About

Privacy Policy

  • PRIVACY POLICY

    Plexus Resource Solutions Ltd

    Last updated: 19/5/26

    This Privacy Policy explains how Plexus Resource Solutions Ltd (“Plexus”, “we”, “us” and “our”) collects, uses, shares and protects your personal data, and the choices you have about how we do so. As a recruitment business we understand the sensitivity of the personal data we process and are committed to protecting the privacy of everyone who uses our website and services.

    This policy applies to anyone who visits our website at plexusrs.com, registers with us as a candidate, works with us as a client, or otherwise interacts with us. It covers our compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations 2003 (PECR).

    WHO WE ARE AND HOW TO CONTACT US

    Plexus Resource Solutions Ltd is the controller of the personal data we collect through our website and services. This means we are responsible for deciding how we hold and use your personal data.

    – Registered office: One Great Tower Street, London, EC3R 5AA
    – Company number: 10613498 (registered in England and Wales)
    – ICO registration: ZA387570
    – Email: privacy@plexusrs.com
    – Phone: +44 (0) 208 004 3330

    If you have any questions about this policy, the personal data we hold about you, or your rights, please email privacy@plexusrs.com in the first instance.

    THE PERSONAL DATA WE COLLECT

    We collect personal data when you sign up as a candidate for job alerts via our website, attend our events, complete a business reply card, contact our office, or where we obtain your details from a third party such as a social network (for example LinkedIn) or a job board such as Jobsite, CV Library, Indeed or CW Jobs.

    If you sign up as a candidate for job alerts on our website, you will be asked to provide personal data such as your name, address, telephone number and email address, along with details that help us send relevant alerts, including salary expectations, job preferences, employment history and other background information.

    If you register as a candidate with Plexus, we collect personal data from you and from your CV. We may also contact your referees and may be asked by our clients to obtain further details from you in relation to specific roles.

    The categories of personal data we may collect include:

    – Full name
    – Home address
    – Email address
    – Phone numbers
    – Gender
    – Date of birth
    – National Insurance number
    – Evidence of your right to work in the UK
    – Education history
    – Employment history
    – Qualifications and skills
    – References
    – Salary and remuneration details
    – Any other information contained in your CV
    – Data about how you use our website and services
    – Technical data, including your IP address, browser type and plug-ins, login data, location, time zone, operating system, platform, and other technology on the device you use
    – Information about the organisation associated with your IP address, where this is identified by our third-party providers (see “Website tracking and visitor identification” below)
    – Your communication and marketing preferences

    SENSITIVE PERSONAL DATA

    Sensitive personal data is data that falls into the special categories defined in UK GDPR, such as data about your political opinions, religious or philosophical beliefs, sexual orientation, racial or ethnic origin, or health. These categories are generally not relevant to your suitability for a vacancy, and we ask that you do not provide us with any sensitive personal data unless it is absolutely necessary.

    If you do provide sensitive personal data, we will only use it for purposes that are directly connected to our relationship with you or to the provision of our recruitment services, and only where one of the following applies:

    – You have explicitly consented to the processing
    – It is necessary to assess your suitability for a particular role or your capacity to work
    – It is necessary for us to comply with a legal obligation
    – It is necessary to keep records that allow us to resolve a dispute, including the establishment, exercise or defence of legal claims

    Personal data may also reach us from a range of other sources, which can include:

    – You directly, including via your CV or job application
    – Online job boards
    – Social media platforms such as LinkedIn
    – Other public sources
    – Other candidates
    – Our clients
    – Telephone calls (which may be recorded)
    – Interviews, meetings, video calls and notes from those interactions
    – Our website and software applications

    HOW WE USE YOUR PERSONAL DATA

    We use your personal data to provide recruitment services. The main ways we use your data are:

    – To send you job alerts by email for permanent, fixed-term or contract roles that match the preferences you have provided
    – To share your details with our clients as part of the recruitment process for roles you are being considered for
    – To produce and analyse statistics about how visitors use our website and how our marketing campaigns perform
    – To meet legal or regulatory requirements

    All our recruitment activities involve human decision-making. Your personal data is not subject to fully automated decision-making or profiling that produces legal or similarly significant effects.

    If we receive personal data about a third party from you (for example, the contact details of a referee), we will assume that the third party has agreed to your sharing their information with us and to our using it for the purposes described in this policy.

    Where you are a client of Plexus, we collect and use information about individual contacts in your organisation — such as name, job title, phone number and email — to communicate with you and provide the services you have asked for. We may also hold information that someone in your organisation has chosen to share with us.

