privacy policy



Harvey Sutton Limited is committed to ensuring that your privacy is protected.  We want to reassure you that we take the collection, use and retention of your personal data very seriously and have outlined below how we use the information we have about you.


Who is Harvey Sutton?

Harvey Sutton specialise in the identification and placement of individuals within the legal, accounting and consultancy sectors.


Explaining the legal basis we rely on

Harvey Sutton is registered as a data controller in the United Kingdom for the purposes of the Data Protection Act 1998.  The law on data protection sets out six ways which a company may collect and process your personal data.  Having analysed our customer database and business model, Harvey Sutton have assessed that Legitimate Interest is the primary basis for candidates and Contractual use for clients.


Our Legitimate Interest

As a recruitment business and recruitment agency Harvey Sutton introduce candidates to clients for permanent employment, temporary worker placements or independent professional contracts. The exchange of personal data of our candidates and our client contacts is a fundamental and essential part of this process.

In order to support our candidates’ career aspirations and our clients’ resourcing needs, Harvey Sutton require a database of candidate and client personal data, containing historical information as well as current resourcing requirements.

To maintain, expand and develop our business Harvey Sutton need to record the personal data of prospective candidates and client contacts.


When do we collect your personal data?

Personal data is collected from enquiries via this website, through personal contacts, referrals, headhunting, retained search assignments, CVs submitted by individuals to the business as well as through external websites (e.g. LinkedIn, Law Society)


What personal data do we collect?

The personal data we may collect is limited to the level we need to provide and deliver our recruitment services and made up as follows:

  • name and job title, employer details
  • salary information (current and expected)
  • contact information including phone number and email address
  • demographic information such as postcode, preferences and interests
  • qualifications and work experience
  • curriculum vitae
  • right  to work in the UK, (a copy of your passport,  if clients request it)


How and why do we use your personal data?

We only use the data you provide us with to understand your needs, aid the recruitment process and in the following administrative functions as listed below:

  • to identify suitable vacancies for candidates
  • to send candidates information about job opportunities
  • to fulfil client commissions for specific job roles
  • to send you communications required by law, or which are necessary to inform you about our changes to the services we provide you, for example updates to this privacy notice
  • to comply with our contractual or legal obligations to share data with law enforcement


How we protect your personal data

Harvey Sutton is committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information.  These include:

You should be aware however, that we are not responsible for the content and security of any external website.


How long will we keep your personal data?

Harvey Sutton will retain your personal data for as long as necessary in order to provide the recruitment service to you and for the purposes of satisfying any legal, accounting, regulatory or reporting requirements.  Harvey Sutton will carry out the following to ensure data is accurate:

  • prior to making an introduction check that we have accurate information about you
  • keep in touch with you so you can let us know of changes to your personal data
  • make use of external websites (e.g. LinkedIn, Law Society) to verify the information about you

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.


Who do we share your personal data with?

Your personal data is only shared with potential clients that you have given us permission to contact on your behalf to facilitate the recruitment processes.

Where your personal data may be processed and protecting your data outside the EEA

Harvey Sutton may transfer personal data that we collect from you to third-party data processors in countries that our outside the European Economic Area (”EEA”) for example, Australia or the USA.   In this event, we have procedures in place to ensure your data receives the same protection as if it were being processed inside the EEA.  Any transfer of your personal data will follow applicable laws and we will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy notice. For example, our contracts with third parties stipulate the standards they must follow at all times.


What are your rights over your personal data?

Please be assured that both our website and services provided by our consultants are GDPR compliant.  You can remove your data at any point, by contacting us at  or writing to us at Harvey Sutton, 8 Mallow Street, London EC1Y 8RQ

The GDPR provides the following rights for individuals:

  1. the right to be informed
  2. the right of access
  3. the right to rectification
  4. the right to be forgotten
  5. the right to restrict processing
  6. the right to data portability
  7. the right to object
  8. rights in relation to automated decision making and profiling

Where any subject access request is made there is a requirement to prove identity before any information is divulged.  This may involve physical presence with accompany ID.

Where a request to “be forgotten” is made, that can only be complied with if there are no other legal frameworks that overrule GDPR. Examples would be HMRC, FCA etc.


Contacting the Regulator

If you feel that your data has not been handled correctly, or if you are unhappy with our response to any requests you have made to us, regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office and they can be contacted by calling them on 0303 123 1113.  You may also visit their website .

If you are based outside of the UK, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence.