Cookie & Privacy Policy

Cookie & Privacy Policy

Privacy Policy



  • 1. Introduction
  • 2. The information we collect and how we use it
    • 2.1 General
    • 2.2 Sensitive personal data
  • 3. How we use your personal data
  • 4. The legal basis of processing your data
  • 5. Keeping information up to date
  • 6. Disclosure of your personal data
  • 7. Transfer of your data outside the EU
  • 8. Our data retention policy
  • 9. Your right to access information
  • 10. Data security
  • 11. Decision making
  • 12. Marketing
  • 13. Your right to ask us to stop processing your data
  • 14. Cookies
  • 15. The ability to complain
  • 16. Changes to our privacy policy

1.         Introduction

At Eurolux Consulting Ltd, we are committed to protecting your privacy, whether you are a candidate, a client, or a user of our website.  We have adopted the principle of data protection by design and by default as a core value in our business, and when designing this privacy policy. 

This policy notice sets out how we process your personal information.  Where you provide us with your personal information, you consent to the collection and use of this information by Eurolux Consulting Ltd (hereafter termed “Eurolux”, “us” or “we”) in accordance with this privacy policy.

If you have any specific queries relating to this privacy policy, please contact us at You may also want to review our Data Protection Policy which complements this document.

Who we are

Eurolux Consulting Ltd is a limited company, whose registered address is Wey Court West, Union Road, Farnham, Surrey, United Kingdom, GU9 7PT, U.K. and whose business address is Clockhouse, Dogflud Way, Farnham, Surrey, GU9 7UD, UK.

Luxembourg authorization: No 10129418/ 3.

Pursuant to the terms of the Conduct of Employment Agencies and Employment Business Regulations 2003, Eurolux operates as an employment agency, being in the business of providing services for the purpose of supplying employers with workers for employment, or of finding workers employment.

We are registered with the UK’s data protection regulator, the Information Commissioner’s Office, as a Data Controller with registration number Z2914289.

Our Data Protection Officer in the UK is Bruce Milne.

Eurolux Consulting Limited has appointed the European Data Protection Office (EDPO) as its GDPR representative in the EU, pursuant to Article 27 of the GDPR. You can contact EDPO regarding matters pertaining to the GDPR either by using EDPO’s online request form:  or by writing to EDPO at Avenue Huart Hamoir 71, 1030 Brussels, Belgium. 

You may view our Compliance Certificate with EDPO here

Further to the European Commission’s decision of 28th June 2021, the Commission has adopted an adequacy decision for the United Kingdom, confirming that the UK’s data protection regime, which is based on the GDPR, offers EU citizens an equivalent level of protection to that guaranteed under EU law.

2.         The information we collect

2.1       General

Data from you

In order to undertake our business, we collect the personal details of candidates, client contacts, prospective candidates and prospective clients, our own employees, and of our third party suppliers.  We use this information to provide recruitment services to you and to facilitate the recruitment process.

The information we collect comes from a range of sources such as information you provide to us in person, whether face-to-face, by phone, skype, email or other means when we are discussing job opportunities with you.  The data may include the information you upload onto our website; information within your CV; information from publicly available sources such as company websites or LinkedIn; information you submit through job-boards such as Linked-in applications, or, and any references you provide, or references about you that we obtain from third parties.

Such information may include your name, address, phone numbers, skype address, email addresses, job title, employer details, your salary and benefits information, your nationality, date of birth, visa or work permit information, references, and documents verifying your identity and qualifications. 

If you take part in a recruitment process with us, we will ask to check your identification documentation (such as passport or ID card), work permit status and professional qualifications as part of our due diligence process and in order to comply with our legal obligations under English statute and contracts with our clients. 

Such information and documents are held securely on our database / document management system as a record of these checks in line with statutory requirements and our data retention policy. 

If the personal information we have requested is not collected, we will not be able to provide our recruitment services to you.

Data from other sources

There may be occasions where we identify you as having a strong professional profile and being a potential future candidate, from information sources such as LinkedIn, corporate websites, job-boards, or online CV libraries. 

Where we have made a note of such information, we become “data controllers”, and so even if we have not yet made contact with you, we will send you a copy of this privacy policy with a cover email confirming the source of the information, and confirming the purpose for which we intend to retain and process your personal data.

