Skip to content

Privacy and Confidentiality


Cordius Ltd (“Cordius”) is registered as a data controller in the United Kingdom for the purposes of the Data Protection Act 1998. Cordius’ website and online services are designed to protect the privacy of all users. We ensure that the data you supply to us is processed fairly and lawfully, and with skill and care. This Data Protection Policy governs our processing of all personal data provided to us, in all forms. By registering your details with us and using our website, you consent to us collecting and processing personal data supplied by you and disclosing this information to prospective employers and clients in connection with the recruitment process.


The Data Protection Act was replaced by the new General Data Protection Regulations (GDPR) on the 25th May 2018; this is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area. It also addresses the export of personal data outside the EU and EEA.

This Privacy Notice provides you with clear information as to how we process your personal data. We are obliged to use your information in line with all applicable laws. We do so in a manner that is fair by using your information in a way that you would reasonably expect when providing our work-finding services or recruiting personnel for you, and being transparent so that you know how it will be used.

This Privacy Notice sets out the types of personal data that we collect about you, how and why we use it, how long we will keep it for, when why and who we will share it with, the legal basis for us using your personal data and your rights in relation to us storing and processing your personal data. It also explains how we may contact you and how you can contact us.

Part of the recruitment process will involve sharing your personal data with our clients (independent data controllers) who have potential work opportunities that may be suitable for you. These third parties will have their own privacy policies and will also need to comply with all applicable laws – we encourage you to contact them directly if you have any concerns or questions about your data.


Cordius Limited (registration number 5206613) is an employment business and agency. We provide both temporary and permanent recruitment services to clients looking to recruit personnel for their business and provide work-finding services to candidates looking for job opportunities.

We are registered as a data controller with the ICO in the United Kingdom for the purposes of the Data Protection Legislation and General Data Protection Regulation (GDPR). Our registered office address is 81 Burton Road, Derby, DE1 1TJ and you can contact us at if you have any queries relating to data protection.


For prospective candidates, contractors, referees and clients, our processing is necessary for our legitimate interests in that we need the information in order to be able to assess suitability for potential roles, to find potential candidates and to contact clients and referees.

We do not consider our legitimate interests to be overridden by your interests or fundamental rights and freedoms. We take into consideration the reasonable expectations of individuals who are actively applying for jobs or making their personal information publicly accessible on professional networking sites.

If you are submitted as a candidate or requested for interview, then this may involve the processing of more detailed personal data including sensitive data such as health information or any unspent criminal convictions that you or others provide about you. We will ask for your consent before undertaking such processing if we are required to do so.

For clients, we may also rely on our processing being necessary to perform a contract for you if one is in place, for example in contacting you.


We collect and process personal data only as far as is necessary to facilitate the recruitment process and provide you with work-finding services. We need your personal data in order to find you suitable opportunities and further information may be needed to assess your eligibility through the different stages of the recruitment process.

The information we collect may include your name, email address, telephone number, CVs, identification and right to work documents, educational records, work history, employment and references.

In general, we will not ask you about sensitive personal data but there may be times that it is necessary for information to be disclosed to us and for us to share that with potential employers. We will only share the information where you have provided your explicit consent.

We are also under an obligation with our clients to provide suitable candidates. Part of that assessment will include asking you about any unspent criminal convictions you may have. We consider this to be highly confidential information and will only do so where you have provided your explicit consent.


The data we collect about you is obtained from the following sources:

  • Directly from you. This may be via our registration process, information requests and applications via our website.
  • An agent or third party acting on your behalf. This may be where you are consulting via a Limited Company.
  • Publicly available sources. We may also obtain your information from professional networking sites or job boards, where you have actively published or submitted your information.
  • Reference or word of mouth. You may be recommended by a friend, former employer or colleague.


We will use your information in such ways to facilitate the recruitment process and provide you with work-finding services, including but not limited to:

  • To provide our services by using your details to match your skills, experience and education with a role that suits your requirements (we use technology in ways to help identify the most suitable candidates for a specific role but this does not constitute automated decision making);
  • To make you aware of current opportunities that may suit your requirements;
  • To contact and update you about applications you have made or roles you have been submitted for;
  • To share your details with clients with the aim of securing a potential role (our client may be the company you will provide your services to or an intermediary company that directly supplies to the company you will provide your services to).

If you are selected by the client for an interview or the next stage of the recruitment process, we will need further information from you. This is likely to come directly from you but may also be from third parties such as a referee for example.

We may also analyse the data internally so that we can offer a more relevant service, for marketing and strategic development purposes or for research purposes to improve our service.


We may contact you by phone, email or social media. Some examples of when we will contact you are:

  • Upon receipt of a CV or your personal data, it will be reviewed to determine whether we are likely to be able to provide you with work-finding services and we will notify you if you are added to our database.
  • When one of our consultants considers you for a suitable job opportunity or to find out more about the type of role you are looking for.
  • Before we put you forward for a role.
  • During and following an assignment we have placed you in.
  • In relation to any correspondence we receive from you.
  • To update you on any material changes to our policies and practices.


In order to provide work-finding services to you, it is necessary for us to share your personal data with our clients (independent data controllers) who have potential work opportunities that may be suitable for you. Once your data has been shared with them, they will determine how they use, store and process your data and will have their own privacy policy.

There may also be circumstances where disclosure is required or permitted by law (such as to government bodies and law enforcement bodies). As an example, we are under an obligation to report pay details of all workers we place with clients to HMRC.

Generally, we will process your information within Cordius. There may be occasions where we use third parties to process your information on our behalf. In such situations these third parties will be under strict instructions and they will not be permitted to use your information for their own business purposes.


