Privacy Policy

Decisions for Growth (“DFG”) is committed to protecting your privacy both on and offline, as well as maintaining the security of any personal information received from you. We fully accept our responsibilities in maintaining client and candidate confidentiality and aim to provide a safe and secure user experience. We will never disclose any personal information to a third party without your permission and will only use that information with your permission as outlined in this policy.

This Privacy Policy applies to the personal data of our Candidates, Clients, Website Users, Suppliers and other people with whom we may be in contact. For the purpose of the applicable data protection legislation (including but not limited to the General Data Protection Regulation) if you should have any queries, please contact our Data Protection Officer, Gweneth Rushton, by either of the following :

Email :

Phone : 07719 105983

Address : Decisions For Growth, c/o Gordon Haxton Accountants, Central House, 142 High Street, Hampton Hill, TW12 1NS


What personal data do we collect?

Candidate data

You have the option of submitting your CV by email either for a specific vacancy or general registration. In either case your details will be stored on our database and can only be accessed by employees of the Company. In order to ensure we deliver the most effective service to you, and to provide you with the best possible employment opportunities, we need to ask for details (for example name, contact details, education details, employment history, as well as any other relevant information that you may choose to share with us) that will genuinely help us to match your details with HR search assignments that we are working on. Such information is accepted on the following basis:

You undertake to guarantee that the information you provide is complete, true and accurate in all respects. If your circumstances change significantly, it is your responsibility to update us. Any information you provide will be added to our confidential database and used for assessing your suitability for current and future recruitment assignments. We will use the contact details provided (such as telephone numbers, email and address) unless specifically requested otherwise by you. Your details will not be passed on to a third party without your prior consent. Personal information is totally confidential. In some situations we may be requested to carry out reference checks or to request details of a referee. We would of course contact you to ask your permission before contacting any referees.

For a more detailed description of the personal data that we may collect about you, please see Appendix 1.

Client data

If you are a Client of DFG, we may need to collect and use information about you or individuals in your organisation in order to find candidates who are the right fit for you and your organisation. We generally only need your contact details and details of individual contacts in your organisation (for example, names, telephone numbers, email addresses), to enable us to ensure that our relationship runs smoothly. We also may hold information that someone in the organisation has chosen to share with us. If we need any additional personal data (eg, job title) for any reason, we will let you know.

Supplier data

To ensure that our processes run smoothly, we only require a small amount of data from our Suppliers, such as the contact details of relevant individuals within your organisation so that we can communicate with you. We may also need additional information such as bank details so that we can pay you for the provided services (if this is part of the contractual agreement between us). We may also hold information that a person within your organisation has chosen to disclose to us.


How do we collect personal data?

Candidate data

The two ways in which we collect your personal data are:

1 - Directly from you:

  • By you emailing your CV to DFG or a DFG employee, or being interviewed by one of our Consultants by telephone or in person, or
  • Applying for a job via the Decisions For Growth website or via third party sources (ie, online job boards).

2 - From third parties:

  • Your referees may disclose personal information from you (see below)
  • Clients may share personal information
  • Personal information may be obtained from such sources such as LinkedIn and job boards through which you apply for jobs
  • Social Media (Twitter, Facebook, LinkedIn, etc), or
  • If you were referred to DFG by an external source.
Client data

In order to make sure that we achieve our goal of supplying the best candidates to your organisation, we collect personal data from you in the following ways:

1 - Directly from you:

  • When you contact DFG proactively, usually via telephone or email, or
  • When a DFG employee contacts you either via phone, email or in person.

2 - From third parties (for example our candidates or online/offline media):

  • From third party market research and individuals or companies in DFG’s network
  • Delegate lists at relevant events, or
  • Search engines, social media or online networking sites such as LinkedIn.


Supplier data

We may collect personal data during the course of working with you.

People whose data we receive from Candidates or Clients, such as referees

We only collect personal data when a candidate provides it in order for you to serve as a referee.


