Skip to the main content.

Privacy Policy

Who we are and what we do


Who we are


We are Caraffi Limited (“Caraffi”, “us”, “we”, “our”). We are a limited company registered in England and Wales under registration number 11798006 and we have our registered office at Chancery House, 30 St John’s Road, Woking, Surrey, GU21 7SA. We are registered with the UK supervisory authority, Information Commissioner’s Office (“ICO”), in relation to our processing of Personal Data under registration number ZA496297.


What we do


We are in the business of talent advisory and consulting services. We are committed to protecting the privacy and security of the Personal Data we process about you in line with the data protection principles set out in the UK General Data Protection Regulation 2016 (“UK GDPR”) and the Data Protection Act (“DPA 2018”).




Unless we notify you otherwise, we are the Controller of the Personal Data we process about you. This means that we decide what Personal Data to collect and how to process it.


Purpose of this Privacy Notice


The purpose of this Privacy Notice is to explain what Personal Data we collect about you and how we process it. This privacy notice also explains your rights, so please read it carefully. If you have any questions, you can contact us using the information provided below under the ‘Contact Us’ section.


As an information-led business, we place great importance on ensuring the quality, confidentiality, integrity, and availability of the data we hold and in meeting our data protection obligations when processing personal data. Caraffi are committed to protecting the security of your personal data. We use a variety of technical and organisational measures to help protect your personal data from unauthorised access, use or disclosure.


We update this privacy notice from time to time in response to changes in applicable laws and regulations, to our processing practices and to the products and services we offer. When changes are made, we will update the date at the top of this document. Please review this privacy notice periodically to check for updates.


Who this Privacy Notice applies to


This privacy notice applies to you if:

  • You visit our website

  • You purchase goods or services from us

  • You enquire about our products and/or services

  • You sign up to receive newsletters and/or other promotional communications from us


What Personal Data is


‘Personal Data’ means any information from which someone can be identified either directly or indirectly. For example, you can be identified by your name or an online identifier.


‘Special Category Personal Data’ is more sensitive Personal Data and includes information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purposes of uniquely identifying someone, data concerning physical or mental health or data concerning someone’s sex life or sexual orientation.


Personal Data we collect


The type of Personal Data we collect about you will depend on our relationship with you.

We may collect personal data about you in variety of ways, such as through our site and social media channels; at our events; through phone and fax; through job applications; in connection with in-person recruitment; or in connection with our interactions with clients and vendors. We may collect a selection of personal data dependant on the nature of the relationship, including, but not limited to (as permitted under local law):


  • Contact information (such as name, postal address, email address and telephone number);

  • Username and password when you register on our sites;

  • Information you provide about friends or other people you would like us to contact. (The Controller assumes that the other person previously gave an authorisation for such communication); and

  • Other information you may provide to us, such as in surveys or through the "Contact Us" feature on our site


In addition, if you are an associate or job candidate, you apply for a position or create an account to apply for a position, we may collect the following types of personal data (as permitted under local law):

  • Employment and education history;

  • Language proficiencies and other work-related skills;

  • Social security number, national identifier or other government-issued identification number;

  • Date of birth;

  • Gender;

  • Bank account information;

  • Citizenship and work authorisation status;

  • Benefits information;

  • Tax-related information;

  • Information provided by references; and

  • Information contained in your resume or C.V., information you provide regarding your career interests, and other information about your qualifications for employment.


We may collect the following types of personal data where required by law and explicit consent has been provided by you:

  • Disabilities and health-related information;

  • Results of drug tests, criminal and other background checks.

  • Special categories of data, such as information about ethnic origin, sexual orientation or religion or belief in order to monitor diversity in recruitment.


As a general rule, we try not to collect or process any special categories of data about you, unless authorised by law or where necessary to comply with applicable laws.


However, in some circumstances, we may need to collect, or request on a voluntary disclosure basis, some special category information for legitimate employment-related purposes: for example, information about your racial/ethnic origin, gender and disabilities for the purposes of equal opportunities monitoring, to comply with anti-discrimination laws and for government reporting obligations; or information about your physical or mental condition to consider accommodations for the recruitment process.


In addition, we may collect information you provide to us about other individuals, such as information related to emergency contacts.


Cookies and similar technologies

Caraffi uses both cookies and web beacons on our website and web beacons in some emails. Cookies are small text files and web beacons are small graphic images. They are downloaded to your device when you visit a website or receive certain emails, unless you have set your browser to reject them.


We use cookies to remember your preferences, display content that is more relevant to you and improve your overall experience of our site. We use web beacons to track the actions of individuals (such as email recipients) and measure the success and response rates of our marketing campaigns.


To learn more about cookies, web beacons and what you can do to opt out of receiving them, please view our Cookies Notice here.


Purposes, lawful bases and retention periods


Caraffi processes your personal data for a number of different lawful purposes. Data protection law only allows us to use your personal data if we have a lawful reason to do so. Where Personal Data is processed because it is necessary for the performance of a contract to which you are a party, we will be unable to provide our services without the required information.


