Tri Consulting

Privacy Policy

TRI Consulting Limited

Version 1.0 | Last Updated: January 2026

1. Introduction

This privacy policy explains how TRI Consulting Limited ("we", "us", "our", or "the Company") collects, processes, uses, and protects personal data relating to job candidates, workers, and other individuals who interact with our recruitment services. We are committed to processing your personal information lawfully, fairly, and transparently in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018).

Our Details:

TRI Consulting Limited
26-28 Hammersmith Grove
Hammersmith
London W6 7BA
United Kingdom
Telephone: +44 (0) 20 3170 8265
Email: enquiries@triconsulting.net

Data Protection Registration:

ICO Registration Number: Z7372525
We are registered with the Information Commissioner's Office (ICO) and comply with all applicable data protection legislation in the provision of our recruitment services.

2. Who We Are and Our Role

2.1 Data Controller

TRI Consulting Limited is the data controller for all personal data processed during our recruitment activities. As a data controller, we determine the purposes and means of processing candidate personal data and are responsible for ensuring compliance with data protection law.

2.2 Our Services

We are a niche employment agency specialising in recruitment for Contact/Call Centre and office-based positions. Our services include:

  • Identifying and sourcing candidates for temporary and permanent roles
  • Screening candidate applications and CVs
  • Conducting interviews and assessments
  • Verifying candidate qualifications and references
  • Processing candidate data through AI-powered documentation scanning and screening tools
  • Administering contract assignments and placements
  • Maintaining candidate databases for future opportunities

3. What Personal Data We Collect

3.1 Categories of Personal Data

We collect and process the following categories of personal data from candidates:

Basic Contact Information

  • Full name
  • Personal email address
  • Telephone number (mobile and/or landline)
  • Home address
  • Date of birth (where relevant for age verification or legal requirements)
  • Emergency contact details
  • Next of kin information

Employment and Professional Information

  • Curriculum Vitae (CV)
  • Employment history and work experience
  • Details of previous employers
  • Dates of employment
  • Job titles and roles undertaken
  • Salary history and remuneration details
  • Professional qualifications and certifications
  • Training and continuous professional development records
  • Professional memberships
  • Skills and competencies

Application Materials

  • Completed application forms
  • Cover letters
  • Interview notes and assessments
  • Interview recordings (where applicable and consented to)
  • Test results and assessments
  • Portfolio or work samples

Right to Work and Background Information

  • Proof of right to work in the UK (copies of relevant identity documents, passport, visa)
  • Criminal record disclosures (where relevant and lawfully obtained)
  • Driving licence details (where relevant to the role)
  • DBS check information (where applicable)
  • Professional reference information

3.2 Special Category Data (Sensitive Personal Data)

We may also collect and process special categories of personal data in limited circumstances where lawful and necessary:

  • Information about disability (to determine reasonable adjustments needed during recruitment)
  • Racial or ethnic origin
  • Religious or philosophical beliefs
  • Sexual orientation
  • Trade union membership
  • Health information (where relevant to job requirements or workplace adjustments)
  • Information about criminal convictions and offences

We only process special category data where:

  1. Explicit consent has been obtained from you, OR
  2. Employment-related processing is undertaken in accordance with Section 10 of the Data Protection Act 2018, including employment, social security, and social protection purposes, OR
  3. Vital interests or other legal conditions under Article 9(2) UK GDPR are met

3.3 Sources of Personal Data Collection

We collect personal data from the following sources:

  • Directly from you: Through CVs, application forms, online application portals, email communications, and interviews
  • Job boards and recruitment websites: LinkedIn, Indeed, and other online recruitment platforms where you have posted your profile
  • Current employers: With your explicit permission only
  • Recruitment agencies and referrals: From third-party recruiters or individuals who refer you to us
  • Third-party providers: Background check providers, reference providers, and qualification verification services
  • Our website: Through cookies and analytics

4. Lawful Basis for Processing

4.1 Legal Grounds for Processing

Under Article 6 of the UK GDPR, we rely on the following lawful bases to process your personal data:

(a) Contract Performance (Article 6(1)(b))

We process your personal data to perform the recruitment contract and any subsequent employment contract or worker agreement. This includes:

