Privacy Policy

We are QUBA Solutions Limited (Registered in England & Wales No. 07907578) of Concept House, Stoney Croft Rise, Chandler’s Ford, Eastleigh, SO53 3LD. This Privacy Policy sets out the basis on which we use personal data in the course of our business activities.

When we provide standard Recruitment Funding services to an Agency, we act as a data processor in respect of the Agency’s information and the Agency is the data controller. You will therefore need to refer to the specific Agency’s privacy policy to understand how your data will be used by them and their data processors.

When we provide Startup Construction Recruitment Funding (or QUBA Principal Funding) to an Agency, the Agency acts as our sales agent and we contract with the relevant Client or Candidate instead of the Agency. In this case, there are two independent data controllers: the Agency and us.

Words in bold text have a specific meaning under this Privacy Policy. You should refer to the Definitions section below for an explanation.

We reserve the right to update this Privacy Policy from time to time. When applicable, we will update any affected data subjects to notify them of any material changes to the Privacy Policy.

Who Should Read This Privacy Policy?

If you are an Agency Representative, Prospect or Supplier Representative, you should read Sections One and Three of this Privacy Policy

If you are a Candidate or Client Contact, read Sections Two and Three of this Privacy Policy.

If you are an employee, applicant for employment, or internal consultant/temporary worker, you should refer to our applicant or employee Privacy Policy, which can be requested from a member of the HR department in person or by sending an email to [email protected]

SECTION ONE – Agency Representatives, Prospects & Supplier Representatives

This section of the Privacy Policy relates to individuals with whom we deal in relation to our normal business operations.

How We Obtain Personal Data

If you are an  Agency Representative, Prospect or Supplier Representative, we may obtain personal data relating to you:

• Directly in the course of (ii) us providing services to an Agency (ii) the Supplier providing services to us or (iii) us quoting for or otherwise discussing the possibility of providing recruitment finance services, as applicable; or
• Indirectly from:
  • online professional networking sites such as LinkedIn
  • your employer’s website and other industry-related websites
  • business information directories
  • other individuals within your organisation

Types of Information We Hold

If you are an Agency Representative or Prospect, we will collect, store, and use the following categories of personal information about you:

• Personal contact details such as name, title, addresses, telephone numbers, and email addresses;
• Your job title and role; and
• Any background information relating to your personal circumstances, your work history and the role which you perform which you may provide to us in the course of your dealings with us.

We do not collect, store or use any “special categories” of sensitive personal information if you are an Agency Representative or Prospect.

If you are a Supplier Representative, we will collect, store, and use the following categories of personal information about you:

• Personal contact details such as name, title, addresses, telephone numbers, and email addresses;
• Your job title and position within the Supplier organisation; and
• Any background information relating to the role which you perform within the Supplier which you may provide to us in the course of your dealings with us.

We do not collect, store or use any “special categories” of sensitive personal information if you are a Supplier Representative.

How We Use Personal Data

If you are an Agency Representative, we may use your personal data to:

• Contact you to obtain information about the Agency’s requirements;
• Liaise with you so that we may effectively perform the services to the Agency;
• Contact you for invoicing and credit control purposes;
• Send marketing information about QUBA products and services which may be of interest to you;
• Comply with our legal obligations, defend or bring any legal proceedings and prevent fraud or any other crime.

If you are a Prospect, we may use your personal data to:

• Send marketing information about QUBA products and services which may be of interest to you;
• Directly contact you in relation to QUBA’s products and services;
• Provide an illustration for the provision of recruitment finance services;
• Carry out the pre-contract approval process, where applicable.

If you are a Supplier Representative, we may use your personal data to:

• Liaise with you in respect of the services which are being provided by the Supplier;
• Contact you in relation to billing matters;
• Comply with our legal obligations, defend or bring any legal proceedings and prevent fraud or any other crime.

How We Use WhatsApp Business

In respect of Agency Representatives and Prospects, we will use our WhatsApp Business account to send messages to you about pre-contract and service-related matters. Please note that we do not use WhatsApp Business for marketing purposes.

