Privacy Policy

Last updated: 14th October 2021

Who are we?

Fincentria is part of the McGregor Boyall Group which consists of the following entities:

  • Fincentria Ltd
  • Dukebridge Partners Ltd
  • McGregor Boyall Associates Ltd
  • McGregor Boyall Associates (PTE) Ltd
  • McGregor Boyall Associates (HK) Ltd
  • McGregor Boyall Associates S.P z.o.o
  • McGregor Boyall Digital
  • Creative Recruitment Ltd

Head Office: 3rd Floor, 70 Gracechurch Street, London, EC3V 0HR


We are a consulting firm specialising in Governance, Risk and Compliance solutions to help companies thrive in the world’s most demanding regulatory environments. Fincentria is one of the consulting arms of the McGregor Boyall Group.

The McGregor Boyall Group provide recruitment consultancy services for contract, permanent and temporary placements. We also provide payroll services for contractors.

What does this Policy cover?

We at Fincentria take your personal data seriously. This policy:

  1. Sets out the types of personal data that we collect about you
  2. Explains how and why we collect and use your personal data
  3. Explains how long we keep your personal data for
  4. Explains when, why and with who we will share your personal data;
  5. Sets out the legal basis we have for using your personal data;
  6. Explains the effect of refusing to provide the personal data requested;
  7. Explains the different rights and choices you have when it comes to your personal data
  8. Explains how we may contact you and how you can contact us.

What personal data do we collect about you?

We collect the information necessary to be able to find available opportunities and further information needed to assess your eligibility through the different stages of recruitment. This information may include CVs, identification documents, educational records, work history, employment, comments, references, email addresses and contact details.

We may also collect sensitive personal data about you that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership or genetic or biometric data of information concerning an individual’s health, sex life, sexual orientation and criminal convictions information. We collect this data on a strictly voluntary basis and will only use this data for the purpose of statistical analysis. We only collect sensitive personal data from you, and further process this data, where you have given your explicit consent. All such data will be anonymised or pseudonymised to protect your privacy.

Where do we collect personal data about you from?

The following are the different sources we may collect personal data about you from:

    • Directly from you. This is information you provide while searching for a new opportunity and/or during the different recruitment stages.
    • From an agent/third party acting on your behalf. e.g. Contractors Limited Company.
    • Through publicly available sources. We use the following public sources: LinkedIn, Job boards and CV databases.
    • By reference or word of mouth. For example, you may be recommended by a friend, a former employer, a former colleague or even a present employer.

Where we collect your information through publicly available sources as set out above, we may do this with the aid of software programs’ such as Broadbean, SourceBreaker or Bullhorn. These programs are given parameters on the requirements of a role and search through publicly available sources to find such candidates. These programs are designed to only output information on candidates that meet the search criteria. The parameters of these programs are restricted to only searching for name, job role, technical skills, experience and location which is candidate information from public sites or provided by you and where there is a reasonable expectation that such information may be collected and further processed by job recruiters for the purpose of sourcing candidates for different job roles.

How and why we use your personal data?

We use your personal data to match your skills, experience and education with a potential employer. We will initially collect basic information on you such as contact details, job role and experience and then pass this on to the client in search of personnel, once you have confirmed you are happy to be put forward for the role. If you are chosen by the client and go through to the next stage we will then be collecting more information from you at the interview (or equivalent) stage and onwards in that manner.

How long do we keep your personal data for?

We keep your information in accordance as follows:

  • Candidate data: 4 years
  • Contractor data: 7 years
  • Client contact details: 5 years

Who do we share your personal data with?

Once consulting with you to confirm you are happy with us putting you forward for a role, your personal data is shared with the client who initiates a search for personnel. The search for which you are considered, to ascertain if you are a good fit for the available position.

Depending on the stage of the process, we may conduct checks on you to verify the information you have provided and where we do this we may share your information with any of the following companies:

    • Verifile Limited
    • Experian Limited
    • The Disclosure and Barring Service
    • Access Personal Checking Services Limited
    • Higher Education Degree Datacheck
    • Graduate Prospects Ltd (HEDD)
    • HireRight
    • Disclosure Scotland

Your data will never be sold; however, your data may need to be disclosed to a third party as part of the recruitment process.

