Privacy Notice
Last updated: 18 July 2026
1. WHO WE ARE
FourFound is a specialist recruitment business supporting the data center, energy infrastructure and related investment markets.
For the purposes of applicable data protection law, the organization responsible for your personal information is:
FourFound Group Ltd, trading as FourFound: Company number: 16838997
Registered offices
- 59–61 Charlotte Street, St Paul’s Square, Birmingham, West Midlands, B3 1PX, United Kingdom
- US office: 79 Greenwich Avenue, New York, NY 10014, United States
Website: fourfound.net
Privacy enquiries: info@fourfound.net
In this Privacy Notice, “FourFound”, “we”, “us” and “our” refer to FourFound Group Ltd.
2. WHO THIS PRIVACY NOTICE APPLIES TO
This Privacy Notice applies to:
- Candidates and prospective candidates
- People applying for vacancies through our website
- Individuals whose professional information we receive through job boards, professional networks, referrals or public sources
- Clients, prospective clients and hiring organizations
- Suppliers, consultants and other business contacts
- Visitors to the FourFound website
- People who contact us by email, telephone, social media or through an online form
3. Personal information we collect
The information we collect/may collect depends on your relationship with FourFound.
Candidate information
- Your name, email address, telephone number and location
Your résumé or CV - Employment history and current employment details
- Qualifications, professional memberships and certifications
- Skills, experience and areas of specialization
- Salary information, compensation expectations and notice period
- Work preferences, relocation preferences and availability
- Right-to-work or visa information
- Information provided during interviews or conversations with our consultants
- References and referee contact details
- Information relating to applications, interviews, offers and placements
- Publicly available professional information, including information from LinkedIn, company websites, job boards and professional directories
- Correspondence and records of our communications with you
Client and business contact information
- Name, job title and employer
- Business email address and telephone number
- Office location
- Hiring requirements and recruitment preferences
- Details of roles, projects and organizational requirements
- Records of meetings, correspondence and services provided
- Contract, billing and payment information
- Information about professional interests and business relationships
- Website and technical information
When you use our website, we may collect:
- IP address
- Browser and device type
- Operating system
- Pages visited and links selected
- Date, time and duration of visits
- Referring website
- Approximate location derived from an IP address
- Cookie preferences
- Security and fraud-prevention information
- Account and login activity where website accounts are available
4. How we obtain personal information
We may receive information:
Directly from you
Through a job application or CV submission
During telephone calls, meetings or interviews
From a client, colleague, referee or professional contact
From professional networking platforms such as LinkedIn
From job boards, recruitment databases and professional directories
From publicly available sources, including employer websites
From recruitment technology, customer relationship management and applicant tracking systems
Through cookies and similar technologies on our website
When we obtain candidate information from another source, we will provide appropriate privacy information within the period required by applicable law.
5. How we use personal information
We may use personal information to:
Assess your suitability for current or future opportunities
Match your experience with client requirements
Contact you about relevant roles
Manage applications and recruitment processes
Introduce suitable candidates to prospective employers
Arrange interviews and communicate feedback
Support offer negotiations and placements
Confirm qualifications, references and professional experience
Maintain relationships with candidates, clients and business contacts
Deliver recruitment, executive search and advisory services
Respond to enquiries
Operate and improve our website
Protect our website, systems and users from spam, fraud and unauthorized access
Maintain business, financial and legal records
Send relevant business or market communications where permitted
Comply with legal, regulatory and contractual obligations
Establish, exercise or defend legal claims
6. Our legal bases for using personal information
Where UK or European data protection law applies, we rely on one or more of the following legal bases:
Contract and steps requested before a contract
We may process information where it is necessary to provide recruitment services, manage an application, negotiate a placement or enter into an agreement with you.
Legitimate interests
We may process information where it is reasonably necessary for our legitimate business interests, including:
Identifying and contacting suitable candidates
Matching candidates with appropriate vacancies
Providing recruitment services to clients
Developing professional relationships
Protecting our website and systems
Improving our services
Maintaining appropriate business records
We consider whether these interests are proportionate and whether your rights or interests should take priority.
Consent
We may rely on your consent for particular activities, including certain marketing communications, optional cookies and the processing of some sensitive information.
You may withdraw your consent at any time.
