Privacy Policy


Effective Date: 25th May 2018
Last Updated: 20th July 2021

Ridgeway is committed to protecting and respecting your privacy.  This privacy notice (“Notice”) explains what personal information Ridgeway gather about you, what we use it for and who we share it with.  It applies to those who may view and communicate with us through our website as well as people with whom we do business.

We may change this Notice from time to time so please check this page occasionally to ensure that you are happy with any changes.  When we make changes to this Notice, we will post the updated Notice on the Website and update the Notice’s effective date.

If you have any questions or comments about this Notice, the ways in which Ridgeway collects and uses your information described below, your choices and rights regarding such use, or wish to exercise your rights, please do not hesitate to contact us at:

Post: Data Protection Officer, Ridgeway, 110 Buckingham Palace Road, London, SW1W 9SA 


At Ridgeway Advisors Ltd (“Ridgeway”), we provide executive search services to clients looking to recruit personnel for their businesses. 

This notice is issued on behalf of Ridgeway who are the Data Controller.  This means we are responsible for deciding how we hold and use personal information about you.  


In this Notice, “personal data” means any information relating to an individual who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data or an online identifier.

We may collect personal data directly (for example, when we perform professional services through a contract, you attend an event or subscribe to a newsletter) or indirectly (for example through public sources or from our clients)

We sometimes collect sensitive or special categories of data about individuals where you have made this available to us.  If you choose to give us special category data, we obtain your express consent to process that.  Some circumstances where it may be necessary for us to process sensitive personal data include:

  • personal identification documents and questionnaires which may reveal race, religion or ethnic origin
  • information that is provided to us by our clients or candidates in the course of providing our professional services
  • health data where this is necessary, for example to provide a safe environment for our staff, clients and suppliers.

If you choose not to provide, or object to us processing, the information we collect (see the “Your rights” section below), we may not be able to process your instructions or continue to provide some or all of our services to you or our client.

When our client or another third party gives us personal data about you, we take reasonable steps to make sure they have complied with the relevant privacy laws and regulations.  This may include, for example, that the client or other third party has informed you of the processing and has obtained any necessary permission for us to process that information as described in this privacy statement.

If any information you give us relates to a third party by providing us with such personal data you confirm that, in line with the above provisions, you have obtained any necessary permission to use it or are otherwise permitted to give it to us.


We process information about you and/or your business to enable us to provide our services to you or our clients, and to meet our legal or regulatory obligations.  Some of your personal data may be used for other business purposes.

The table below explains who we collect personal data about, what that personal data is and the purpose we process it for. 

The last column sets out the ‘lawful basis’ we rely on for processing that personal data which is a requirement of data protection rules.  Essentially, companies may only process personal data if they can identify a lawful basis from a list set out in the legislation.


Individual Personal Data Source and Purpose Lawful Basis for Processing

CVs, identification documents, educational records, work history, employment record and references, correspondence and other personal data provided by you as part of the recruitment or engagement process.

We process special category information such as racial, disability, trade union or health information where you have made this available to us.

We mainly collect this information directly from you during the recruitment, engagement, and onboarding stages.

Sometimes we collect information from third parties such as an agent acting on your behalf such as an interim manager or from a third-party recommendation or a person giving a reference.

We do use some publicly available sources to find information about potential candidates, specifically LinkedIn and company websites.

The processing is necessary for our legitimate interests of assessing suitability for potential roles, to find potential candidates.

If you choose to give us special category data (listed in the second column), we obtain your express consent to process that.

References/referees Contact details and correspondence.

Reference contact details may be given to us by candidates as part of a recruitment process.

Other personal data about referees is given to us by you directly.

Our legitimate interests as a business in obtaining references on candidates.
Individuals who contact us with general queries Contact details provided and correspondence.

This information is given to us by you.

It is used to respond to the query and keep a record of it.

Our legitimate interests as a business in responding to and keeping a record of correspondence.
Clients and potential clients Contact details provided and correspondence. Contracts.

This information is given to us by you or from publicly available information (for example on your website).

It is used for us to fulfil contracts and engage in business discussions.

Our legitimate interests as a business in responding to and keeping a record of correspondence. Some information is also necessary for us to perform our contract – for example certain contact details.
Suppliers and contractors Contact details and provided correspondence.

This information is given to us by you or from publicly available information (for example on your website).

It is used for us to fulfil contracts and engage in business discussions.