    Where you are a supplier to Plexus, we collect and use information about individual contacts in your organisation — such as name, phone number and email — to receive your goods or services and to pay you. We will also collect bank details for the purposes of payment.

    OUR LAWFUL BASIS FOR PROCESSING

    To process your personal data we need a lawful basis under UK GDPR. We rely on the following bases, depending on the activity:

    Legitimate interest. We rely on legitimate interest for most of the processing involved in operating our recruitment business. We have considered your interests and rights against ours, and have concluded that the processing is reasonable in the following situations:

    – If you are looking for new employment or have uploaded your CV to a job board or professional networking site, we believe it is reasonable for you to expect that we will collect and process your personal data to provide recruitment services, assess your skills against our vacancies, and share appropriate information with potential employers.
    – We process your data to provide tailored job recommendations based on your skills and preferences.
    – We process your data to personalise your experience of our recruitment services on our website and elsewhere.
    – We retain records of our dealings and transactions to fulfil our contractual obligations, protect our reputation, establish or defend legal claims, and maintain a backup of our system so we can restore it after any failure or security incident.
    – We process information about organisations visiting our website (see “Website tracking and visitor identification” below) so we can prioritise our outreach to organisations who may benefit from our services.

    Consent. We rely on your consent when we drop non-essential cookies on your device or use related tracking technologies (see “Cookies and tracking technologies” below), and where we ask you for permission to use your personal data for specific purposes that are not otherwise covered. You can withdraw your consent at any time.

    Contractual necessity. Where we enter into a contract with you or a third party in connection with our recruitment services, we will process the personal data needed to perform that contract, such as your name, address, company details, and National Insurance number.

    Legal obligation. As a recruitment business in the UK we are subject to several statutory requirements, including under the Conduct of Employment Agencies and Employment Businesses Regulations 2003. These oblige us to verify your identity and assess your suitability for a vacancy. Where an individual is engaged to work for Plexus or supplied to a client we must also comply with statutory requirements covering tax, anti-bribery, fraud and crime prevention, and data protection, and may need to co-operate with HMRC and the ICO.

    COOKIES AND TRACKING TECHNOLOGIES

    A cookie is a small text file that a website saves on your device. Cookies allow the website to recognise you on return visits, remember your preferences, and understand how the site is being used. We also use a small number of related technologies (for example, scripts and pixels) that work in a similar way.

    We use cookies and similar technologies for three purposes: to make our website work properly, to understand how visitors use it, and to measure the effectiveness of our marketing. Some of these cookies are set by third parties on our behalf.

    When you first visit our website you will see a banner asking you to accept all cookies, reject all non-essential cookies, or customise your choices. Strictly necessary cookies are always set because the site cannot function without them. All other cookies are only set if you give your consent. You can change your choices at any time by clicking the small consent icon in the bottom-left corner of any page.

    The cookies in use across our website are listed below. Where a cookie is set by a third party, that third party processes your personal data in line with its own privacy notice — links to those notices are provided at the end of this section.

    Strictly necessary cookies

    cookieyes-consent (set by CookieYes) — records your cookie preferences so the banner does not reappear on every page. Duration: 1 year.

    wp-settings-[UID] and wp-settings-time-[UID] (set by WordPress) — store admin user interface preferences. Only set for logged-in administrators. Duration: 1 year.

    pum-[ID] (set by Popup Maker WordPress plugin) — remembers if you have already seen and dismissed a popup so we do not show it again. Duration: up to 1 month.

    _GRECAPTCHA (set by Google reCAPTCHA) — helps distinguish humans from bots when you submit a form on our site, to prevent spam. Duration: 6 months.

    Analytics cookies

    _ga and _ga_[container] (set by Google Analytics 4) — distinguish unique visitors and measure how people use the site (pages viewed, time on site, traffic sources). Duration: 2 years.

    _clck, _clsk, CLID, MUID, ANONCHK, MR, SM (set by Microsoft Clarity) — capture anonymised session recordings and heatmaps to help us understand how visitors use our site. Form input is masked by default. Duration: 10 minutes to 1 year depending on the cookie.

    Geonimo also runs on the site for analytics purposes, but does not set tracking cookies on your device.

    Advertising cookies

    _gcl_au (set by Google Ads) — links your visit to ad clicks so we can measure the effectiveness of our Google Ads campaigns. Duration: 3 months.

    bcookie, lidc, li_gc, AnalyticsSyncHistory, UserMatchHistory (set by LinkedIn Insight Tag) — track visits from LinkedIn ads, support conversion measurement, and support audience-building for LinkedIn campaigns. Duration: up to 1 year, varies by cookie.

    _twpid and related (set by X, formerly Twitter, advertising pixel) — track visits from X campaigns and support conversion measurement and audience building. Duration: up to 1 year, varies.

