Privacy Policy

Prism Digital Limited (“Prism Digital”) are a recruitment business who provide work-finding services to clients and work-seekers. Prism must process personal data (including sensitive personal data) so that it can provide these services – in doing so; we act as a data controller.

The information we collect depends on who you are and your level of interaction with us.

At Prism Digital, protecting your privacy is very important to us. Our goal is to treat the personal information you provide to us with the utmost respect, and in accordance with this Privacy Policy. This Privacy Policy explains how personal information about you may be collected, used, or disclosed as a consequence of your activities on this Site. We urge you to read it carefully. By accessing, using and/or downloading materials from or sending or posting materials to, this Site, you agree on your own behalf and on behalf of each entity on whose behalf you act, to the terms of this Privacy Policy and to the practices for the collection, use or disclosure of your personal information as described here.

Please note that this Site is also governed by our Terms and Conditions. We urge you to review the Terms and Conditions before proceeding further on this Site.

1. What Information do we Collect?

CANDIDATE DATA: We only ask for details that will genuinely help us to help you, such as your name, age, contact details, education details, employment history, emergency contacts, immigration status, financial information (where we need to carry out financial background checks). Where appropriate and in accordance with local laws and requirements, we may also collect information related to your health, diversity information or details of any criminal convictions.

If you are a contractor and we place you in a role, we may also store passport details, bank account details, national insurance numbers and other financial information.

CLIENT DATA: We need to collect and use information about you, or individuals at your organisation, in the course of providing you services such as finding candidates who are the right fit for you or your organisation.

The data we collect about our clients is actually very limited. We generally only need to have your contact details or the details of individual contacts at your organisation (such as their names, telephone numbers and email addresses) to enable us to ensure that our relationship runs smoothly. We may also hold extra information that someone in your organisation has chosen to tell us.

SUPPLIER DATA: We need a small amount of information from our Suppliers to ensure that things run smoothly. We need contact details of relevant individuals at your organisation so that we can communicate with you. We also need other information such as your bank details so that we can pay for the services you provide, if this is part of the contractual arrangements between us.

WEBSITE USERS: We collect a limited amount of data from our Website Users which we use to help us to improve your experience when using our website and to help us manage the services we provide. This includes information such as how you use our website, the frequency with which you access our website, and the times that our website is most popular.

2. How do we Collect Personal Data?

CANDIDATE DATA: Unless you have given us explicit consent, we process your information as a candidate under ‘legitimate interest’, in compliance with the General Data Protection Regulations. This means that we have a clear business interest in processing and storing your data. In practice, this means that we have recently seen that you are looking for a new position, and as recruiters deem it appropriate to store your information in order to help you with your search.

There are two main ways in which we collect your personal data:
1. Directly from you; and
2. From third parties (e.g. social media, job boards).

As part of the services we provide, you may choose to provide us with your CV, to be viewed by our consultants and staff members who access this Website. In addition to the provisions of this Privacy Policy, the collection, use and distribution of your CV is governed by the Terms & Conditions of Use.

CLIENT DATA: There are two main ways in which we collect your personal data:
1. Directly from you; and
2. From third parties (e.g. our Candidates) and other limited sources (e.g. online and offline media).

SUPPLIER DATA: We collect your personal data during the course of our work with you.

We may also collect information automatically about your usage of our website using cookies and other technology (for full details of what we use see the section below on “Cookies”). To that effect, we use your IP address (a series of numbers that identifies a computer on the internet) to collect, among other things, internet traffic data and data regarding your browser type and computer. If you do not want to receive cookies, you may reject them by using your browser settings (for help with how to do this see the section below on “Cookies”).

Please note that we record all incoming and outgoing phone calls. These calls are securely kept for 5 years. We keep these recordings for monitoring and training purposes.

3. How do we use your Personal Data?

CANDIDATE DATA: The main reason for using your personal details is to help you find employment or other work roles that might be suitable for you. The more information we have about you, your skillset and your ambitions, the more bespoke we can make our service. Where appropriate and in accordance with local laws and requirements, we may also use your personal data for things like marketing, profiling and diversity monitoring. Where appropriate, we will seek your consent to undertake some of these activities.

CLIENT DATA: The main reason for using information about clients is to ensure that the contractual arrangements between us can properly be implemented so that the relationship can run smoothly. This may involve identifying candidates who we think will be the right fit for you or your organisation

SUPPLIER DATA: The main reasons for using your personal data are to ensure that the contractual arrangements between us can properly be implemented so that the relationship can run smoothly, and to comply with legal requirements.