2.2        Sensitive personal data

Sensitive personal data means data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data, data concerning health, an individual’s sex life or sexual orientation and an individual’s criminal convictions. 

Generally, we do not collect sensitive personal data but there are certain circumstances where sensitive personal data is relevant to a specific role, such as anything relevant to your ability to perform a role (i.e. your health).  Where you disclose such sensitive data to us, we will rely on your express consent to retain that data or to pass on that data.

In all cases where consent is the basis for our processing of your data, you can withdraw your consent at any time (by email to your consultant or to ), but we may not be able to proceed with that particular recruitment process.

3.          How we use your personal data

  • We use the information we hold about you in a range of ways, depending on our relationship with you, including:
  • To provide recruitment services and to facilitate our recruitment processes.
  • To assess the information we have about you against vacancies in order to judge your potential suitability for and potential interest in a role.
  • To provide you with information about career opportunities that may be of interest to you, either to help you with an active job search, or to help you to be aware of current opportunities in the market that may be of interest to you, even if you are not actively  searching.  Such contact may be by email, phone, text message/SMS or other media.
  • To develop and maintain a good working relationship with you, whereby we can keep a record of things that you say are important to you about your next career move, so that we can provide you with a superior quality recruitment service, appropriate job opportunities, and where sought, career guidance.
  • To send your information to clients (with your consent) in order to apply for a jobs or assess your suitability for a job.
  • To create a record of all activity throughout any recruitment process.
  • To contact referees as part of the screening or recruitment process (with consent)
  • To check and retain evidential proof of a candidate’s identity or qualifications
  • To maintain and manage our business relationship where you are a client.
  • To inform you of Eurolux events or market developments.
  • To allow us to undertake necessary administration functions.
  • To notify you about changes to our service.
  • To analyse visitor traffic on our website.
  • To carry out obligations under our client contracts.
  • For any other purposes for which you have engaged with Eurolux.

4.          The legal bases for processing your data

There are six lawful reasons for processing your data under the GDPR.

As a recruitment agency, we rely upon the justification that the data processing is necessary for the purpose of Eurolux’s legitimate business interests (as data controller) or those of our clients (as a third party) on the basis that such interests are not overridden by the interests or fundamental rights of you (the data subject). 

  • It is the nature of our business as a recruitment agency that we introduce candidates to clients for the purpose of permanent or fixed term placements.  The collection of personal data is essential to allow us to maintain a database of candidates, both current and potential, and an understanding of the career history and future aspirations of candidates we have engaged with.  This in turn allows us to make contact with candidates or potential candidates when we have exciting opportunities that we judge may appeal to you, based on your previous discussions with us, or based on your publicly available profile on networking sites, in order to create and maintain meaningful professional relationships and to propose relevant opportunities. 
  • A fundamental aspect of our business is the provision of information about candidates to our clients.  We consider that it is a legitimate expectation of candidates and clients that we will maintain data about candidates and clients. 
  • We consider that our data processing, by creating such potential opportunity, is not prejudicial to the rights and freedoms or legitimate interests of any individual data subject, and that such processing is fair and lawful.
  • There are certain situations when we may rely upon consent as the basis upon which we legitimately process your data.  This will include situations where you want us to introduce you to our client or clients.  Your consent must be freely given, specific, and unambiguous.  We will rely on such consent where it is given orally (in person or by phone or skype or equivalent), or by email, text message/ SMS, or otherwise in writing.  We will record the date and basis of your consent, and you will be able to withdraw your consent at any time. 
  • We are required by law to keep certain data, in which case we shall rely on the basis that processing is necessary because of a legal obligation that applies to us as the data controller.  An example is that we are required to keep records to show that we have complied with the Employment Agencies Act 1973 and the Conduct of Employment Business Regulations 2003, by keeping records relating to candidates and clients for at least one year following the provision of services to that candidate or client.
  • In respect of our own employees, we process data because it is necessary for the performance of a contract.  As there is a contract between our direct employees and us as an employer we must be able to process our employees’ personal data. 
  • We may also rely on the legal justification for processing data of “performance of a contract” when operating under a contract with your organisation if you are an employer.

