Legal

Privacy Policy

We are committed to protecting your personal data. This policy explains what we collect, why we collect it, how we use it and what rights you have under GDPR.

Effective: 1 January 2025 Regulation: GDPR & Data Protection Acts 1988–2018 Version: 1.0
Section 01

Who We Are

Midlands Workforce Limited ("we", "us", "our") is a specialist international recruitment agency registered in the Republic of Ireland. We connect skilled Filipino professionals with Irish employers across the Healthcare & Nursing and Hospitality & Tourism sectors.

For the purposes of the General Data Protection Regulation (EU) 2016/679 ("GDPR") and the Data Protection Acts 1988–2018, Midlands Workforce Limited is the Data Controller responsible for the personal data we hold about you.

Data Controller: Midlands Workforce Limited
Contact: [email protected]
Phone: +353 (0)XX XXX XXXX
Supervisory Authority: Data Protection Commission (DPC), Ireland — www.dataprotection.ie
Section 02

What Data We Collect

The personal data we collect depends on whether you are a candidate, an employer or a general website visitor.

2.1 Candidate Data

  • Full name, date of birth and nationality
  • Contact details: email address, phone number, current address
  • Curriculum vitae (CV) — employment history, education, qualifications and skills
  • Professional registration details (e.g. NMBI nursing registration number, POEA documentation)
  • Right-to-work and immigration status information
  • Passport and identity document details (where required for permit applications)
  • Bank account details (where required for payroll or relocation support)
  • Emergency contact information
  • Any other information you voluntarily provide to us

2.2 Employer / Client Data

  • Company name, registered address and company registration number
  • Contact person name, job title, email address and phone number
  • Billing address and payment information
  • Vacancy details and workforce requirements
  • Any correspondence exchanged with our team

2.3 Website Visitor Data

  • IP address and browser type (collected automatically via server logs)
  • Pages visited, time spent on site and referral source
  • Cookie identifiers and consent preferences (see Section 11)
  • Any information submitted via contact or enquiry forms
Special Category Data: In limited circumstances (e.g. where a nursing role requires health screening), we may need to process special category data such as health information. We will only do so with your explicit written consent and where strictly necessary for the purpose of the placement.
Section 03

How We Collect Your Data

We collect personal data through the following channels:

3.1 Directly From You

  • When you submit a CV via our website contact form or email
  • When you register a vacancy as an employer
  • When you contact us by phone, email, WhatsApp or social media
  • When you attend a recruitment event, assessment day or interview facilitated by us
  • When you sign a Service Agreement or placement contract

3.2 From Third Parties

  • Referrals from other candidates or employer partners
  • Professional networking platforms (e.g. LinkedIn) where you have made your profile publicly available
  • Philippine government bodies (e.g. POEA / DMW) in connection with overseas employment documentation
  • Irish regulatory bodies such as NMBI (for nursing registration verification)
  • Reference providers named by you during the placement process

3.3 Automatically

  • Via cookies and similar technologies when you browse our website (see Section 11)
  • Via our analytics provider (Google Analytics) — aggregated and anonymised where possible
Section 04

Lawful Basis for Processing

Under GDPR, we are required to have a lawful basis for processing your personal data. We rely on the following bases, depending on the context:

Article 6(1)(a)

Consent

You have given clear, informed consent — for example, when you submit your CV or agree to be added to our candidate database.

Article 6(1)(b)

Contract

Processing is necessary to perform a contract with you, or to take steps at your request before entering into one — such as preparing a placement agreement.

Article 6(1)(c)

Legal Obligation

Processing is required to comply with Irish employment law, immigration regulations, tax obligations or other legal requirements.

Article 6(1)(f)

Legitimate Interests

Processing is necessary for our legitimate business interests — for example, maintaining employer contact records, fraud prevention and improving our services — where these are not overridden by your rights.

Where we rely on consent, you have the right to withdraw it at any time. Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal.

