Privacy Notice

Privacy Policy

Dandi’s Contextual Recruitment Software (Information received via third-party organisations)

Dandi Legal Limited (“Dandi”) is a company incorporated in England with company registration number 13562020 whose registered office is at First Floor, 5 Fleet Place, London, United Kingdom, EC4M 7RD.

Dandi is committed to respecting and protecting your privacy.

This policy sets out the basis on which data that you provide to Dandi, through a third-party organisation, will be processed by Dandi’s Contextual Recruitment Software. Please read the following carefully:

Dandi’s Contextual Recruitment Software is used to help organisations and employers assess achievements within context. Applicants will be asked questions relating to their educational background and social mobility, including, but not limited to the below:

  • Educational details – School/College subjects & grades and university attended

  • Employment during education

  • Local Authority Care status (LAC)

  • Refugee or asylum seeker status

  • Free School Meals (FSM) eligibility

  • Impact on education – Medical or chronic illness

  • Impact on education – Family related

  • Impact on education – Caring responsibility

  • Postcode data

Your data enters and is processed by our system anonymously and will not include any identifying or identifiable data. If you consent to it, Dandi’s Contextual Recruitment Software:

  • Processes and readjusts your educational achievements, within the context of Ofsted school performance data and your Dandi social mobility score

  • Shares the above with the third-party organisation who will be able to view your contextualised data in relation to your application within their Applicant Tracking System

  • Receives the results of anonymised social mobility and educational data that may be used in statistical reports

In accordance with UK General Data Protection Regulation (“GDPR”), Dandi Legal Limited, whose address is First Floor, 5 Fleet Place, London, United Kingdom, EC4M 7RD, is the Data Processor.

By providing your consent to a third party, you agree to the practices described in this policy.

If you have any questions in relation to this policy, please contact

Accreditation: Dandi’s Integrated Contextual Recruitment Software is hosted by DigitalOcean Holdings, Inc, who are ISO 27001, SOC, PCI-DSS certified.

Last updated: June 2023

Dandi's Recruitment Services

Dandi Legal Limited respects your privacy and is committed to protecting your personal data. This privacy notice provides information on how we collect and process your personal data through our website, and when you contact us by phone, email, or by writing to us.

1. Purpose and scope of privacy notice: data controller contact information

Dandi Legal Limited (“Dandi”) is a company incorporated in England with company registration number 13562020 whose registered office is at First Floor, 5 Fleet Place, London, United Kingdom, EC4M 7RD.

Dandi is a specialist recruitment and consultancy agency and our website and services are intended for adults aged 18 and over: we do not knowingly collect data relating to children.

It is important that you read this privacy notice together with any other privacy or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy notice supplements the other notices and is not intended to override them.

Our affiliate EJ Legal Limited is the controller and responsible for your personal data. EJ Legal Limited (“EJ”) is a company incorporated in England with company registration number 02636241 whose registered office is at First Floor Thavies Inn House 3-4, Holborn Circus, London, EC1N 2HA.

Dandi is the processor and processes your personal data in accordance with EJ’s instructions.

We have appointed a data privacy manager who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice or the ways in which Dandi processes your personal data, please contact the data privacy manager email on or by writing to EJ Legal Limited, 76 Canon Street, London EC4N 6AE, marking the letter for the attention of The DPO. Please make it clear that your enquiry relates to Dandi Legal Limited.

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues ( We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

2. The data we collect about you

Personal data means any information about an individual from which that person can be identified. We may collect, use, store and transfer different kinds of personal data about you. This includes your full name, marital status, title, date of birth, gender, contact details including personal and business email addresses and phone numbers; your job title and role, current and previous employers, your education, academic record and professional qualifications, your notice period, current salary and other relevant information that you may provide when you send a CV to us or engage us to source candidates for you, roles that you have been put forward for and interviews that you have attended, roles that may be of interest to you based on your profile and what you have told us; information about how you use our website.

3. How is your personal data collected?

We use different methods to collect data from and about you including where you contact us to apply for one of our advertised vacancies or with a speculative application and as you use our website, we may automatically collect data about your browsing actions. We collect this personal data by using cookies and other similar technologies. Please see our cookie policy for more information on our use of cookies. Occasionally we may collect data about you from public sources including public websites and articles in the press to the extent that this is relevant to our recruitment business.

4. How we use your personal data and the lawful basis for doing so

We will use your personal data as required for the services that we provide as a specialist recruitment and consultancy agency: these uses include presenting roles or candidate profiles that may be of interest to you; managing the recruitment and interview process for clients and candidates; and using data analytics to improve our website. The lawful basis for us doing so is that this is necessary for the performance of a contract with you and/or for our legitimate interests in the efficient running our recruitment and consultancy business, and to keep our website updated and relevant. If you do not agree to our processing of your personal data as required to manage the recruitment process then we will not be able to present roles or candidates to you.

5. Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.

6. Sharing your personal data

We will only share your personal data with: (a) EJ which is the controller and owner/licensee of the shared IT system on which all of our data (including your personal data) is stored; (b) EJ’s third party service providers of our cloud back-up storage system; (c) other third parties, where such disclosure is necessary to comply with applicable laws; (d) the acquirer(s), in a reorganisation or sale of our company or assets, (e) employers or candidates who will need to receive your personal data as required for the recruitment process. We may discuss candidates with our client(s) on a no names basis but we do not provide a C.V. or any identifying information without the candidate's express consent.

7. International transfers

As a general rule, we do not transfer your personal data outside the European Economic Area (EEA). We will only transfer candidate data outside of the EEA where a candidate is applying for a role outside of the EEA and the hiring manager is based outside of the EEA, in which case any transfer of the candidate’s personal data would only take place with the candidate’s prior written consent.

8. Cookies

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.

For more information about the cookies we use, please see our cookie policy

9. Data security

We have put in place appropriate technical and organisational measures to prevent your personal data from being accidentally lost, accessed in an unauthorised way, altered or disclosed. We have put in place procedures to deal with any suspected personal data breach and will notify the ICO and/or you of a personal data breach where we are legally required to do so.

10. Data retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements, and in line with our data retention policy.

11. Your legal rights and how to exercise them

You have the following data protection rights in relation to your personal data that apply in certain circumstances:

Right to erasure: You can ask us to erase or delete all or some of your personal data.

Change or correct data: You can also ask us to update the data we hold about you.

Object to, or limit, our use of your data: You can ask us to stop using all or some of your personal data or to limit our use of it.

Subject access requests and portability right: you can ask us for a copy of your personal data and can ask for a copy of personal data you provided in machine readable form.

If you wish to exercise any of the rights set out above, please contact

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Last updated: September 2021