Privacy

Privacy Policy

How we collect, use, store and protect your personal data — and the rights you have over it under UK GDPR.

Version · 1.0 (draft)Last updated · 1 Jul 2026Controller · Job Referral
Draft for review. This is a working draft to be finalised with a solicitor before go-live — it isn't legal advice. It sets out how the platform intends to handle personal data.

1 Who we are

Job Referral ("we", "us") operates a private, invite-only network that connects vetted professionals with employers through trusted referrals. For the purposes of UK data-protection law (the UK GDPR and Data Protection Act 2018) we are the data controller for the personal data described here.

Our contact point for privacy matters is [email protected].

2 Data we collect

We only collect what we need to run the network:

  • Identity & contact — your name, email address, phone number (optional) and country.
  • Professional information — job titles, work history, skills, education, certifications, day rate or salary expectations, availability, IR35 stance and the CV or LinkedIn data you import to build your profile.
  • Referral data — who invited you, references given about you, and people you invite or endorse.
  • Employer data — for employer users: company details, the person registering, roles and vacancies, and hiring activity.
  • Usage data — how you interact with the platform (pages, actions), captured in an anonymised/aggregated form to improve the product.
  • Support & communications — messages you send us through contact forms, tickets or email.

3 How we use it

  • To build and display your profile and match you to relevant roles (or, for employers, to relevant candidates).
  • To operate the referral chain of trust and record references and endorsements.
  • To let a matched employer request to view your profile and arrange interviews.
  • To send service communications — invites, confirmations, interview requests and account/security notices.
  • To keep the network safe: verification, moderation, and detecting misuse.
  • To improve the platform through privacy-respecting, aggregated analytics.

4 Lawful basis

We rely on: contract (to provide the service you signed up for), legitimate interests (to run, secure and improve a trusted network, balanced against your rights), and consent (for any optional marketing communications, which you can withdraw at any time). Service/transactional messages are sent on the basis of contract, not marketing consent.

5 Sharing & anonymity

Your identity is anonymous by default. Employers first see an anonymised version of your profile and only see your name and identifying details once they accept to view you. We do not sell your data.

We share data only with:

  • Employers you're matched with — anonymised first, full details on reveal, as above.
  • Service providers (processors) who help us operate — currently our hosting/database provider (Cloudflare) and our transactional email provider (Resend). They act on our instructions under data-processing terms.
  • Authorities where we are legally required to.

6 Retention

We keep your data for as long as your account is active and for a reasonable period afterwards to meet legal, tax and dispute-resolution obligations. When it's no longer needed we delete or anonymise it. You can ask us to delete your account and data at any time (see your rights below).

7 Your rights

Under UK GDPR you have the right to:

  • Access — get a copy of the personal data we hold about you.
  • Rectification — correct inaccurate or incomplete data.
  • Erasure — ask us to delete your data ("right to be forgotten").
  • Portability — receive your data in a portable, machine-readable format.
  • Restriction / objection — limit or object to certain processing, including opting out of marketing.

To exercise any of these, email [email protected]. We'll respond within one month.

8 Cookies

We use essential cookies to keep you signed in and secure, and (once enabled) privacy-respecting analytics cookies to understand and improve usage. You can control these — see our Cookie Policy for detail and how to opt out.

9 Security

We protect your data with encryption in transit and at rest, access controls, and an audit trail over sensitive actions. No system is perfectly secure, but we take reasonable and appropriate measures and will notify you and the ICO of any breach where legally required.

10 Contact & complaints

Questions or requests: [email protected]. If you're unhappy with how we've handled your data you can complain to the UK Information Commissioner's Office (ICO) at ico.org.uk, though we'd appreciate the chance to put things right first.