Privacy Policy

Last updated: 22 April 2026

1. Who we are

This Privacy Policy is issued by Cressoft Consultancy Limited ("Cressoft", "we", "us", "our"), a company registered in England and Wales. Our registered office is 167–169 Great Portland Street, London, W1W 5PF, United Kingdom.

Cressoft is the data controller for personal data processed through our websites (cressoft.io, cressoftconsultancy.com), our recruiter dashboard (ops.cressoft.io) and its candidate application portal at ops.cressoft.io/apply, and our AI-assisted candidate screening tool (screening.cressoft.io).

If you have any questions about this policy or about how we handle your personal data, contact us at admin@cressoft.io.

2. Personal data we collect

Depending on how you interact with us, we may collect the following categories of personal data:

  • Identity and contact data — name, email address, phone number, postal address, nationality, right-to-work status.
  • Application data — CV / resume, cover letter, employment history, education, skills, salary expectations, notice period, LinkedIn profile, answers to application questions, and any content candidates submit through our application portal or screening tool (including text, audio, and video responses).
  • Communications data — emails, messages, and interview notes exchanged with us.
  • Technical data — IP address, browser type and version, device information, pages visited, referrer, approximate geographic location derived from IP. We use this to operate, secure, and improve our services.

We do not intentionally collect special-category data (for example, data concerning health, religion, or ethnicity). Please do not include such information in your application unless we specifically ask for it and explain the legal basis.

3. How we collect personal data

  • Directly from you when you apply for a role, contact us, or otherwise interact with our services.
  • From our clients when they refer you to us as a candidate.
  • From publicly available sources such as LinkedIn, GitHub, and professional directories.
  • Automatically through cookies and similar technologies when you visit our websites.

4. Legal bases for processing

Under the UK GDPR, we rely on the following legal bases:

  • Legitimate interests — to assess candidates for roles, to operate and secure our platform, to respond to enquiries, and to pursue our recruitment business.
  • Performance of a contract — to carry out recruitment services requested by you or by our clients.
  • Consent — for non-essential cookies and any optional communications. You can withdraw consent at any time.
  • Legal obligation — to comply with applicable laws, including right-to-work and record-keeping requirements.

5. How we use your personal data

  • To evaluate your suitability for roles and introduce you to potential employers.
  • To communicate with you about applications, interviews, and related opportunities.
  • To operate, maintain, and improve our services.
  • To detect, prevent, and respond to fraud, abuse, and security incidents.
  • To comply with legal and regulatory obligations.

We use AI-assisted tools, including large language models, to help assess CVs and structure candidate evaluations. A human reviewer is involved in final decisions. You have the right to request human review of, and to contest, any decision that significantly affects you.

6. Sharing your personal data

We share personal data only where necessary, and only with:

  • Clients — prospective employers who have instructed us on a role you have applied for.
  • Service providers acting as processors on our behalf, including cloud hosting (Vercel, Google Cloud), email (Google Workspace), analytics, database and storage providers (Airtable), AI model providers (OpenAI, Anthropic), and video-response platforms (VideoAsk). These providers are bound by contract to process personal data only on our instructions.
  • Professional advisers and regulators where required by law or to protect our legal rights.

We do not sell personal data.

7. International transfers

Some of our service providers are based outside the UK / EEA. Where we transfer personal data outside the UK, we rely on appropriate safeguards such as the UK International Data Transfer Agreement, Standard Contractual Clauses, or an adequacy decision by the UK government.

8. Data retention

We retain personal data only for as long as necessary for the purposes described in this policy. Typical retention periods:

  • Candidate application data: up to 24 months from your last interaction with us, unless you ask us to delete it sooner.
  • Placement-related records: 6 years after the end of the engagement, to meet legal and tax obligations.
  • Website analytics and security logs: up to 13 months.

9. Your rights

Under the UK GDPR, you have the right to:

  • Request access to the personal data we hold about you.
  • Ask us to correct inaccurate or incomplete data.
  • Request erasure of your personal data in certain circumstances.
  • Object to, or request restriction of, processing based on legitimate interests.
  • Request data portability for data you provided to us under consent or contract.
  • Withdraw consent at any time where processing is based on consent.
  • Not be subject to a solely automated decision that significantly affects you; request human review.

To exercise any of these rights, email us at admin@cressoft.io. You also have the right to complain to the UK Information Commissioner's Office (ico.org.uk).

10. Cookies

Our websites use cookies that are strictly necessary to operate the site, plus optional analytics cookies that we only set with your consent. You can manage cookie preferences through your browser settings.

11. Security

We apply appropriate technical and organisational measures to protect personal data, including encryption in transit (HTTPS/TLS), access controls, authenticated email (SPF, DKIM, DMARC), logging, and regular reviews of our security posture. No method of transmission over the internet is completely secure; we will notify affected individuals and the ICO of any personal data breach where required by law.

12. Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated policy on this page and revise the "Last updated" date above. Material changes will be communicated where appropriate.

13. Contact

Cressoft Consultancy Limited
167–169 Great Portland Street
London W1W 5PF, United Kingdom
Email: admin@cressoft.io