Edge HarbourEdgeHarbourContact Us

Legal

Privacy Policy

How we collect, use, and protect your personal data.

Last updated: 24 March 2026

This policy applies to Edge Harbour Recruitment Company Ltd and covers all personal data we process in connection with our recruitment platform and waitlist. We are committed to handling your data lawfully, transparently, and securely.

1. Who We Are

Edge Harbour Recruitment Company Ltd (“Edge Harbour”, “we”, “us”, or “our”) is the data controller responsible for your personal data. We are a UK-based recruitment platform connecting employers with pre-vetted, compliance-ready professionals across Healthcare, Hospitality, Customer Service, and Technology.

You can contact us regarding data protection matters at: hello@edgeharbour.co.uk

2. What Personal Data We Collect

From waitlist registrants

  • Email address
  • User type (employer or candidate)
  • Date and time of registration

From employers (once the platform launches)

  • Contact name, job title, and business email
  • Company name, address, and Companies House number
  • Billing information (processed via our payment provider)
  • Hiring preferences and role requirements

From candidates (once the platform launches)

  • Full name, contact details, and address history
  • CV, work history, and qualifications
  • Right-to-Work documentation (e.g. passport, visa, share code)
  • DBS check results (where applicable and consent is given)
  • References and professional registrations (e.g. NMC, HCPC)

Automatically collected data

  • IP address and browser type (via server logs)
  • Pages visited and time on site (via analytics, where enabled)

3. How We Use Your Data

We use your personal data for the following purposes:

  • Waitlist management — to notify you when Edge Harbour launches and to communicate relevant updates
  • Platform operation — to match candidates with suitable roles and verify compliance documentation
  • Right-to-Work and compliance checks — to meet our legal obligations as a recruitment business under the Immigration, Asylum and Nationality Act 2006
  • Service communications — to send confirmations, updates, and support messages
  • Platform improvement — to analyse usage patterns and improve our services

4. Legal Basis for Processing (UK GDPR)

  • Consent — for waitlist sign-up and marketing communications (Article 6(1)(a))
  • Contract performance — to provide our recruitment services to employers and candidates (Article 6(1)(b))
  • Legal obligation — for Right-to-Work checks and DBS compliance (Article 6(1)(c))
  • Legitimate interests — to improve our platform, prevent fraud, and protect our services (Article 6(1)(f))

Where we process special category data (e.g. health information for healthcare candidates), we rely on explicit consent (Article 9(2)(a)) and substantial public interest in employment contexts (Article 9(2)(b)).

5. Who We Share Your Data With

We do not sell your personal data. We may share it with:

  • Supabase — our database provider, which stores waitlist and platform data on EU/UK servers
  • Vercel — our hosting provider
  • Employers — candidate profiles shared only with specific hiring employers, with candidate consent
  • DBS checking bodies — where a DBS check is required and authorised
  • Legal or regulatory authorities — where required by law (e.g. HMRC, Home Office)

All third-party processors are bound by data processing agreements and required to maintain adequate security standards.

6. Data Retention

  • Waitlist data — retained until 12 months after the platform launches, then deleted unless you have created an account
  • Candidate profiles — retained for the duration of your active use plus 2 years, or as required by law
  • Right-to-Work records — retained for 2 years after employment ends, as required by law
  • Financial records — retained for 6 years in accordance with HMRC requirements

7. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

  • Access — request a copy of the data we hold about you
  • Rectification — ask us to correct inaccurate data
  • Erasure — request deletion of your data where we have no legal basis to retain it
  • Restriction — ask us to limit how we process your data
  • Portability — receive your data in a structured, machine-readable format
  • Object — object to processing based on legitimate interests or for direct marketing
  • Withdraw consent — at any time where processing is based on consent, without affecting prior processing

To exercise any of these rights, email us at hello@edgeharbour.co.uk. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at any time.

8. Cookies

Our website currently uses only essential technical cookies required for the site to function (e.g. session management). We do not currently use analytics or advertising cookies. If this changes, we will update this policy and request your consent where required under the UK PECR.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. These include encrypted data transmission (TLS), access controls, and regular security reviews of our infrastructure. Our database provider (Supabase) is SOC 2 Type II certified.

10. International Transfers

Your data is stored and processed in the UK and European Economic Area (EEA). Where data is transferred outside the UK/EEA (e.g. via our hosting provider's global infrastructure), we ensure appropriate safeguards are in place under UK GDPR Chapter V.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify waitlist subscribers of material changes by email. The “Last updated” date at the top of this page reflects the most recent revision.

12. Contact Us

For any questions about this policy or how we handle your data, please contact:

Edge Harbour Recruitment Company Ltd
hello@edgeharbour.co.uk