We collect only the information necessary to deliver our recruitment and executive search services. This includes CVs, contact details, employment history, assessment results, and communication records. We process this data solely to match candidates with suitable opportunities, support our clients’ hiring needs, and maintain accurate business records. All processing is carried out in line with GDPR principles of lawfulness, fairness, and transparency.

Bright Hire processes personal data under the lawful bases defined by GDPR. These include:

• Consent, when candidates voluntarily submit their information

• Legitimate interests, such as identifying suitable candidates for roles

• Contractual necessity, when delivering services to clients

• Legal obligations, including compliance with employment and tax regulations We ensure that each processing activity is supported by an appropriate legal basis.

We share personal data only when necessary and always with strict safeguards. This may include sharing candidate profiles with clients for relevant job opportunities or using trusted service providers for IT, assessments, or communication tools. All third parties are contractually required to protect data in accordance with GDPR. We never sell personal information to external organisations.

We retain personal data only for as long as needed to fulfil our services or meet legal requirements. Bright Hire uses secure systems, encryption, access controls, and confidentiality agreements to protect all information. Under GDPR, individuals have the right to access, correct, delete, restrict, or object to the processing of their data. Requests can be made at any time, and we respond promptly and transparently.