Privacy Notice

Privacy Notice

Date of last revision: September 2022


Swann Group Holdings take your privacy seriously and is committed to protecting and respecting it.

This privacy notice (“Notice”) contains important information on:

  • who we are
  • the personal data we collect and store about you
  • how and why we collect personal data
  • what we do with personal data
  • the categories of third parties with whom we share your personal data
  • international transfers
  • how long we retain your information, and how we keep it secure
  • your rights and how to exercise them
  • how to contact us
  • details of whom to contact if you have a complaint.
  • We ask that you read the Notice, and any other privacy or fair-processing notice provided to you on specific occasions, so that you have a clear understanding of how we interact with your personal data. Each relevant notice supplements, and does not override, the others.


Please note that our website and services are not intended for children, and that we do not knowingly collect personal data relating to children.

Third-party links

Please also note that this website may contains third-party links that will take you to other websites not owned or operated by us or any of our group companies. By clicking on any link, you will leave this website: you should check the privacy notices on each other website that you visit, since this Notice will no longer apply at that point.


Here are some key details about us:

Our name: Swann Group Holdings Ltd (we will refer to ourselves using the word “we” and related words such as “us” and “our” in this Notice)

Place of incorporation:    England and Wales (this is where we are registered)

Company number: 12537626

Registered address: 10 Heath Drive, Sutton, Surrey SM2 5RP

Under data protection law, we are considered to be a “controller”. As a controller, we are responsible for, and control the processing of, your personal data. We are registered as a data controller with the Information Commissioner’s Office, which is the UK’s supervisory authority for data protection matters.

We are part of a group of companies and we are the ‘main establishment’ among our group of companies for the purposes of data protection law. This Notice is issued on behalf of the group, although individual businesses will also have their own privacy notices. To the extent of any conflict between this Notice and the privacy notice of a group business, this Notice will prevail.

What information do we collect?

Personal data is information about a living individual from which that individual can be identified (whether by one piece of data alone or through a combination of data).

Anonymous data, from which a person’s identity has been removed, is not personal data.

In the course of our business – namely providing search-and-select services, consultancy services and HR-related services – we may collect the following personal data about you:

Identity data, such as

  • name and title
  • gender
  • date of birth
  • marital or civil partnership status

contact data, such as

  • e-mail address
  • home address
  • telephone and mobile numbers

biographical data, such as

  • institutions attended
  • academic and professional qualifications gained
  • employment history
  • any other personal information you provide
  • references

financial data, to the extent that they contain personal data, such as

  • bank account
  • card details

transactional data, such as

  • details about payments to and from you
  • details of services you have requested from us

technical data, such as

  • internet protocol (IP) address
  • your browser type and version
  • time-zone setting and location
  • browser plug-in types and versions
  • operating system and platform and other technology on the devices you use to access our website

usage data, such as

  • information about how you use our website and services

marketing data, such as

  • your preferences in receiving marketing and communications

Aggregated data

We collect aggregated data for statistical purposes, such as assessing the popularity of certain pages on our website and the number of people on our database. Aggregated data does not reveal your identity (either directly or indirectly) and is not considered to be personal data. To the extent that we use or combine any aggregated data so that you can be identified, we would treat the aggregated data as personal data in that situation and would therefore use it only in accordance with this Notice.

Special categories

The phrase “special categories of personal data” denotes particularly sensitive data to which more stringent processing conditions apply. It comprises data concerning your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sex life or sexual orientation, and genetic data and/or biometric data.

We do not ordinarily collect special categories of personal data, save where you volunteer information regarding your nationality.

We also do not collect information about criminal convictions or offences.

In all cases, we do not collect more data than we believe is necessary. 


We obtain personal data from the following sources:

directly from you, for example when you:

  • send us your details
  • commission our services
  • request information
  • attend an event that we hold
  • write to us
  • give us feedback

Please contact us if the personal data you’ve given to us changes: we always want to make sure we’re using accurate data.

from third parties and publicly available sources, for example:

  • if you are copied on an e-mail that is sent to us, and your e-mail address identifies you
  • Google Analytics
  • public sources, such as LinkedIn, on which you may have uploaded details
  • search-information providers
  • referees whom we approach in respect of any job application
  • official public sources such as Companies House.