Legal obligation
We may process information where necessary to comply with employment, tax, accounting, regulatory, immigration or other legal requirements.
A privacy notice must identify the lawful bases being relied upon because those bases affect the rights available to individuals.
7. Sharing your information with prospective employers
Where we believe you may be suitable for an opportunity, we may discuss the position with you and share relevant information with the hiring organization.
We will normally seek your agreement before sending an identifiable CV or candidate profile to a client unless you have already asked us to represent you for that particular opportunity.
Information shared with a client may include:
Your CV
Employment and qualification history
Salary expectations
Availability and notice period
Interview notes
References, where authorized
Other information relevant to the recruitment process
Clients receiving candidate information are responsible for handling it in accordance with applicable privacy law and their own privacy policies.
8. Sensitive personal information
Recruitment information can sometimes include sensitive information, such as:
Health or disability information
Information about reasonable adjustments
Race or ethnic origin
Religious beliefs
Sexual orientation
Trade union membership
Veteran status
Criminal conviction information
Please do not provide sensitive information unless it is relevant and necessary.
Where we process sensitive information, we will only do so where permitted by law, such as where you have provided explicit consent, where it is necessary for employment or equality obligations or where it is needed to establish or defend legal claims.
9. References and background checks
Where relevant to a role, we may request references, verify qualifications or arrange lawful background screening.
We will obtain any authorization or consent required before conducting checks through a third-party background screening provider.
In the United States, certain third-party employment background checks are regulated by the Fair Credit Reporting Act and require separate written disclosure and authorization.
10. Who we share information with
We may share personal information with:
Clients and prospective employers
Recruitment partners involved in a particular assignment
Referees and background screening providers
Website hosting, email and cloud storage providers
Customer relationship management and applicant tracking providers
IT support and cybersecurity providers
Website form and job-board technology providers
Analytics and website performance providers
Professional advisers, including lawyers, accountants and insurers
Regulators, courts, law enforcement agencies and public authorities where legally required
A purchaser, investor or successor if our business is sold, reorganized or transferred
Service providers are only permitted to use personal information to provide services to FourFound and must protect it appropriately.
We do not sell candidate CVs or personal information for monetary payment.
11. International transfers
FourFound works across the United Kingdom, United States and international markets. Your information may therefore be accessed or stored in a country different from the one in which it was collected.
Where UK or European personal information is transferred internationally, we use appropriate protections where required. These may include:
An adequacy decision or regulation
Approved standard contractual clauses
The UK International Data Transfer Agreement
The UK Addendum to European standard contractual clauses
Other safeguards permitted by applicable law
These contractual safeguards are designed to ensure that transferred information continues to receive an appropriate level of protection.
12. How long we retain information
We keep personal information only for as long as it is reasonably needed for the purpose for which it was collected.
Our general retention periods are:
Candidate records
Candidate profiles, CVs and recruitment correspondence will generally be retained for up to 24 months after our last meaningful contact with you.
We may contact you before that period ends to ask whether you would like FourFound to continue representing you.
Applications and placements
Records connected with a completed placement, contract, fee or commercial agreement may be retained for up to six years after the end of the relevant relationship where required for contractual, accounting, insurance or legal purposes.
Client and supplier records
Business and contractual records may generally be retained for up to six years after the end of the relevant relationship.
Marketing records
Marketing contact details will be retained until you unsubscribe, object or ask us to remove them. We may retain limited suppression information to ensure we respect your request.
Website and security records
Website logs and security records will generally be retained for up to 12 months, unless a longer period is required to investigate fraud, misuse or a security incident.
Information may be deleted sooner where it is no longer required. It may be retained longer where required by law or where reasonably necessary for legal claims.
Data protection law does not set one universal retention period. Organizations must establish and justify periods that reflect the purpose for which the information is held.
13. Cookies and similar technologies
Our website uses cookies and similar technologies for:
Essential website operation
Security and spam prevention
Remembering cookie preferences
User accounts and login sessions
Website performance and analytics
Embedded maps, videos or other third-party content
Strictly necessary cookies may be set without consent because they are required for the website to operate or remain secure.
Where required, analytics, advertising and other optional technologies will not be activated until you provide consent. You can change your choices through the Cookie Settings link on the website.
Website operators must clearly explain the cookies they use and obtain active consent for cookies that are not strictly necessary.