How do we use your personal data?

Candidate data

DFG’s main reason for collecting your personal data is to help you find your next role. The more information we have about you, such as your skillset, the better we can make our service. In certain circumstances, we may use your data to ensure that we continue to be up to date with your situation, for talent mapping exercises, for example.

Please see below a list of ways in which we may process your personal data in order to find you a suitable role. Please note this list is not exhaustive.

Recruitment Activities
  • Collecting data from you and other sources, for example LinkedIn
  • Storing (and updating where necessary) your details on our database so that we can contact you in relation to recruitment
  • Assessing data about you against vacancies that may be suitable for you and your skillset
  • Sending your information to Clients to assess your suitability for jobs (please note, we will not send your personal information without your consent)
  • Processing your data to enable DFG to send communications which we think may be of interest to you.

We may also use your personal data for the following purposes if we deem it necessary to do so. If you do not agree with this, you do have the right to object.

  • Marketing activities from DFG
  • Equal opportunities monitoring and other sensitive personal data, if requested in aggregate form by a particular client
  • To help us establish, exercise or defend legal claims
Client data

DFG’s main reason for using information regarding our clients is to ensure we maintain our contractual arrangement and to ensure our relationship runs smoothly and efficiently. The more information we have, the better our ability to identify candidates we think will be right for your organisation. Client data may also be used for marketing activities and business development.

Supplier data

The main reason for using your personal data is to ensure our contractual arrangements run smoothly and to comply with legal requirements.

People whose data we receive from Candidates or Clients, such as referees

We use referee’s personal data to help our candidates find employment by verifying their details skills and qualifications and make sure they are matched with the prospective employers. 


Who do we share your personal data with?

Candidate data

We may share your information with various parties in various ways. Primarily, we will share your information with prospective employers to increase your chances of securing the role that you want. DFG will never disclose personal information without your permission and will only use your personal data as notified in this Privacy Policy. For a more detailed outline of parties with who we may share your data, please see Appendix 2.

Client data

DFG will only share your data to ensure that we are able to provide you with a suitable shortlist of candidates. For a more detailed outline of parties with whom we may share your data, please see Appendix 2.

Supplier data

Unless you specify otherwise, we may share your information, where relevant, with associated third parties such as our service providers and organisations to whom we provide services.


How do we safeguard and store your personal data?

DFG is committed to protecting your privacy. Once we have your personal information (as detailed above) it is stored on our secure database which can only be securely accessed by DFG employees.

All of our internal systems are password and firewall protected and can only be accessed by DFG employees or a service provider hired by DFG.

We protect your data by ensuring that we have appropriate organisational and technical measures and security in place. These include procedures to deal with any suspected data breaches.

If you suspect loss, misuse or unauthorised access to your personal data, please inform us immediately by contacting our Data Protection Officer, Gweneth Rushton at:


Phone: 07719 105983


How long do we keep your personal data for?

If we have not had meaningful contact with you or, where appropriate, the Company you are working for/with, for a period of three years, we will delete your personal data from our systems, unless we believe in good faith that the law (or other regulation) requires us to preserve it (for example, tax litigation). After this period, it is likely your data will no longer be relevant for the purposes for which it was collected.

When we refer to “meaningful contact” we mean for example, communication between you and DFG (either verbal or written, including SMS text messaging) or where you are actively engaging with our service. If you are a candidate, we will consider there to be meaningful contact with you if you submit your updated CV either directly to a DFG employee or through a third party website (such as a job board or LinkedIn). We will also consider it meaningful contact if you communicate with DFG, our employees or third parties regarding any potential roles, either via verbal or written confirmation.


How can you access, amend or take back the personal data you have given us?

One of the GDPR’s main objectives is to protect and clarify the rights of EU citizens an individuals within the EU with regards to data privacy. Even if we already hold your personal data, you still have various rights in relation to it. We will seek to deal with your request without undue delay within one month (subject to any extensions to which we are lawfully entitled), and in accordance with the requirements of the applicable laws. Please note, we may keep a record of your communications to help us resolve any issues which you raise.