    Apollo.io tracker — identifies the organisation associated with your visit so we can understand which companies are visiting our site and tailor our outreach. Duration: up to 1 year. The specific cookies set by Apollo may vary.

    Third-party privacy notices:

    – Google (Analytics, Ads, reCAPTCHA): https://policies.google.com/privacy
    – Microsoft (Clarity): https://privacy.microsoft.com/privacystatement
    – LinkedIn: https://www.linkedin.com/legal/privacy-policy
    – X (Twitter): https://x.com/en/privacy
    – Apollo: https://www.apollo.io/privacy-policy
    – Geonimo: https://www.geonimo.com
    – CookieYes: https://www.cookieyes.com/privacy-policy/

    If you would prefer to restrict or delete cookies from our website (or any other website), you can do so through your browser settings. Doing so may affect how the site works.

    WEBSITE TRACKING AND VISITOR IDENTIFICATION

    In addition to the standard analytics described above, we use three services that go beyond traditional cookie tracking. We want to be transparent about how they work and what choices you have.

    Business-to-business visitor identification (Apollo.io)

    We use Apollo.io to help us understand which organisations are visiting our website. Apollo combines information about your visit — primarily your IP address and behavioural signals — with its own commercial database of organisations to identify the company you are likely visiting from. The result is an indication that, for example, “a person at Acme Ltd viewed our site”, rather than identification of you as a named individual.

    We use this information to prioritise our outreach to organisations that have shown an interest in our services. Our lawful basis is legitimate interest under Article 6(1)(f) of the UK GDPR — our interest in operating a recruitment business and engaging with organisations that may benefit from our services. The Apollo tracker is only loaded after you accept advertising cookies through our consent banner.

    If you would prefer not to be identified in this way, you can: (a) reject advertising cookies in our cookie banner; (b) withdraw your existing consent at any time using the consent icon at the bottom-left of any page; or (c) email privacy@plexusrs.com to object to this processing under Article 21 of the UK GDPR.

    AI search visibility tracking (Geonimo)

    We use Geonimo to measure how often our brand is mentioned, cited or recommended in AI-powered search tools such as ChatGPT, Claude and Perplexity, and to detect when visitors arrive at our site from those sources. Geonimo focuses on aggregate attribution rather than identifying individual visitors, and does not set tracking cookies on your device.

    Session recording and heatmaps (Microsoft Clarity)

    We use Microsoft Clarity to view anonymised recordings of how visitors interact with our site, and to view aggregated heatmaps showing where people click and scroll. Form fields are masked by default, which means any information you type into a form (such as your name or a message) is not captured in the recording.

    Microsoft acts as an independent data controller for the data it collects through Clarity. This means Microsoft may use that data for its own purposes, including improving its products, training its services, and showing personalised advertising on its own platforms. You can read more in Microsoft’s privacy statement at privacy.microsoft.com.

    SHARING YOUR PERSONAL DATA WITH THIRD PARTIES

    We may share your personal data with third parties who perform services on our behalf, such as payroll providers, accountants, factoring providers, screening providers, web hosts, and other professional services firms. We may also share your data with government agencies such as HMRC, and with law enforcement, where required by law.

    Where we share personal data with a third party that is acting as our processor, we do not allow them to use it for any purpose other than providing the service they provide to us, and we put written contracts in place that include appropriate restrictions. Where the third party is acting as a separate controller (for example, HMRC, or Microsoft in respect of Clarity data), we cannot impose those restrictions.

    In particular, we share information with the following categories of third parties:

    – Our clients, when we are introducing you as a candidate for a role they are recruiting for
    – Apollo.io, which provides our business-to-business visitor identification service (see above)
    – Microsoft, which provides our session recording and heatmap analytics (see above)
    – Google and other advertising and analytics providers, as described in the cookies section
    – Our technology providers (web hosting, email, telephony, customer relationship management) who help us run the business

    TRANSFERRING OR STORING DATA OUTSIDE THE UK AND EEA

    As part of our recruitment services we may transfer personal data to countries outside the UK and the European Economic Area (EEA). This may be to clients, candidates, or third-party service providers.

    Where personal data is transferred outside the UK or EEA, we will only do so where appropriate safeguards are in place. In most cases this means transferring to a country that is covered by a UK adequacy decision, or relying on the UK International Data Transfer Addendum to the EU Standard Contractual Clauses (the “UK Addendum”) together with the EU Standard Contractual Clauses.

