Privacy Policy

Last updated: 22nd September 2021

Caraffi Limited (“Caraffi”, “we”, “us”, “our”) of Chancery House, 30 St John’s Road, Woking, Surrey, GU21 7SA is committed to protecting and respecting your privacy. Caraffi is committed to the protection of the personal data that we process in line with the data protection principles set out in the UK General Data Protection Regulation 2016 (“UK GDPR”) and the Data Protection Act (2018).

This privacy notice explains what personal data Caraffi collects from individuals who visit the Caraffi website, contact us using our web forms, by email, phone or through one of our social channels; or other marketing communications (“you/your”). It also explains what information we collect automatically when you visit our website.

Caraffi is the data controller for the purposes of the UK GDPR in instances where you make an enquiry with us, registered as such with the Information Commissioner’s Office, registration number ZA496297.

As an information-led business, we place great importance on ensuring the quality, confidentiality, integrity, and availability of the data we hold and in meeting our data protection obligations when processing personal data. Caraffi are committed to protecting the security of your personal data. We use a variety of technical and organisational measures to help protect your personal data from unauthorised access, use or disclosure.

We update this privacy notice from time to time in response to changes in applicable laws and regulations, to our processing practices and to the products and services we offer. When changes are made, we will update the date at the top of this document. Please review this privacy notice periodically to check for updates.

What information do we process?

We may collect personal data about you in variety of ways, such as through our site and social media channels; at our events; through phone and fax; through job applications; in connection with in-person recruitment; or in connection with our interactions with clients and vendors. We may collect a selection of personal data dependant on the nature of the relationship, including, but not limited to (as permitted under local law):

  • Contact information (such as name, postal address, email address and telephone number);
  • Username and password when you register on our sites;
  • Information you provide about friends or other people you would like us to contact. (The Controller assumes that the other person previously gave an authorisation for such communication); and
  • Other information you may provide to us, such as in surveys or through the “Contact Us” feature on our site

In addition, if you are an associate or job candidate, you apply for a position or create an account to apply for a position, we may collect the following types of personal data (as permitted under local law):

  • Employment and education history;
  • Language proficiencies and other work-related skills;
  • Social security number, national identifier or other government-issued identification number;
  • Date of birth;
  • Gender;
  • Bank account information;
  • Citizenship and work authorisation status;
  • Benefits information;
  • Tax-related information;
  • Information provided by references; and
  • Information contained in your resume or C.V., information you provide regarding your career interests, and other information about your qualifications for employment.

and where required by law and explicit consent has been provided by you:

  • Disabilities and health-related information;
  • Results of drug tests, criminal and other background checks.
  • Special categories of data, such as information about ethnic origin, sexual orientation or religion or belief in order to monitor diversity in recruitment.

As a general rule, we try not to collect or process any special categories of data about you, unless authorised by law or where necessary to comply with applicable laws.

However, in some circumstances, we may need to collect, or request on a voluntary disclosure basis, some special category information for legitimate employment-related purposes: for example, information about your racial/ethnic origin, gender and disabilities for the purposes of equal opportunities monitoring, to comply with anti-discrimination laws and for government reporting obligations; or information about your physical or mental condition to consider accommodations for the recruitment process.

In addition, we may collect information you provide to us about other individuals, such as information related to emergency contacts.

Cookies and similar technologies

Caraffi uses both cookies and web beacons on our website and web beacons in some emails. Cookies are small text files and web beacons are small graphic images. They are downloaded to your device when you visit a website or receive certain emails, unless you have set your browser to reject them.

We use cookies to remember your preferences, display content that is more relevant to you and improve your overall experience of our site. We use web beacons to track the actions of individuals (such as email recipients) and measure the success and response rates of our marketing campaigns.

To learn more about cookies, web beacons and what you can do to opt out of receiving them, please view our Cookies Notice here.

Purposes and bases for processing your personal data

Caraffi processes your personal data for many different purposes. Data protection law only allows us to use your personal data if we have a lawful reason. For example, we may use your data for the following purposes and on the following lawful bases:


Lawful Bases for Processing

Contacting you by telephone to discuss our services

We rely on your consent to call you to discuss our products and services.