By messaging you through WhatsApp Business, we are able to communicate with you quickly and efficiently, ensuring that all instant messages between you and us are correctly logged against your record in our CRM and minimising the risk of important information solely being located on an individual mobile device. We have therefore determined that we have a legitimate interest in using WhatsApp Business for communication purposes.

As with any legitimate interest, you have the right to object to our use of WhatsApp Business, which you may exercise by contacting us using the details at the bottom of this Privacy Policy.

Our Lawful Basis for Processing Data

We have determined that we have a legitimate interest to process your personal data where you are:

• An Agency Representative, on the basis that we need to be able to contact and interact with the individuals who are employed or engaged by our Agencies. This will allow us to effectively provide services to them, better understand their requirements and generate revenue for our business.
• A Prospect, on the basis that we need to be able to contact and interact with potential customers and to provide them with information about our products and services.
• A Supplier Representative, on the basis that we need to be able to contact and interact with the individuals who are employed or engaged by our Suppliers. This will allow us to ensure that our Suppliers provide us with the best possible service which, in turn, is of direct benefit to both our Candidates and our Clients.

Parties with Whom We May Share Data

If you are an Agency Representative, we may share very limited data relating to you with a Candidate where such sharing is strictly required for the recruitment process e.g. so that the Candidate may contact you directly. We will also share your personal data with Third-Party Services Providers for legitimate business purposes.

If you are a Supplier Representative or Prospect, we will share your personal data with other Third-Party Services Providers for legitimate business purposes.

SECTION TWO – Candidates & Client Contacts

This section of the Privacy Policy relates to individuals whose data we process when we are providing Startup Construction Recruitment Funding (or QUBA Principal funding) services.

How We Obtain Personal Data

If you are a Candidate, we may obtain personal data relating to you:

• Directly where we have had any direct interactions in relation to a temporary assignment which you are carrying out for an Agency
• Through the relevant Agency if you have:
  • applied for a vacancy through the Agency
  • uploaded your CV through the Agency’s website
  • asked the Agency to provide work-finding services to you
  • engaged with the Agency through any networking activities or events
  • had discussions with the Agency about finding alternative employment

If you are a Client Contact, we may obtain personal data relating to you Directly in the course of us providing services to a Client or Indirectly from:

• online professional networking sites such as LinkedIn
• your employer’s website and other industry-related websites
• business information directories
• other individuals within your organisation

Types of Information We Hold

If you are a Candidate, we may collect, store and process the following types of personal information about you:

• Personal contact details such as name, title, addresses, telephone numbers, and email addresses;
• Your gender, date of birth, nationality and place of residence;
• Your professional skills and experience;
• Your qualifications, training and certifications;
• Proof of your right to work in the United Kingdom such as copies of your passport and, where applicable, visa, residence permit or similar government documents;
• Proof of your identity and address, such as copies of your driving licence, utility bills or similar documents;
• Information about your current or most recent role, including your job title, department, reporting line, responsibilities, salary, benefits and notice period;
• Any background information which you provide to us during the course of your dealings with us;
• Details of any Clients to whom you have been introduced;
• Details of any position which you take up with a Client, including your role, duties, remuneration, department and location;
• If you provide any services on a freelance basis:
  • Details of any limited company through which you contract and the nature of your relationship with that company;
  • Information about the days and times which you have worked;
  • Your bank details, tax code and National Insurance Number; and
  • Information about any services which you have carried out, including any comments, feedback and issues relating to such services.

We may also collect, store and use the following “special categories” of more sensitive personal information:

• Information about your race or ethnicity;
• Information about your health, including any medical condition, health and sickness records; and
• Information about criminal convictions and offences.

If you are a Client Contact, we will collect, store, and use the following categories of personal information about you:

• Personal contact details such as name, title, addresses, telephone numbers, and email addresses;
• Your job title and position within the Client organisation; and
• Any background information relating to your personal circumstances, your work history and the role which you perform within the Client which you may provide to us in the course of your dealings with us.

We do not collect, store or use any “special categories” of sensitive personal information if you are a Client Contact.

How We Use Personal Data

If you are a Candidate, we may use your personal data to:

• Liaise with you in respect of any temporary assignment which you have agreed to carry out for an Agency through ourselves;
• Make payments to you in respect of a temporary assignment or arrange for any third-party company through which you may contract to make payments to you;
• Produce anonymised statistical data;
• Comply with our legal obligations, defend or bring any legal proceedings and prevent fraud or any other crime;
• Conduct equal opportunities monitoring.

