Privacy Policy

 

Effective Date: 1 August 2025

This privacy policy sets out how Hume Executive Search Ltd (“we”, “us”) uses and protects any personal information that you provide to us in connection with our executive search, interim management, and leadership advisory services.

 We are committed to processing personal data in accordance with the UK Data Protection Act 2018 and the General Data Protection Regulation (EU) 2016/679 (GDPR). We are registered with the IPO for data protection (No. ZB966639), ensuring we manage your personal information securely and in line with legal requirements.

This policy may be updated from time to time. The most current version will always be available on this page.

Who this policy applies to

This policy applies to individuals whose data we may collect during our work. This includes clients, candidates, sources, and referees.

 A client is any entity or individual that engages Hume Executive Search to deliver services. A candidate is an individual who is a potential or confirmed candidate for a current or future leadership opportunity. A source is someone who provides us with information about a candidate. A referee is someone who provides a reference.

What we collect

We collect personal data directly from individuals (e.g., CVs, emails, interviews), from public sources (e.g., LinkedIn), and from third parties such as clients, sources, or referees.

 Candidate data includes: name, contact details, employment and education history, professional qualifications, languages, skills and interests, compensation, benefits, and notes from interactions. We may also collect sensitive personal data such as ethnic origin, health, or gender identity—but only with explicit consent.

 Client data includes: names, titles, and contact details of employees, along with records of communications and contractual arrangements.

 Referee and source data includes: name, contact details, job title, employment history, and relationship to a candidate.

What we do with the information we gather

We use personal data for the following purposes:

  • To provide our executive search and advisory services
  • To assess candidate suitability for roles
  • To communicate with candidates, clients, sources, and referees
  • To verify candidate information through references or assessments
  • To comply with legal or regulatory obligations
  • To conduct internal research and improve our services
  • To send marketing communications, where consent is provided

We may share limited personal data with a small number of trusted third-party partners who support our services—for example, providers of psychometric or psychological assessments, or qualified executive coaches involved in a search or leadership development process. These partners are bound by strict confidentiality agreements and process data in accordance with applicable data protection laws. In cases where special category data is involved (such as psychological profiles), we will always request your explicit consent before proceeding.

 We will not use data for any purpose other than those outlined above. We do not sell personal data. We are not responsible for how clients process candidate data once it has been shared with them.

Legal basis for processing

Our lawful bases for processing personal data include: consent, the performance of a contract, compliance with legal obligations, and our legitimate interests in delivering high-quality recruitment and leadership services.

Where we store your data and how we protect it

Your data is stored in GDPR-compliant systems including:
 – Microsoft Office 365 services (e.g. OneDrive, Outlook)
 – Secure encrypted databases and cloud-based storage

 We use appropriate technical and organisational safeguards, including encryption, limited access control, security audits, scenario planning, penetration testing, and strict internal policies.

Transfers of Personal Data Outside Your Country

During the course of delivering our services, your personal data may be accessed or processed in countries outside your country of residence, including jurisdictions that may not have the same level of data protection as the UK or the European Union.

When we transfer personal data internationally, we take appropriate steps to ensure it is handled securely and in line with the standards we apply in the UK. These safeguards may include the use of approved contractual clauses or data processing agreements with our partners and service providers.

By providing your personal information to Hume Executive Search, you acknowledge that it may be transferred, stored, or processed outside your home country. If you would like further details about how we protect personal data across borders, please contact us at kate@humeexec.com

How long we store your data

We retain data only for as long as necessary for the purpose it was collected or as required by law. We regularly review our data and securely delete or anonymise information when it is no longer needed. Internal records are typically purged after six years.

Your data protection rights

Under data protection law, you have the right to access, correct, delete, or restrict the use of your personal data. You may also object to its processing, request a copy in a portable format, or withdraw consent where applicable.
 To exercise any of these rights, or if you have any questions, please contact: kate@humeexec.com

Data breach notification

In the event of a data breach, we will take immediate steps to contain the breach and notify relevant authorities and affected individuals within 72 hours if required.