Note: if you are ever providing another person’s details to us, please ensure you have that person’s explicit consent to do so.

  • from automated technologies such as cookies and tags when you use our website, although we do not participate in automated decision-making – for more information on automated technologies, please see our cookie policy



We will only use your personal data when the law allows us to, and we will not use it more extensively than we believe is required.

Most commonly, we will use your personal data in the following circumstances:

  • to perform a contract we are about to enter into, or have entered into, with you
  • if it is necessary for our legitimate interests (or those of a third party) and these are not overridden by your own rights and interests
  • where it is necessary to comply with a legal or regulatory obligation

Lawful bases

To process personal data, we must have a lawful basis. We always ensure that this is the case, and we set out below the lawful bases on which we most frequently rely. Note that more than one basis may apply at any given time: please contact us if you would like more information on this.

Our most frequently used legal bases are as follows:

  • It is necessary for our legitimate interests, being the legitimate interests pursued by us or by a third party, except where those interests are overridden by your interests or fundamental rights and freedoms.
  • Performance of a contract with you or taking steps (at your request) prior to the performance of a contract.
  • Compliance with a legal obligation to which we are subject

A table describing our use of personal data is set out below.




To register you as a new client or supplier

(a) Identity

(b) Contact

Performance of a contract with you



To process and deliver our services, or to receive your services, including:

(a) Identity

Performance of a contract with you

(a) providing our services to you, or receiving them from you

(b) Contact

Necessary for our legitimate interests (including to recover debts due to us)

(b) evaluating CVs and mandates

(c) Biographical


(c) managing billings

(d) Financial


(d) collecting money owed to us, and making payments

(e) Transactional


To manage our relationship with you, including:

(a) Identity

Performance of a contract with you

(a) notifying you about changes to our terms or this Notice

(b) Contact

Necessary to comply with a legal obligation

(b) communicating with you in the ordinary course of business

(c) Marketing

Necessary for our legitimate interests (to keep our records updated and to study how customers use our services)

(c) asking you to provide feedback or take a survey



To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)

(a) Identity

Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)


(b) Contact

Necessary to comply with a legal obligation


(c) Technical


To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you

(a) Identity

Necessary for our legitimate interests (to study how customers use our services, to develop them, to grow our business and to inform our marketing strategy)


(b) Contact



(c) Usage



(d) Marketing



(e) Technical


To use data analytics to improve our website, services, marketing, customer relationships and experiences

(a) Technical

Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)


(b) Usage


To make suggestions and recommendations to you about services that may be of interest to you

(a) Identity

Necessary for our legitimate interests (to develop our products/services and grow our business)


(b) Contact



(c) Technical



(d) Usage



(e) Marketing


To comply with taxation laws and other binding obligations

(a) Identity

Necessary to comply with a legal obligation


(b) Financial


To manage our business

(a) Identity

Necessary for our legitimate interests


(b) Contact



(c) Technical



(d) Financial



(e) Marketing



Consent for electronic marketing

We ensure that where the law requires us to gain consent before sending third-party direct marketing communications to you electronically, we always do so.

You have the right to opt out of receiving marketing at any time. This will not affect the lawfulness of processing that took place prior to your opt-out.

We will always be clear whenever we intend to process on the basis of consent, and we will process lawfully and only for the purpose for which consent was given.

Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we fairly consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to receive an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.


We may provide your personal data to the following recipients for the purposes set out in this Notice:

  • other businesses in our group, a list of which is available on request.
  • our service providers, including:
  • e-mail service providers
  • technical and support partners, such as the companies who host our website and who provide technical support and back-up services
  • suppliers with a need to receive your data
  • professional advisers, including lawyers, accountants and insurers in relation to the services they provide
  • any business or person with whom we may be involved in merger or acquisition discussions
  • HM Revenue & Customs
  • law-enforcement agencies, government or public agencies or officials, regulators, and any other person or entity that has the appropriate legal authority where we are legally required or permitted to do so, to respond to claims, or to protect our rights, interests, privacy, property or safety
  • any other parties, where we have your specific consent to do so

In all cases, we require third parties to use your data lawfully and only for specified purposes, and to observe strict standards of security.