Section 05

How We Use Your Data

5.1 For Candidates

  • Evaluating your suitability for specific roles and presenting your profile to relevant employer clients
  • Communicating with you about vacancies, application progress and placement logistics
  • Verifying your qualifications, professional registrations and right to work in Ireland
  • Assisting with Irish employment permit and visa applications on your behalf
  • Providing pre-departure orientation and post-arrival pastoral support
  • Maintaining a record of your placement history with us
  • Sending relevant updates about new opportunities (you may opt out at any time)

5.2 For Employers

  • Processing and managing vacancy registrations
  • Presenting candidate profiles that match your requirements
  • Administering placement agreements and invoicing
  • Providing ongoing account management and compliance support
  • Sending relevant updates about our services (you may opt out at any time)

5.3 For All Users

  • Responding to enquiries submitted via our website, email or phone
  • Improving the functionality and content of our website
  • Complying with legal obligations and defending legal claims if necessary
  • Preventing fraud and ensuring the security of our systems
We will never sell your personal data to third parties. We will never use your data for purposes that are incompatible with those described in this policy without first obtaining your explicit consent.
Section 06

Who We Share Your Data With

We do not sell personal data. We share it only in the following limited circumstances and only with parties who are contractually bound to protect it:

6.1 Employer Clients

Candidate profile information (CV, qualifications, professional registrations) is shared with employer clients for the purpose of evaluating your suitability for a specific vacancy. We will inform you before sharing your profile with any employer.

6.2 Irish and Philippine Regulatory Bodies

Where required for permit applications, visa processing or professional registration (e.g. NMBI, the Department of Enterprise, Trade and Employment, or POEA/DMW in the Philippines), we will share relevant documentation with the appropriate authorities.

6.3 Service Providers (Data Processors)

We use trusted third-party service providers who process data on our behalf under strict data processing agreements:

  • GoHighLevel (GHL) — our CRM, website hosting and form processing platform
  • Google (Analytics & Workspace) — website analytics and business email
  • Cloud storage provider — secure document storage for CVs and placement records
  • Accounting software — for invoicing and financial record-keeping

6.4 Legal and Regulatory Requirements

We may disclose personal data if required to do so by law, court order, or at the request of a competent regulatory or law enforcement authority.

6.5 Business Transfers

If Midlands Workforce Limited is acquired, merged or undergoes a corporate restructuring, personal data held by us may be transferred to the new entity, subject to the same privacy protections as set out in this policy.

Section 07

International Data Transfers

As an agency that operates between Ireland and the Philippines, the nature of our work involves transferring personal data internationally. We take this responsibility seriously.

7.1 Transfers to the Philippines

The Philippines does not currently hold an EU adequacy decision. Where we transfer personal data to the Philippines (for example, when communicating with candidates located there), we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Explicit candidate consent where SCCs are not applicable
  • Transfer only of information strictly necessary for the placement process

7.2 Transfers Within the EEA

Data transfers within the European Economic Area are permitted under GDPR without additional safeguards.

7.3 US-Based Service Providers

Some of our technology service providers (including GoHighLevel and Google) are based in the United States. These providers participate in approved data transfer mechanisms and are bound by contractual obligations that ensure your data receives equivalent protection to that required under GDPR.

You have the right to request details of the specific safeguards we have in place for any international transfer of your data. Contact us at [email protected].
Section 08

How Long We Keep Your Data

We retain personal data only for as long as is necessary for the purpose it was collected, or as required by law. Our standard retention periods are as follows:

Data Type Retention Period Reason
Candidate CV & profile (active) 24 months from last activity Ongoing matching and placement opportunities
Candidate CV & profile (placed) 5 years from placement end Irish employment law record-keeping obligations
Employer contact records Duration of relationship + 3 years Contract management and legitimate business interests
Placement agreements & invoices 7 years from date of issue Irish tax law (Revenue Commissioners requirement)
Employment permit documentation 7 years from expiry of permit Department of Enterprise, Trade & Employment compliance
Website enquiry form submissions 12 months Business correspondence records
Cookie consent records 13 months Demonstrating GDPR consent compliance
Website analytics data 26 months (anonymised) Website performance analysis

When data is no longer required, it is securely deleted or anonymised. You may request earlier deletion at any time — see Section 9.

