Privacy Policy

1. Introduction

1.1 Important information and who we are

Welcome to SANCTBASTION LTD’s Privacy and Data Protection Policy (“Privacy Policy”).

At SANCTBASTION LTD (“we”, “us”, or “our”) we are committed to protecting and respecting your privacy and personal data in compliance with the United Kingdom General Data Protection Regulation (“UK GDPR”), the Data Protection Act 2018 and all other applicable data protection laws.

This Privacy Policy explains how we collect, use, store and protect your personal data when you interact with us, including when you:

```
apply for a role
```

are approached by us regarding an opportunity

```
engage with us as a client
```
```
provide services to us
```

2. Data Controller

SANCTBASTION LTD is the Data Controller responsible for your personal data.

Company details:
 SANCTBASTION LTD
 Company Number: 16706692
 Address: 4 Shakespeare Avenue, Hawarden, Deeside, United Kingdom, CH5 3TB
 Email: enrique@sanctbastion.com

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk).

3. Personal Data We Collect

3.1 Categories of data

We may collect, use, store and transfer the following categories of personal data:

Identity Data

```
Full name
```
```
Job title
```
```
Employer
```

Contact Data

```
Email address
```
```
Telephone number
```
```
LinkedIn profile
```

Professional Data

```
CV / resume
```
```
Employment history
```
```
Education and qualifications
```
```
Skills and experience
```
```
Salary expectations
```
```
Interview notes and feedback
```

Communication Data

```
Emails
```
```
Call records and notes
```
```
Messages via LinkedIn
```

3.2 Special category data

We may occasionally receive special category data, such as information relating to health, disabilities, nationality, visa status or diversity.

We do not actively request this information, but where it is provided we process it only where legally permitted and solely for recruitment-related purposes.

4. How We Collect Your Data

We collect personal data from the following sources:

Directly from you (applications, CVs, emails, calls)

LinkedIn Recruiter and other professional networks

```
Referrals from clients or contacts
```
```
Publicly available professional sources
```

5. Legal Basis for Processing

We rely on the following lawful bases under UK GDPR:

Legitimate Interest
 To source candidates, manage recruitment processes, and develop business relationships.

Consent
 Where you explicitly engage with us or agree to be represented for specific opportunities.

Contractual Obligation
 Where processing is necessary to deliver recruitment services to clients.

Legal Obligation
 Where required by law (for example right-to-work or compliance checks).

6. How We Use Your Data

We use your personal data to:

Match candidates with suitable job opportunities

```
Contact candidates regarding roles
```

Submit candidate profiles to clients (with consent)

```
Coordinate interviews and feedback
```

Manage contractual relationships with clients

Comply with legal and regulatory obligations

We do not sell your personal data.

7. Data Storage and Security

Your personal data may be stored and processed in:

```
Work laptops
```

Work email systems (Google Workspace / Gmail)

```
LinkedIn Recruiter
```

Access is restricted to authorised individuals only.

We use reasonable technical and organisational measures to protect your data, but no electronic system can be guaranteed to be completely secure.

8. International Transfers

Some of our service providers (such as Google and LinkedIn) may process data outside the United Kingdom or European Economic Area.

Where this occurs, we ensure appropriate safeguards are in place, including standard contractual clauses or equivalent protections.

9. Data Retention

We retain personal data for no longer than necessary.

Candidate data is typically retained for up to 3 years from the last meaningful interaction, unless:

```
You request deletion
```
```
You remain actively engaged with us
```

Legal obligations require longer retention

10. Sharing Your Data

We may share personal data with:

```
Clients (with your consent)
```
```
Technology providers (Google, LinkedIn)
```

Professional advisers (legal, accounting)

Regulators or authorities where legally required

We only share data where necessary and relevant.

11. Your Rights

Under data protection laws, you have the right to:

```
Request access to your data
```
```
Request correction of inaccurate data
```
```
Request deletion of your data
```
```
Object to processing
```
```
Restrict processing
```
```
Request data portability
```

To exercise any of these rights, please contact:
 enrique@sanctbastion.com

12. Marketing

We may contact you regarding recruitment opportunities relevant to your professional background.

You can opt out of such communications at any time by contacting us or unsubscribing.

13. Complaints

If you believe your personal data has been misused, please contact us first.

You also have the right to complain to the Information Commissioner’s Office (ICO).

14. Updates to this Policy

We may update this Privacy Policy from time to time. The most recent version will always be published on our website.

Last updated: January 2026

Privacy Policy

Sanctbastion

Connect