5.          Keeping information up to date

We make efforts to ensure that the data we hold about you is accurate, and through direct contact and discussion, we do our best to ensure that it is correct. 

Inevitably, over time your career will develop, you may move role, change salary, and change your preferred focus.  Where we are aware of this, from discussions with you or from publicly available sources, we will seek to update our records. 

You are under an obligation to inform us of any changes you would like us to be aware of, and we will update your records accordingly.  You can update the information we hold on you at any time by emailing us at by calling your recruitment consultant contact at any time, or by email to

6.          Disclosure of your personal information

In the course of providing our services to you, we may need to disclose your personal information to other companies to enable us to provide you with recruitment services.

We may:

  • Disclose or transfer your personal information to prospective employers where you are interested in an available position and have given express permission that we may disclose your CV or profile.  This may include your email address, phone contact details, etc., particularly in instances where our client requires us to upload a candidate’s details to their central recruitment portal, in addition to usual discussions with our client contact.
  • Disclose your personal information to third parties who perform our support functions, such as IT support consultants who may trouble-shoot system problems on our behalf, or develop enhancements to our systems.  Such third parties will not process your data.
  • Disclose the records we hold about you to a third party in the event of a proposed sale, merger, liquidation, receivership or transfer of assets, on the basis that the purchaser, etc. undertakes to use your data for the purpose for which it was originally intended (recruitment services).
  • Disclose your personal information to third parties, regulatory authorities or law enforcement agencies if we are required by law to disclose it, in connection with the prevention or detection of crime, or to comply with any court order, or where such disclosure is necessary to protect, defend or enforce the rights of Eurolux.
  • We never share your information with third parties for marketing purposes.

7.          Transferring your personal information outside of the EU

The nature of our business is that of an international recruitment agency.  Eurolux Consulting is based in the UK. As an individual, you are entitled to send us your data without restriction, and we will comply with all EU and UK legislation in respect of data protection.

Our clients are usually based in the European Union (EU), but some are based or have international recruitment operations outside of the European Economic Area (EEA). 

If we transfer your data outside of the EEA, we will take steps with the aim of ensuring that the third party respects the principle of data protection to the standards you would expect in the EU or EEA, and respect the equivalency decisions made by the EU, and if none are available, ensure appropriate safeguards are in place.  Once the data is with that third party, we do not have control of their handling and we cannot audit their handling.

The UK’s government will respect any existing equivalency decisions governing data transfers to third countries, after the UK leaves the EU.

By submitting your personal information to us, you are agreeing to your personal details being transferred to any international office where our client undertakes its recruitment operations in any such non-EU countries. 

8.          Our data retention policy

Experience has taught us that we can provide the best recruitment services through developing long-term relationships, and from gaining a thorough understanding of the needs of our clients and candidates alike.  We are proud to have placed candidates at later stages of their career, with candidates returning to us over the years since our first placement for market guidance.  In the sophisticated financial services and legal market in which we operate, candidates tend to move to roles with a mid-to long-term view in mind, and with seniority, job moves are less frequent.  Hence, we feel that keeping documentation for long enough to help with a candidate’s long-term career progression is justifiable.

In order to preserve the unique insight that our discussions have given us into your career aspirations, we retain this information over the longer term.  It is not appropriate to impose an arbitrary cut-off date for the deletion of data applicable to all candidates.  However, we regularly consider the status of your information, and whether it remains appropriate to keep your data, on every occasion we enter your record on our data management system.  At our discretion, we may delete your records where we have obviously lost touch with you, or where it is clear that you are no longer interested in the Luxembourg legal or financial services market, or for any other reason, such as lack of engagement.

Where we have copies of ID documentation and work permits we delete these from our document management system upon the expiry of the statutory retention period of 1 year from the date of last provision of work-finding services to you. 

9.          Your right to access information

You have the right to ask us for a copy of the information that you have supplied to us that we hold.  Please put your request in writing by email to

We may refuse access if it would interfere with the privacy rights of another person or if it breaches any confidentiality rights that attaches to that information. We may ask you to verify your identity before we process your request.  We will provide you with this information within one month of receiving adequate proof of your identity if required, or one month of your request if we are satisfied as to your identity.

