Privacy Policy

General Statement

This Privacy Statement sets out how Smyth Recruitment (“we”, “our”, “us”, the “Company”) handle the personal data of our clients, potential clients and other third parties. Your right to privacy and our treatment of your Personal Data is very important to us. Any personal information, which you volunteer, will be treated with the highest standards of security and confidentiality, strictly in accordance with General Data Protection Regulation (“GDPR”).

  1. Definitions

Consent: agreement which must be freely given, specific, informed and be an unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear positive action, signifies agreement to the processing of personal data relating to them.

Controller: the person or Company that determines when, why and how to process personal data. It is responsible for establishing practices and policies in line with the GDPR. We are the Controller of all personal data relating to our Company personnel and personal data used in our business for our own commercial purposes.

Data Subject: a living, identified or identifiable individual about whom we hold personal data. Data subjects may be nationals or residents of any country and may have legal rights regarding their personal data.

Data Privacy Impact Assessment (DPIA): tools and assessments used to identify and reduce risks of a data processing activity. DPIA can be carried out as part of Privacy by Design and should be conducted for all major system or business change programs involving the processing of personal data.

Data Protection Officer (DPO): the person required to be appointed in specific circumstances under the GDPR. Where a mandatory DPO has not been appointed, this term means a data protection manager or other voluntary appointment of a DPO or refers to the Company data privacy team with responsibility for data protection compliance.

Explicit Consent: consent which requires a very clear and specific statement (that is, not just action).

General Data Protection Regulation (GDPR): the General Data Protection Regulation ((EU) 2016/679). Personal data is subject to the legal safeguards specified in the GDPR.

Personal Data: any information identifying a data subject or information relating to a data subject that we can identify (directly or indirectly) from that data alone or in combination with other identifiers we possess or can reasonably access. Personal data includes special categories of personal data and pseudonymised personal data but excludes anonymous data or data that has had the identity of an individual permanently removed. Personal data can be factual (for example, a name, email address, location or date of birth) or an opinion about that person’s actions or behaviour. Personal data specifically includes, but is not limited to, the application for your role, character references, your CV, terms and conditions of employment, payroll information, emergency contact details, records of annual leave/sickness absence, disciplinary/grievance processes and performance records and appraisals.

Personal Data Breach: any act or omission that compromises the security, confidentiality, integrity or availability of personal data or the physical, technical, administrative or organisational safeguards that we or our third-party service providers put in place to protect it. The loss, or unauthorised access, disclosure or acquisition, of personal data is a personal data breach.

Processing or Process: any activity that involves the use of personal data. It includes obtaining, recording or holding the data, or carrying out any operation or set of operations on the data including organising, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transmitting or transferring personal data to third parties.

Pseudonymisation or Pseudonymised: replacing information that directly or indirectly identifies an individual with one or more artificial identifiers or pseudonyms so that the person, to whom the data relates, cannot be identified without the use of additional information which is meant to be kept separately and secure.

Special Categories of Personal data: information revealing racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health conditions, sexual life, sexual orientation, biometric or genetic data.

Third Parties: are anyone apart from the data subject and data controller.

Transmission: refers to the all disclosure of personal data by the responsible entity to third parties.

  1. Personal Data Protection Principles

We adhere to the principles relating to processing of personal data set out in the GDPR, which require personal data to be:

(a)    Processed lawfully, fairly and in a transparent manner (Lawfulness, Fairness and Transparency).

(b)    Collected only for specified, explicit and legitimate purposes (Purpose Limitation).

(c)     Adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed (Data Minimisation).

(d)    Accurate and where necessary kept up to date (Accuracy).

(e)    Not kept in a form which permits identification of data subjects for longer than is necessary for the purposes for which the data is processed (Storage Limitation).

(f)     Processed in a manner that ensures its security using appropriate technical and organisational measures to protect against unauthorised or unlawful processing and against accidental loss, destruction or damage (Security, Integrity and Confidentiality).

