Privacy Policy — Trust-In Recruitment

01

Who We Are

Trust-In Ltd is a private limited company incorporated in England & Wales, operating as a specialist recruitment agency focused on infrastructure engineering, DevOps, platform engineering, and cloud-native roles.

🏢 Company Information

Legal NameTrust-In Ltd

Incorporated19 May 2022 — England & Wales

Registered Address71-75 Shelton Street, Covent Garden, London, WC2H 9JQ

Nature of BusinessEmployment Placement Agencies (SIC 78109)

Data ControllerTrust-In Ltd

Contactexecutive@trust-in.co.uk

For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, Trust-In Ltd is the Data Controller of all personal information collected through this website.

02

Data We Collect

We only collect personal data when you voluntarily submit it through one of our website forms. We do not collect data passively through tracking or surveillance technologies.

📬 Newsletter Subscribers

Data collectedFirst name, last name, work email, role/focus area, subscription timestamp

🏢 Hiring Enquiries

Data collectedFull name, company name, work email, role specialty, budget range, hiring location, message

📄 CV Submissions

Data collectedName, email, LinkedIn URL, current role & company, years of experience, specialism, work preference, location, target salary, cloud platform experience, CV file (PDF/DOCX/image)

🚀 Hackathon Registrations

Data collectedName, email, GitHub/GitLab URL, team size, project idea, newsletter opt-in preference

We do not collect payment information, government ID numbers, biometric data, or special category data (race, religion, health, sexual orientation) through this website.

03

How We Use Your Data

We use the data you provide solely for the following clearly defined purposes:

Newsletter — to send The Brief, our monthly recruitment insights newsletter, to subscribers who opted in
Hiring enquiries — to respond to your enquiry and conduct the requested recruitment search on behalf of your company
CV submissions — for Marcus to personally review your profile and contact you about relevant senior roles
Hackathon registrations — to manage your participation and send event communications
Internal records — to maintain records of interactions as required for legitimate UK recruitment agency operations
Legal compliance — to comply with applicable laws and regulatory obligations

We do not sell, rent, trade, or share your personal data with any third parties for marketing, advertising, or profiling purposes.

04

Legal Basis for Processing

Under UK GDPR Article 6, we rely on the following lawful bases to process your personal data:

Consent (Art. 6(1)(a))Newsletter subscriptions — you expressly opt in and may withdraw consent at any time

Contract (Art. 6(1)(b))Where processing is necessary to perform or prepare a recruitment contract

Legitimate Interests (Art. 6(1)(f))CV submissions and hiring enquiries — necessary to deliver our recruitment services, balanced against your rights and interests

Legal Obligation (Art. 6(1)(c))Where we are required to process data to comply with UK law

You may withdraw consent at any time by emailing executive@trust-in.co.uk. Withdrawal does not affect the lawfulness of processing prior to withdrawal.

05

Data Storage & Security

Your data is stored and processed using enterprise-grade, security-certified infrastructure:

🔒 Infrastructure Stack

DatabaseSupabase (PostgreSQL) — AES-256 encryption at rest, TLS 1.2+ in transit, SOC 2 Type II certified

File StorageSupabase Storage — CV files in private, access-controlled buckets. Never publicly accessible

EmailMicrosoft 365 / Outlook — ISO 27001 certified, data processed via Microsoft Graph API

HostingVercel — TLS encryption, SOC 2 compliant serverless infrastructure

Access ControlRow-level security (RLS) enforced at database level. Only authorised Trust-In personnel may access data

CV files are stored in private Supabase storage buckets and are accessible only to Trust-In staff. They are never publicly listed, indexed, or shared without your explicit consent.

In the event of a personal data breach that is likely to result in risk to your rights and freedoms, we will notify the ICO within 72 hours and affected individuals without undue delay, as required by UK GDPR Article 33-34.

06

Third-Party Services

We use the following sub-processors to operate our website. Each acts only on our instructions and has its own data protection obligations:

Supabase Inc.Database and file storage — supabase.com/privacy

Vercel Inc.Website hosting and serverless functions — vercel.com/legal/privacy-policy

Microsoft CorporationEmail communications via Microsoft 365 — privacy.microsoft.com

We do not use Google Analytics, Facebook Pixel, LinkedIn Insight Tag, or any advertising or behavioural tracking technologies on this website.

07

International Data Transfers

Some of our third-party service providers operate servers or process data outside the United Kingdom and European Economic Area (EEA). Where this occurs, we ensure appropriate safeguards are in place as required by UK GDPR Chapter V.

