Client Data Protection Terms


This Client Data Protection Policy outlines the way in which we manage the data that is exchanged between client (“you”) and the agency (“us”) for the purposes of providing any and all recruitment and sourcing services.

This refers to compliance with all applicable data protection laws (including but not limited to the General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”), and is a controlled document that may be updated from time to time.

2.                DEFINITIONS

The following definitions will have the meanings given to them under the Data Protection Legislation: “Data Controller”, “Data Processor”, “Data Subject”, “Personal Data”, “Data Subject”, “processing” and “process”.

Both the Client and the Agency will comply with all applicable requirements of the Data Protection Legislation and will ensure that they have all necessary consents and notices in place to enable lawful transfer of Personal Data to the other Party for the duration of the supply arrangement.

The Client and the Agency acknowledge that for the purposes of the Data Protection Legislation:

  • the Client is the Data Controller and Agency is the Data Processor of the Client’s Personal Data; and
  • both the Agency and the Client are Data Controllers of any Candidate Personal Data.

3.                PROCESSING OF DATA

The Client and the Agency shall, in relation to any Personal Data processed during the delivery of recruitment and sourcing services:

  • process Personal Data only to the extent required to enable it to comply with its obligations under these Terms, or otherwise in accordance with (i) the written instructions of the other Party (when acting as a Data Processor) or (ii) applicable laws which otherwise enable it to process Personal Data;
  • ensure that it has in place appropriate technical and organisational measures to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data;
  • not transfer any Personal Data outside of the European Economic Area unless the prior written consent of the other Party has been obtained and appropriate safeguards and an adequate level of protection of any Personal Data transferred have been reasonably ensured;
  • assist the other Party, at the other Party’s cost, in (i) responding to any request from a Data Subject and (ii) ensuring compliance with its obligations under the Data Protection Legislation;
  • notify the other Party without undue delay on becoming aware of a Personal Data breach affecting the other Party; and
  • at the written direction of the other Party (when acting as a Data Processor), delete or return Personal Data and copies thereof to the other Party on termination of these Terms unless required by applicable law to store the Personal Data.

The Client agrees that the Agency may process Personal Data using digital recruitment systems, software and programs, via its own IT systems and/or using third party programs and software.

The Client acknowledges and agrees that the Agency may:

  • engage third party IT system providers as sub-processors in the provision of its digital recruitment systems, software and programmes; and
  • engage other third-party sub-processors as required in connection with the processing of Personal Data within the sphere of these Terms.

The Agency confirms that it has entered or (as the case may be) will enter with any third-party sub-processor into a written agreement incorporating terms which are substantially similar to those set out in above. The Agency will regularly monitor the performance of its subcontractors and will remain fully liable for all acts or omissions of any third-party sub-processor appointed pursuant to this clause 1.

The Agency shall make available to the Client its current list of sub-processors engaged upon request, which will include the identities of those sub-processors and their country of location. In case of any additions or changes to the current list, the Agency will notify the Client in writing. If the Client has a reasonable basis to object to the Agency’s use of a new sub-processor, the Client shall notify the Agency promptly in writing within 15 Business Days after receipt of the Agency’s notice.


This document applies to:

Jonathan Lee Recruitment Limited (company number 3724865) ICO registration number Z4897240

Jonathan Lee Contracts Limited (company number 2796676) ICO registration number Z6874342

Jonathan Lee Design Services Limited (company number 01357821) ICO registration number ZA195457

Jonathan Lee Executive Search Limited (company number 08571640) ICO registration number ZA008732

Referred to above as the “Jonathan Lee Group” or "Agency"

Revision Number JL 015 012_R3

Solutions through understanding