  • Assessing your suitability for positions
  • Managing your application through the recruitment process
  • Administering your placement and assignment
  • Providing services to our client employers
  • Processing payment and invoicing

(b) Legal Obligation (Article 6(1)(c))

We are required to process certain personal data to comply with legal obligations, including:

  • Employment law requirements
  • Conduct of Employment Agencies and Employment Businesses Regulations 2003
  • Tax and National Insurance requirements (HMRC)
  • Employer Liability Insurance compliance
  • Right to work verification (UK Visas and Immigration)
  • Safeguarding and background check requirements

(c) Legitimate Interests (Article 6(1)(f))

We process personal data where we have legitimate interests that are not overridden by your data protection rights:

  • Maintaining a candidate database for suitable future opportunities
  • Fraud prevention and security
  • Improving our recruitment services
  • Complying with industry best practices
  • Protecting our legal position

4.2 Special Category Data Lawful Basis

For special category data, we rely on:

  • Explicit consent (Article 9(2)(a)): Obtained in writing before processing
  • Employment law (Article 9(2)(b) and Section 10 DPA 2018): For employment, social security, and social protection purposes
  • Vital interests: Where necessary to protect your vital interests or those of others
  • Data made public by you: Where you have made the data publicly available

5. Use of Artificial Intelligence and Automated Documentation Scanning

5.1 AI Technology in Our Recruitment Process

We use artificial intelligence (AI) and automated technologies to enhance our recruitment processes and improve efficiency. This includes:

  • CV Scanning and Analysis: AI systems automatically extract, identify, and analyse information from your CV and supporting documentation to assess your suitability for specific roles
  • Document Processing: Automated optical character recognition (OCR) and machine learning technologies to process handwritten and digital documents
  • Data Extraction: AI systems extract key personal data fields including contact information, employment history, qualifications, and skills
  • Candidate Screening: Algorithmic assessment and ranking of candidates based on job requirements
  • Pattern Recognition: AI systems identify relevant experience and competencies from your application materials

5.2 Transparency About AI Processing

We are committed to transparency regarding AI use in recruitment. This means:

  • You have the right to be informed that your personal data will be processed by AI systems
  • We will provide you with information about how our AI systems work, including their logic, significance, and potential consequences for you
  • We will explain what personal data is used as input to our AI systems
  • We will explain what outputs or decisions the AI system produces
  • We will disclose the accuracy, reliability, and limitations of our AI tools
  • We will explain how we monitor for bias and fairness in AI-driven decision-making

5.3 No Automated Decision-Making

Important: We do not make recruitment decisions based solely on automated decision-making or AI processing without human review. All AI-generated outputs are reviewed by our human recruitment consultants before any recruitment decision is made about your application. You have the right to request human intervention in any decision that significantly affects you.

5.4 Data Protection Impact Assessment

We conduct Data Protection Impact Assessments (DPIAs) for our AI systems used in recruitment processing, as recommended by the Information Commissioner's Office. These assessments evaluate:

  • Privacy risks to candidates
  • Measures to mitigate identified risks
  • The balance between recruitment efficiency and your privacy rights
  • Fairness, accuracy, and bias concerns
  • Data minimisation practices

5.5 Bias and Fairness in AI

We are committed to fair recruitment practices. We:

  • Monitor our AI systems for potential or actual bias or fairness issues
  • Regularly test AI systems for discrimination based on protected characteristics (age, gender, ethnicity, disability, etc.)
  • Raise any identified issues with our AI providers for remediation
  • Maintain human oversight of all recruitment decisions
  • Do not use AI to filter out candidates based on protected characteristics
  • Ensure candidates are assessed fairly regardless of their background

5.6 Third-Party AI Providers

Where we use AI tools provided by third parties, we:

  • Ensure clear data processing agreements are in place
  • Define whether the provider is a data processor or data controller
  • Provide explicit and comprehensive written instructions for processing
  • Specify which data fields are required, what outputs we need, and minimum safeguards
  • Require providers to comply with UK GDPR and data protection law
  • Conduct due diligence on the provider's security and privacy practices
  • Do not allow unlimited retention of your data by third-party providers

6. How We Use Your Personal Data

6.1 Processing Purposes

We use your personal data for the following purposes:

Primary Recruitment Purposes

  1. Assessing Your Suitability: Processing your application and CV to determine whether you match the requirements of open positions and client vacancies
  2. Candidate Screening: Using AI systems to automatically identify relevant skills, qualifications, and experience
  3. Managing Your Application: Communicating with you about your application, conducting interviews, and progressing your candidacy
  4. Interview Administration: Arranging interview times, recording interviews (with consent), and documenting interview notes and assessments
  5. Verification and References: Contacting referees, previous employers (with your permission), and verifying qualifications and right to work status
  6. Client Placement: Presenting your application to client employers and managing your placement in suitable roles
  7. Contract Administration: Managing contract terms, invoicing, payment, and administration of your assignment

Database and Future Opportunity Purposes

  1. Candidate Database Maintenance: Maintaining your details in our recruitment database for consideration for future opportunities relevant to your profile
  2. Marketing Communications: Keeping you informed about roles which we believe may be of interest to you
  3. Networking and Talent Pool: Building our talent pool for candidate referrals and future business opportunities

Legal and Business Compliance

  1. Compliance: Complying with legal and regulatory obligations including the Conduct of Employment Agencies and Employment Businesses Regulations 2003, tax law, and immigration law
  2. Right to Work Verification: Verifying your entitlement to work in the UK through appropriate checks and documentation
  3. Background Checks: Where relevant and with appropriate lawful basis, obtaining criminal record checks and background information
  4. Safeguarding: Where required, sharing information with relevant authorities for safeguarding purposes
  5. Fraud Prevention: Detecting and preventing fraud or security issues
  6. Legal Claims: Protecting our legal position and addressing any disputes or complaints

6.2 Marketing and Communication

We may process your personal data to:

  • Send you details of roles we believe may be of interest to you
  • Provide updates on new vacancies and opportunities
  • Invite you to events, webinars, or networking opportunities
  • Communicate with you about our services
  • Conduct surveys about your experience with our recruitment services

You have the right to withdraw consent for marketing communications at any time. You can do this by:

  • Clicking the unsubscribe link in any email communication
  • Contacting us at enquiries@triconsulting.net
  • Calling +44 (0) 20 3170 8265

7. Data Sharing and Disclosure

7.1 Sharing with Third Parties

We share your personal data with third parties in the following circumstances:

Client Employers

We share your personal data with client organisations:

  • To present your application for consideration for vacancies
  • To conduct interviews and assessments
  • To process your placement and employment
  • To administer your contract assignment
  • To comply with employment and legal requirements

Your data will be shared based on the job requirements and client needs.

Service Providers and Data Processors

We engage third-party service providers who process personal data on our behalf:

  • Reference Providers: To verify your employment history and professional references
  • Background Check Providers: To conduct criminal record checks, credit checks, and professional background verification
  • Qualification Verification: To verify your qualifications and professional credentials
  • AI Technology Providers: To process your CV and documents using AI scanning and screening tools
  • IT and Cloud Service Providers: To store and manage candidate data securely
  • Financial Processors: To process invoicing and payment
  • Legal and Compliance Providers: To ensure compliance with regulatory requirements

All service providers are subject to data processing agreements that comply with UK GDPR requirements.

Legal and Regulatory Requirements

We may disclose your personal data where:

  • Required by law (to government agencies, HMRC, UK Visas and Immigration, etc.)
  • Required by court order or legal process
  • Necessary for law enforcement, fraud prevention, or safeguarding purposes
  • Required under the Conduct of Employment Agencies and Employment Businesses Regulations 2003

Business Transfers

If TRI Consulting Limited is sold, merged, or undergoes other business restructuring, your personal data may be transferred as part of that transaction. We will provide you with notice of any such change and any choices you may have regarding your data.