You do not have to provide any personal data to us.

However, if we do not receive the personal data, or if you do not provide certain additional data along the way, it may not be possible for us to perform a contract with you or otherwise interact with you, but we will inform you of this at the time.


We will only retain your personal data for as long as is reasonably necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.


We may store your contact details, and carry out marketing profiling activities, for direct marketing purposes.

Where we are permitted to do so, we may contact you about our services that may be of interest to you.

You will be given the opportunity to opt out each time you are contacted, and you may also opt out at any other time. This will not affect the lawfulness of processing that took place prior to your opt-out option.

We never pass your details to third parties outside our group of companies so that they can market to you for their own purposes.


We may transfer your data within our group of companies, which may involve transferring your data out of (and back into) the UK. Some of our suppliers and relevant third-party contacts are also outside the UK, and so their processing of your personal data will involve a transfer outside the UK.

Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data.
  • Where we use certain service providers, we may use specific contracts approved by UK legislation which give personal data a suitable level of protection.

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data.


We have security measures in place designed to prevent data loss, to preserve data integrity, and to regulate access to the data. Only our authorised employees and third parties processing data on our behalf have access to your personal data.

All our employees who have access to your personal data are required to adhere to our privacy policy and we have in place contractual safeguards with our third-party data processors to ensure that your personal data is processed only as instructed by us.

We take all reasonable steps to keep your data safe and secure and to ensure the data is accessed only by those who have a legitimate interest to do so. Once we have received your personal data, we will use strict procedures and security features to try to prevent unauthorised access.

Please contact us using the details below if you would like more information about this.


We would like to draw your attention to the following rights that you have under data protection law:

  • right to be informed, in a clear and transparent manner, about the collection and use of your personal data – this Notice helps us to meet our obligations in that regard
  • right of access to your personal data, and the right to request a copy of the information that we hold about you and supplementary details about that information
  • right to have inaccurate personal data that we process about you rectified: we will always be happy to correct any inaccuracies, and indeed we welcome the opportunity of doing so
  • right of erasure (also known as the “right to be forgotten”): this is a right for you to request that we remove or destroy certain personal data about you where there is no compelling reason for its retention. Please note, however, that there are limitations on this right, and in some instances we may be entitled or required not to implement your request
  • right to object to certain processing, including that related to direct marketing
  • right to restrict processing: in these circumstances, we may still retain your personal data (on a list of those who have requested a restriction of processing) but will not continue to process it
  • right of portability of your data in certain circumstances.

Please note:

  • you will be asked to provide proof of your identity to ensure we are dealing with the correct person, and we may ask you to provide further details to assist us in the provision of such information
  • we do not ordinarily charge a fee to enable you to have access to your personal data or to exercise other rights. However, in some circumstances we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances

In all cases, we will reply within the time limits set by law.

Please contact us using the details in the section “Do you want to contact us?” below if you would like to know more about, or to exercise these rights.

These rights are subject to certain limitations that exist in law. Further information about your information rights is available on the ICO’s website:


Our website uses cookies. For more information on which cookies we use and how we use them, please see our cookie policy.


We may change this Notice from time to time. You should check this Notice on our website occasionally, in order to ensure you are aware of the most recent version.

What should you do if you have a complaint?

We hope that you will be satisfied with the way in which we approach and use your personal data.

Should you find it necessary, you have the right to raise a concern with our supervisory authority, the Information Commissioner’s Office:

However, we very much hope that if you have a complaint about the way in which we handle your personal data, you will contact us in the first instance using the contact details below, so that we have an opportunity to resolve it.


If you would like to contact us about this Notice or our use of personal data, including if you wish to receive further information, our details are as follows:          


10 Heath Drive, Sutton, Surrey SM2 5RP


For the attention of:

The Privacy Manager


Get in touch

United Kingdom

10 Heath Drive,
Sutton, Surrey, SM2 5RP


Level 2, 161 Collins Street,
Melbourne, VIC 3000

Copyright 2024 © Swann Group Holdings Ltd