We will retain your personal data for as long as is necessary to provide you with our products and ongoing services and for a reasonable period thereafter, to enable us to meet our contractual and legal obligations and to deal with complaints and claims. At the end of the retention period, your personal data will be securely deleted in accordance with the Caraffi Personal Data Retention and Destruction Policy and Schedule.


We may use your data for the following purposes and on the following lawful bases:



Lawful Bases for Processing

Contacting you by telephone to discuss our services

We rely on your consent to call you to discuss our products and services.

Responding to correspondence from you

It is in our legitimate interest to respond to enquiries made via our website, by email, through our social channels or any other means


Managing our client and vendor relationships


It is our legitimate interest to manage our business relationships effectively.

Sending you information (via post) such as Caraffi news and information which may be of interest


It is our legitimate interest to send out mail to tell you about any offers, products or services which may be of interest to you.

Business management, forecasting and statistical purposes

It is our legitimate interest to identify areas for managing current business relationships, develop new products and services, and for managing our business


Improving our website and the overall website visitor and user experience

It is our legitimate interest to allow analytics and search engine providers to help improve and optimise our website

Improving our website and the overall website visitor and user experience


We use analytics and performance cookies on our website with your consent

Send you emails to keep you updated on our services

It is our legitimate interest to send you emails to inform you about any offers, products or services which may be of interest to you. We will only send you emails if we have an existing relationship with you. You can opt out of receiving emails by using the unsubscribe facility in the email we have sent you or by using the contact details below.

Complying with and enforcing applicable legal requirements, relevant industry standards, contractual obligations and our policies.

We are required to process your personal data for various legal and regulatory purposes.

Protecting against, identifying and seeking to prevent fraud and other unlawful activity, claims and other liabilities

It is our legitimate interest to ensure we do not engage in any unlawful activities and to prevent such activities


Sharing your Personal Information

We do not disclose personal data that we collect about you, except as described in this privacy notice or in separate notices provided in connection with particular activities. We may share personal data with trusted partners or vendors who perform services on our behalf based on our instructions. We do not authorise these vendors to use or disclose the information except as necessary to perform services on our behalf or comply with legal requirements. We also may share your personal data:


  • with our subsidiaries and affiliates;

  • if you are a job candidate, with clients who may have job opportunities available or interest in placing our job candidates; and

  • (iii) with others with whom we work, such as job placement consultants and subcontractors, to find you a job.




In addition, we may disclose personal data about you:

  • if we are required to do so by law or legal process;

  • to law enforcement authorities or other government officials based on a lawful disclosure request; and

  • (iii) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss, or in connection with an investigation of suspected or actual fraudulent or illegal activity.


We also reserve the right to transfer personal data we have about you in the event we sell or transfer all or a portion of our business or assets (including in the event of a reorganisation, dissolution or liquidation).


International data transfers


Your Personal Data may be processed outside of the UK. This is because the organisations we use to provide our services to you may be based outside the UK.


We have taken appropriate steps to ensure that the Personal Data processed outside the UK has an essentially equivalent level of protection to that guaranteed in the UK. We do this by ensuring that:


  • Your Personal Data is only processed in a country which the Secretary of State has confirmed has an adequate level of protection (an adequacy regulation) or

  • We enter into an International Data Transfer Agreement (“IDTA”) with the receiving organisation and adopt supplementary measures, where necessary. (A copy of the IDTA can be found here).



Your data protection rights


The UK GDPR provides you with certain rights in relation to the processing of your personal data, including to:

  • Request access to personal data about you (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you, and to check that we are lawfully processing it.

  • Request rectification, correction, or updating to any of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.

  • Request personal data provided by you to be transferred in machine-readable format (“data portability”).

  • Request erasure of personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove personal data where you have exercised your right to object to processing (see below).

  • Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you (e.g. if you want us to establish its accuracy or the reason for processing it).

  • Object to processing of your personal data where we are relying on a legitimate interest to process your personal data and there is something about your particular situation which makes you want to object to processing on this ground.

  • Object to direct marketing. You may ask us to stop processing your personal data for direct marketing purposes. To stop direct marketing, please contact us by telephone or email.

  • Object to automated decision making and profiling. You may ask us to stop processing your personal data to make decisions solely by automated means which have legal effects or similarly significant effects.


Some of these rights are not absolute and are subject to various conditions under applicable data protection and privacy legislation and the laws and regulations to which we are subject. If at any time you decide that you no longer wish to be contacted for marketing purposes, or if you would like to exercise any of your rights as set out above, you can contact us at You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.


In addition to the above, please note that you have the right to make a complaint at any time to the Information Commissioner’s Office if you are concerned about the way in which we are handling your personal data.


How to contact us and our Data Protection Officer


You can contact Caraffi in relation to data protection and this Privacy Notice, or if you wish to exercise any of your data protection rights, by emailing or writing to us at:


Caraffi Data Protection Officer (DPO)

Caraffi Limited

30 St John’s Road



GU21 7SA

United Kingdom