, accounting and regulatory obligations
* protect our business, website and systems

We use agency-supplied candidate and client data only for the agreed audit and recovery-support purpose.

We do not use agency-supplied candidate data for unrelated marketing or any unrelated purpose.

4. Lawful basis for processing

Website and contact enquiries

We process this data on the basis of legitimate interests, such as responding to business enquiries, managing communications and assessing whether our services may be suitable.

Where discussions progress towards an engagement, we may also process this data to take steps before entering into a contract.

Client and engagement data

We process client and engagement data to perform our contract with the recruitment agency and on the basis of our legitimate interests in managing our business relationships, records and services.

Agency-supplied candidate and client data

Where a recruitment agency provides personal data to us for an audit or recovery-support engagement, we process that data for the agreed audit and recovery-support purpose.

The recruitment agency is responsible for establishing its own lawful basis for collecting, storing, using and sharing that data with us.

Where we process agency-supplied data on the agency’s instructions and solely for the agreed audit or recovery-support purpose, our role and responsibilities will be governed by the written engagement agreement with that agency.

To the extent that we independently determine any purpose for processing agency-supplied data, we rely on legitimate interests, including supporting recruitment agencies in identifying and assessing potential missed placement fee or backdoor hire recovery opportunities.

Legal and compliance obligations

Where we are required to process personal data to comply with legal, regulatory, accounting or tax obligations, we process the data on the basis of legal obligation.

5. Who we share personal data with

We do not sell personal data.

We do not routinely share agency-supplied candidate or recruitment data with insurers, banks, payment providers, CRM providers or other unrelated third parties.

Where necessary, we may share limited personal data with trusted third parties for the purposes of operating the business, providing our services, meeting legal obligations, or protecting our rights.

For website, enquiry, client and business contact data, this may include:

* email, calendar, hosting, website and cloud service providers
* CRM and business administration software providers
* accountants and financial advisers
* banks and payment providers
* insurers and insurance brokers
* solicitors and legal advisers
* regulators, public authorities or other parties where required by law

For agency-supplied audit or recovery-support data, sharing will be more limited. We may share or make this data available only where necessary for the agreed audit or recovery-support purpose, to obtain legal or professional advice, to deal with a dispute, claim or insurance matter, to comply with legal obligations, or where otherwise agreed in writing with the recruitment agency.

Where third-party service providers process personal data on our behalf, they are only permitted to use it for the service they provide to us and not for their own unrelated purposes.

6. How long we keep personal data

We only keep personal data for as long as reasonably necessary for the purpose it was collected.

Enquiry and prospect data may be kept for up to 2 years to manage communications and follow-up, unless an engagement proceeds.

Client and audit-related records may be kept for the duration of the engagement and for up to 6 years afterwards where required for legal, accounting, tax, insurance, compliance or dispute-management purposes.

Where data is no longer required, it will be securely deleted, anonymised or placed in a restricted archive where appropriate.

7. How we protect personal data

We take appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration or disclosure.

This includes using access controls, secure systems and appropriate business processes to protect the information we hold.

8. Your rights

Depending on your circumstances, you may have rights under UK data protection law, including the right to:

* request access to your personal data
* request correction of inaccurate data
* request deletion of your personal data
* object to processing
* request restriction of processing
* request data portability
* withdraw consent where processing is based on consent, where applicable

We will respond to valid rights requests within one calendar month.

To make a request, contact: [rasa@recruitmentfeerecovery.co.uk](mailto:rasa@recruitmentfeerecovery.co.uk).

Note for candidates and individuals whose data was provided by a recruitment agency:

If your personal data appears in an audit because a recruitment agency shared it with us, you may wish to contact that recruitment agency in the first instance regarding how your data was originally collected and why it was shared.

Where we receive personal data indirectly from a recruitment agency, direct privacy notices to each individual may not always be practical or proportionate, particularly where historic recruitment records are reviewed as part of an agency-led audit.

In those circumstances, we make this Privacy Policy publicly available and will cooperate with legitimate data protection rights requests relating to personal data we hold.

9. Cookies

Our website may use cookies or similar technologies that are necessary for the website to function properly.

If we use analytics, advertising or tracking technologies in the future, this policy may be updated and any required cookie notice or consent mechanism will be added.

10. International data transfers

We aim to store and process personal data within the United Kingdom where possible.

Where we use third-party providers that process personal data outside the UK, we will take appropriate steps to ensure that suitable safeguards are in place in line with UK data protection requirements.

11. Complaints

If you have concerns about how we handle personal data, please contact us first so we can try to resolve the matter.

You also have the right to complain to the Information Commissioner’s Office.

ICO website: ico.org.uk
ICO telephone: 0303 123 1113

12. Updates to this policy

This Privacy Policy may be updated from time to time. The latest version will be published on this page.