To get in touch regarding any of the following rights, please contact our Data Protection Officer, Gweneth Rushton at:


Phone: 07719 105983


Right to object

If we are using your data because we deem it necessary for your legitimate interests to do so and you do not agree, you have the right to object. We will respond to your request within 30 days, although we may be allowed to extend this period in certain cases. Generally we will only disagree with you if certain limited conditions apply. This right enables you to object to DFG processing your personal data where we do so for one of the following reasons:

  • Our legitimate interests, or
  • For research or statistical purposes.

If your objection relates to DFG processing your personal data because we deem it necessary for your legitimate interests, we must act on your objection by ceasing the activity in question unless:

  • We can show that we have compelling legitimate grounds for processing which overrides your interests, or
  • We are processing your data for the establishment, exercise or defence of a legal claim.

Right to withdraw consent

Where we have obtained your consent to process your personal data for a certain activity (for example, for profiling your suitability for certain roles), or consent to let us contact you intermittently to ensure your details are up to date, you may withdraw your consent at any time. In this case, please contact any of our consultants or our Data Protection Officer.


Data Subject Access Requests (DSAR)

You have the right to ask us to confirm what information we hold about you at any time. You may ask us to modify, update or delete such information. At this point, we may comply with your request or additionally do one of the following:

  • We may ask you to verify your identity and ask for more information about the request, or
  • Where we are legally permitted to do so, we may decline your request, but we will explain why if we do so.

Right to erasure

In certain situations you have the right to request that DFG erases your personal data. We will respond to your request within 30 days (although we may be allowed to extend this period in certain cases), and will only disagree with you if curtained limited conditions apply. If we do agree to your request, we will delete your data but generally assume that you would prefer DFG to keep a note of your name on our register of individuals who prefer not to be contacted. This will ensure that we minimise the chances of your being contacted in the future when your data is collected in unconnected circumstances. If you would prefer for DFG not to do this, please let us know.

In order for your right to request that DFG erases your data, the information must meet one on the following criteria:

  • The data is no longer necessary for the purpose for which DFG originally collected and/or processed the data
  • Where consent was previously given, you have withdrawn your consent to the processing of your data and there is no other valid reason to continue processing
  • The data has been processed unlawfully (ie, in a manner which does not comply with the GDPR)
  • It is necessary for the data to be erased in order for DFG to comply with our legal obligations as a data controller, or
  • If we process the data because we believe it is necessary to do so for our legitimate interests, you object to the processing and we are unable to demonstrate overriding legitimate grounds for continued processing.

We would only be entitled to refuse to comply with your request for erasure for one of the following reasons:

  • To exercise the right to freedom of expression and information
  • To comply with legal obligations or for the performance of a public interest task or exercise of official authority
  • For public health reasons in the public interests
  • For archival, research or statistical purposes, or
  • To exercise or defend a legal claim.

When complying with a valid request for the erasure of data, we will take all reasonably practicable steps to delete the relevant data.


Who is responsible for processing your personal data?

Decisions For Growth and the employees of DFG control the processing of personal data throughout the company.

Our legal bases for processing your data

Article 6(1)(f) of the GDPR states that we can process your data where it “is necessary for the purposes of legitimate interests pursued by [us] or by a third party, except where such interests are overridden by the interests or fundamental rights of freedoms of [you] which require protection of personal data.”



In certain circumstances, we are required to obtain your consent to the processing of your personal data in relation to certain activities. Depending on exactly what we are doing with your information, this consent will be opt-in consent or soft opt-in consent.

Article 4(11) of the GDPR states that (opt-in) consent is “any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.” This means that:

  • You have to give us your consent freely, without us putting you under any type of pressure
  • You have to know what you are consenting to, so we’ll make sure that we give you enough information
  • You should have control over which processing activities you consent to, and which you don’t
  • You need to take positive and affirmative action in giving us your consent. We will keep records of the consents that you have given in this way.