Information gathered through cookies and similar technologies are used to measure and analyse information on visits to our websites, to tailor the websites to make them better for visitors and to improve technical performance. We will not use the data to identify you personally or to make any decisions about you.

4. Who do we Share your Personal Data With?

CANDIDATE DATA: Primarily we will share your information with prospective employers to increase your chances of securing the job you want.

CLIENT DATA: We will share your data primarily to ensure that we provide you with a suitable pool of candidates.

5. Marketing

If you become a candidate, client or supplier of Prism Digital, we may use your personal information to send you information that we think may be of interest to you or your business. This is within our legitimate interests as a recruitment company to use your information in this way.

If you do not wish to receive any direct marketing material or communications after you submit or provide your details, please contact us using the details below (stating UNSUBSCRIBE in the heading of any email message) indicating if you do not wish to be contacted for one or more of these marketing purposes and/or via particular forms of communication e.g. email or telephone. Please note that the preferences that you state will override any registrations you or your organisation may have with the relevant preference organisations.

If you change your mind about being contacted by us in the future, or change address, or if any information that we hold about you is inaccurate or out-of-date, please let us know by emailing or writing to us. We may need to check your identity before amending your information.

6. How do we Safeguard your Personal Data?

Some of the information you provide to us will be held on our computers in the UK and will only be accessed by or given to our staff working in the UK. Some of the information you provide to us may be transferred to, stored and processed by third party organisations which process data for us and on our behalf. These third parties may be based (or store or process information) in the UK or elsewhere including outside of the EEA.

We care about protecting your information. That's why we put in place appropriate measures that are designed to prevent unauthorised access to, and misuse of, your personal data. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.

7. How Long do we Keep your Personal Data?

Once your data is on our database, we will hold your data for a period of 10 years. If we have no record of a positive interaction with you or your company (email, phone call, job application, etc.), we will delete your personal data from our systems unless we believe in good faith that the law or other regulation requires us to preserve it (for example, because of our obligations to tax authorities).

We maintain the right to hold information about specific individuals for longer than the standard 10 years. If we have stored financial information about you, we will hold on to your details for ten years. If we have placed you in a role, we will hold on to your information for ten years. This ensures that we can effectively monitor our placements and our business relationships.

8. Information Security

Prism Digital has in place administrative, technical and physical measures on our website and internally designed to guard against and minimise the risk of loss, misuse, unauthorised access or disclosure, alteration, or destruction. Only employees who need the information to perform a specific job are granted access to your information.

Where we transfer information to third parties to enable them to process it on our behalf, we ensure that the providers meet or exceed the relevant legal or regulatory requirements for transferring data to them and keeping it secure.

We will also ensure that where information is transferred to a country or international organisation outside of the UK/EEA, we will comply with the relevant legal rules governing such transfers.

Prism Digital employees are permitted to add, amend or delete personal data from Prism Digital’s database(s) (paper based and/or electronically). All employees should ensure that adequate security measures are in place.
For example:

- Computer screens should be locked when stepping away from desks.
- Passwords only disclosed to relevant staff members when required.
- Email should be used with care ensuring data sent goes to the intended recipient.
- Personnel files and other personal data should be stored in a place in which any unauthorised attempts to access them will be noticed.
- Personal data should be disposed of appropriately – stored safely and then shredded or destroyed.

It should be remembered that the incorrect processing of personal data (e.g. sending an individual’s details to the wrong person, allowing unauthorised persons access to personal data, or sending information out for purposes for which the individual did not give their consent), may give rise to a breach of contract and/or negligence leading to a claim against Prism Digital for damages from an employee, work-seeker or client contact. A failure to observe the contents of this policy will be treated as a disciplinary offence.

9. How can you Access, Amend or Take Back the Personal Data that you Have Given to us?

Please be aware that you have the following data protection rights:
- The right to be informed about the personal data Prism Digital processes on you;
- The right of access to the personal data Prism Digital processes on you;
- The right to rectification of your personal data;
- The right to erasure of your personal data in certain circumstances;
- The right to restrict processing of your personal data;
- The right to data portability in certain circumstances;
- The right to object to the processing of your personal data that was based on a public or legitimate interest;
- The right to request that we provide information you have given us to a third party provider of our services (where lawful basis for processing is consent and where processing is automated);
- The right not to be subjected to automated decision making and profiling; and
- The right to withdraw consent at any time.

