Privacy Policy

Privacy Policy

This privacy policy outlines how MCS Personnel Ltd collects, processes, and protects your personal data. MCS Personnel Ltd is a recruitment agency based in Belfast, Northern Ireland. MCS Personnel Ltd are trading as MCS Group, a company registered in Northern Ireland at 10th Floor, The Ewart, 3 Bedford Square, BT2 7EP. Company Number NI069406.  For the purposes of GDPR, we are a 'data controller'. We are registered with the Information Commissioners Office (ICO) reference number ZA315767.

We have taken all necessary precautions under the UK and EU General Data Protection Regulations to protect the data which we process.

Visitors to our websites

By using our website and submitting your information to us, your personal data may be processed in accordance with this Privacy Policy and applicable data protection laws.

We do our utmost to ensure that all reasonable steps are taken to make sure that your data is stored securely. Unfortunately, the sending of information via the internet is not totally secure and on occasion such information can be intercepted. We cannot guarantee the security of data that you choose to send us electronically, sending such information is entirely at your own risk.

Social Media

We use the following social media platforms - Facebook, Twitter, Instagram, and LinkedIn. When you contact us through these platforms, including via private message, you should be aware that these platforms may collect your data. Please refer the individual service providers’ Privacy Policies for more information.

Website security and Cookies

We use a variety of third-party services to maintain the security and performance of our website. We use cookies to help make our website more efficient. Cookies are small text files that a website transfers to a site visitor's hard disk or browser for added functionality, or for tracking website usage.

Before placing any non-essential cookies, we will obtain your consent through a clear and transparent consent mechanism on our website. You will have the option to accept or decline cookies. We will only use cookies for the purposes for which you have consented.

People who call us

When you call our offices, we do not automatically record caller identification details. All calls are recorded for Training and Quality purposes.

People who email us

Any email sent to us, including any attachments, may be monitored and used by us for reasons of security and for monitoring compliance with office policy. Email monitoring or blocking software may also be used. Please be aware that you have a responsibility to ensure that any email you send to us is within the bounds of the law.

Any information you provide to us, including in any footer or attachments, in an email may be used in conjunction with any of our stated business purposes. Information provided to us by email may be processed in line with our stated business purposes and this Privacy Policy.

We encrypt emails as a matter of policy.

People who make a complaint to us

We take any complaints we receive very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. When we receive a complaint, we make up a report containing the details of the complaint, which we sometimes term a ‘non-conformance’. This normally contains the identity of the complainant, and any other individuals involved in the complaint. We will only use the personal information we collect to process the complaint and to check on the level of service we provide.

We will keep personal information related to complaints for 3 years.

Job applicants, current and former employees

When individuals apply to work with us, we will only use the information they supply to us to process their application and to monitor recruitment statistics. Where we want to disclose information to a third party, for example where we want to take up a reference or obtain a ‘disclosure’ from the Access NI, we will not do so without informing them beforehand unless the disclosure is required by law.

Personal information about unsuccessful candidates will be held as per our Data Retention Policy – link available below.

Sharing of Data Across MCS Group Recruitment Divisions

To provide the best possible recruitment service, your personal data may be accessed by all relevant recruitment divisions within MCS Group, including both our external client recruitment services and our internal recruitment team. This ensures we can maximise opportunities for you and consider you for suitable roles across the wider organisation.

Access is strictly controlled and limited to staff members who require it for recruitment purposes. We have implemented role-based access permissions to ensure that only authorised recruiters can view and process your data.

The lawful basis for this processing is our legitimate interest in ensuring candidates are matched with the most suitable roles, balanced against your rights and freedoms.

MCS Group relies on information provided directly by candidates and other reasonably available sources to maintain accurate records. Candidates are encouraged to notify us of material changes to their employment status or contact details.

You retain the right to object to this processing at any time. If you do not wish your details to be considered for internal roles or shared across our divisions, you can notify us at privacy@mcsgroup.jobs, and we will restrict your profile accordingly.

The Categories of Personal Data We Process

To provide our recruitment services, we process various categories of personal data. The specific data we collect depends on your relationship with us (e.g., as a candidate, a client contact, or a supplier).

1. General Personal Data

This is the information you provide to us directly or that we collect from publicly available sources (e.g., LinkedIn). It includes, but is not limited to:

• Contact Information: Name, address, phone number, and email address.
• Professional Information: Work history, job title, qualifications, skills, and details from your CV/resume.
• Identification Data: Information required for legal checks, such as passport details, driver's license, or national insurance number, where necessary.
• Online Identifiers: We may collect your IP address and data about your website usage (via cookies), but this is processed on an aggregated basis unless you have consented to more specific tracking.