If you are a Client Contact, we may use your personal data to:

• Contact you to obtain information about our Client’s requirements;
• Liaise with you so that we may effectively perform the services to our Client;
• Obtain a reference for a Candidate;
• Contact you for invoicing and credit control purposes;
• Provide you with statistical information about your industry sector;
• Comply with our legal obligations, defend or bring any legal proceedings and prevent fraud or any other crime.

Our Lawful Basis for Processing Data

If you are a Candidate:

• We will use your personal data where the Agency has arranged for you to perform an assignment. As we are the principal in the arrangement i.e. as your contract is with QUBA rather than with the Agency, it is necessary for us to process your personal data in relation to your contract to perform the temporary assignment i.e. in accordance with Article 6(1)(b) of the UK-GDPR.
• We may also need to process sensitive (special) personal data relating to you. The type of sensitive personal data which we might process includes (i) information about any medical conditions or disability insofar as they are relevant to the type of work which you are proposing to carry out (ii) information about any unspent criminal convictions and, where relevant to the type of role which you are carrying out, spent convictions, police warnings etc and (iii) information about any trade union of which you are a member (but only insofar as it relates to an employment claim or pay and working conditions on a client site).
• We are acting as an employment business in our dealings with you. In accordance with Article 9 (2)(b) of the UK-GDPR, this sensitive personal data is necessary in the field of employment. i.e. it is required for performing our obligations as an employment business and is used solely for this purpose. Any sensitive personal data shall be held strictly in accordance with our policies on data retention and sensitive personal data.

We have determined that we have a legitimate interest to process your personal data where you are a Client Contact on the basis that we need to be able to contact and interact with the individuals who are employed or engaged by our Clients. This will allow us to effectively provide services to them, better understand their requirements and generate revenue for our business.

Parties with Whom We May Share Data

If you are a Candidate, we may share your personal data for legitimate purposes with:

• A Client where you have expressed an interest in being introduced to such Client or are being supplied to such Client on an assignment;
• Any third-party which is engaged by the Client to assist them in the recruitment process including a managed service company, Recruitment Process Outsourcing provider or IT platform provider;
• A third-party company through which you are contracting;
• A third-party company to which you have specifically asked to be introduced or referred, such as an insurance company or intermediary (umbrella) company;
• Background checking services such as the Disclosure & Barring Service;
• Industry bodies such as the Construction Industry Training Board and any similar organisations which are relevant to the market sector in which you work;
• Third-Party Services Providers who in some cases may use their own subcontractors and sub-processors;
• Our connected or associated companies;
• Our bankers and financiers;
• Governmental departments and agencies where we are permitted or required by law to do so.

If you are a Client Contact , we may share very limited data relating to you with a Candidate where such sharing is strictly required for the recruitment process e.g. so that the Candidate may contact you directly. We will also share your personal data with Third-Party Services Providers for legitimate business purposes.

SECTION THREE – Applicable to all Data Subjects

Where We Process Personal Data

Your personal data is held and processed by us in the United Kingdom.

We have put in place appropriate safeguards to ensure that your data is only transferred to jurisdictions with enforceable data subject rights and effective legal remedies in respect of data privacy breaches. We will therefore only transfer your personal data to jurisdictions outside of the UK and EEA where:

• There are binding corporate rules in place regarding the transfer of such data within the Group, in accordance with Article 47 of the GDPR. This means that the data transfer is between group companies and those group companies have agreed to share that data in accordance with the rules specified by the ICO.
• The ICO has approved such jurisdiction, which usually follows any approval which is given by the European Commission. At present, the approved jurisdictions are Andorra, Argentina, Canada (commercial organisations), Faroe Islands, Guernsey, Israel, Isle of Man, Japan (private sector only), Jersey, New Zealand, Switzerland and Uruguay.
• The transfer of data is subject to an International Data Transfer Agreement. This means that we have a data-sharing agreement in place which complies with the ICO’s requirements; or
• You have expressly given informed consent to the transfer of such data. This means that you have not only agreed to the transfer but have done so in the knowledge that your data may be transferred to a jurisdiction which does not give you the same degree of protection as you have within the UK and EEA.

