Find Talent
Search Jobs

Resumai Solutions Ltd - Global Privacy Policy (UK, EU, North America & Middle East)

Introduction

Resumai Solutions Ltd ("Resumai", "we", "us", or "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, store, and safeguard your personal data when you interact with us - whether you are a candidate, client, supplier, website/app user, referee, emergency contact, or other third party involved in our recruitment and resourcing activities.

We operate globally, including in the United Kingdom, European Union, North America, and the Middle East. This unified Policy sets out how we process personal data across all territories, maintaining compliance with applicable data protection laws, including the UK GDPR, EU GDPR, U.S. state and federal privacy laws, Canadian PIPEDA, and Middle Eastern data protection frameworks.

We process personal data in line with the principles of lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity, confidentiality, and accountability.

 

Who we are and scope of this Policy

Controller: Resumai Solutions Ltd (and, where applicable, its subsidiaries and regional branches). The relevant Resumai entity you interact with acts as data controller for your personal data.

Registered office: 71–75 Shelton Street, London, United Kingdom WC2H 9JQ
Telephone: +44 204 604 4213
Company Registration: 16582103
VAT Number: 497521161
Registered in England and Wales

Contact for all data protection matters: privacy@resumaisolutions.com
Data Protection Lead: [Insert name/role]

This Policy applies to:

  • website and platform users;
  • job candidates and contractors;
  • client and prospective client contacts;
  • supplier contacts;
  • referees and emergency contacts; and
  • visitors to our offices or events.

 

What we do

We are a global recruitment and talent solutions provider. Our services include sourcing, screening, and introducing candidates for permanent and contract roles; contractor management; executive search; talent pooling; market mapping; compliance vetting; and career support. We also operate websites and digital tools to deliver these services.

 

Personal data we collect

Depending on context and local law, we may collect some or all of the following categories:

  • Identification & contact: name, title, address, email, telephone, country of residence.
  • Demographics: age/date of birth, sex/gender, marital status (where permitted).
  • Right-to-work & identity: nationality/citizenship/place of birth; passport/ID/visa copies; immigration status; driving licence.
  • Professional profile: education, qualifications, employment history, skills, preferences, remuneration/benefits, notice period, CV/résumé, photograph (if supplied), public profiles (e.g., LinkedIn).
  • Background & compliance: references, criminal records (only when lawful/required), credit/financial checks (where relevant), tax identifiers where legally required.
  • Diversity data: racial/ethnic origin, religious beliefs, health/disability info-only where voluntarily provided or required by law and subject to additional safeguards.
  • Emergency & referee details: names and contact information.
  • Technical & usage: IP address, device/browser details, pages visited, timestamps, analytics (e.g., cookies, Google Analytics).
  • Other: information you or third parties (clients, referees, job boards, social networks, publicly available sources) provide relevant to recruitment.

 

How we collect data

  • Directly from you: website forms, applications, emails, calls, messaging apps (business context), events, surveys.
  • Automatically: through cookies and analytics tools.
  • From third parties: job boards, professional networks, referees, clients, screening suppliers, Resumai affiliates, and public sources.

When we obtain data from third parties, we inform you within a reasonable time (no later than 30 days where required) of the source and purpose.

 

Purposes and lawful bases

Purpose Examples Lawful bases
Recruitment & relationship management sourcing candidates, assessing suitability, arranging interviews, onboarding, client management Legitimate interests, Contract, Legal obligation
Compliance & due diligence right-to-work verification, background screening Legal obligation, Legitimate interests
Administration & finance invoicing, payroll, supplier management Contract, Legal obligation
Website & service optimisation security, testing, analytics, reporting Legitimate interests, Legal obligation
Marketing & communications job alerts, newsletters, events Legitimate interests or Consent
Legal rights & claims exercising or defending legal claims Legal obligation, Legitimate interests

 

Legitimate interests: The exchange of personal data between candidates and clients is fundamental to recruitment services. We balance our business needs with your rights and expectations.

Consent: Used for specific activities such as marketing or certain international transfers. You may withdraw consent at any time.

 

Artificial Intelligence (AI)

We may use AI-assisted tools for activities such as CV formatting, content generation, deduplication, matching, and analytics. These tools support - not replace - human decision-making.

We do not conduct automated decision-making or profiling producing legal or significant effects without human oversight. All outputs that may affect individuals are reviewed by humans.

We ensure fairness, transparency, and compliance with equality and anti-discrimination laws and the emerging EU AI Act. Third-party AI vendors act as data processors under strict contractual safeguards.

 

Cookies

Our websites use cookies to distinguish users, improve experience, and analyse performance. You can manage cookies via browser settings or our preferences tools. Disabling cookies may affect functionality. See our separate Cookie Policy for details.

 

Sharing your personal data

We may share your data with:

  • Clients (for introductions, interviews, engagements).
  • Candidates/referees (for coordination or reference checks).
  • Group companies and service providers (IT hosting, CRM/ATS, background screening, communications, analytics, payroll, compliance partners).
  • Professional advisers (legal, tax, insurance) and financial institutions/financiers/bankers for legitimate business purposes.
  • Authorities/regulators (to comply with law or protect rights).
  • Business transfers (merger, acquisition, or sale) under confidentiality.

