Privacy Policy

Rare Recruitment Ltd ("we") are committed to protecting and respecting your privacy.

This policy (together with our terms of use and any other documents referred to on it) sets out the basis on which any personal data we collect from you, or that you provide to us (either directly or via a third party), will be processed by us.

Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

By visiting our websites listed here:,,,,,,, and (“Sites”) or otherwise providing personal data to us (either directly or indirectly) you are accepting and consenting to the practices described in this policy.

For the purpose of the EU General Data Protection Regulation (GDPR), the data controller is Rare Recruitment Ltd of 8 Blackstock Mews, Islington, London, N4 2BT.

Any changes we may make to our privacy policy in the future will be posted on this page. Please check back frequently to see any updates or changes to our privacy policy.

If you are in Australia, we adhere to the obligations of the Privacy Act (1988) (Cth) with respect to the collection, storage, use, transfer and disclosure of personal information that we receive from you.

Personal data we may collect from you

“Personal data”, or personal information, means any information that enables us to identify you, directly or indirectly when combined with other information we hold. It does not include data where the identity has been removed (anonymous data). We may collect and process the following kinds of personal data about you:

Do we use cookies?

Google Analytics uses cookies to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they have visited.

To opt out of being tracked by Google Analytics please visit: /

How we use your personal data?

We will only use personal data held about you for purposes described in this privacy policy and when the law allows us to do so. We will generally use your personal data on the following legal grounds:

We use personal data held about you for the following purposes:

Do we disclose your personal data?

We may disclose your personal data to third parties:

We use some sub-contractors in the software development part of our business. We use service providers who provide penetration testing services, front end software development, quality assurance application programme interface development and systems administration. 

Quality and security

We require all our sub-contractors to sign contracts which include restrictive covenants, detailed clauses on client confidentiality, and data protection compliance.

We require our sub-contractors to use secure communication for all their work with Rare.

Work devices are encrypted, password protected or both.

We require all our sub-contractors to receive information security training and to have references satisfactory to us.

Storage of your personal data

All information you provide to us is stored on a secure AWS server located in the British Isles.  The backup server is located in Ireland.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. See the section below on data security for further details.


How long we store your personal data

We will only retain your personal data, in a form which permits us to identify you, for as long as necessary to fulfil the purposes we collected it for. We will retain and use your personal data as necessary to satisfy any legal, accounting or reporting requirements, to resolve disputes or to enforce our agreements and rights. In line with this privacy policy, we will either securely delete or anonymize your personal data so that it cannot be linked back to you. Generally, we store personal data in a form that can identify an individual for up to 10 years following collection unless it is required to fulfil any legal or contractual obligation, or is required for the establishment, exercise or defence of legal claims.

Your rights

Our Sites may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

In accordance with the General Data Protection Regulation (GDPR), in certain circumstances you have:

The right to access your personal data and supplementary information and to be aware of and verify the lawfulness of our processing of your personal data. We will not generally charge a fee for an access request, but a reasonable fee may be charged if a request is manifestly unfounded or excessive, particularly if it is repetitive. We may also charge a reasonable fee to comply with requests for further copies of the same information.

The right to rectification. Your personal data can be rectified if it is inaccurate or incomplete. We respond to requests for rectification within one month of receipt of the request. This can be extended by two months where the request for rectification is complex.

The right to erasure. This is also known as ‘the right to be forgotten’. You have a right to have your personal data erased and to prevent processing in specific circumstances:

  1. Where the personal data is no longer necessary in relation to the purpose for which it was originally collected/processed.
  2. When you withdraw your consent.
  3. When you object to the processing and there is no overriding legitimate interest for continuing the processing.
  4. If the personal data was unlawfully processed (ie otherwise in breach of the GDPR).
  5. If the personal data has to be erased in order to comply with a legal obligation.
  6. If the personal data is processed in relation to the offer of information society services to a child.

The right to restrict processing of your personal data. You have a right to ‘block’ or suppress the processing of your personal data. If you contest the accuracy of your personal data, we will restrict its processing until its accuracy has been verified.

The right to data portability. In certain circumstances you have the right to request transfer of your personal data directly to a third party where this is technically feasible.  

The right to object. You have the right to object to us processing your personal data. In this case, you must have an objection on grounds relating to your particular situation.

To exercise any of these rights, in the first instance please contact

If you have any questions in relation to this policy, please contact


Rare Recruitment Limited is an ISO27001:2013 certified company, Certificate Number: 214857.

Rare Recruitment Limited is a Cyber Essentials accredited company, Certificate Number: IASME-A-03878. We have also been issued with the IASME Governance Standard, Certificate Number: SA003194.