GridSelect is committed to safeguarding the privacy of our clients, candidates, and visitors to our website. We comply with the UK GDPR and the Data Protection Act 2018, and we are registered with the Information Commissioner’s Office (ICO) as a Data Controller. As part of our recruitment and consultancy services, we collect only the information necessary to operate effectively, such as contact details, CVs, work histories, qualifications, job requirements, and relevant notes from our interactions with you, as well as standard technical data from website use.

We use this information to deliver and improve our recruitment services, including matching candidates to suitable roles, managing ongoing communication, fulfilling contractual obligations, maintaining client relationships, and meeting our legal responsibilities. GridSelect never sells or trades personal data, and we share information only when required, such as with clients during the recruitment process, trusted service providers who support our operations, or when legally obliged to comply with regulatory authorities.

Our legal basis for handling personal data includes legitimate business interests in operating a recruitment service, fulfilling contracts, obtaining consent when required, and complying with legal obligations such as audit and tax requirements. We retain candidate data for up to two years unless continued engagement is requested, and client records for up to seven years in line with statutory requirements. You may request access to your data, corrections, deletion, restrictions on processing, or data portability at any time, unless we are legally required to retain certain information.

We take data security seriously and use appropriate technical and organisational measures to protect your information from unauthorised access, loss, or misuse. If you have concerns about how your data has been handled, you may contact us directly at your business privacy email, or raise a concern with the ICO at ico.org.uk.