All third parties are contractually bound to safeguard personal data in line with Article 28 UK/EU GDPR or equivalent provisions.

 

International transfers

We aim to store personal data within the UK/EEA, but cross-border transfers may occur (e.g., between Group entities, clients, or vendors). We implement safeguards such as Standard Contractual Clauses (SCCs), International Data Transfer Addendum (IDTA), or Adequacy Decisions to ensure lawful and secure processing.

 

Data security

We maintain strong technical and organisational measures including secure hosting, access controls, encryption, MFA, logging, and vetted suppliers. Internet transmission is never fully secure, so you share data at your own risk. Passwords or credentials must remain confidential.

 

Data retention

We retain data only as long as necessary for the purposes described and legal compliance. Factors influencing retention include:

  • nature/sensitivity of data;
  • purpose of processing;
  • legal/regulatory obligations (e.g., UK Conduct Regulations, HMRC);
  • business needs and recruitment industry norms.

We periodically review, de-duplicate, and pseudonymise data as appropriate. Retention schedules are available upon request.

 

Your rights

Depending on your location, you may have the following rights:

  • right to be informed;
  • right of access;
  • right to rectification;
  • right to erasure;
  • right to restrict processing;
  • right to data portability;
  • right to object (especially to marketing or legitimate interest processing);
  • rights concerning automated decision-making and profiling;
  • right to withdraw consent.

Contact privacy@resumaisolutions.com to exercise these rights. Identity verification may be required.

 

Access requests and complaints

Subject Access Requests (SARs): Email privacy@resumaisolutions.com. No fee unless manifestly unfounded or excessive.

UK supervisory authority: Information Commissioner’s Office (ICO) – https://ico.org.uk/concerns/
EEA supervisory authority: CNPD (Luxembourg) – https://cnpd.public.lu/en/particuliers/faire-valoir/plainte.html
North America: See Section 20C below.
Middle East: See Section 20D below.

 

Marketing preferences

We may send relevant information (job alerts, events, insights). You may opt out anytime via email or unsubscribe links. Consent will be obtained where required.

 

Links to other websites

Our site may link to third-party sites. We are not responsible for their content or privacy practices. Review their privacy policies before submitting data.

 

Children

We do not knowingly collect personal data from children. If a child has provided data, please contact us to delete it promptly.

 

Changes to this Policy

We may update this Policy from time to time. Any updates will appear on this page and may be notified by email. Please review periodically.

Last updated: 12 November 2025

 

Contact us

Email: privacy@resumaisolutions.com
Telephone: +44 204 604 4213
Postal: 71–75 Shelton Street, London, United Kingdom WC2H 9JQ

Supplemental information (jurisdiction-specific)

A. United Kingdom

  • Controller: Resumai Solutions Ltd (UK establishment).
  • Primary law: UK GDPR & Data Protection Act 2018.
  • Supervisory authority: Information Commissioner’s Office (ICO).

B. European Economic Area (EEA)

  • Controller: Resumai Solutions Ltd.
  • Primary law: EU GDPR & Member State laws.
  • Supervisory authority: CNPD (Luxembourg) or your local authority.

C. North America (United States & Canada)

  • Controller: Resumai Solutions Ltd.
  • U.S. compliance guided by applicable state/federal laws (CCPA/CPRA, Virginia CDPA, Colorado, etc.).
  • Canada: Complies with PIPEDA and provincial laws.

Rights:

  • Know what personal data we collect and why.
  • Request deletion or correction.
  • Opt-out of sale/sharing (where applicable).
  • Non-discrimination for exercising rights.

To exercise: email privacy@resumaisolutions.com with subject line “North America Privacy Request.”

Cross-border transfers use approved contractual clauses and safeguards consistent with GDPR and PIPEDA.

D. Middle East (including GCC countries)

  • Controller: Resumai Solutions Ltd.
  • Compliant with UAE Federal Decree-Law No. 45/2021, Saudi PDPL, Bahrain PDPL (2018), and Qatar PDPPL (2021).

Commitment: We align processing with GDPR standards to ensure fairness, transparency, purpose limitation, and security.

Rights: Access, rectification, deletion, and objection (subject to local laws).
Contact: privacy@resumaisolutions.com – we will route to the appropriate regional contact.

 

Annex – Examples of third-party processors

  • Recruitment platforms (ATS/CRM)
  • Screening/background check providers
  • Communications and productivity tools (email, video interview, SMS)
  • Hosting/IT/security providers
  • Payroll/accounting systems
  • Analytics and marketing tools

All vendors are bound by confidentiality, security, and data-protection clauses consistent with global standards (GDPR, PIPEDA, and applicable Middle Eastern frameworks).

If you have any questions regarding our privacy policy or GDPR matters, please email privacy@resumaisolutions.com