(g)    Not transferred to another Country without appropriate safeguards being in place (Transfer Limitation).

(h)    Made available to data subjects and data subjects allowed to exercise certain rights in relation to their personal data (Data subject’s Rights and Requests).

We are responsible for and must be able to demonstrate compliance with the data protection principles listed above (Accountability).

  1. Scope of Privacy Statement

This Privacy Statement serves to:

  • Tell you what Personal Data Smyth Recruitment collects relating to you
  • Tell you how Smyth Recruitment uses, processes and discloses your Personal Data
  • Tell you how Smyth Recruitment protects your Personal Data against unauthorised or unlawful processing and against accidental loss, destruction or damage
  • Tell you your rights as a “Data Subject”
  • Tell you other important details that you may need to know
  1. Collection and Use of Personal Data

Smyth Recruitment will only collect, use or disclose Personal Data about an individual in accordance with the law. We process your data as it is necessary for the performance of a contract to which you are a party. The legal basis for why we process your data is our legitimate business interests. However, there may also be limited circumstances where our legal basis for processing is your consent, i.e. in relation to processing data outside our legitimate business interests and/or prior consent will be required to share your personal data with a prospective employer.


Personal Data collected/obtained by Smyth Recruitment may include categories set out in the section below. Smyth Recruitment collects your Personal Data through the following channels:

  • Job applications and enquiries (email, phone and online applications)
  • Phone conversations
  • Meetings
  • Reference and background checks


The Personal Data collected includes the following:

  • Name
  • Email address(es)
  • Phone number(s)
  • Areas of professional interest
  • Curriculum Vitae (CV) attachment
  • LinkedIn Profile where you have an online public profile (for example LinkedIn), we may process the information available in conjunction with the information you provide directly to us.
  • Referral information – for any data about individuals other than yourself that you enter onto our website directly or include in any message to us, you are responsible for its accuracy and relevance and must have the authority of the relevant individual to disclose it to us, for the purposes of us providing recruitment services.
  • Additional Information (options to add additional information).

As a follow up to the submission of Personal Data via online (website or email), phone call, meeting or referral, we collect additional Personal Data including, but not limited to the following, for the purposes of providing recruitment services:

  • Education and Qualifications
  • Remuneration Details
  • Notice Period
  • Details on Work Experience
  • Skill Sets
  • Interview notes of meetings with you in relation to your suitability for a specific role(s) and client requirements
  • Personal Public Service Number (PPS)
  • Limited Company Details
  • Photo Identification
  • Copy of Working Visa

Personal Data may also be collected from third party sources, for verification and vetting purposes.  Smyth Recruitment will require you to provide consent before obtaining information from third parties and will notify you if seeking additional information. Examples include:

  • Reference information (verbal and/or written)
  • Opinions of others on work performance (example: references, feedback from employers or work colleagues on performance in positions or from professional associations or registration bodies)

This information will be passed to a prospective employer, normally at the stage of an offer of employment.


  1. Personal Data Uses and Processes

Smyth Recruitment is a specialist professional recruitment consultancy placing candidates on a permanent and contract basis.

Your Personal Data will be collected, stored and processed by Smyth Recruitment to provide you with recruitment and/or related intermediary services, including:

  • Matching your details against job vacancies
  • Informing you of suitable job opportunities
  • Submission of your details to client companies, either in connection with a specific job or general employment with a client company (with your consent (verbal or written), as outlined in Paragraph 6 below)
  • Enabling you to apply for specific positions with client companies
  • Enabling you to revert to us on any job or market enquiries
  • Sending you company newsletters and job alerts notifications. Company newsletters include an opt-out facility
  • Marketing our recruitment services to you
  • Keeping you aware of any relevant industry or company events, announcements, developments, competitions and promotions
  • Communicating with you by phone, e-mail, social media, newsletter and other means for the purpose of providing recruitment services to you
  • Informing you of market trends, and areas of possible employment opportunities
  • For other purposes for which you have engaged with Smyth Recruitment
  1. Consent
  • Our legitimate business interests are the reason for processing your Personal Data, as set out in Paragraph 4 above, and only in limited circumstances will consent be required. You have the right to withdraw your consent to Smyth Recruitment processing your Personal Data at any time by notifying us in writing on for the attention of Louise Smyth. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
  • Consent may need to be refreshed if we intend to process personal data for a different purpose other than the reason for which it was originally obtained. We will inform the Data Subject of this and re-seek consent, in order to comply with this requirement.
  • Smyth Recruitment requires your Personal Data in order to provide the services outlined in Paragraph 5 above. Therefore, if you do not provide us with this information, we cannot provide you with our services and/or have you register with Smyth Recruitment.