How do we keep your data safe?

We know how much data security matters to both our candidates and our clients. With this in mind, we treat all data with the utmost care and take all appropriate steps to protect it. Our commitment to information security is evidenced by our CyberEssentials Plus and ISO 27001 certifications.

CyberEssentials Plus certification demonstrates that we have implemented effective cyber security controls and therefore enables us to develop a relationship of trust with our clients and candidates. We also recognise that information security is not simply about cyber security. Rather, it is only part – although a very important part – of a bigger security picture. This awareness of information security in its broadest sense prompted our decision to gain and maintain ISO27001 certification, thereby embedding an awareness of information security into our corporate culture.

What happens if you do not provide us with the information we request or ask that we stop processing your information?

If you do not provide the personal data necessary, or withdraw your consent for the processing of your personal data, we may not be able to match you with available job opportunities or, if you are a client, match appropriate candidates to your job opportunities.

Do we make automated decisions concerning you?

No, we do not carry out automated profiling.

Do we use Cookies to collect personal data on you?

To provide better service to you on our websites, we use cookies to collect your personal data when you browse. See our cookie policy here for more details.

Do we transfer your data outside the EEA?

To better match your employee profile with current opportunities we may transfer your personal data to clients and partners in countries outside the EEA. These countries privacy laws may be different from those in your home country. Where we transfer data to a country which has not been deemed to provide adequate data protection standards we always have security measures and approved model clauses in place to protect your personal data. To find out more about how we safeguard your information as related to transfers contact us on

What rights do you have in relation to the data we hold on you?

By law, you have a number of rights when it comes to your personal data. Further information and advice about your rights can be obtained from the data protection regulator in your country.

What does this mean?

Rights What does this mean?
1. The right to be informed You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we’re providing you with the information in this Policy.
2. The right of access You have the right to obtain access to your information (if we’re processing it), and certain other information (similar to that provided in this Privacy Policy). This is so you’re aware and can check that we’re using your information in accordance with data protection law.
3. The right to rectification You are entitled to have your information corrected if it’s inaccurate or incomplete.
4. The right to erasure This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there’s no compelling reason for us to keep using it. This is not a general right to erasure; there are exceptions.
5. The right to restrict processing You have rights to ‘block’ or suppress further use of your information. When processing is restricted, we can still store your information, but may not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in future.
6. The right to data portability You have rights to obtain and reuse your personal data for your own purposes across different services. For example, if you decide to switch to a new provider, this enables you to move, copy or transfer your information easily between our IT systems and theirs safely and securely, without affecting its usability.
7. The right to object to processing You have the right to object to certain types of processing, including processing for direct marketing (i.e. if you no longer want to be contacted with potential opportunities).
8. The right to lodge a complaint Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, for example the ICO if you consider that the processing of personal data relating to you infringes this Regulation.
9. The right to withdraw consent If you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal data with your consent up to that point is unlawful). This includes your right to withdraw consent to us using your personal data for marketing purposes.

We usually act on requests and provide information free of charge, but may charge a reasonable fee to cover our administrative costs of providing the information for:

  • baseless or excessive/repeated requests, or
  • further copies of the same information.

Alternatively, we may be entitled to refuse to act on the request.

Please consider your request responsibly before submitting it. We’ll respond as soon as we can. Generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we’ll come back to you and let you know.

We take your privacy seriously and therefore may require you to prove your identity before we can release any information. When submitting a request, someone from our Privacy Team will be in touch regarding what types of ID are required.

How will we contact you?

We may contact you by phone, email or social media. If you prefer a contact means over another, please just let us know.

How can you contact us?

If you are unhappy with how we’ve handled your information, or have further questions on the processing of your personal data, contact our central Privacy Team here:

Privacy Team
Fincentria Ltd (a McGregor Boyall company)
70 Gracechurch Street