Our Website 

When you interact with our website, we may process statistical information relating to your usage of the website and may capture certain information, including your IP address. For further information about how we use cookies for this purpose, please refer to our Cookie Policy

Automated Decision Making

Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention.

All decisions which are made in the course of our business processes involve human intervention. We do not therefore make any decisions about you using automated means.

Data Security

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality. Details of these measures may be obtained from our Data Protection Manager using the contact details at the end of this Privacy Policy.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Data Retention

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Our standard data retention period is seven years as, during this period, we may need to produce data for audit purposes or to bring or defend legal proceedings.

Rights of access, correction, erasure, and restriction

Your duty to inform us of changes. It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.

Your rights in connection with personal information

Under certain circumstances, you have the right to:

• Request access to your personal information (a Subject Access Request). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it. You will not usually have to pay a fee to access your personal information but we may charge a reasonable fee if your request is unfounded, repetitive or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
• Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
• Request erasure of your personal information. This enables you to ask us to delete or remove personal information where the personal data is no longer necessary in relation to the purpose for which it was originally collected/processed or you have objected to the processing and there is no overriding legitimate interest for continuing the processing.
• Object to processing of your personal information where we are relying on a legitimate interest and you object on “grounds relating to your particular situation.”
• Request the restriction of processing of your personal information. This enables you to ask us to block or suppress the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it or if you have also objected to the processing as above.
• Request the transfer of your personal information to another party when the processing is based on consent and carried out by automated means. This right is not usually applicable to any data processing carried out by QUBA.

If you want to exercise any of the above rights, please contact our Data Protection Manager in writing. We will consider your request and confirm the actions which we have taken in response to such request.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is an appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact our Data Protection Manager. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law. We will confirm the actions which we have taken in respect of any such request.

If you are unhappy with any aspect of the manner in which we have processed your personal data or dealt with your decision to exercise any of the rights set out in this section, you have the right to complain to the ICO in the United Kingdom. Their details are: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF. Tel: 0303 123 1113 (local rate) or 01625 545 745. Email: [email protected]

Definitions

This Privacy Policy uses the following defined terms:

Agency: a recruitment agency to which we are providing recruitment finance services, either as the principal in the contracting arrangement or on a standard basis.

Agency Representative: means a person who is employed or engaged by the Agency and who we may contact in the course of our dealings with the Agency.

Candidate: a person who is recorded in our records as seeking or potentially suitable for an engagement with a Client. This includes individuals who are not actively seeking a new role but who are in contact with the Agency about potential opportunities which may be of interest from time to time.

Client: a hirer which has engaged us to provide recruitment services when we are providing Startup Construction Recruitment Funding services to the Agency.

Client Contact: a person who is employed or engaged by a Client and with whom we may liaise in respect of any services which we are providing to the Client. In some cases, the Client Contact and the Client may be the same person e.g. where a Client is a sole trader.

Data Protection Legislation: the Data Protection Act 2018, the retained UK-GDPR, and all other primary and secondary legislation relating to data protection in the United Kingdom.

Prospect: a person who is employed or engaged by a recruitment agency which is not an Agency but with whom we are dealing with a view to providing recruitment finance services to such recruitment agency.

Supplier: a business which provides services to us and which may process personal data relating to any Candidate, Client Contact or Supplier Representative in the course of performing such services.

Supplier Representative: a person who is employed or engaged by a Supplier and with whom we may liaise from time to time in respect of the services which are provided by that Supplier.

Third-Party Services Provider: any relevant third-party business which provides services to us or with which we have a professional relationship, including our Professional advisers, such as including accountants, tax advisors and lawyers; Bankers, financiers and insurers; IT services providers and software providers; and independent consultants and subcontractors

Contacting Us

If you have any questions about this Privacy Policy, you can write to our Data Protection Manager at QUBA Solutions Limited, Concept House, Stoney Croft Rise, Chandler’s Ford, Eastleigh, SO53 3LD.Alternatively, you may telephone us on 01305 233178 or email us at [email protected]

Updated 19 June 2025