Where you have consented to Prism Digital processing your personal data you have the right to withdraw that consent at any time by contacting the details below. At any time, you have the right to request we cease processing your data, and to request we erase your data.

We will respond to your request (including providing information on whether the rights apply in the particular circumstances) within the applicable statutory time period. If we are not sure of your identity, we may require you to provide further information in order for us to confirm who you are.

10. Changes to this Policy

We may make changes to this policy from time to time as our business and internal practices and/or applicable laws change. We will not make any use of your personal information that is inconsistent with the original purpose(s) for which it was collected or obtained (if we intend to do so, we will notify you in advance wherever possible) or otherwise than is permitted by applicable law.

Please note: if you wish to no longer be contacted by us, we may recommend that you simply express the option to be put as ‘do not contact’ on our database, rather than full erasure. This ensures that you will not be contacted by us for 10 years. Anonymisation or erasure may mean that you will be contacted if data re-appears on a job board.

11. Third Parties:

By the nature of our work, we share candidate information with clients, and vice versa. If you do not agree to this then we can not represent you effectively. We ensure that our clients are happy with this data protection policy, and that our clients have a similar policy in place. We also work with a third party accounting firm, Aristar, who process payment information for contractors. This is a GDPR compliant company who will handle all data sensitively.

We do not sell any information to third parties.

12. How to Contact us

If you would like to get in touch to discuss this policy, how we use your personal information, to exercise your rights or to provide feedback or make a complaint about use of your information, please contact us as follows:

Alex Dover
109 Borough High St
Tel: 0203 800 1236

You can also contact the Information Commissioner’s Office via or on 0303 123 1113 for information, advice or to make a complaint.

13. Cookies

Cookies, also known as browsers or tracking cookies, are small text files that are added to your computer when you visit a website. They help websites to perform certain functions e.g. to know who you are if you log into a restricted part of a website, for shopping carts, and for tracking purposes.

We use cookies on our website. In addition, our website uses third party cookies from Google Analytics for Display Advertisers, including the following features:
- Google Analytics Demographics and Interest Reporting give us insight into behaviour information relating to visitor age, gender, and interests on an anonymous and aggregate level. This will help us to understand browsing behaviour to give you a better experience whilst visiting our sites.

14. Manage Cookies

Shortly after arriving at our website we will add an ‘opt-in’ tracking cookie to your computer unless you specify otherwise. If you would like to opt-in or opt-out of using cookies then you can do so by using your cookie settings. You can review your cookie settings at any time.

If you do opt-out then an opt-out preference cookie will be added to your computer, however if you delete all your cookies or use a different device then you will need to set your cookie preference again.

If this is your first visit and you navigate away from this website page without specifying your cookies preference then an ‘opt-in’ tracking cookie will be added to your computer.

Please note that you cannot opt-out of the deployment of cookies that are necessary for delivery of our website or services to visitors.

15. Privacy Policy With Respect To Use of CVs

As part of the services Prism Digital provides, you are able to upload your CV on our website. CVs are accessed by our consultants who seek to find you employment with third parties ("Third Parties"). Consultants are not permitted to disclose information outside of our organisation or beyond the Third Party, as applicable. Recruiters are also required to have entered into an agreement with Third Parties that requires such Third Parties to use your CV solely for the purpose of filling a job within the Third Party for which the information was provided and not disclosing your CV outside of the organization. If at any time you would like your CV removed from our Website, you may do so by emailing

Some job postings which are posted on the Prism Digital Site, allow you to follow links to where you can apply, and provide your CV, for a specific job posting. In some cases, such applications are still within the Prism Digital Site and its control. If you are not asked to login using your Prism Digital Registration User ID and password then both the application process, and your CV are outside the Prism Digital Site and Prism Digital's control. In such cases you will be providing your CV directly to the Employer or Recruiter and your CV will be subject to their privacy policy. Prism Digital is not responsible for the privacy practices of such Employer or Recruiter. In such cases, we encourage you to review the Employer or Recruiter's privacy policy.

When you CV is uploaded, it is converted in to various formats for our use only. These conversions are handled by an external datacentre server stack. Once conversion is complete your CV is then automatically deleted from that service. We are committed to ensuring that your information is secure. In order to prevent unauthorized access or disclosure, the data company has put in place suitable physical, electronic and managerial procedures to safeguard and secure the information.