top of page
HandGrith-logo
Book a Demo

Privacy Policy

Effective Date: 6 May 2026

Last Updated: 6 May 2026

​

​

HandGrith ("HandGrith", "we", "our", "us") is committed to protecting personal data and upholding the highest standards of privacy, security, and transparency.

​

We provide structured candidate rejection communication and feedback services designed to support employers in delivering clear, professional, and respectful recruitment outcomes.

​

This Privacy Policy explains how we collect, use, process, and safeguard personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and applicable data protection laws.

1. Who We Are

Business Name: HandGrith

Contact Email: info@handgrith.com

Operational Email: feedback@handgrith.com

Registered Address: Available upon request

​

HandGrith is registered with the Information Commissioner's Office (ICO).

​

Data Protection Roles

​

  • HandGrith acts primarily as a Data Processor, processing personal data on behalf of clients 

  • Employer clients act as Data Controllers

  • In limited cases (e.g direct enquiries), HandGrith acts as a Data Controller

​

​

​

2. What Data We Process

We process personal data strictly necessary to deliver our services.

​

Candidate Data (processed on behalf of clients)

​

  • full name

  • email address

  • application status and recruitment stage

  • interview outcomes

  • rejection status

  • structured employer feedback

  • candidate response records

  • one follow-up communication (where applicable)

​

Client / Employer Data

​

  • company name

  • contact names and roles

  • business email addresses

  • recruitment team details

  • billing and invoicing information

  • service instructions and preferences

​

Website & Direct Enquiries

​

  • name

  • email address

  • company infomation

  • enquiry content

​

3. How We Use Your Data

We process personal data for clearly defined and legitimate purposes:

​

Service Delivery

​

  • delivering candidate rejection communications

  • coordinating structured feedback

  • managing a single follow-up response where applicable

  • supporting employer communication standards

  • providing service-related reporting

​

Contractual Performance

​

  • fulfilling agreements with employer clients​

  • delivering agreed service outputs

​

Business Operations

​

  • invoicing and financial administration

  • service improvement and quality assurance

  • fraud prevention and internal controls

  • dispute management

​

Legal and Regulatory Compliance

​

  • compliance with UK GDPR and applicable laws

  • tax and accounting obligations

4. Legal Basis for Processing

As a Data Processor

​

HandGrith processes personal data solely on documented instructions from the Data Controller 

(our client).

​

As a Data Controller

​

Where applicable, we rely on:

​

  • legitimate interests (e.g responding to business enquiries)

  • contractual necessity 

  • legal obligations

  • consent, where required

​

​

5. Who We Share Data With

We do not sell or monetise personal data.

​

We only share data where necessary with:

​

  • employer clients (Data Controllers)

  • secure communication and email service providers

  • invoicing and accounting providers

  • professional advisers (legal, financial)

  • regulatory authorities where required by law

​

All third parties are required to process data securely and in compliance with appliance laws.

​

​

​

​

6. Data Retention

We apply strict data minimisation and retention practices.

​

  • Candidate data: retailed for a maximum of 90 days, unless otherwise instructed by the Data Controller or required by law

  • Client and financial records: retained as required for legal and accounting purposes

​

Data is securely deleted or anonymised after the applicable retention period.

7. Data Security

HandGrith implements appropriate technical and organisational safeguards, including:

​

  • controlled access permissions

  • secure authentication practices

  • restricted data handling procedures

  • confidentiality obligations

  • secure systems and encryption where appropriate

​

We continuously review and improve our security measures.

8. International Data Transfers

HandGrith primarily processes data within the United Kingdom.

​

Where international transfers are necessary, we implement appropriate safeguards in accordance with UK GDPR requirements.

9. Individual Rights

Individuals have rights under data protection law, including:

​

  • right of access

  • right of rectification

  • right to erasure

  • right to restrict processing 

  • right to object

  • right to data portability

  • right to withdraw consent (where applicable)

​

When HandGrith acts as a Data Processor, requests should typically be directed to the relevant emplyer (Data Controller).

​

Requests can be submitted to: info@handgrith.com

10. Personal Data Breaches

In the event of a personal data breach, HandGrith will:

​

  • investigate without undue delay

  • notify affected clients promptly

  • cooperate fully with Data Controllers

  • comply with legal reporting obligations

11. ICO Registration

HandGrith is registered with the Information Commissioner's Office (ICO) in accordance with UK

data protection law.

​

Details of our registration are available upon request.

We may update this Privacy Policy periodically to reflect legal, technical, or operational changes.

​

The latest version will always be available, and the "Last Updated" date will be revised accordingly.

12. Changes to This Policy

13. Contact

For any privacy-related enquiries:

​

HandGrith

Email: info@handgrith.com

Operational: feedback@handgrith.com

This Privacy Policy forms part of HandGrith's broader compliance and data protection framework, reflecting our commitment to secure, transparent, and professional handling of candidate and client data.

bottom of page