defi texture

Privacy Policy

This document provides you with information about the data we collect, how we use it and how we track your use of this website through cookies. As a recruitment company we understand the sensitivity of the personal data that we process and are committed to protecting the privacy of all the users of our site and services.

The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) replaces the Data Protection Regulation (Directive 95/46/EC) from 25 May 2018.


It’s important to us that you trust DeFi Recruitment Limited (“DeFi”), our products and services and we want you to know that the information you share with us is treated with care. DeFi is a data controller which makes us responsible for any Personal data we process. This Privacy Notice explains how we process, store and disclose the Personal data we collect.

DeFi can be contacted for any privacy queries by email at


  • The data controller is DeFi Recruitment Limited a company registered in England and Wales (Company number 13626874)
  • Registered Address: Granta Lodge, 71 Graham Road, Malvern, Worcestershire, United Kingdom, WR14 2JS
  • Correspondence address: Highnam Court, Highnam, Gloucester, GL2 8DP
  • You can email using
  • You can call on +44 (0) 7495 027 995
  • DeFi Recruitment Limited is registered as a Data Controller with the Information Commissioner’s Office, Certificate Number ZB271819


Personal data can be collected if you sign up as a candidate for job alerts via this website, at events, on business reply cards, from our customer call centre or we may have found your details via a third-party such as social media, LinkedIn or a job board such as Jobsite, CV Library, Indeed, or Reed.

If you sign up as a candidate for job alerts via this website, you will be asked for personal data such as your email address. You will also be asked for criteria to help with tailored job alerts such as your location, job title, and job preferences.

If you wish to opt out of receiving job alerts you will be able to do so by following the unsubscribe instructions provided in the job alert email or by emailing Job alerts which are set up through this website will automatically expire after a maximum of 90 days.

If you register as a candidate with DeFi, personal data will be collected from you and your CV. We may also contact referees and be requested to obtain further details from you by our Clients in relation to their requirements.


  • Full name
  • Home Address
  • Email Address
  • Phone Number(s)
  • Gender
  • Date of Birth
  • National Insurance Number
  • Evidence of your right to work documents
  • Education History
  • Employment History
  • Qualifications and Skills
  • References
  • Salary and Remuneration
  • Any other information contained within your CV Data on how you use our website and services
  • Technical data which includes your Cookies ID, IP address, browser type and plug in’s, login data, location, time zone, operating system and platform and any other technology on the device used
  • Communication and Marketing preferences and data


Sensitive personal data is special categories of personal data such as your political, religious or philosophical beliefs, sexual orientation, race or ethnic origin, or information relating to your health. These categories are generally irrelevant to your suitability for a vacancy and as such we request that you do not provide us with any sensitive personal data unless absolutely necessary.

Any sensitive personal data provided will only be used for the purposes of our relationship with you or when providing our recruitment services. This will be for one or more of the following reasons:

  • You have explicitly consented
  • To assess your suitability for job roles or working capacity
  • Where processing is necessary for legal obligations
  • To maintain records should we need to resolve a dispute, including but not limited to the establishment, exercise or defence of any legal claims

Your personal data may have been collected from the following sources (please note this list is not exhaustive):

  • You, including your CV or application
  • Online job boards
  • Social Media such as LinkedIn or Facebook
  • The Public Domain
  • Another candidate
  • A client
  • A telephone call which may be recorded
  • An interview
  • A call or meeting notes
  • Our website and software applications
  • Video calls

As part of our services, you will receive job alerts from our recruitment consultants that match the job criteria and preferences you provided. You may also receive job alerts which we believe you may find interesting.

If you provide us with information about third parties, we will assume that the third party has given you permission to do so and for DeFi to process the Personal data to the same extent as yours.

If you are a client of DeFi, we will collect and process information about individuals in your organisation, such as name, telephone number and email address to enable us to communicate with them and provide any services they require. We may also hold extra information that someone in your organisation has chosen to tell us.

If you are a supplier of goods and services to DeFi, we will collect and process information about individuals in your organisation, such as name, telephone number and email address to enable us to communicate with them and to receive their goods and services. We will also collect bank details to ensure we can pay you. We may also hold extra information that someone in your organisation has chosen to tell us.


Your personal data will be used, processed, and stored in order for DeFi to provide recruitment services. We will use your Personal data to send you job alerts by email and text regarding suitable contract assignments and permanent or fixed term placements.

Your personal data will be disclosed to our Clients as part of the recruitment process.

At times we may need to process your personal data under another legal basis such as a legitimate interest including producing and analysing statistics around the visitors to our website, marketing campaigns or as part of a fulfilment of a legal requirement.