We have already mentioned that, in some cases, we will be able to rely on soft opt-in consent. We are allowed to communication with you regarding HR recruitment as long as you do not actively opt-out from these communications.


What are cookies and how do we use them?

A cookie is a small data file which is stored on your computer’s hard drive. They are used by nearly all websites and do not harm your system. With your consent, cookies are used to remember your login when you visit our website. We also use cookies to ensure you get the smoothest possible experience when using our website, and we can use the information from cookies to ensure we present you with the best options tailored to your preferences on your next visit.

If you want to check or change your cookie preferences, please refer to your internet browser instructions or the help screen.



Our website may contain links to other sites. Please note that DFG is not responsible for the privacy policies of any other sites. It is your responsibility to check the privacy policies of such sites.


Changes to our Privacy Policy

DFG reserves the right to update and change our Privacy Policy at any time and without notice. Any changes will be set out on our website. If you have any comments or queries regarding any changes you should contact our Data Protection Officer, Gweneth Rushton.



Whilst DFG uses reasonable care in compiling and presenting the information found on this website, it is provided for purely information purposes and you should seek further guidance and make independent enquiries before relying on it. The information supplied on this website has been compiled from a variety of sources and is subject to change without notice. DFG makes no representation or warranty whatsoever regarding the completeness, accuracy, currency, adequacy, suitability or operation of this website, or of the information it contains, nor makes any such warranty in respect of any information carried on any website operated by a third party which may be accessed from this website, nor that the information on this or any third party website has in any way been verified by DFG. All information on this website is provided on an “as is” basis. DFG assumes no responsibility for information contained in this website and disclaims all liability arising from negligence or otherwise in respect of such information. DFG makes no representations in respect of the existence or availability of any appointment advertised on this website. DFG does not guarantee that any employer or client will ask for a candidate’s information, or to interview or hire a candidate, or that any candidates will be available or will meet the needs of any employer or client. DFG cannot guarantee that any employer or client will keep confidential any candidate information or data provided to the employer or client. DFG makes no representation or warranty as to the final terms and duration of any appointment obtained through this website. By using this website you assume the risk that the information on this website may be incomplete, inaccurate, out of date or may not meet your requirements. This website was created in England. Any interpretation of its contents, claims or disputes (of whatever nature and not limited to contractual issues) shall be subject to the exclusive jurisdiction of the English Courts under English law.


Appendix 1

What personal data do we collect?


Candidate Data

Please see a detailed list below of information we may collect from you in order to find you the best employment opportunities:

  • Contact details
  • Employment history
  • Education details
  • Gender
  • Marital status
  • Nationality
  • Immigration status
  • Photograph
  • A copy of your passport / ID card / driving licence
  • Diversity information (including racial or ethnic origin, religious or other similar beliefs as well as physical or mental health, including disability related information)
  • Details of any criminal convictions, if such declaration is permitted
  • Details about your current remuneration, pensions and benefits arrangements
  • Information of your interests and needs with regard to your next role
  • Extra information that you choose to tell us, such as date of birth
  • Extra information that we find from a Client or third party sources, such as the job boards
  • Reference / referee checks

Please note that the above list of categories of personal data that we collect is not exhaustive.

Appendix 2

Who do we share your personal data with?

Where appropriate and in accordance with local laws and requirements, we may share your personal data in the following ways:

  • In the case of candidates, we may share your information with prospective employers to give you the best opportunity of securing a new role. This will not be shared without your permission.
  • Third party outsourced IT and document storage providers where we have an appropriate processing agreement (or similar protection) in place.
  • If at any stage in the future DFG is acquired or merged with another business or company, we may share information that relates to you with the new owners or Partners of the business without your consent. You will be sent notice of this event.