7.2 International Data Transfers

We ordinarily process and store your personal data within the United Kingdom. Where data is transferred outside the UK:

  • We only transfer to countries deemed to have adequate data protection by the UK government and ICO
  • Where transfers are to countries without adequacy decisions, we use legally compliant transfer mechanisms (Standard Contractual Clauses, Binding Corporate Rules, etc.)
  • We obtain your explicit consent for any non-adequate country transfers where required
  • You will be informed of any international transfers and the safeguards in place

8. Data Retention

8.1 Retention Periods

We retain your personal data for different periods depending on the context:

Active Candidates (In Recruitment Process)

  • Duration: While actively progressing your application or placement, typically 3-6 months
  • After rejection: 3 months (to handle follow-up queries and appeals)

Placed Candidates (Employment Assignment)

  • Duration: Throughout the period of your assignment plus the duration of any associated contract
  • After placement end: Minimum 1 year (for legal compliance, tax, and employment law)

Candidate Database (Future Opportunities)

  • Duration: Up to 3 years from last contact, provided you have not objected to storage, you have consented to communications about future opportunities, and we have genuine business interest in contacting you about similar roles
  • Review: We review database records annually and remove inactive candidates who have not consented to retention

Special Category Data

  • Duration: No longer than necessary for the purpose of processing
  • Health data: Deleted once reasonable adjustments have been arranged (unless you consent to longer retention)
  • Criminal record data: Stored only where legally necessary and deleted as soon as the specific purpose is fulfilled

Right to Work and Background Check Data

  • Duration: Retained for minimum 1 year as required by immigration and employment law
  • DBS data: Retained in accordance with statutory requirements and will not be retained for longer than the purpose of the check permits

AI Processing Records

  • Data used in AI model training or development: Not retained indefinitely
  • We do not build large databases of candidate data without your knowledge
  • We implement data minimisation practices to use only necessary data for AI processing
  • We delete data promptly once the AI processing purpose is fulfilled

8.2 Secure Deletion

When personal data is no longer needed, we securely delete or anonymise it to prevent unauthorised access. Data deletion is managed in accordance with our data retention schedule and GDPR principles.

8.3 Your Right to Request Earlier Deletion

You have the right to request deletion of your personal data at any time, subject to legal obligations we must retain data for (see Section 10 for details on exercising this right).

9. Data Security and Protection

9.1 Security Measures

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, and destruction:

Technical Measures

  • Encryption: Data transmitted to and from our systems is encrypted in transit (SSL/TLS encryption)
  • Secure Storage: Personal data is stored on secure servers with restricted access
  • Access Controls: Only authorised personnel have access to personal data, with role-based access restrictions
  • Firewalls and Intrusion Detection: Systems are protected by firewalls and intrusion detection systems
  • Data Backups: Regular secure backups are maintained to prevent data loss
  • Secure Deletion: Data is securely erased when no longer needed, using compliant deletion methods

Organisational Measures

  • Staff Training: All staff handling personal data receive data protection and confidentiality training
  • Confidentiality Agreements: Staff and service providers are bound by strict confidentiality obligations
  • Access Restrictions: Personal data access is restricted to those with a need to access it
  • Incident Response: We maintain procedures to respond to and investigate any personal data breaches
  • Vendor Assessment: Third-party service providers are assessed for security and compliance
  • Secure Disposal: Physical documents containing personal data are securely destroyed

9.2 Data Breach Notification

In the event of a data breach affecting your personal data, we will:

  • Notify you and the Information Commissioner's Office without undue delay where the breach poses a risk to your rights and freedoms
  • Provide you with details of the breach and measures we are taking to mitigate the impact
  • Maintain a log of all data breaches for regulatory review

9.3 Limitations of Security

While we implement robust security measures, no system is completely secure. You acknowledge that there are inherent risks in electronic data transmission that we cannot entirely eliminate.

10. Your Rights as a Data Subject

Under the UK GDPR and Data Protection Act 2018, you have the following rights:

10.1 Right of Access (Subject Access Request)

You have the right to access your personal data held by us. You can:

  • Request a copy of all personal data we hold about you
  • Receive information about how we use your data
  • Request information in a structured, commonly-used, machine-readable format

How to exercise this right: Submit a written request to enquiries@triconsulting.net or in writing to our address above. We will respond within 30 days of receiving your request.

Cost: We provide access free of charge in most circumstances.

10.2 Right to Rectification

You have the right to correct inaccurate or incomplete personal data. If you believe any information we hold about you is incorrect, you can request that we correct it.

How to exercise this right: Contact us at enquiries@triconsulting.net with details of the inaccuracy. We will correct data promptly.