2. Special Category Data

We may collect certain types of sensitive personal data, known as 'special category data,' but only when it is absolutely necessary and with a clear lawful basis. This data is subject to enhanced protection under GDPR. Where we process special category data, we do so only where permitted under Article 9 UK GDPR, including where processing is necessary for employment law obligations, equal opportunities monitoring, establishing, exercising or defending legal claims, or with your consent where required.

• Health Information: We may process data concerning your physical or mental health to make reasonable accommodations for you during an application process or in the workplace, or to provide occupational health services.
• Criminal Conviction Data: We may collect information about criminal convictions or offenses, but only where it is required by law or necessary for a specific role.
• Other Special Category Data: In some cases (for example, for diversity monitoring), we may also process data revealing religious or philosophical beliefs, sex and ethnicity.

Your rights

You have fundamental rights over the data you share with us. These are explained in detail in the Information Commissioners Website, and we are committed to making it as simple as possible for you to exercise them.

These rights include – 

- The right to be informed,

- The right of access,

- The right to rectification,

- The right to erasure,

- The right to restrict processing,

- The right to data portability,

- The right to object and

- Rights in relation to automated decision making and profiling.

You may exercise your rights by contacting us to make the request. We encourage you to complete and return a Subject Access Request form, but you may choose to make the request in another format.

You have the right to request copies of your data, which we will provide in a suitable format.

You have the right not to be subject to an automated decision which may have a significant impact on you.

You have the right to object to our processing your data, and if you are unsatisfied with our response complain to the ICO.

Data Ownership: You retain rights over your personal data under applicable data protection laws. We process your personal data only where we have a lawful basis to do so, for the purposes outlined in this policy and in accordance with applicable data protection laws.

Data Classification: Some of the personal data we process may constitute special category data under UK GDPR and is subject to enhanced protections.

This classification helps us protect your information. We handle all data with care.

Our purpose for collecting data

We collect personal data necessary to provide our recruitment services, including matching candidates with suitable roles, managing applications and communicating with clients. 

We have to hold the details of the people who contact us in relation to our services, however, we only use these details to provide the service the person has requested and for closely related purposes. Any personal data relating to you will be used and recorded by us in accordance with current data protection legislation and this privacy policy.

We might use information about people who have used our services to carry out a survey to find out if they are happy with the level of service they received.

If we intend to do anything else with your data, we will inform you at the point of consent.

We rely on different lawful bases for processing your data depending on the purpose:

• For our core recruitment services (matching candidates with roles, managing applications), we rely on Legitimate Interests and Contractual Necessity. For example, processing your CV is necessary to provide our service to you as a job seeker.
• For marketing communications, we will always obtain your consent.

• When we must disclose information to a third party (e.g., for a background check or a reference), we will inform you beforehand and process the information in accordance with the appropriate lawful basis under applicable data protection laws.

Data Security - To protect your data, we have put in place security precautions which include but are not limited to:

• Physical and administrative security measures at our offices.
• Firewalls and continuously updated anti-virus programmes.

Our company data is stored in the following locations:

• Across several sites connected by a secure communications system.

We store your data securely, both electronically and physically, for as long as necessary to fulfil the purposes for which it was collected, and in accordance with our data retention policy.  We will securely dispose of your data when it is no longer needed.   

For the purposes of GDPR, we are resident in the United Kingdom and regulated by the Information Commissioner’s Office.  We may carry out certain data processing outside of the UK/EEA where we use trusted third-party service providers. If your personal data is transferred outside of the UK/EEA, we will ensure appropriate safeguards are in place in line with UK GDPR. This may include cloud hosting or application platforms used to provide recruitment services and secure client reporting tools.

We have completed a data privacy risk assessment (including a transfer risk assessment where applicable) and we keep this under review as part of our supplier due diligence process.

We do share data with third parties, other than those whose services we use for social media, payroll, etc. Where we transfer any data to a third party, we have put in place all necessary controls to ensure the protection of privacy.

Client Reporting Platforms

In some cases, we provide our clients with secure online reporting portals that allow authorised representatives of the client organisation to view limited information about temporary workers supplied by MCS Group.

These portals may display limited personal data necessary to manage temporary worker assignments, such as the worker’s name, job title, assignment details, and placement status.

Access to these portals is restricted to authorised client contacts and is protected by secure login credentials and access controls.

These systems may be hosted by trusted third-party technology providers who act as data processors on our behalf and are contractually required to comply with UK GDPR and implement appropriate security safeguards.

Your data, including the records of any transaction you make with us, will be stored in accordance with our retention policy, and depending upon the nature of the record. For example, financial records will be retained for 7 years as this is common practice.

If you have any questions about us or how we handle your data, please contact us at:

Address:             The Ewart, 10th Floor, 3 Bedford Square, BT2 7EP

Telephone:          +44(0)28 9023 5456

Email:                 privacy@mcsgroup.jobs

Link to our Data Retention Policy: https://www.mcsgroup.jobs/data-retention-policy/ 

Policy date – May 2026 

This Policy is reviewed at least annually.