Cordius is based in the UK and our back-up systems are stored in the EEA. We do not generally transfer your data out of the EEA.

In the event that we do need to make transfers to countries outside the EEA, we will ensure the appropriate safeguards are in place.


Cordius will only retain information for as long as necessary for the relevant activity. This may be determined by legislation or a decision as to what we consider necessary for the business based on a number of factors.

  • If you have not registered with us, your data will be retained for 2 years from when it was added to our database or from when you were last contacted. You can request to have your record deleted (see below).
  • If you do register with us, your data will be retained for 4 years from the last contact or activity on your record. You can request to have your record deleted (see below).
  • If we place you in a temporary assignment or permanent role we will be required to keep certain information for specific lengths of time up to a maximum of 6 years. The purpose of keeping this information is to comply with our legal obligations.
  • Client contact details are retained for 6 years from when added to our database or from when you were last contacted. You can request to have your record deleted (see below).


We avoid processing special categories of data, these are sensitive personal data that reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

However, by taking copies of passports or ID it may be that racial or ethnic origin can be revealed. Processing this data is necessary for us to comply with employment law obligations and the data is only used for this specific purpose.

We are under an obligation to ensure that the candidates we submit to clients are suitable. As part of our registration process we require individuals to disclose any unspent convictions and may need to make further enquiries if necessary.


We will only send you direct marketing emails that promote our company or services if you have opted in to this. You will have the option to opt-in when you are provided with a copy of our Privacy Notice. You can also manage your preferences by contacting a Cordius consultant.

To clarify, contacting you about specific job opportunities is not marketing because we are not advertising or marketing our services.


If you do not provide the personal data requested, or use your right to withdraw your consent for the processing of your sensitive personal data, we may not be able to match you with available job opportunities.

You have the right to object to us processing your data based on legitimate interest. If you have not been placed then we will be able to delete your data. You will have the option to delete your data by emailing

If you have been successfully placed then we will be under certain legal obligations to retain information for specified periods (up to 6 years), this includes, but is not limited to, ensuring you have the right to work in the UK and allowing us to comply with HMRC reporting requirements regarding payroll information. In such situations you do not have the right to object to us processing your data.

You do also have the right to restrict processing which means that we will stop further use of your data but still store it. However, if we stop processing your data it will mean that any assignment you may currently be on will be terminated immediately or in line with any notice period.

Please note that we may require you to provide us with proof of your identity and answer security questions before processing your request and if your data is deleted we will have no record and you may be contacted again in the future.


You have the right to be informed and access a copy of the information comprised in your personal data. If any of the data we hold is inaccurate, you have the right to rectify it. You can contact us at or your consultant directly to update your data.

You can make a request to find out what personal data we hold about you. You may exercise this right by making a written subject access request (SAR) to We require you to provide us with proof of your identity and answer security questions before processing your request.

We usually act on such requests and provide information free of charge, but may charge a reasonable fee to cover our administrative costs of providing the information for:

  • baseless or excessive/repeated requests, or
  • further copies of the same information.

Alternatively, we may be entitled to refuse to act on the request.

Please consider your request responsibly before submitting it. We will respond as soon as we can. Generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we will let you know.


The GDPR introduces a new right to data portability. This will enable individuals to both receive and transmit the personal data they have provided to a data controller in a structured, commonly used and machine-readable format to another data controller.

The right to data portability only applies to the following:

  • personal data provided by the individual;
  • personal data that is processed with the individual’s consent or on the basis of a contract (excluding the other legal bases); and
  • when processing is carried out through automated means.

As we rely on the legal basis of legitimate interests, this right will not apply to the data we hold about you. In addition, references obtained directly from third parties about you will not be subject to the right of data portability.


We reserve the right to change our Privacy Notice at any time. Changes to our Privacy Notice will be displayed on our website.


If you have any issues or concerns then we ask that in the first instance you set this out in writing and send this to

If we are unable to satisfactorily deal with your complaint you can complain to the ICO which is the UK supervisory authority. You have the right to claim compensation for damages caused by a breach of data protection legislation.


To provide better service to you on our website, we use cookies to collect your personal data when you browse.

Some external links appear on our website to websites owned and operated by third parties. These websites have their own privacy policies and we encourage you to review them. We accept no responsibility or liability for the privacy practices of such third parties and you use them at your own risk.

What are Cookies?

A “cookie” is a small amount of data that is sent to your browser from a web server and stored on your computers hard drive. It can only be read by the webserver that set the cookie.  For users who login to the online system we set a session cookie. The purpose of this cookie is to retain your identity for the duration of that session only.  Cordius provides the option to store a permanent cookie thus enabling automated login to the site.

Does this site provide a ‘no cookie’ alternative?

Provision has been made for would-be users of the site who prefer not to have a cookie set. This is called the “Non-registered candidate application form” which enables you to apply to jobs without logging in.

Third-party cookies

When visiting microsites you may notice some cookies that are not related to Cordius Limited. When you visit a page that contains embedded content, for example from YouTube, you may be sent cookies from these websites. Cordius are unable to control the setting of these cookies, therefore we suggest you check the third-party websites for more information about their cookies and how to manage them.

Our ‘sharing’ tools

If you take the opportunity to ‘share’ our website content with friends and co-workers through social networks – such as LinkedIn and Twitter – you may be sent cookies from these websites. Cordius are unable to control the setting of these cookies, therefore we suggest you check the third-party websites for more information about their cookies and how to manage them.


If you have any questions about this privacy notice or the practices of this site, you can contact:

Data Controller
Cordius Ltd
3 College Place

Tel: (01332) 287766

Website by Clark CX