10.3 Right to Erasure ("Right to be Forgotten")

You have the right to request deletion of your personal data in certain circumstances, including:

  • Data is no longer necessary for the purpose we collected it
  • You withdraw consent to processing (where that was the legal basis)
  • You object to processing and there are no other legal grounds
  • Data has been unlawfully processed
  • Data must be deleted to comply with legal obligations

Exceptions: We may retain data where compliance with legal obligations requires retention, establishment, exercise or defence of legal claims, legitimate interests override your erasure rights, or we have active placements or ongoing assignments.

How to exercise this right: Contact enquiries@triconsulting.net. We will consider your request and respond within 30 days.

10.4 Right to Restrict Processing

You have the right to restrict or suspend processing of your personal data in certain situations:

  • You dispute the accuracy of data (processing suspended while accuracy is verified)
  • Processing is unlawful (you request restriction instead of deletion)
  • We no longer need the data but you request we keep it for legal claims
  • You have objected to processing

How to exercise this right: Contact us at enquiries@triconsulting.net, specifying the reason for the restriction request.

10.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly-used, machine-readable format (such as CSV or PDF) and to transmit that data to another organisation.

This right applies where processing is based on consent or contract, and processing is carried out by automated means.

How to exercise this right: Contact enquiries@triconsulting.net. We will provide your data in the requested format within 30 days.

10.6 Right to Object

You have the right to object to processing of your personal data on the grounds of our legitimate interests, including:

  • Marketing communications: You can object to receiving marketing emails or calls
  • Database retention: You can object to retention of your details for future opportunities
  • Legitimate interest processing: You can object to any processing based on our legitimate interests

How to exercise this right: Contact enquiries@triconsulting.net stating that you wish to object. We must stop processing within 30 days unless we can demonstrate compelling legitimate interests that override yours.

10.7 Right to Withdraw Consent

Where we process your data based on your explicit consent, you have the right to withdraw that consent at any time.

  • Withdrawal does not affect the lawfulness of processing before withdrawal
  • Withdrawal does not affect processing based on other legal grounds

How to exercise this right: Contact enquiries@triconsulting.net. You can also use the unsubscribe function in marketing emails.

10.8 Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, that significantly affect you. This means:

  • We will not make recruitment decisions based solely on AI assessment without human review
  • You have the right to request human intervention in any decision affecting you
  • You have the right to explain your position and contest any automated decision

How to exercise this right: Contact enquiries@triconsulting.net if you believe a decision affecting you has been made solely by automated means without human review.

10.9 Right to Lodge a Complaint

You have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe we have breached data protection law.

Information Commissioner's Office:
Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Telephone: 0303 123 1113
Website: www.ico.org.uk
Email: casework@ico.org.uk

You can lodge a complaint at any time, though we encourage you to contact us first to attempt to resolve any concerns.

11. Children's Personal Data

We do not intentionally collect personal data from individuals under the age of 16. If we become aware that we have collected data from a child without appropriate consent, we will delete it promptly.

If a young person is applying for a role, we will:

  • Explain our data use clearly
  • Ensure any processing complies with child safeguarding requirements
  • Obtain appropriate parental or guardian consent where necessary

12. Contact Us

12.1 Data Protection Enquiries

If you have any questions about this privacy policy or our data processing practices:

By post:
TRI Consulting Limited
26-28 Hammersmith Grove
Hammersmith
London W6 7BA
United Kingdom

By telephone: +44 (0) 20 3170 8265
By email: enquiries@triconsulting.net

12.2 Exercising Your Rights

To exercise any of the rights described in Section 10, please contact us using the details above and clearly state which right you wish to exercise. We will acknowledge your request and respond within the statutory timescale (usually 30 days).

12.3 Complaints

If you have a complaint about how we handle your data, please contact us first. If you are not satisfied with our response, you can lodge a complaint with the Information Commissioner's Office (see Section 10.9 for contact details).

13. Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will:

  • Post the updated policy on our website
  • Update the "Last Updated" date at the top of this document
  • Provide you with notice of material changes where appropriate

Your continued use of our services following any update constitutes your acceptance of the updated privacy policy.

Last Updated: January 2026
Next Review: January 2027