Privacy policy

1. Who we are

Vanguard Select operates a specialist recruitment platform for close protection and aligned security roles. This notice explains how we process personal data when you visit our website, register as an operative candidate, register as a principal (client organisation), or communicate with us.

For data protection law, the controller is Vanguard Select Ltd. Correspondence address and ICO registration details are published on our corporate correspondence channel at info@vanguardselect.co.uk.

2. Scope and children

Our services are not directed at individuals under 18. We do not knowingly process minors’ data.

3. Data we collect

Identity and contact: name, email address, telephone numbers, postal address elements where collected.

Recruitment and vetting: CV or résumé content, employment history, training and qualification records, SIA licence identifiers and status, medical fitness indicators where lawfully relevant to deployment, languages, clearance references where disclosed.

Sensitive and biometric categories: passport or national ID imagery may be processed for right-to-work and identity assurance; such data may constitute special-category personal data under Article 9 UK GDPR. Biometric processing only occurs where a stated workflow requires it and a lawful condition applies (typically explicit consent or substantial public interest in employment vetting). Video introductions may be processed if you upload them.

Principal organisations: company identifiers, sector, requirement descriptions, billing contacts where relevant.

Technical: IP address, user agent, session identifiers, security logs and approximate geolocation derived from infrastructure telemetry.

Marketing site analytics: we minimise third-party trackers; where measurement tools are enabled, they operate under processor agreements.

4. Why we process (lawful bases)

• Performance of a contract or steps prior to contract—managing applications, introductions and placement support.
• Legal obligation—employment and tax-related evidence where applicable.
• Legitimate interests—fraud prevention, network security, platform integrity, defending legal claims, improving matching quality balanced against your rights.
• Consent—where required for cookies not strictly necessary, marketing communications where not covered by soft opt-in, or explicit consent for certain special-category processing where no employment-condition pathway applies.

Special-category data relies on Article 9(2)(b) employment/occupational medicine pathways where appropriate, or explicit consent where we rely on consent.

5. Automated decisions

Matching assistance may involve scoring or ranking based on profile attributes. No solely automated decision with legal or similarly significant effect is taken without human review at approval gates for regulated placements; you may request human intervention where applicable.

6. Sharing and processors

We share data with infrastructure providers (hosting, database, email delivery, document storage), identity and licence verification services, and—where a mandate requires—prospective employing principals under confidentiality terms. We do not sell personal data.

International transfers outside the UK/EEA use appropriate safeguards (IDTA, Addendum, or adequacy) where required.

7. Retention

Application materials are retained for the period necessary to fulfil placements, satisfy legal and regulatory records duties, and defend claims—typically up to seven years for employment-related records unless a shorter period applies by law. Security logs rotate on a shorter technical cycle. Passport imagery is deleted or minimised when no longer needed for the lawful purpose, unless a longer retention is required by statute.

8. Security measures

Encryption in transit and at rest, signed URLs for document retrieval, administrative MFA, role-based access control, row-level segregation between unrelated mandates, monitoring and incident response procedures aligned to ICO guidance.

9. Your rights

You may request access, rectification, erasure, restriction, portability (where processing is automated and contractual), objection to legitimate-interest processing, and withdrawal of consent without affecting prior lawful processing. You may complain to the ICO (ico.org.uk).

10. Cookies

Essential cookies operate the session and security planes. Non-essential cookies, if deployed, are gated through consent where required by PECR.

11. Changes

We update this policy when processing practices evolve materially. Continued use after notice constitutes acknowledgement where consent is not the sole basis.