Privacy Policy
Last updated: April 2026 · Version 1.0
1. Introduction
ITAAR Recruitment Services ("we", "us", "our") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your information when you use our website.
We comply with the UK Data Protection Act 2018 and the retained UK GDPR.
2. Data Controller
ITAAR Recruitment Services is the data controller for the personal data you provide on this website.
- Email: privacy@itaarrecruitment.com
- Data Protection Contact: dpo@itaarrecruitment.com
3. Personal Data We Collect
| Data | Purpose |
|---|---|
| name | Identity verification and personalised correspondence |
| Communication and account management | |
| phone | Optional follow-up contact |
| message | Responding to enquiries |
| password | Authentication (stored hashed, never in plain text) |
4. How We Use Your Data
- To respond to contact form enquiries
- To manage user accounts and provide access to our services
- To send relevant course information when requested
- To improve our website and user experience
- To comply with our legal obligations
5. Legal Basis for Processing
| Activity | Legal Basis |
|---|---|
| contact form | Legitimate interest (responding to enquiries) |
| user accounts | Contract (providing access to services) |
| analytics | Consent |
| marketing | Consent |
6. Data Retention
| Data Type | Retention Period |
|---|---|
| contact messages | 365 days |
| user accounts | Until account deletion |
| session logs | 90 days |
| consent records | 1095 days |
| dsr requests | 1825 days |
| compliance log | 90 days |
7. Third-Party Processors
We may share your data with the following trusted service providers who assist us in operating this website:
| Processor | Purpose | Location |
|---|---|---|
| Hosting Provider | Web hosting and data storage | UK/EEA |
| Mailtrap / SMTP | Transactional email delivery | EU |
We do not sell your personal data to third parties.
8. Cookies
We use essential cookies to operate our website. Non-essential cookies (analytics, marketing) are only used with your consent. See our Cookies Policy for full details.
9. Your Rights
Under UK data protection law, you have the following rights:
- Access — request a copy of your personal data
- Rectification — correct inaccurate data
- Erasure — request deletion of your data
- Restriction — limit how we use your data
- Portability — receive your data in a portable format
- Objection — object to processing based on legitimate interest
- Withdraw consent — for consent-based processing at any time
To exercise your rights, use our Data Subject Request form or email dpo@itaarrecruitment.com. We will respond within 30 days.
10. Data Security
We implement appropriate technical and organisational measures to protect your data, including:
- Encrypted passwords (bcrypt)
- HTTPS encryption in transit
- HTTP-only session cookies
- CSRF protection on all forms
- Parameterised database queries to prevent SQL injection
- IP address pseudonymisation in logs
11. Data Breaches
In the event of a personal data breach that poses a risk to individuals, we will notify the Information Commissioner's Office (ICO) within 72 hours and affected individuals without undue delay where required.
12. Complaints
You have the right to lodge a complaint with the ICO at ico.org.uk/concerns or call 0303 123 1113.
13. Changes to This Policy
We may update this policy periodically. The date at the top of this page reflects the latest revision. Continued use of the website after changes constitutes acceptance.