Privacy Policy
Last updated: July 2026
This Privacy Policy explains how Quantum Digital Limited collects, uses, stores, shares and protects personal data. It also explains the rights individuals have under the Data (Use and Access) Act 2025 (DUAA) and applicable privacy and electronic communications laws.
1. Who we are
Quantum Digital Limited (“we”, “us” or “our”) is a company registered in England and Wales under company number 10797630. Our registered office is Quantum Digital Limited, First Floor, 39 High Street, Billericay, Essex, United Kingdom, CM12 9BA. For data protection law purposes, we are the controller of the personal data described in this policy, unless we state otherwise.
2. How to contact us
If you have any questions about this Privacy Policy or wish to exercise your data protection rights, you can contact us at:
- Email: [email protected]
- Post: Quantum Digital Limited, First Floor, 39 High Street, Billericay, Essex, United Kingdom, CM12 9BA
3. Personal data we collect
We may collect and use the following categories of personal data depending on how you interact with us:
- Identity and contact data: name, job title, organisation, postal address, email address and telephone number.
- Business relationship data: enquiries, correspondence, meeting notes, service requirements, account information, quotes, contracts, billing details and records of products or services supplied.
- Marketing and communications data: marketing preferences, event attendance, survey responses and records of consent or opt-out choices.
- Technical and usage data: IP address, browser type, device information, website usage information, cookie identifiers and analytics data.
- Recruitment data: CVs, application details, interview notes, right-to-work information, references and other information provided during recruitment.
- Media data: photographs, video recordings or testimonials collected at events or provided by you.
- Special category or criminal offence data: only where necessary, lawful and proportionate, for example: recruitment checks, equality monitoring, legal obligations or where you have given explicit consent.
4. How we collect personal data
We collect personal data directly from you when you complete forms, contact us, request information, attend an event, apply for a role, subscribe to marketing, or engage with our services. We may also collect data automatically through our website and from third parties, such as service providers, recruitment agencies, former employers, publicly available sources, and professional networking platforms, where lawful.
5. Purposes and lawful bases for processing
| Purpose | Lawful basis |
|---|---|
| Responding to enquiries and managing relationships | Legitimate interests, contract or steps before entering into a contract |
| Providing services, managing contracts, invoicing and payments | Contract, legitimate interests and legal obligation |
| Operating, securing and improving our website, systems and services | Legitimate interests and legal obligation |
| Sending marketing communications and managing preferences | Consent or legitimate interests where permitted by law |
| Running events | Consent, contract or legitimate interests |
| Recruitment and candidate assessment | Contract steps, legitimate interests, legal obligation and, where needed, explicit consent |
| Complying with legal, regulatory, tax, accounting and governance obligations | Legal obligation and legitimate interests |
6. Cookies, analytics and similar technologies
Our website may use cookies and similar technologies to operate the site, remember preferences, understand usage and improve performance. Some cookies are necessary for the website to function. Analytics, marketing or optional cookies will only be used where required consent has been obtained. You can manage cookies through your browser settings and, where available, through our cookie preference tool.
7. Marketing communications
We may send marketing communications about our services, events or content where we have a lawful basis to do so. You can opt out of marketing at any time by using the unsubscribe method in our communications or by contacting us. We will continue to keep a suppression record where necessary to respect your opt-out choice.
8. Sharing personal data
We may share personal data with trusted third parties where necessary and lawful, including IT and hosting providers, professional advisers, payment and accounting providers, analytics providers, marketing platforms, recruitment providers, event partners, subcontractors, clients, regulators, public authorities and law enforcement bodies. We require service providers to protect personal data and to process it only in accordance with our instructions, unless they are independent controllers.
9. International transfers
Where personal data is transferred outside the United Kingdom, we will ensure that an appropriate transfer mechanism is in place. This may include UK adequacy regulations, an International Data Transfer Agreement, the UK Addendum to EU Standard Contractual Clauses, the UK-US Data Bridge, where applicable, or another lawful safeguard or exception under UK data protection law.
10. Data security
We use appropriate technical and organisational measures to protect personal data against accidental or unlawful loss, misuse, unauthorised access, alteration, disclosure or destruction. Access is limited to those with a business need to know. We maintain procedures for identifying, assessing and reporting personal data breaches where required by law.
11. Data retention
We keep personal data only for as long as necessary for the purposes for which it was collected, including legal, regulatory, accounting, tax, reporting, and dispute-resolution requirements.
| Record type | Typical retention period |
|---|---|
| Customer, supplier and contract records | Up to 7 years after the relationship ends, unless a longer period is required |
| Financial, tax and accounting records | Usually 6 to 7 years |
| General enquiries that do not lead to a contract | Usually up to 2 years after the last contact |
| Marketing records | Until you opt out, withdraw consent, or the data is no longer accurate or required |
| Recruitment records for unsuccessful applicants | Usually up to 6 months after the recruitment process ends, unless consent is given for longer retention |
| Event photography, video or consent records | For the period needed for the stated purpose or as required for legal evidence |
12. Your data protection rights
Depending on the circumstances, you may have the right to access your personal data, request correction, request erasure, object to processing, restrict processing, request portability, withdraw consent and challenge certain automated decisions. These rights are not absolute and may be subject to legal limits. We may need to verify your identity before we can respond.