Our legitimate interests as a business in responding to and keeping a record of correspondence. Some information is also necessary for us to perform our contract – for example certain contact details.
Website visitors Information from cookies. For more details see our Cookie Notice. This information is collected via the cookies when you use our website. We only install non-essential cookies with your consent. For more details see our Cookie Notice.


Ridgeway takes the security of all the data we hold very seriously. We have in place reasonable commercial standards of technology and operational security to protect your personal information from loss, misuse and unauthorised access, disclosure, alteration or destruction. Only authorised personnel, with appropriate awareness of privacy obligations, are provided access to your personal information. We regularly review the appropriateness of the measures we have in place to keep the data we hold secure.

All our staff and third-party service providers who have access to confidential information (including personal information) are subject to confidentiality obligations.


We will only share your personal data when we are legally permitted to do so, in connection with any of the purposes outlined in the “How we process your personal data” section above. This may involve disclosing your data to:

  • other companies in our group or third parties that provide services or online platforms to us and/or our group;
  • competent authorities (including courts and authorities regulating us and other companies in our group); our clients;
  • your employer and/or its advisers, or your advisers;
  • our auditors, insurers and professional advisers;
  • any other person or organisation after a restructure, sale or acquisition of any company in our group as long as they use your information for the same purposes we did;
  • credit reference agencies or other organisations that help us make credit decisions and reduce the incidence of fraud;
  • educational establishments and professional bodies to enable us to verify information that you have provided where you have consented to us doing so;
  • and other third parties that reasonably require access to personal data relating to you.

As a result of sharing your personal data with the above parties, information we hold about you may be transferred to other countries. This may include countries outside the UK and the European Economic Area (“EEA”) and countries with laws that have not necessarily been determined to provide an adequate level of protection for the processing of personal data under the laws of the EU or other jurisdictions.

When we, or our permitted third parties, transfer your personal data outside the EEA , we will take reasonable steps to ensure that your information is treated securely and the means of transfer provide adequate safeguards.


We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

We seek to ensure that we only keep your personal data for the longest of:

  • the period necessary for the relevant activity or services;
  • any retention period that is required by law; or
  • the period in which litigation or investigations might arise in respect of the services.

In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.


By law, you have several rights when it comes to your personal data.

Rights What does this mean?
1. The right to be informed You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we are providing you with the information in this Privacy Policy. If you have any additional questions, for example regarding transfers and locations of data or our legitimate interest basis, do please get in touch.
2. The right of access You have the right to obtain access to your information (if we are processing it), and certain other information (like that provided in this Privacy Policy).
This is so you are aware and can check that we are using your information in accordance with data protection law.
3. The right to rectification You are entitled to have your information corrected if it is inaccurate or incomplete.
4. The right to erasure This is also known as the ‘right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there is no compelling reason for us to keep using it. This is not a general right, there are exceptions.
5. The right to restrict processing You have rights to ‘block’ or suppress further use of your information. When processing is restricted, we can still store your information, but may not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in future.
6. The right to data portability You have rights to obtain and reuse your personal data for your own purposes across different services. This is not a normal scenario for companies of our nature but if you have any questions you can contact us.
7. The right to object to processing You have the right to object to certain types of processing, including processing for direct marketing or where we are relying on our legitimate interests for processing.
8. The right to lodge a complaint You have the right to lodge a complaint about the way we handle or process your personal data with your national data protection regulator.
9. The right to withdraw consent If you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal data with your consent up to that point is unlawful). This includes your right to withdraw consent to us using your personal data for marketing purposes.


If you wish to raise a complaint about how we are using your information, exercise any of the rights set out above, or if you have any questions or comments about privacy issues, you can contact us by:

Post: Data Protection Team, Ridgeway, 110 Buckingham Palace Road, London, SW1W 9SA

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

You will not, in general, have to pay a fee to exercise any of your individual rights set out in this Notice. However, we may refuse to provide access or charge a few for access if the relevant data protection legislation allows us to do so, in which case we will provide reasons for our decision as required by the law.

We hope that we will be able to resolve any query or concern you raise. However, if you feel that we have not handled your query or complaint to your satisfaction you can contact the Information Commissioner’s Office, which regulates and supervises the use of personal data in the UK, on 0303 123 1113 or at If you are not based in the UK, you have a right to complain to the relevant supervisory authority in your jurisdiction.