More information should be provided in our separate Cookie Policy.
14. reCAPTCHA and website security
We may use Google reCAPTCHA on forms to protect the website against spam, fraud and automated abuse.
reCAPTCHA may process technical and interaction information, including IP address, browser information, device information and how a user interacts with a form, for security and abuse-prevention purposes.
From 2 April 2026, Google acts as a processor of reCAPTCHA customer data rather than an independent controller. Google now recommends that website owners explain their own use of reCAPTCHA for security and fraud prevention rather than relying on the older wording linking users to Google’s Privacy Policy and Terms.
We may also use security services such as Wordfence to detect malicious traffic, unauthorized login attempts and other threats.
15. Embedded content and external websites
Pages on our website may include embedded maps, videos, images, social media content or other material provided by third parties.
When embedded content is loaded, the third party may receive technical information about your device and visit. It may also use cookies or similar technologies according to its own privacy practices.
Our website may link to external websites. FourFound is not responsible for the content, security or privacy practices of external websites.
16. Automated decision-making and artificial intelligence
FourFound may use technology to organize information, search candidate records or identify potentially relevant experience.
We do not make final recruitment or placement decisions based solely on automated processing without appropriate human involvement.
If we introduce technology that makes solely automated decisions producing legal or similarly significant effects, we will provide additional information about how it works and the rights available to affected individuals.
17. Security
We use reasonable organizational and technical measures designed to protect personal information against:
Unauthorized access
Accidental loss
Misuse
Alteration
Disclosure
Destruction
Access to candidate and client information is limited to people who require it for legitimate business purposes.
No internet transmission or electronic storage system is completely secure. You should avoid sending unnecessary sensitive information through unsecured email or website forms.
18. Your privacy rights
Depending on where you live and the law that applies, you may have the right to:
Request access to your personal information
Request correction of inaccurate information
Request deletion of information
Restrict certain processing
Object to processing based on legitimate interests
Receive certain information in a portable format
Withdraw consent
Object to direct marketing
Complain to a data protection regulator
The right to object must be clearly brought to an individual’s attention and consent must be as easy to withdraw as it was to provide.
To exercise a right, contact:
privacy@fourfound.net
We may need to verify your identity before completing a request. We will not discriminate against you for exercising a privacy right.
19. Privacy rights for United States residents
Residents of certain US states may have additional rights where the relevant state privacy law applies, including rights to:
Know or confirm whether personal information is being processed
Access personal information
Correct inaccurate information
Request deletion
Obtain a portable copy
Opt out of certain sales, targeted advertising or profiling
Limit certain uses of sensitive personal information
Appeal a decision relating to a privacy request
We do not sell candidate personal information for monetary payment.
Where applicable law treats particular analytics or advertising disclosures as a sale or sharing, you may exercise an opt-out through Cookie Settings or by contacting us.
California privacy law provides rights including access, deletion, correction and opting out of certain sales or sharing, but its detailed business obligations only apply when the relevant statutory conditions are met.
20. Children’s information
Our recruitment services and website are not directed toward children under 16.
We do not knowingly collect personal information from children under 16 through the website. If we learn that such information has been submitted, we will take reasonable steps to delete it.
21. Marketing communications
We may send relevant vacancies, market information, company news or service communications where permitted by law.
You may unsubscribe from marketing at any time by:
Using the unsubscribe link in an email
Contacting your FourFound consultant
Emailing privacy@fourfound.net
Unsubscribing from marketing will not prevent us from contacting you about an active application, placement, account, contract or direct enquiry.
22. Changes to this Privacy Notice
We may update this Privacy Notice to reflect changes to our services, technology, legal obligations or data-handling practices.
The latest version will be published on this page with the updated date shown at the top.
Where a change materially affects how we use personal information, we will take reasonable steps to bring it to the attention of affected individuals.
23. Contact us
Questions, requests or concerns about this Privacy Notice can be sent to:
Privacy Team
FourFound Group Ltd
59–61 Charlotte Street
St Paul’s Square
Birmingham
West Midlands
B3 1PX
United Kingdom
Email: privacy@fourfound.net
US office:
79 Greenwich Avenue
New York, NY 10014
United States
UK residents also have the right to complain to the Information Commissioner’s Office. We would appreciate the opportunity to address your concern directly before you contact a regulator.