Responding to correspondence from you

It is in our legitimate interest to respond to enquiries made via our website, by email, through our social channels or any other means


Managing our client and vendor relationships


It is our legitimate interest to manage our business relationships effectively.

Sending you information (via post) such as Caraffi news and information which may be of interest


It is our legitimate interest to send out mail to tell you about any offers, products or services which may be of interest to you. 

Business management, forecasting and statistical purposes

It is our legitimate interest to identify areas for managing current business relationships, develop new products and services, and for managing our business


Improving our website and the overall website visitor and user experience

It is our legitimate interest to allow analytics and search engine providers to help improve and optimise our website

Improving our website and the overall website visitor and user experience


We use cookies on our website with your consent

Complying with and enforcing applicable legal requirements, relevant industry standards, contractual obligations and our policies.

We are required to process your personal data for various legal and regulatory purposes.

Protecting against, identifying and seeking to prevent fraud and other unlawful activity, claims and other liabilities

It is our legitimate interest to ensure we do not engage in any unlawful activities and to prevent such activities


Sharing your information

We do not disclose personal data that we collect about you, except as described in this privacy notice or in separate notices provided in connection with particular activities. We may share personal data with vendors who perform services on our behalf based on our instructions. We do not authorise these vendors to use or disclose the information except as necessary to perform services on our behalf or comply with legal requirements. We also may share your personal data (i) with our subsidiaries and affiliates; (ii) if you are a job candidate, with clients who may have job opportunities available or interest in placing our job candidates; and (iii) with others with whom we work, such as job placement consultants and subcontractors, to find you a job.

In addition, we may disclose personal data about you (i) if we are required to do so by law or legal process; (ii) to law enforcement authorities or other government officials based on a lawful disclosure request; and (iii) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss, or in connection with an investigation of suspected or actual fraudulent or illegal activity. We also reserve the right to transfer personal data we have about you in the event we sell or transfer all or a portion of our business or assets (including in the event of a reorganisation, dissolution or liquidation).

Data Transfers

We will rarely share your personal data outside the United Kingdom (UK) or the European Economic Area (EEA). If it becomes necessary for the purposes of providing our services to you, we will only share it where appropriate safeguards are in place to ensure your personal data is protected to the same standard expected within the UK and EEA.

Your rights

The UK GDPR provides you with certain rights in relation to the processing of your personal data, including to:

  • Request access to personal data about you (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you, and to check that we are lawfully processing it
  • Request rectification, correction, or updating to any of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected
  • Request personal data provided by you to be transferred in machine-readable format (“data portability”)
  • Request erasure of personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove personal data where you have exercised your right to object to processing (see below)
  • Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you (e.g. if you want us to establish its accuracy or the reason for processing it)
  • Object to processing of your personal data where we are relying on a legitimate interest to process your personal data and there is something about your particular situation which makes you want to object to processing on this ground.
  • Object to direct marketing. You may ask us to stop processing your personal data for direct marketing purposes. To stop direct marketing, please contact us by telephone or email.
  • Object to automated decision making and profiling. You may ask us to stop processing your personal data to make decisions solely by automated means which have legal effects or similarly significant effects.

Some of these rights are not absolute and are subject to various conditions under applicable data protection and privacy legislation and the laws and regulations to which we are subject. If at any time you decide that you no longer wish to be contacted for marketing purposes, or if you would like to exercise any of your rights as set out above, you can contact us at You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

In addition to the above, please note that you have the right to make a complaint at any time to the Information Commissioner’s Office if you are concerned about the way in which we are handling your personal data.

Data retention period

We will retain your personal data for as long as is necessary to provide you with our products and ongoing services and for a reasonable period thereafter, to enable us to meet our contractual and legal obligations and to deal with complaints and claims.

At the end of the retention period, your personal data will be securely deleted in accordance with the Caraffi Personal Data Retention and Destruction Policy and Schedule.


You can contact Caraffi in relation to data protection and this privacy notice by emailing or writing to us at:

The Data Protection Officer

Caraffi Limited
30 St John’s Road
GU21 7SA
United Kingdom