Data Privacy

  1. Who are we?

We are Venatio Associates at 133 Houndsditch, London, EC3A 7AH, United Kingdom,, +44 7791 531143.

We provide executive search and recruitment services to permanent positions for clients looking to recruit personnel for their businesses. We also provide related services, including talent mapping and research, salary surveys, and people management consultancy.

  1. What does this Privacy Policy cover?

We at VA take the privacy of your personal data seriously. VA understands that the information you trust us with is important to you. We are committed to protecting and respecting your privacy.

This policy explains how, when and why we collect your personal information. Specifically, this policy:

  • Sets out the types of personal data that we collect about you; explains how and why we collect and use your personal data; explains how long we keep your personal data for; explains when, why and with whom we will share your personal data; sets out the legal basis we have for using your personal data; explains the effect of refusing to provide the personal data requested; explains the different rights and choices you have when it comes to your personal data; and explains how we may contact you and how you can contact us.
  1. What personal data do we collect about you?

Our business is to find skilled professionals who can be strong candidates for the positions that client organisations need to fill.

We therefore need to collect the information necessary to identify individuals either as a relevant professional candidate, or as a potential buyer of our services. Following this, for candidates, we then need to assess their eligibility for a specific opportunity through the different stages of recruitment.

We may also seek to engage with individuals for related purposes, for example, to draw their attention to material which might be of interest to them, or to invite them to relevant events, or to take part in market research and surveys, for example, salary surveys. At any time that we contact any individual for similar purposes, we will also include a simultaneous opportunity for that individual to opt out of receiving this or any further similar contact from us.

The information we collect for the above purposes may therefore include your contact details and your current employment information. For candidates, this may also include your CV, your identification documents, your educational and professional qualification records, your work history, and relevant references.

For candidates only we may also collect limited sensitive personal data about you that could be required by some potential employers, in the form of diversity data, and criminal record checks, or that could be relevant during the recruitment process, such as health status. Please note though that we will only collect sensitive personal data from you, and make use of this data, for example by passing it on to the potential employer, once we have asked for and you have given us your explicit consent for this.

  1. Where do we collect your personal data from?

The following are the different sources we may collect personal data about you from:

  1. From you directly. This is information you provide while searching for a new opportunity and/or during the different recruitment stages, for example by replying to a job advert, or by posting the information to a job board.
  2. From an agent/third party acting on your behalf. e.g. an Interim Management Company.
  3. Through publicly available sources, for example LinkedIn, or employers’ websites.
  4. By reference or word of mouth. For example, you may be recommended by a friend, a former employer, a former colleague or even a present employer.
  1. How long do we keep your personal data?

We follow good practice in aiming to keep personal data that we hold for the shortest relevant period, and also to make efforts to ensure that the personal data we hold is accurate and up to date.

We only retain your information for as long as is necessary for us to use your information as described in this Privacy Policy or to comply with our legal obligations, such as retaining the information for tax and accounting purposes. That means that we may need to retain some of your information after we cease to engage with you.

When determining the relevant retention periods, we will take into account factors including:

  • (a) our contractual obligations and rights in relation to the information involved; (b) legal obligation(s) under applicable law to retain data for a certain period of time; (c) statute of limitations under applicable law(s); (d) (potential) disputes; (e) if you have made a request to have your information deleted; and (f) guidelines issued by relevant data protection authorities.

Otherwise, we securely erase your information once this is no longer needed.

  1. Who do we share your personal data with?

We share your personal data with:

  • the client who has a position to fill, in order to determine with that client whether you are a good fit for the available position
  • recruitment service companies working on behalf of our clients as part of the client’s recruitment process.

We may also conduct checks on you to verify the information you have provided, and where we do this we may necessarily share your information with contacts referred to in the information you have provided to us. We do not outsource the verification process to third  parties.

  1. What legal basis do we have for using your information?

For prospective candidates for permanent roles, for referees and for clients, our legal basis for collecting and using your personal data (this is also referred to as processing your information) is in the first place our legitimate interest, in that we need the information in order to be able to assess suitability for potential roles, to find potential candidates and to contact clients and referees.

For clients, we may also rely on our processing being necessary to perform a contract for you, for example in contacting you.

If you are shortlisted as a candidate, then this may involve the processing of more detailed personal data including sensitive data such as ethnicity that you or others provide about you. In that case, we always ask for your specific consent before undertaking such processing.

We only sell and promote our services to clients and their employees. We consider any marketing we undertake to be on a Business to Business (B2B) basis, and for this we do not require consent. Whenever we send out marketing communications to individuals, we will always include a link by which individuals can ask NOT to be included in similar communications in future.

  1. What happens if you do not provide us with the information we request or ask that we stop processing your information?

If you do not provide the personal data necessary, or ask us to stop processing your personal data, we may not then be able to match you with available job opportunities, or make our services available to you as a client.

  1. Do we make automated decisions concerning you?

No, we do not carry out automated profiling.

  1. Do we use Cookies to collect personal data on you?

To provide better services to you on our website, we use cookies to collect your personal data when you browse.

  1. Do we transfer your data outside the European Economic Area (EEA)?


  1. What rights do you have in relation to the data we hold for you?

By law, you have a number of rights when it comes to your personal data. Further information and advice about your rights can be obtained from the data protection regulator.

The rights below are based on current United Kingdom legislation and regulations.


  1. The right to be informed

You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we’re providing you with the information in this Privacy Policy.

  1. The right of access

You have the right to obtain access to your information if we’re processing it, and certain other information (similar to that provided in this Privacy Policy). This is known as a Data Subject Access Request (DSAR). This right is so that you’re aware and can check that we’re using your information in accordance with data protection law. To make a DSAR, you will need to send an email to

  1. The right to rectification

You are entitled to have your information corrected if it’s inaccurate or incomplete.

  1. The right to erasure

This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there’s no compelling reason for us to keep using it. This is not a general right to erasure; there are exceptions.

  1. The right to restrict processing

This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there’s no compelling reason for us to keep using it. This is not a general right to erasure; there are exceptions.

  1. The right to data portability

Under the GDPR, because at VA we do not carry out any automated processing, this right to data portability does not apply.  

  1. The right to object to processing

You have the right to object to certain types of processing, i.e. if you no longer want to be contacted with potential opportunities

  1. The right to lodge a complaint

You have the right to lodge a complaint about the way we handle or process your personal data with your national data protection regulator.

  1. The right to withdraw consent

If you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal data with your consent up to that point is unlawful). This includes your right to withdraw consent to us using your personal data for marketing purposes, where we have marketed to you as an individual, rather than as an employee of a business.

We usually act on requests and provide information free of charge, but may charge a reasonable fee to cover our administrative costs of providing the information for:

  • baseless or excessive/repeated requests, or further copies of the same information Alternatively, we may be entitled to refuse to act on the request.

Please consider your request responsibly before submitting it. We’ll respond as soon as we can. Generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we’ll come back to you and let you know. For Data Subject Access Requests we will require you to verify your identity, for Data Protection purposes, before we respond to your request.

  1. How will we contact you?

We may contact you by phone, email or social media. If you prefer one particular contact means over another please let us know.

  1. How can you contact us?

If you are unhappy with how we’ve handled your information, or have further questions on the processing of your personal data, please contact our Data Protection Officer Anna-Marie Allen –