13. Artificial intelligence and AI data processing
We may use artificial intelligence, machine learning, automation, and other advanced digital tools to support business operations, improve services, enhance security, analyse information, manage enquiries, assist with recruitment administration, generate business insights, detect unusual activity, improve the customer experience, and support internal productivity. Where these tools process personal data, we will only use them where we have a lawful basis and where the processing is fair, transparent, proportionate and subject to appropriate governance.
Personal data processed through AI systems may include information you provide to us, business relationship data, website and usage data, service records, communications, recruitment information, technical metadata and other data described in this Privacy Policy. We will not intentionally use special category data or criminal offence data in AI systems unless there is a clear lawful basis, an appropriate condition for processing and suitable additional safeguards.
Where we use third-party AI or cloud-based AI services, we will assess the provider, the purposes of processing, security arrangements, data retention, confidentiality controls, international transfer safeguards and whether personal data is used to train or improve the provider’s models.
We do not make decisions about individuals based solely on automated processing, including profiling, that produce legal or similarly significant effects unless we have a lawful basis and appropriate safeguards in place.
You may contact us if you have questions about how we use AI to process your personal data, if you want to exercise your data protection rights, or if you want to request human review of a decision where this right applies.
14. Children's data
Our website and services are not intended for children. We do not knowingly collect personal data from children through our website. If we become aware that we have collected children’s personal data without an appropriate lawful basis, we will take steps to delete it where required.
15. Third-party links
Our website may include links to third-party websites, plug-ins or services. We are not responsible for the privacy practices of those third parties. We encourage you to read their privacy notices before providing them with personal data.
16. Complaints
If you have concerns about how we use your personal data, please get in touch with us first so that we can try to resolve the matter. You also have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection matters.
17. Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in law, regulatory guidance, technology or the way we operate. The latest version will be available on our website or upon request.
Job Applicant Privacy Notice
The company is aware of its obligations under applicable data protection law and is committed to processing personal data securely and transparently. This privacy notice explains the types of personal data we collect and hold about job applicants, how we use that information, how long we keep it and the rights available to applicants.
Data controller details
Quantum Digital Limited is the data controller, meaning it determines how your personal data is used. We can be contacted at Quantum Digital Limited, First Floor, 39 High Street, Billericay, Essex, United Kingdom, CM12 9BA.
Data protection principles
In relation to your personal data, we will:
- process it fairly, lawfully and in a clear, transparent way;
- collect your data only for reasons that we find proper for the course of recruitment in ways that have been explained to you;
- only use it in the way that we have told you about;
- ensure it is correct and up to date;
- keep your data for only as long as we need it;
- process it in a way that ensures it will not be used for anything that you are not aware of or have consented to, lost or destroyed.
Types of data we process
We hold many types of data about you, including:
- your personal details, including your name, address, date of birth, email address and phone numbers;
- your photograph and other copies of your likeness, such as videography;
- gender;
- marital status;
- whether you have a disability;
- information included on your CV, including references, education history and employment history;
- documentation relating to your right to work in the UK;
- driving licence.
How we collect your data
We collect data about you in a variety of ways, including the information you would normally include in a CV or job application cover letter, as well as notes made during a recruitment interview. Further information will be collected directly from you when you complete forms at the start of your employment.
In some cases, we will collect data about you from third parties, such as employment agencies, former employers and credit reference agencies, when gathering references. Personal data is kept in personnel files or within the company’s HR and IT systems.
Why we process your data
The law on data protection allows us to process your data for certain reasons only. We need to collect your data to ensure we comply with legal requirements, such as carrying out checks on your right to work in the UK, and to carry out activities in the company’s legitimate interests, including:
- making decisions about whom to offer employment to;
- making decisions about salary and other benefits;
- assessing training needs;
- dealing with legal claims made against us.
Sharing your data
Your data will be shared with colleagues within the company where it is necessary for them to undertake their duties regarding recruitment. In some cases, we will collect data about you from third parties, such as employment agencies.
Your data will be shared with third parties if you are successful in your job application, for example: to obtain references from previous employers, obtain a criminal records check, process your payroll, or issue references regarding your employment.
How long we keep your data
If your application is unsuccessful, we will retain your data for 6 months after the recruitment exercise ends. At the end of this period, we will delete or destroy your data, unless you have already withdrawn your consent, in which case it will be deleted upon your withdrawal of consent.
If your application is successful, your data will be kept and transferred to the systems we administer for employees. A separate privacy notice for employees will be provided to you.
Automated decision making
No decision will be made about you solely on the basis of automated decision-making which has a significant impact on you.
Your rights
The law on data protection gives you certain rights in relation to the data we hold on you, including:
- the right to be informed about how we use your data;
- the right of access to the data we hold on you;
- the right to have any inaccuracies corrected;
- the right to have information deleted where there is no reason for us to continue processing it;
- the right to restrict the processing of your data;
- the right to portability of your data;
- the right to object to how we use your data for our legitimate interests;
- the right to regulate any automated decision-making and profiling of personal data.
Where you have provided consent to our use of your data, you also have the unrestricted right to withdraw that consent at any time.
Making a complaint
The UK supervisory authority for data protection matters is the Information Commissioner (ICO). If you think we have breached your data protection rights in any way, you can make a complaint to the ICO.
The company contact is Gavin Talbot, Managing Director. They can be contacted at Quantum Digital Limited, First Floor, 39 High Street, Billericay, Essex, United Kingdom, CM12 9BA.