Supabase

🇺🇸 United States

Protected by UK International Data Transfer Agreement (IDTA) and Standard Contractual Clauses (SCCs)

Vercel

🇺🇸 United States

Protected by UK IDTA and Standard Contractual Clauses (SCCs) under UK GDPR

Microsoft 365

🇺🇸 / 🇪🇺 Multi-region

Microsoft holds UK GDPR adequacy safeguards; EU Data Boundary commitments apply

By submitting data through our website, you acknowledge that your personal data may be transferred to and processed in countries outside the UK, subject to the safeguards described above. You have the right to obtain a copy of the relevant transfer mechanism by contacting us.

08

Automated Decision-Making

We are committed to transparency regarding how candidate data is evaluated.

Trust-In does not use automated decision-making or profiling to screen, rank, or reject candidates. Every CV submitted through our website is personally reviewed by Marcus. No algorithms, AI scoring tools, or automated filters are applied to your application.

This means you are not subject to any decision based solely on automated processing that produces legal or similarly significant effects, as described in UK GDPR Article 22. All decisions relating to your candidacy are made by a human being.

If this policy changes in the future, we will update this notice and notify existing data subjects accordingly before any automated processing begins.

09

Your Rights Under UK GDPR

As a data subject, you have the following rights under UK GDPR. We will respond to all valid requests within 30 days:

✦ Right of Access

Request a copy of all personal data we hold about you (Subject Access Request)

✦ Right to Rectification

Request correction of inaccurate or incomplete personal data

✦ Right to Erasure

Request deletion of your data where there is no compelling reason to continue processing

✦ Right to Restrict

Request that we pause processing of your data in certain circumstances

✦ Right to Portability

Receive your data in a structured, machine-readable format (JSON/CSV)

✦ Right to Object

Object to processing based on legitimate interests or for direct marketing

To exercise any right, email executive@trust-in.co.uk with the subject line "Data Rights Request". We may need to verify your identity before processing the request.

You have the right to lodge a complaint with the Information Commissioner's Office (ICO) at any time: ico.org.uk / 0303 123 1113. We would, however, appreciate the opportunity to address your concerns before you approach the ICO.

10

Cookies & Local Storage

Our website uses minimal, strictly necessary browser storage. We do not use any non-essential cookies.

🍪 Storage Technologies Used

sessionStorageCaches job listings locally to reduce API calls. Contains no personal data. Cleared automatically when you close your browser tab

Essential CookiesRequired for basic website functionality. No personal data stored. Cannot be disabled without affecting site operation

We do not use tracking cookies, advertising cookies, analytics cookies (Google Analytics, Hotjar, etc.), or any third-party cookies. Under UK PECR, no cookie consent banner is required as we use only strictly necessary cookies.

11

Data Retention

We retain personal data only for as long as necessary for the purpose it was collected, or as required by law. Our retention schedule:

CV SubmissionsUp to 2 years from submission, or until you request deletion — whichever is sooner

Hiring EnquiriesUp to 2 years from date of enquiry

Newsletter DataUntil you unsubscribe or request deletion

Hackathon DataUp to 1 year after the conclusion of the relevant event

Placed Candidate RecordsUp to 6 years as required for contractual and tax compliance under UK law

After the applicable retention period, data is securely and permanently deleted from all systems. To request early deletion, email executive@trust-in.co.uk with the subject "Deletion Request".

12

ICO Registration

As a UK data controller that processes personal data, Trust-In Ltd is registered with the Information Commissioner's Office (ICO) as required under the Data Protection (Charges and Information) Regulations 2018.

🏛

ICO Registration Number

Please confirm with Marcus — add your ICO number here

You can verify our registration on the ICO's public register at ico.org.uk/ESDWebPages/Search by searching for "Trust-In Ltd".

Action required: If you have not yet registered with the ICO, you must do so before processing personal data. Registration costs £40–£60/year for small organisations. Visit ico.org.uk/for-organisations/register to register.

13

Contact & Data Requests

For any questions about this Privacy Policy, to exercise your data rights, or to make a complaint, please contact us:

Trust-In Ltd

71-75 Shelton Street, Covent Garden
London, WC2H 9JQ, United Kingdom
Incorporated in England & Wales

Email Us ICO Website

This policy was last updated on 25 May 2025.
We may update this policy periodically. Material changes will be communicated via email to existing data subjects. Continued use of our website after changes constitutes acceptance of the updated policy.