Section 09

Your Rights Under GDPR

As a data subject, you have the following rights under the GDPR. These rights apply from the moment we hold your personal data.

Right of Access

Request a copy of all personal data we hold about you (a Subject Access Request).

Right to Rectification

Request that inaccurate or incomplete personal data we hold about you is corrected.

Right to Erasure

Request deletion of your personal data ("right to be forgotten"), subject to legal retention obligations.

Right to Restrict

Request that we restrict the processing of your data in certain circumstances, e.g. while accuracy is contested.

Right to Portability

Receive your personal data in a structured, machine-readable format and transfer it to another controller.

Right to Object

Object to processing based on legitimate interests or direct marketing at any time with immediate effect.

How to exercise your rights: Submit a request to [email protected]. We will respond within 30 days. We may ask you to verify your identity before processing your request. There is no fee for exercising your rights unless a request is manifestly unfounded or excessive.
Section 10

How We Protect Your Data

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, loss, alteration or disclosure.

  • All data transmitted via our website is encrypted using TLS/SSL
  • Access to personal data within our organisation is restricted to staff who need it to carry out their role
  • Our CRM and data storage systems are password protected with multi-factor authentication enabled
  • We conduct regular reviews of our data handling and security practices
  • All third-party service providers are assessed for data security compliance before engagement
  • Paper documents containing personal data are stored securely and destroyed when no longer required

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Data Protection Commission within 72 hours of becoming aware of it, and we will notify you directly without undue delay where required by law.

While we take every reasonable precaution, no method of internet transmission is 100% secure. If you have reason to believe your data has been compromised, please contact us immediately at [email protected].
Section 11

Cookies

Our website uses cookies — small text files placed on your device to help us operate the site, understand how it is used and (with your consent) support marketing activity.

We use the following categories of cookies:

  • Essential cookies — required for the site to function; cannot be disabled
  • Functional cookies — remember your preferences and improve your experience
  • Analytics cookies — help us understand visitor behaviour (Google Analytics)
  • Marketing cookies — support advertising campaigns (only with your consent)
For full details of every cookie we use, the third parties involved and how to manage your preferences, please read our Cookie Policy.
Section 12

Children's Privacy

Our services are not directed at children under the age of 18. We do not knowingly collect personal data from anyone under 18 years of age.

All candidates must confirm they are at least 18 years old before submitting a CV or registering with us. If we become aware that we have inadvertently collected personal data from a person under 18, we will delete it promptly.

If you believe we may have collected data from a child, please contact us immediately at [email protected].

Section 13

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in the law, our data practices or the services we offer. When we make material changes, we will update the effective date at the top of this page.

Where we have your contact details and the changes significantly affect you, we will notify you directly by email. For all other changes, we encourage you to review this policy periodically.

Previous versions of this policy are available on request.

Section 14

Contact & Complaints

If you have any questions about this Privacy Policy, wish to exercise your data rights, or have a concern about how we have handled your personal data, please contact us in the first instance:

Midlands Workforce Limited — Data Controller
Email: [email protected]
Phone: +353 (0)XX XXX XXXX
Website: www.midlandsworkforce.ie

We will acknowledge your enquiry within 5 working days and aim to resolve it fully within 30 days. If you are not satisfied with our response, or if you believe we are processing your personal data unlawfully, you have the right to lodge a complaint with the Irish supervisory authority:

Data Protection Commission (DPC)
Website: www.dataprotection.ie
Phone: +353 1 765 0100
Post: 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland

This policy was last reviewed on 1 January 2025. Midlands Workforce Limited recommends that all users retain a copy for their records.

Ready to work with us?

Your data is in safe hands. Start your journey with an agency that takes privacy as seriously as it takes people.

Upload My CV Register a Vacancy