Your personal data will only be used by DeFi under the purpose in which it was collected; such as providing recruitment services. If we need to use your Personal data under another legal basis we will notify you however, we may process your Personal data without your consent or prior knowledge should we be required to do so by a legal or regulatory requirement.

At present all our recruitment activities involve human decision making during the process and your Personal data is not subject to an automated decision-making process including profiling.


We are committed to safeguarding the personal data we store and process to protect it from loss, misuse or being accessed without authority. To maintain this security, we have in place organisational measures such as limiting access to certain personal data.

If DeFi is subject to a data breach, we will notify you.


DeFi may disclose your personal data to a third party who performs services on our behalf such as payroll, accounting, factoring, screening, web hosting and other professional services. We may also be required to provide your personal data to government agencies such as HMRC and law enforcement agencies and in times where we are required to comply with applicable laws and fulfil legal requirements.

Where we pass your personal data on to a third party, we do not permit for them to use your data for anything other than the services they provide to us or to fulfil their legal obligations and where possible, we will assign the relevant contractual restrictions. If the third party we disclose your personal data to is also a data controller, for example the HMRC we may be unable to enforce restrictions in this way.


As part of our recruitment services, we may transfer data to countries or international organisations outside of the European Economic Area (EEA). This may, for example, be to clients or candidates, or third parties who provide support services to us. Where information is to be transferred, it may be to a country in respect of which there is an adequacy decision from the EU Commission. However, if this is not the case, it is our policy to take steps to identify risks and in so far as is reasonably practicable, ensure that appropriate safeguards and security practices are in place.


We keep your personal data only for as long as is necessary in line with the reason for which we process it, as described above. Please note that we may retain some of your information after you cease to use our services if it is necessary to meet our legal obligations. If we have a contractual relationship with you, we are required by law to retain information such as contracts, identity documents and financial data for a period of 7 years.

When determining the relevant retention periods, we will take into account:

  • Our contractual obligations and rights in relation to the relevant information;
  • Legal obligations under applicable law to retain data for a certain period;
  • Our legitimate interests;
  • Statute of limitations under applicable law;
  • Disputes, whether potential or actual;
  • If you have made a request to have your information deleted;
  • Guidelines issued by relevant data protection authorities.

If we determine that we can delete your data, we will do so securely.


In order to store and process your data we must have a lawful basis to do so. Our lawful basis for processing personal data is our legitimate business interests as detailed below however, we may also reply on contractual obligations, legal obligations, or consent.

Legitimate interest: This could be a business or commercial reason to process your data, but we will consider your interests and legal rights when doing so:

  • If you are searching for new employment or have uploaded your CV onto a job board or professional networking site, we believe it’s reasonable to expect that you are happy for your personal data to be collected and processed for us to offer our recruitment services to you and review your skills against our vacancies and share some of your data with potential employers.
  • We believe it’s reasonable to process your data to provide tailored job recommendations and opportunities based on your skills.
  • We believe it is reasonable to process your data to ensure we can personalise your experience of our recruitment services, whether via our website or otherwise.
  • We will need to retain records of dealings and transactions in order to fulfil our contractual obligations, protect our reputation, establish, exercise or defend any legal claim and maintain a backup of our system to ensure we ca restore the system should there be a system failure or security breach.

If you are a client of DeFi we store your company data and some personal data of individual contacts and as part of the recruitment services we provide, and we may record details of meeting, vacancies, conversations, and placements. This is necessary to enable us to provide adequate recruitment services to you.

If you are a supplier of DeFi we store your company data, financial data, and some personal data of individual contacts as part of the services you provide to us. This is necessary as part of the business relationship we have.

  • Consent: You may provide us with verbal or written consent to process your data for certain activities, your consent must be freely given, and you must be aware what you are consenting to. We will make sure this is clear, for example you may apply for a role and consent to your data being processed as part of the recruitment process. Part of our business activity involves researching information for the purposes of finding and filling job vacancies. This can include obtaining personal data from sources including job boards, advertisements, LinkedIn or other social media, some information being publicly available but others being from sites or providers to which we subscribe. From time to time we may also receive personal data about you from hiring organisations, colleagues, and former employers, or from persons for whom you have provided services or been otherwise engaged. In some cases, we may be able to rely on soft opt-in consent and provide marketing communications in line with the recruitment services we offer, provided you have not opted out of such communications. Consent can be withdrawn at any time by emailing
  • Contractual obligations: When providing recruitment services, we may enter into a contract with and/or a third party. As part of the process, we will need certain information such as your name, address, company details and NI number.
  • Legal obligations: There are several statutory requirements we must comply with as a recruitment agency. As part of the Conduct of Employment Agencies and Employment Business Regulations 2003 we are required to verify your identity and review your suitability for a vacancy. If an individual is engaged to work for DeFi or supplied to a client we must also comply with other statutory requirements such as tax, bribery, fraud/crime prevention and data protection and co-operate with HMRC and the ICO.