You are able to ask us to rectify your data or to erase your data at any time, by sending an email to us at

Where we are the subject of repeated and unfounded requests for information, which we deem to be manifestly unfounded or excessive, we reserve the right to charge a reasonable fee.

10.        Data security

We take steps to safeguard your data. 

All information you provide to us is stored in our document management system or emails, on secure servers and we use accepted technical and organisational measures to protect your personal information.

We have security measures in place to protect your data.  We cannot guarantee that such data will not be accessed by someone else or lost, although we always make best efforts to ensure its safety. 

Using the internet to send data by email involves the transmission of data on an international basis.  By browsing our website and communicating by email with us, you acknowledge that risk, and agree to our continued processing of personal data.

11.        Decision-making

We do not undertake automated decision-making or automated profiling.  

12.        Marketing

We do not disclose your data to any third party for marketing purposes, and nor do we engage in mass marketing activities.

In the unlikely event that we do send you marketing material, you may ask that we stop doing so by email to the sender or to

You may also specify how you would like to be contacted by us (whether in the context of marketing or other context), and whether there are any means of contact that you do not want us to use.

13.        Your right to ask us to stop processing your data

You may ask us to stop processing your personal data at any time.

When doing so, do consider:

  • whether you want to stop all communication and have us remove a record of all of your details and our conversations (so we have no record of any of our interactions); or alternatively
  • whether you want us to keep your details, but to stop / pause our processing or contact with you for a set period, which we can do. (For example, you may want a note on your file that we should not contact you for at least 6 month or a year).

Do bear in mind that if we erase your details from our system, we may contact you again in future if you send us your information, or if we identify your profile as one of interest on a third party site such as on a jobs-board, as we cannot keep records of the names of deleted candidates.  If you want us to retain your name and year of birth, but otherwise delete all details from your record, with a simple “do not contact” note next to your name, we will be happy to do so.

Please be aware that where we are required to keep your details by law, we may not be able to handle your request at that time, (such as where we have referred you for a role, in which case we are statutorily required to keep your details for 1 year),  but if so, we shall tell you why.

You can object to the processing of your personal information where we are relying on the ground of our legitimate interests (or those of a third party), but where there is something about your particular situation that makes you want to object to the processing of your data on this ground.  However, you must let us know the reason.

You can request the transfer of your personal information to another party, subject to certain conditions laid out in our data protection policy, and where we consider that request to be reasonable in all the circumstances.

All such requests should be made to  

14.        Cookies

A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.

Cookies may be either "persistent" cookies or "session" cookies. A persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless it is deleted by the user before the expiry date. A session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.

Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.

Our web service provider uses a cookie for the purpose of authentication, to identify you when you visit our website and as you navigate our website. The cookies are ASP.NET_SessionId, __AntiXsrfToken and .AspNet.ApplicationCookie .

Our service providers use cookies and those cookies may be stored on your computer when you visit our website.  Most browsers allow you to refuse to accept cookies and to delete cookies. You can obtain up-to-date information about blocking and deleting cookies via these links:

15.        The ability to complain

If you have any concern or complaints about your privacy or this policy, in the first instance, we will always encourage you to speak to us about any concern you may have, and we will do our utmost to address your concern adequately. 

Please provide us with as much information about your concern, including the nature of the data affected, your concerns and any rectification of data that is required.  

If the recruitment consultant concerned cannot adequately assist you, then please email copying in and he will review the situation and respond within 30 days of your contact to him.

If we cannot resolve your concerns, you may make a complaint to wither our UK or EU supervisory body.  Pursuant to Article 27 of the General Data Protection Regulation (GDPR), Eurolux Consulting Limited’s date representative in the EU is the European Data Protection Office (EDPO).   Our compliance certificate can be viewed on our website.

You can contact EDPO regarding matters pertaining to the GDPR:

You may view our Compliance Certificate with EDPO here

In the UK, our regulator is the Information Commissioner’s Office.  The ICO can be contacted through this link:

16.        Changes to our privacy policy

Eurolux may change this privacy policy from time to time. If we change our privacy policy, we will post the changes on our website.  We will state the date of issue of any policy.

We recommend that you check the terms of this privacy policy periodically to keep up to date with any changes.

You may also want to review our Data Protection Policy.