    Specific transfers we want to flag:

    – Apollo.io is based in the United States. We rely on the UK Addendum to the Standard Contractual Clauses for these transfers.
    – Microsoft Clarity is provided by Microsoft Ireland Operations Ltd in the EEA, but data may also be processed by Microsoft Corporation in the United States. We rely on the safeguards Microsoft has in place, including the EU-US Data Privacy Framework and Standard Contractual Clauses.
    – Google services (Analytics, Ads, reCAPTCHA) may involve transfers to the United States, also covered by the Data Privacy Framework and Standard Contractual Clauses.

    HOW WE PROTECT YOUR PERSONAL DATA

    We take the security of personal data seriously. We use a combination of organisational and technical measures to protect personal data against loss, misuse and unauthorised access — including access controls that limit who within Plexus can see particular categories of data.

    If Plexus is the subject of a personal data breach that is likely to affect your rights, we will notify you in line with our legal obligations under UK GDPR.

    HOW LONG WE KEEP YOUR PERSONAL DATA

    We keep your personal data only for as long as is necessary for the purpose we collected it for, as described above. We may also need to keep some of your personal data after you have stopped using our services, where necessary to comply with our legal obligations. Where we have a contractual relationship with you, we are required by law to retain certain information — such as contracts, identity documents and financial data — for a period of seven years.

    In determining how long to keep your personal data, we take into account:

    – Our contractual obligations and rights
    – Legal obligations under applicable law
    – Our legitimate interests
    – Limitation periods under applicable law
    – Whether there are active or potential disputes
    – Whether you have made a request for your data to be erased
    – Guidance issued by relevant data protection authorities

    When we determine that we no longer need to keep your data, we will delete it securely. Please note that if you exercise your right to erasure or to ask us to stop processing your data, we may retain a record of that request as evidence of our compliance, and to help us avoid processing your data again in the future.

    YOUR RIGHTS

    Under the UK GDPR you have a number of rights in relation to your personal data:

    – The right to withdraw consent. Where we are relying on your consent, you can withdraw it at any time. After you withdraw consent, we will stop processing your data on that basis, unless we have another lawful basis to continue. To withdraw consent, email privacy@plexusrs.com.
    – The right to object. In certain situations you have the right to object to our processing your data. You have an absolute right to object to processing for direct marketing. We will respond to any objection within one month.
    – The right of access. You have the right to ask for a copy of the personal data we hold about you. We will respond within one month. To make a request, email privacy@plexusrs.com.
    – The right to rectification. You have the right to ask us to correct any inaccurate or incomplete personal data we hold about you.
    – The right to erasure (the right to be forgotten). You can ask us to delete your data. We will do so unless we have a legal basis to retain it, in which case we will explain.
    – The right to restrict processing. In certain situations you can ask us to limit how we use your data — for example, while we verify its accuracy after you have challenged it.
    – The right to data portability. Where we process personal data automatically and either rely on your consent or are performing a contract with you, you can ask us to transfer that data to another controller, or directly to you in a commonly used format.
    – The right to lodge a complaint. If you are unhappy with how we have handled your personal data, you can complain to the Information Commissioner’s Office (ICO) at ico.org.uk. We would appreciate the chance to address your concerns first — please email privacy@plexusrs.com.

    We may need to confirm your identity before responding to a request. We aim to respond to all legitimate requests within one month, unless the request is particularly complex. We will not charge a fee unless a request is excessive.

    MARKETING COMMUNICATIONS

    We rely on “soft opt-in” consent when sending recruitment-related email marketing — that is, where you have given us your details in the context of receiving a recruitment service, we may send you similar communications unless and until you tell us not to. If you provided your details at a networking event, a competition, a job fair, or a job board, you may receive email marketing from us on a similar basis.

    You can opt out of receiving marketing emails at any time by:

    – Following the unsubscribe link in any marketing email
    – Replying to a marketing email with the words “unsubscribe – marketing”
    – Emailing privacy@plexusrs.com with the words “unsubscribe – marketing”

    Opting out of marketing does not apply to personal data you have provided to us:

    – As part of asking us to find work for you
    – In the course of performing a contract between us

    LINKS TO OTHER WEBSITES

    Our website contains links to other websites that we do not control and that are not covered by this Privacy Policy, including websites belonging to our partner organisations. We recommend you check the privacy notice on any third-party site before providing personal data.

    CHANGES TO THIS POLICY

    We may amend this Privacy Policy from time to time. The most recent version will always be available on our website at plexusrs.com/privacy-policy. The “last updated” date at the top of this document indicates when it was last revised.

    If we make changes that materially affect how we use your personal data, we will take reasonable steps to bring those changes to your attention — for example, by displaying a notice on our website or by emailing you.

    By continuing to use our website after a change to this policy, you accept the updated terms.