Privacy Policy

Updated on: 2026-05-05

This Privacy Policy explains how Referment Limited ("we", "us", "our") collects, uses, shares and protects personal data when you use our website (https://www.referment.com), our recruitment service (the "Service"), or otherwise interact with us. We are the data controller for the personal data described below.

Who we are

Referment Limited is a company registered in England and Wales (company number 10346315) with its registered office at Salatin House, 19 Cedar Road, Sutton, England, SM2 5DA. Our point of contact for any privacy question, request or complaint is info@referment.com.

Personal data we collect

We collect personal data about three groups of people, depending on how you interact with us.

Customers (recruiting teams using our Service)

Your name, work email address, telephone number and job title
Your employer's name and trading address
Information you give us about the role you're hiring for and your hiring decisions
Billing information, handled by our payment processor (see Sub-processors below)
Account activity such as logins, communications and support requests

Candidates (people whose CVs are processed by our Service)

Identifiers such as your name and contact details
Your CV / resume content (employment history, education, skills, location)
Notes generated by our Service when matching you to a role brief
Your responses to messages we send you about a role

Website visitors

Information you submit through our contact form (name, email, company, message)
Cookies and analytics data (see Cookies below)
Standard server log data: IP address, browser, pages requested, timestamps

We do not intentionally collect "special category" data (data revealing racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic or biometric data, health data, or data concerning sex life or sexual orientation). Please don't include such information in CVs or messages you send us; if it appears, we treat it as ordinary personal data and remove it where reasonable.

Where we get personal data from

For customers, we collect personal data directly from you when you sign up, complete the contact form, or correspond with us by email.

For candidates, we may receive your personal data from sources other than you directly, including:

A variety of public job boards and recruitment platforms (e.g. LinkedIn, Indeed)
Information you submit when applying to a role advertised by us or by our customers
Referrals from third parties

Where we obtain candidate data from a source other than you, you have the right to know about it and to ask us to stop processing it. Contact us at info@referment.com.

What we use your data for, and our lawful basis

We process personal data for the following purposes, on the lawful bases shown (UK GDPR Article 6):

Providing the Service to our customers, Contract (with the customer); Legitimate interests (in respect of candidates)
Sourcing, screening and shortlisting candidates against a role brief, Legitimate interests in operating a recruitment service
Operational emails (account, billing, security), Contract; Legal obligation
Improving our Service and analytics, Legitimate interests
Responding to enquiries via our contact form, Legitimate interests
Preventing fraud and securing our infrastructure, Legitimate interests; Legal obligation
Complying with legal, regulatory and tax obligations, Legal obligation

Where we rely on legitimate interests in respect of candidates, we have carried out a balancing test to confirm that our interest in operating a recruitment service does not override your rights and freedoms. You can object to this processing at any time (see "Your rights").

Automated decision-making and profiling (Article 22)

Our Service uses natural-language processing and large language models to score and rank candidate CVs against the requirements of a customer's role brief. The scoring informs which candidates are presented to a customer on a shortlist.

These scores are not the sole basis for any decision that produces a legal or similarly significant effect for a candidate. A Referment account manager reviews every shortlist before it leaves us, and the decision to interview, reject or hire a candidate is always made by the customer (the recruiting employer), not by Referment and not by automated processing alone.

If you are a candidate and you would like a human to review how your CV was assessed, contact us at info@referment.com and we will provide that review.

Sharing your data

We share personal data with:

Customers, we share candidate shortlists (including CVs and our scoring notes) with the customer who is hiring for the role.
Candidates, we share customer-side contact details with shortlisted candidates so they can correspond directly with the hiring team.
Sub-processors acting on our behalf (see below).
Authorities, where required by law, court order, or to protect our rights or the safety of others.

We do not sell your personal data and we do not use it for advertising targeting.

Sub-processors

We use the following service providers to deliver our Service. Each is bound by a written data-processing agreement and processes personal data only on our instructions.

Amazon Web Services, hosting and storage of Service data, United Kingdom (eu-west-2)
Stripe Payments Europe Ltd, payment processing for subscriptions, Ireland
Anthropic, large language model inference for candidate matching, United States
Google (Gemini), large language model inference for candidate matching, United States
Google Analytics, website analytics, United States
Cookie-Script, cookie consent management, European Union
FormSubmit, contact-form delivery, United States

We may update this list from time to time. Material changes will be reflected in this Privacy Policy.

International data transfers

Personal data we hold is stored in the United Kingdom. Some of our sub-processors are based outside the UK (typically in the United States). When personal data is transferred outside the UK, we rely on one or more of the following safeguards under UK GDPR:

An adequacy decision by the UK government (e.g. for the EEA, and for certified US recipients under the UK–US Data Bridge).
The UK International Data Transfer Agreement (IDTA), or the EU Standard Contractual Clauses with the UK Addendum, supported by a transfer risk assessment where required.

You can request a copy of the safeguard relevant to a specific transfer by emailing info@referment.com.

How long we keep your data

We keep personal data for 24 months after it is no longer required for the purpose we collected it for, after which we delete or fully anonymise it. We may retain specific records longer where the law requires us to, for example, accounting and tax records are kept for 6 years after the end of the relevant accounting period to satisfy HMRC requirements.

If you would like us to delete your data sooner, see "Your rights" below.

Your rights

Under UK GDPR you have the following rights in respect of your personal data:

Access, ask us to confirm whether we hold your personal data and to provide a copy.
Rectification, ask us to correct inaccurate or incomplete data.
Erasure, ask us to delete your data ("right to be forgotten") in certain circumstances.
Restriction, ask us to stop processing your data while a question about it is resolved.
Portability, ask us to provide your data in a structured, commonly used, machine-readable format.
Object, object to processing based on legitimate interests, including for direct marketing.
Withdraw consent, where we rely on consent, you can withdraw it at any time.
Not to be subject to automated decision-making that produces legal or similarly significant effects on you (see Article 22 above).

To exercise any of these rights, email info@referment.com. We will respond within one calendar month and we will not charge a fee unless your request is manifestly unfounded or excessive.

Cookies

We use cookies and similar technologies on our website. The cookie banner you see when you first visit gives you control over which categories you allow:

Strictly necessary, required for the site to function (for example, remembering your cookie choices). Always on.
Performance / analytics, Google Analytics, used to understand how the site is used. Optional.

You can change your choices at any time by clicking Cookie settings in the site footer. Full details of the cookies we set and their lifetime are listed in the cookie consent banner.

Security and incident notification

We use technical and organisational measures appropriate to the risk to protect personal data, including encryption in transit (TLS), encrypted storage, access controls, and least-privilege access for our team.

If a personal data breach occurs and is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours where required, and we will notify you without undue delay where the breach is likely to result in a high risk to you.

Children

Our Service is intended for business users and adult professionals. We do not knowingly collect personal data from anyone under the age of 16. If you believe we have, contact us at info@referment.com and we will delete it.

Changes to this Policy

We may update this Privacy Policy from time to time. The current version will always be available at https://www.referment.com/privacy-policy.html. Where we make material changes that affect how your data is used, we will take reasonable steps to bring those changes to your attention before they take effect.

Contact us and your right to complain

For any privacy question, request, or complaint, contact us at:

Email: info@referment.com
Address: Referment Limited, Salatin House, 19 Cedar Road, Sutton, England, SM2 5DA

If you are not satisfied with our response, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

Website: https://ico.org.uk/make-a-complaint/
Helpline: 0303 123 1113

We would appreciate the opportunity to address your concerns first, so please contact us before contacting the ICO.