Skip to content
ISO 9001 Certified·
Cyber Essentials Certified·
REC Corporate Member·
Public Sector Framework Supplier·
UK Wide
LEGAL

Privacy Policy

invitise Ltd (including Right Matters) · Version 2.6 · Last updated 7 July 2026

What We Do

invitise Ltd provides contract, SOW, permanent, temporary, and interim recruitment and outcome solutions to clients seeking to recruit professional staff across a range of specialist areas.

invitise Ltd also operates:

  • Right Matters, a careers coaching and mentoring service initiative owned and delivered by invitise Ltd.

All services are delivered in line with applicable UK data protection law and invitise Ltd's ISO 9001 certified Quality Management System.

What Does This Policy Cover?

This Privacy Policy explains:

  • The types of personal data we collect about you
  • How and why we collect and use your personal data
  • How long we keep your personal data
  • When, why, and with whom we share your personal data
  • The legal basis we have for processing your personal data
  • Your rights and choices regarding your personal data
  • How we may contact you and how you can contact us

This Privacy Policy may be updated from time to time. Please check this page periodically to stay informed of any changes.

Who Are You?

We collect and process personal data from the following types of individuals:

  • Candidates (existing or prospective)
  • Clients (existing or prospective)
  • Users of our website
  • Referees or emergency contacts provided by candidates or staff
  • Suppliers to our organisation
  • invitise employees, contractors, or interim workers
  • Individuals and organisations engaging with Right Matters career coaching and mentoring services

Who Is the Data Controller?

invitise Ltd is the Data Controller and determines the purposes and means of processing personal data.

  • Company No: 13345316
  • VAT No: 381151123
  • Head Office: 71–75 Shelton Street, Covent Garden, London, WC2H 9JQ
  • Contact No: +44 (0)345 163 0135
  • Email: dataprotection@invitise.com
  • ICO Registration No: ZB058757

Our Data Protection Officer is Fahim Rashid (Managing Director). Data protection enquiries and requests can be sent to dataprotection@invitise.com.

What Is Personal Data?

Personal data means any information relating to an identified or identifiable individual, including:

  • Names, contact details, and identifiers
  • Employment history, qualifications, and role information
  • CVs and application data
  • Special category data (e.g. health, religious belief, diversity information), processed only where lawful and necessary

Legal Basis for Processing Personal Data

We primarily rely on legitimate interests as our lawful basis for processing personal data, including in relation to:

  • Recruitment and talent services
  • Client and supplier relationship management
  • Website users and business contacts
  • Right Matters coaching and mentoring engagement

Where required, we may also rely on contractual necessity, legal obligation, or explicit consent (e.g. for special category data). We carry out legitimate interest assessments where appropriate.

How We Use Your Data

For candidates and individuals:

  • Matching skills and experience with opportunities
  • Providing recruitment, coaching, mentoring, and career-related services
  • Personalising communications and support
  • Conducting eligibility and compliance checks

For clients and suppliers:

  • Managing contractual and commercial relationships
  • Resolving queries, disputes, or compliance matters
  • Ensuring operational security and continuity

Automated Processing and Profiling

To match candidates with suitable opportunities efficiently, we use software — including automated tools and AI-assisted matching — that ranks and suggests how well a candidate's skills and experience fit a role, and that helps us prioritise and organise our work. This supports our consultants' decisions; it does not replace them. A member of our team always makes the final decision on shortlisting, representation and placement, so there is no solely automated decision-making producing legal or similarly significant effects under Article 22 of the UK GDPR. We do not send candidate or client personal data to external or public AI services; any AI-assisted processing runs on data held within our own systems, with identifying details removed where data is used for analysis. You can ask us about this processing, or object to it, at any time using the contact details above.

Where We Source Personal Data

We may obtain personal data from direct interactions with you, publicly available sources (e.g. LinkedIn, job boards), referrals or third-party introductions, and reputable third-party data providers. Occasionally we may purchase data from reputable providers; such data is processed under legitimate interest, and individuals will be informed of their rights including the right to object or request deletion.

