top of page

Privacy Policy

Lansbury Management Services Ltd

Effective Date: October 2025

Lansbury Management Services is committed to protecting the privacy and security of the personal data we process. This Privacy Policy sets out how we collect, use, and protect the personal data of our website visitors, job applicants, potential candidates, and business contacts in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are (Data Controller)

Lansbury Management Services acts as the Data Controller for the data processed under this policy. This means we determine the purposes and means of processing that personal data.

  • Company Name: Lansbury Management Services Ltd

  • Address: Swadlincote, Derbyshire, UK (Specific address withheld for online publishing; will be provided upon request)

  • Email: admin@lansburyhr.co.uk

  • Telephone: 01283 373687

2. The Personal Data We Collect

We collect and process various types of personal data depending on your relationship with us (e.g., candidate, client, or website visitor).

Category of Data: Identity Data, Contact Data, Professional Data (Candidates

Examples of Data Collected:

Name, title, date of birth, gender, photograph.

Home/work address, email address, telephone numbers.

CV/Resume, employment history, education details, salary expectations, professional qualifications, interview notes, reference checks.

Source of Data:

Candidate, Client, or Public Sources (e.g., LinkedIn)

Candidate, Client, or Public Sources

Candidate directly, or Third-Party Job Boards/Recruiters

 

3. How and Why We Use Your Data (Purposes and Lawful Basis)

We rely on specific legal bases under UK GDPR to process your personal data

Purpose of Processing:

  • To Provide HR Consultancy & Training Services to Clients

  • To Match Candidates with Job Opportunities

  • To Manage Contracts & Invoices

  • To Respond to Enquiries

  • To Monitor Website Performance

  • To Monitor Campaign Analytics

  • For Diversity and Equality Monitoring

Lawful Basis under UK GDPR:

  • Contractual Necessity (for clients)

  • Legitimate Interest (Our interest in operating a commercial HR/recruitment business and finding suitable employment for candidates).

  • Legal Obligation (Tax, accounting) and Contractual Necessity

  • Legitimate Interest (Responding to communications)

  • Legitimate Interest (Improving service and user experience)

  • Explicit Consent or Legal Obligation (If legally mandated)

Categories of Data Involved:

  • Client/Business Data

  • Identity, Contact, Professional Data

  • Client/Business Data, Financial Data

  • Identity, Contact Data

  • Technical Data

  • Special Category Data

 

4. How We Share Your Data

We will only share your personal data when strictly necessary and with appropriate safeguards in place.

  • Our Clients (Employers): If you are a candidate, we share your Professional Data (CV, cover letter, etc.) with prospective employers (our clients) only with your prior knowledge and consent/agreement to the specific role(s).

  • Service Providers: We use third-party providers for essential services such as IT support, web hosting, email hosting, and professional payroll/accounting. These third parties act as Data Processors and only process your data on our instructions and under strict confidentiality agreements.

  • Legal & Regulatory Authorities: We will disclose data where we are legally required to do so, such as to HMRC, the ICO, or in response to a court order.

5. International Data Transfers

Lansbury Management Services primarily stores and processes personal data within the UK or the European Economic Area (EEA).

If we transfer data outside the UK or EEA (e.g., if a client or system provider is based outside these areas), we ensure a high level of protection is afforded to the data by implementing appropriate safeguards, such as:

  • Transferring data to countries deemed "adequate" by the UK Government.

  • Using UK International Data Transfer Agreements or Addendums.

6. Data Security and Retention

Data Security

We have implemented appropriate security measures, including physical, technical, and organisational steps, to prevent your personal data from being accidentally lost, used, accessed, altered, or disclosed in an unauthorised way. We limit access to your personal data to employees, agents, contractors, and third parties on a strict "need-to-know" basis.

Data Retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

Our typical retention periods include:

  • Unsuccessful Candidate Records: 6-12 months from the end of the recruitment process. To respond to potential legal claims or if a similar role arises. After this period, data is securely deleted or anonymised.

  • Successful Candidate Records: Retained by us as per client contract terms, typically for a minimum of 6 years after placement. To comply with legal, tax, and insurance requirements.

  • Client/Contract Records: 6 years from the termination of the contract. To satisfy statutory and accounting requirements (e.g., HMRC).

  • General Enquiries/Website Data: Up to 12 months after the enquiry is closed. To manage business operations and resolve disputes.

 

7. Your Legal Rights

Under the UK GDPR, you have the following rights concerning your personal data:

  1. The Right to Be Informed: To be informed about how your personal data is being used (which is the purpose of this Privacy Policy).

  2. The Right of Access: To request a copy of the data we hold about you (commonly known as a Subject Access Request or SAR).

  3. The Right to Rectification: To request that we correct inaccurate or incomplete data about you.

  4. The Right to Erasure ('Right to Be Forgotten'): To request that we delete or remove your personal data where there is no compelling reason for us to continue processing it.

  5. The Right to Restrict Processing: To 'block' or suppress the processing of your personal data in certain circumstances.

  6. The Right to Data Portability: To obtain and reuse your personal data for your own purposes across different services.

  7. The Right to Object: To object to the processing of your data based on our legitimate interests or for direct marketing purposes.

  8. Rights in Relation to Automated Decision Making: Rights concerning decisions being made about you without human intervention (we do not currently use solely automated decision-making).

If you wish to exercise any of these rights, please contact us using the contact details provided in Section 1.

8. Changes to This Privacy Policy

This policy is regularly reviewed. We reserve the right to update this Privacy Policy at any time. The updated version will be posted on this website with a new "Effective Date."

9. Complaints

You have the right to lodge a complaint with the supervisory authority in the UK, which is the Information Commissioner’s Office (ICO), if you believe your data has been processed unlawfully.

ICO Contact Details:

  • Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

  • Helpline number: 0303 123 1113

  • Website: www.ico.org.uk

bottom of page