Privacy Policy

Last updated: January 2026. This policy is provided as a working draft and should be reviewed by your data protection adviser before publication.

Who we are

Warner Knight Associates (“we”, “us”, “our”) is a recruitment agency based at South House 3A, Bond Avenue, Milton Keynes, MK1 1SW. For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, we are the data controller responsible for the personal data we hold about candidates, clients and website visitors.

If you have any questions about this policy or how we handle your data, please contact us at chris.alfred@warnerknight.com or on 01908 464126.

The personal data we collect

Depending on your relationship with us, we may collect and process the following categories of personal data:

• Identity & contact details — name, email address, telephone number, postal address and, for candidates, date of birth where relevant to right-to-work checks.
• Candidate information — CV and employment history, qualifications, references, salary expectations, availability, right-to-work documentation and notes from interviews or conversations.
• Client information — the name, role and contact details of individuals at client organisations, and information about your hiring requirements.
• Special category data — only where necessary and with an appropriate lawful basis (for example, health information relevant to a healthcare role, or information needed to make reasonable adjustments).
• Technical & usage data — IP address, browser type, pages visited and similar information collected via cookies when you use our website. See our Cookie Policy.

How we collect your data

We collect personal data when you: submit an enquiry or register through our website; send us your CV; speak with one of our consultants; are referred to us by a third party; or are identified through professional networks and publicly available sources such as LinkedIn. We also collect data automatically through cookies when you browse our site.

Our lawful bases for processing

We rely on the following lawful bases under the UK GDPR:

• Legitimate interests — to provide recruitment services, match candidates to roles, and operate our business, balanced against your rights and freedoms.
• Consent — where you have given clear consent, for example to receive marketing communications or for non-essential cookies. You can withdraw consent at any time.
• Contract — to take steps at your request before entering into a contract, and to perform a contract with you or your organisation.
• Legal obligation — to comply with our legal and regulatory duties, including right-to-work and record-keeping requirements.

How we use your data

We use personal data to: assess your suitability for roles and introduce you to clients (or candidates to you); arrange interviews and manage the recruitment process; carry out identity, reference and right-to-work checks; provide market and salary information; maintain our business records; and, where you have agreed, send relevant opportunities and updates.

Sharing & disclosure

We share personal data only where necessary and appropriate, including with: prospective employers (for candidates) or prospective candidates (for clients), always with appropriate care; referees you have nominated; our trusted service providers (such as IT, email and payroll providers) who act on our instructions under contract; and regulators, law enforcement or other authorities where we are legally required to do so. We never sell your personal data.

International transfers

Where we recruit for international roles, we may transfer your personal data outside the UK — for example, to a prospective employer abroad. Where we do, we ensure an appropriate safeguard is in place, such as an adequacy decision or the International Data Transfer Agreement, and we will tell you before any such transfer takes place where practicable.

How long we keep your data

We keep personal data only for as long as necessary for the purposes described in this policy. For candidates, we typically retain records for up to two years from our last meaningful contact, after which we will review, anonymise or securely delete the data, unless a longer period is required by law or you ask us to keep your details on file. Client records are kept for the duration of our relationship and for a reasonable period afterwards for legal and accounting purposes.

Your rights

Under the UK GDPR you have the right to:

• be informed about how your data is used;
• access the personal data we hold about you;
• request correction of inaccurate or incomplete data;
• request erasure of your data in certain circumstances;
• restrict or object to our processing of your data;
• data portability, where applicable;
• withdraw consent at any time, where we rely on consent.

To exercise any of these rights, contact us using the details below. We will respond within one month. There is normally no charge, although we may charge a reasonable fee or decline a request that is manifestly unfounded or excessive.

How we keep your data secure

We take the security of your data seriously and apply appropriate technical and organisational measures to protect it against unauthorised access, loss or misuse. These include access controls, secure systems and staff training. While no transmission over the internet can be guaranteed completely secure, we work hard to safeguard your information.

Changes to this policy

We may update this policy from time to time to reflect changes in our practices or the law. The latest version will always be published on this page with the date it was last updated.

Contact & complaints

If you have a question or concern about how we handle your data, please contact us first at chris.alfred@warnerknight.com and we will do our best to resolve it. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority, at ico.org.uk or by calling 0303 123 1113.