  • The right to withdraw consent: Where we are relying on your consent to process your personal data, you have the right to withdraw your consent at any time and we will cease this processing unless we have an alternative reason to continue processing your data which will be communicated to you. If you wish to withdraw your consent, please email Withdrawal of consent will not have any effect on the lawfulness of any processing based on consent before its withdrawal
  • The right to object: In certain circumstances you have the right to object to your data being processed. You have the absolute right to object if we are sending you direct marketing materials. Any objections will be responded to within one month and should a circumstance apply to allow us to continue to process your data under another reason we will notify you of this.
  • The right to rectification: You have the right to request that we correct any incorrect or out of date information we hold on you. You also have the right to request we update any incomplete data.
  • The right to erasure (the right to be forgotten): If you no longer wish for us to hold or process your data you can request that we erase/delete this. Provided we no longer have a legal basis for processing we will complete your request. If we are unable to complete your request because there is a legal reason to retain the data, we will notify you.
  • The right to restrict data processing: Under the following circumstances you have the right to request that we restrict the processing of your personal data, this means we can continue to store the data, but we cannot use it; where the processing is unlawful, but you do not want us to erase it, where you want us to review the accuracy of the data, where you have objected to the processing, and we need to verify if we have a legitimate interest to continue processing’, where we no longer need to process your data, but we need to establish, exercise, or defend legal claims
  • The right of access – Subject access request: You have the right to access the personal data we hold on you at any time and we will respond within one month. If you wish to complete a subject access request, please email
  • The right to data portability: You have the right to request that we transfer your data to another data controller. Where possible this will be completed or alternatively, we will transfer the data directly to you in a commonly used format. Your right to data portability applies to; personal data that we process automatically and without any human interventionpersonal data you provided to us, and personal data that we process based on your consent or in order to fulfil a contract.
  • The right to lodge a complaint with a supervisory authority: It is your right to lodge a complaint with your local supervisory authority at any time. If you wish to make a compliant to the Information Commissioner’s Office, go to

To fulfil any of the above requests we may need to confirm your identity. All legitimate requests will be responded to within one month whenever possible unless the request is complex. No fee is payable unless you request is deemed to be excessive.

Please be aware that if you do exercise your right to erasure or to cease processing activity, we may retain a record of this request and the action we take as evidence of compliance and to ensure we try to minimise the data being processed in the future if received again via a third-party source.


We rely on the soft opt in consent when providing recruitment services such as sending out email marketing communications to you. If you provided your details at a networking event, entering a competition or via a job fair or job board you may receive email marketing communications from us. You have the option to opt out of these email marketing communications at any time and you can do so in any of the following ways:

  • Following the unsubscribe instructions contained within the email
  • Replying to the email with the words ‘unsubscribe – marketing’
  • Email with the word ‘unsubscribe – marketing’

Opting out of receiving marketing messages does not apply to:

Personal data that you have provided to us as a result of your request for work finding servicesPersonal data that you have provided to us in connection with the performance of a contract between us


Cookies are small text files that are placed on your computer by websites that you visit. Our cookies don’t store sensitive information such as your name and address

We use cookies to aid

  • Our website working more efficiently (speed/security)
  • Remember your settings during and between visits
  • To provide information to the owners of the site
  • Understand how visitors use our website
  • Monitor visitor traffic

The cookies we use on our website are:


Cookie Domain Type  Description Duration
_ga Analytics The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site’s analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors. 2 years
_gid Analytics Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website’s performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously. 1 day
_gat_gtag_UA_217412770_1 Analytics Set by Google to distinguish users. 1 minute
JSESSIONID Necessary The JSESSIONID cookie is used by New Relic to store a session identifier so that New Relic can monitor session counts for an application. session
cky-active-check Necessary CookieYes sets this cookie to check if the consent banner is active on the website. 1 day


If you’d prefer to restrict, block, or delete cookies from the DeFi website or any other website, you can use your browser to do this or follow the link at the bottom of this page.


This website contains links to third-party sites not controlled by DeFi or covered by this privacy policy, such as those belonging to DeFi partner companies. We recommend that you check the privacy policy of other sites you visit before providing any personal data.

By using this site, you are accepting the above policy. This privacy policy was last updated on 9th December 2021. Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail.