Privacy Policy

This Privacy Policy explains how Deep Blue Recruitment Ltd (“we,” “us,” or “our”) collects, uses, discloses, and protects personal data when you visit or interact with our website (hosted on Webflow), including features such as our contact form and newsletter signup.  We comply with the UK Data Protection Act 2018, UK GDPR, and EU GDPR (Regulation (EU) 2016/679).

1. Data Controller

Deep Blue Recruitment Ltd
20‑22 Wenlock Road
London, N1 7GU
United Kingdom
Email: info@deepbluerecruitment.com

2. Data Protection Officer (DPO)

If required under GDPR, our DPO is:
Name: Mr. Peter Clark
Email: info@deepbluerecruitment.com

3. EU Representative (if applicable)

Name: Mr. Peter Clark
Email: info@deepbluerecruitment.com

4. Children’s Data

We do not knowingly collect personal data from children under the age of [16 in the EU/13 in Member States where lower]. If we become aware that a minor has submitted data without parental consent, we will delete it immediately (Art 8 GDPR).

5. Personal Data We Collect

5.1 Contact Form

  • Data fields: First name; Last name; Email address; Phone number
  • Metadata: Timestamp; IP address; browser/user‑agent string

5.2 Newsletter Signup

  • Data fields: Email address (via Sendinblue form at sibforms.com)
  • Metadata: Timestamp; IP address

5.3 Cookies & Tracking Technologies

  • Consent management: Usercentrics stores consent preferences.
  • Necessary cookies: Webflow session & security (e.g. __cfduid, wf_*)
  • Performance/functionality cookies: Join.com embed, Sendinblue (sib_*)
  • Analytics: Google Search Console verification tag only (no personal data collection)

6. Purposes & Legal Bases for Processing

  • Responding to contact‑form inquiries (Legal basis: Consent (Art 6 (1)(a)))
  • Delivering newsletter communications (Legal basis: Consent (Art 6 (1)(a)))
  • Managing cookie preferences (Legal basis: Consent (Art 6 (1)(a)))
  • Ensuring website security and integrity (Legal basis: Legitimate interest (Art 6 (1)(f)))
  • Meeting legal obligations (e.g. record‑keeping) (Legal basis: Legal obligation (Art 6 (1)(c)))

    • Legitimate Interests Assessment (Art 6 (1)(f))

    • Interest: Protecting our website and data from fraud, hacking, and abuse
    • Necessity: Security logging (IP, user‑agent) is essential to detect/prevent attacks
    • Balance: Low privacy impact; data retained only for security review (max 12 months)

    7. Categories of Recipients (Art 13 (1)(e))

    • Internal: Sales & marketing team; IT & security staff; finance department
    • External processors:
    • Authorities: UK ICO, EU DPAs, courts or regulators if legally required

    8. International Transfers & Safeguards (Art 13 (1)(f))

    Some processors transfer data outside the UK/EU.  We ensure:

    • Standard Contractual Clauses approved by the European Commission (and the UK SCC addendum)
    • Adequacy decisions (e.g. UK → EU; EU → UK)
    • To request a copy of the SCCs or other safeguards, please contact us at info@deepbluerecruitment.com.

    9. Data Retention & Criteria (Art 13 (2)(a))

  • Contact‑form submissions. Retention period: Up to 3 years, Criteria: End of client relationship + statute of limitations period
  • Newsletter sign‑up records. Retention period: Until you unsubscribe. Criteria: Consent withdrawn
  • Security logs (IP, user‑agent). Retention period: 12 months. Criteria: To investigate security events only
  • Cookie‑consent records. Retention period: 5 years. Criteria: To demonstrate consent history

    • 10. Cookies & Tracking

    For full details—types, purposes, and exact retention—see our Cookie Policy by clicking the Usercentrics icon in the bottom left of this page. Our banner lets you accept/decline non‑essential cookies and change preferences at any time.

    11. Automated Decision‑Making & Profiling (Art 13 (2)(f))

    We do not carry out automated decision‑making, including profiling, that produces legal effects or significantly affects you.

    12. Your Rights

    Under UK GDPR and EU GDPR, you have the right to:

    • Access your personal data
    • Rectify inaccurate or incomplete data
    • Erase (“be forgotten”) where no overriding legal basis exists
    • Restrict or object to processing
    • Data portability (receive data in a structured, machine‑readable format)
    • Withdraw consent at any time (without affecting lawfulness of prior processing)
    • Lodge a complaint with the ICO (UK) or your local EU Data Protection Authority

    13. Exercising Your Rights

    To exercise any of the above rights, or to complain about our processing, contact our DPO at  info@deepbluerecruitment.com.  You may also lodge a complaint with the UK Information Commissioner’s Office (ICO) or, if you reside in the EU, with your local DPA.

    14. Security Measures & Breach Notification

    We implement appropriate technical and organisational measures (e.g. HTTPS/TLS, access controls, pseudonymisation).  In the unlikely event of a personal data breach, we will notify the relevant supervisory authority within 72 hours and inform impacted individuals where required (Art 33, Art 34 GDPR).

    15. Changes to This Policy

    We may update this policy to reflect legal, technical or organisational changes.  Where material changes occur, we will notify you by email (if you have subscribed) or via a prominent notice on our website.

    16. Effective Date

    This version is effective as of 18 April 2025.

    17. Cookie Policy & Banner

    Our cookie banner (via Usercentrics) allows you to:

    • Accept or decline non‑essential cookies
    • View cookie categories and retention periods
    • Change your preferences any time via the “Cookie Settings” link in the website footer.