  1. Disclosure of Personal Data

Smyth Recruitment will not send your Personal Data to Clients without your consent (verbal or written). With your consent we may disclose your Personal Data to third parties, if they have a proper interest in the disclosure, such as:

  • Potential employers or engagers, with the objective of finding a job for you, which may include position(s) which you may or may not have directly applied for.
  • Organisations acting on behalf of our clients, involved in supporting their HR functions (for example: outsourced HR firms and outsourced reference / background checking firms).

In certain circumstances, we may transfer your personal data to third parties, where your consent is not required, as it is in our legitimate interest to do so, for example:

  • Smyth Recruitment’s internal advisors (for example: professional advisors, IT consultants involved in system upgrades or issues, outsourced email and marketing companies (example: professional company newsletter companies – managing distribution lists for newsletters and mailshots).
  • Third party contractor – If Smyth Recruitment engages a third-party contractor to perform services which involves handling or processing your Personal Data, we will ensure that they process your Personal Data in accordance with Smyth Recruitments data protection policies.

If the business structure of Smyth Recruitment should change, for example in the event of a Sale, Merger or Joint Venture, your Personal Data may be disclosed to new or potential business owner(s) / business partner(s). In this event Smyth Recruitment will ensure that such third parties only process your Personal Data in accordance with GDPR.

  1. The Storage and Upkeep of Personal Data

Smyth Recruitment will make reasonable efforts to keep your data accurate, current and up to date.  Methods include phone calls, email, general communications staying in touch, and noting relevant changes you make to your LinkedIn Profile.  We would ask that you let us know of any major changes directly and we will update our records accordingly.

The Company will take all reasonable steps to ensure that appropriate security measures are in place to protect the confidentiality of both electronic and manual data. Security measures will be reviewed from time to time, having regard to the technology available, the cost and the risk of unauthorised access.

We keep your Personal Data in the context of the services of a professional recruitment consultancy. If we have had no two-way communication with you for a period of 7 years, we will erase your Personal Data, unless requested otherwise by you.  This is subject to the provision that we may, at our discretion erase your personal data at any time. As set out in Paragraph 13 below, you have the right to instruct us to erase your Personal Data at any time.

  1. Cookies and Use of Technical Information

Smyth Recruitment respects the privacy of all visitors to our website. This Cookie Policy outlines our policy concerning the use of cookies on We may update our Cookie Policy from time to time to reflect any changes in technology or legislation which may affect the way in which cookies are used by us and how you as a user, can manage them.

What are Cookies?

Cookies are small text files sent from a website and stored in the user’s web browser while the user is browsing the website. When users visit the same website again, the browser sends cookies back to the website allowing the website to recognise the user and remember things like personalised details or preferences. More information about cookies and details of how to manage or disable them can be found on

Which Cookies does Smyth Recruitment use?

When you use the, the following types of cookies can be set on your device:

Performance Cookies

These cookies are used to collect statistical information about visitors of the website and the pages they view. These cookies don’t collect information that identifies a visitor. All information these cookies collect is aggregated and used anonymously. We use these cookies to understand what content is popular which helps us to improve our website.  An example of a service that uses these types of cookies is Google Analytics.