Who We Share Your Data With

We do not sell your personal data. We share it only where necessary, with:

  • Clients and hiring organisations, where we put you forward for a role
  • Umbrella companies, payroll providers and accredited suppliers involved in a placement
  • Background-screening, right-to-work and compliance partners, where a role requires it
  • Service providers who process data on our behalf (processors) — including IT, hosting, email, our recruitment system, and marketing and data-cleansing providers — who act only on our documented instructions under a data processing agreement
  • Professional advisers (e.g. legal, accounting, insurance) where necessary
  • Regulators, law enforcement or other authorities where we are required to by law

invitise Ltd remains the data controller at all times; our processors may not use your data for their own purposes.

Data Retention Period

We keep personal data only as long as we need it for the purpose it was collected, plus any period required to meet legal, regulatory or contractual obligations or to establish, exercise or defend legal claims. In practice:

  • Candidate CVs and CV content: kept while you are active with us and automatically minimised after 24 months of no meaningful contact — your CV document and CV text are deleted, while your core contact and searchable details (name, contact details, role, skills) are retained so we can still tell you about relevant opportunities.
  • Candidate records: where we have had no meaningful contact, we contact you at around 4.5 years to ask whether you wish to remain on our database, and delete your record at around 5 years of inactivity.
  • Placement and compliance documents (identity, right-to-work and onboarding evidence for candidates we place): kept for 6 years after the engagement ends, or 7 years where the placement was made through a public sector framework whose audit terms require it — the periods needed to meet client audit rights and to establish, exercise or defend legal claims. Where onboarding documents are collected but no placement proceeds, they are deleted after 6 months. After removal, a minimal skeleton record is kept as proof of timely deletion.
  • Client, supplier and contractual records: kept for the duration of the relationship and then as required for legal and regulatory purposes.
  • Client and prospect business contacts (name, work email, job title, work phone): kept for 5 years from the last meaningful engagement (any reply, call, meeting, enquiry or placement resets the clock). Contacts are reviewed at 4.5 years and, if still dormant, deleted at 5 years, and are removed sooner if we learn they have left the organisation or the work address is no longer valid. Every marketing message carries an opt-out, and objections are honoured immediately.
  • Financial and tax records: retained for 6 years in line with UK tax and company law.

Our recruitment system automatically applies the candidate CV-minimisation and record-review/deletion periods above. Data that is no longer needed is securely deleted or anonymised.

International Data Transfers

Personal data may be processed outside the UK or EEA only where an adequacy decision applies, or appropriate safeguards are in place (e.g. Standard Contractual Clauses).

Cookies and IP Address Policy

IP Addresses: Collected for system administration, security, and statistical analysis. They do not directly identify individuals.

Cookies: Used to improve website functionality and user experience. You can manage cookies through browser settings. Further guidance is available at allaboutcookies.org.

Marketing Communications

We may send recruitment, service-related, or professional communications where you have engaged with us professionally, or submitted a CV, enquiry, or application. Marketing is conducted under legitimate interests and soft opt-in rules, with a clear right to opt out at any time via email links or by contacting us directly.

Fees for Excessive Data Requests

We may charge a reasonable fee for manifestly unfounded, excessive, or repeated data requests.

Your Rights

You have the following rights concerning your personal data: be informed; access your data; rectify inaccurate data; request erasure (subject to legal obligations); restrict processing; data portability; object to processing (including marketing); and withdraw consent.

Complaints

If you have concerns about how your data is processed, please contact us at dataprotection@invitise.com. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

The 24-hour rule. Why slow Cyber Hiring is now a board risk. Cover and sample spreads of the invitise executive briefing.
New executive briefing · May 2026

The 24-hour rule Why slow Cyber Hiring is now a board risk

A 16-page invitise briefing for cyber, risk and people leaders. Why the hiring window has narrowed, what 24-hour mobilisation actually requires, and the four conditions that have to be true for next-morning on-site to mean something.

55%

of senior cyber roles take 6 months or longer to fill in the UK.

46 days

longer than other IT roles, senior cyber vacancies stay open.

68%

of large UK businesses now own cyber at board level.

We'll email you the PDF. No marketing list. See our privacy policy. Protected by Cloudflare Turnstile.