Privacy Policy

Last updated: May 2026

1. Who We Are

VirdisGroup operates globally through the following entities:

VirdisGroup Limited
Prama House, 267 Banbury Road, Oxford, OX2 7HT, United Kingdom
Registered in England and Wales No. 02970311

VirdisGroup Sàrl
Le Chardon Bleu, 3 Chemin des Fenives, Leysin 1854, Switzerland

Together referred to as “VirdisGroup”, “we”, “us”, or “our”.

For the purposes of applicable data protection laws, including the UK GDPR, the Data Protection Act 2018, and the Federal Act on Data Protection, VirdisGroup Limited and VirdisGroup Sàrl act as joint controllers in respect of the personal data we process.

This means we jointly determine the purposes and means of processing personal data in connection with our executive search and talent advisory services.

Contact:
info@virdisgroup.com

2. Applicable Laws

We process personal data in accordance with applicable data protection laws, including:

  • The UK GDPR
  • The Data Protection Act 2018
  • The Federal Act on Data Protection

We adhere to the principles of lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, and integrity and confidentiality.

3. What Personal Data We Collect

Candidates / Potential Candidates

  • Name, contact details, and location
  • CVs, employment history, education
  • Compensation and benefits information (where relevant)
  • Interview notes, assessments, and correspondence
  • Publicly available professional information (e.g. LinkedIn)

Clients and Business Contacts

  • Name, job title, company details
  • Contact information
  • Records of communications

Website Users

  • Basic technical data (e.g. IP address, browser type)

4. How We Collect Your Data

We collect personal data through:

  • Direct interactions with you
  • Our research and sourcing activities, including platforms such as LinkedIn Recruiter
  • Referrals and recommendations
  • Publicly available sources
  • Our CRM system, LOXO

5. Source of Personal Data (Passive Candidates)

In addition to data collected directly from individuals, we may obtain personal data about potential candidates from third-party sources where individuals have not had prior direct contact with us.

These sources may include:

  • Publicly available professional profiles (e.g. LinkedIn)
  • Internal research and market mapping activities
  • Referrals and recommendations

In such cases, we will provide this Privacy Notice:

  • At the time of first communication, or
  • Within a reasonable period of obtaining the data (and at the latest within one month), in accordance with applicable law

6. How We Use Your Data

We use personal data to:

  • Identify and assess candidates for roles
  • Provide executive search and talent advisory services to clients
  • Communicate with candidates and clients
  • Maintain internal records and talent pools
  • Improve and develop our services

7. Legal Basis for Processing

Legitimate Interests

Our core business involves identifying and introducing candidates to clients. We process personal data where this is necessary for our legitimate interests, provided those interests are not overridden by your rights.

Consent

Where required (e.g. certain marketing communications or special category data), we will obtain your consent.

You have the right to withdraw your consent at any time.

Contractual Necessity

Where processing is necessary in relation to a contract or potential contract (e.g. candidate placement).

8. Legitimate Interest Assessment

Where we rely on legitimate interests, we undertake a Legitimate Interest Assessment (LIA) to ensure that our processing is necessary and proportionate and that our interests are not overridden by your rights and freedoms.

This includes consideration of:

  • The purpose of the processing (e.g. executive search and talent identification)
  • The necessity of using personal data to achieve that purpose
  • The impact on individuals and safeguards applied

You have the right to object to processing carried out on this basis at any time.

9. Special Category Data

In limited circumstances, we may process special category data, such as:

  • Diversity and inclusion information (e.g. gender, ethnicity)
  • Health-related information (where relevant and voluntarily provided)

Where we do so, we will:

  • Obtain your explicit consent where required, or
  • Rely on another lawful basis permitted under applicable law

We apply additional safeguards and only process such data where necessary and appropriate.

10. Data Sharing

We may share your personal data with:

  • Our clients (for recruitment and search purposes)
  • Service providers (including CRM systems such as LOXO)
  • Professional advisers

We do not sell your personal data.

11. International Data Transfers

As a global business, we may transfer personal data between the UK, Switzerland, and other jurisdictions.

  • The UK recognises Switzerland as providing an adequate level of data protection
  • Where data is transferred outside the UK or Switzerland (including to the United States via service providers such as LOXO), we implement appropriate safeguards, including:
    • Standard Contractual Clauses (SCCs)
    • The UK International Data Transfer Agreement (IDTA), where applicable

12. Data Retention

We retain personal data only for as long as necessary:

  • Candidate data: typically up to 3–5 years from last meaningful contact
  • Client data: for the duration of the relationship and as required for legal or business purposes

We aim to keep personal data accurate and up to date and encourage individuals to notify us of any changes.

13. Your Rights

Under applicable data protection laws, you have the right to:

  • Access your personal data
  • Request correction of inaccurate data
  • Request deletion of your data
  • Object to processing
  • Request restriction of processing
  • Request data portability (where applicable)
  • Withdraw consent at any time (where processing is based on consent)

You may also lodge a complaint with the Information Commissioner’s Office or your local supervisory authority.

14. Marketing Communications

We may contact you with relevant opportunities, insights, or updates where permitted by law.

You can opt out at any time by:

  • Clicking the “unsubscribe” link in communications
  • Contacting us directly

15. Data Security

We take appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or misuse.

16. Updates to This Notice

We may update this Privacy Notice from time to time. The latest version will always be available on our website.

17. Contact

If you have any questions about this Privacy Notice or how we handle your data, please contact:

info@virdisgroup.com