For more information on how to manage cookies, including opt-out of performance cookies, please visit:

  1. Data Security

Password protected data is stored both locally on our secure server (in Ireland) and in the cloud. Our systems are protected by up-to-date security measures including firewall and top of the range antivirus software to protect your data from unauthorised or unlawful processing and against accidental loss, destruction or damage.


  1. Right of Access

You have the right to obtain from Smyth Recruitment access to your personal data that is being processed by Smyth Recruitment.  The Company will provide this data to the Data Subject within 30 days of the request. You can do this by email to Louise Smyth at  Data Protection Officer. This will be provided free of charge in accordance with GDPR. Where your access requests are manifestly unfounded or excessive, Smyth Recruitment reserves the right to charge a reasonable fee taking into account the administrative costs of providing the information.

Data Subjects are only entitled to access data about themselves and will not be provided with data relating to other individuals or third parties. It may be possible to block out data relating to a third party or conceal his or her identity, and if this is possible, the Company will do so.

Data that is classified as the opinion of another person will be provided unless it was given on the understanding that it will be treated confidentially. Furthermore, in some circumstances where relevant exemptions apply, certain personal data may not be provided to a Data Subject. The Data Subject will be informed where personal data is not being disclosed on the basis of any such exemption.

  1. Right to Rectification

You have the right to have Smyth Recruitment rectify any inaccurate Personal Data which Smyth Recruitment holds relating to you. In addition, if we have any incomplete information, you may request that we update the information such that it is complete.

  1. Right to Erasure

Should you wish for your Personal Data to be erased from Smyth Recruitment, you can email for the attention of Louise Smyth, providing your name, email and contact details asking for your information to be erased from our records. This is also referred to as the “right to be forgotten”.

Right to Restriction of Processing

You have the right to request that we no longer process your personal data for particular purposes, or to object to our processing of your personal data for particular purposes.

  1. Other Important Things to know
  2. Clicking Submit, Applying or Registering

By entering details and clicking “Submit”, “Apply”, “Register”, emailing or speaking to a company representative and providing the company with Personal Data, you are consenting to us processing your personal information set out in paragraph 3, in the manner and for the purposes outlined in paragraph 4 of this Privacy Statement.

  1. Opt-out of Marketing Activity and Email Newsletters

Should you decide that you would prefer not to receive information on related services and related market activity, please use the unsubscribe link on the particular email or newsletter, or you can email requesting exclusion from such notifications

  1. Links from our Website

Our website may contain links to other websites.  Smyth Recruitment has no control of websites outside If you provide information to a website to which we link, we are not responsible for its protection and privacy policy and cannot guarantee your protection.

If you are a member of a social media platform or website, and log in to such social media or platform, the interfaces may allow the social media platform or website to connect your visit to our website to your Personal Data. The social media plugins also may allow the social media website to share information about your activities on our website with other users of their social media platform. We have no control over the information that other websites or social media websites or plugins collect, store, or use.  Before you choose to access other websites from our website or “like” or “share” information from our website through any social media platform or website, please be certain that you review the privacy notice of that social media platform or website.

  1. Further Information

For the purposes of the new General Data Protection Regulation (“GDPR”) effective May 2018 and the related legislation and regulations implementing these into Irish law from time to time (together “Data Protection Law”), the Data Controller is Smyth Recruitment, Carlisle Business Centre, 51 Bracken Road, Sandyford, D18CV48

If you do not agree with this Privacy Statement you should not use this website and/or our services.

If you have any questions about this Privacy Statement please email or write to: Louise Smyth, GDPR Officer, Smyth Recruitment, Carlisle Business Centre, 51 Bracken Road, Sandyford, D18CV48

  1. Complaints

If you have complaint about the use of your Personal Data, please contact Louise Smyth at

Additionally you have the right to make a complaint to the Office of the Data Protection Commissioner.

  1. Changes to Privacy Statement

This Privacy Statement may be altered or updated by Smyth Recruitment at any time, in which case we will display any such alterations or update on the Smyth Recruitment website.

August 2018