Privacy Policy
1. Introduction
HERO Recruitment Limited (“HERO”, “we”, “our” or “us”) is committed to protecting the privacy and security of your personal data. This Privacy Statement explains how we collect, use, store, share and protect personal data in connection with our recruitment services and related activities.
This statement is provided in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the Data Protection Acts 1988 to 2018, the ePrivacy Regulations 2011 (S.I. No. 336 of 2011), and the EU Artificial Intelligence Act (Regulation (EU) 2024/1689) (“AI Act”).
We encourage you to read this statement carefully. If you have any questions, please contact our Data Protection Officer using the details set out at Section 14 below.
2. Who We Are
HERO Recruitment is an award-winning Irish recruitment agency established in 1997, previously known as CCP Recruitment. HERO Recruitment Limited is a subsidiary of CCP Recruitment Limited. We have offices in Galway, Cork and Dublin.
HERO Recruitment Limited CRO Number: 581806 Tax Registration: 3418341LH Registered Address: 39D Briarhill Business Park, Briarhill, Galway
HERO Recruitment Limited is the data controller in respect of the personal data described in this statement.
3. Definitions
In this statement:
• “Candidate” means any individual who engages with HERO for the purpose of seeking employment, career guidance or recruitment services.
• “Client” means any individual, business or organisation that engages HERO to provide recruitment services.
• “Personal data” means any information relating to an identified or identifiable natural person, as defined in Article 4(1) of the GDPR.
• “Processing” means any operation performed on personal data, including collection, recording, storage, use, disclosure, and erasure.
4. What Personal Data We Collect
4.1 Data provided directly by you
When you engage with our services, we may collect the following categories of personal data:
• Identity and contact information: name, address, email address, telephone number
• Professional information: CV/curriculum vitae, employment history, qualifications, education, skills, professional certifications and memberships
• Links to professional profiles, including LinkedIn
• References and referee contact details
• Job preferences, salary expectations and career objectives
• Financial information where required for employment placement (e.g. bank details, PPS number)
• Any other information you choose to provide to us in the course of engaging with our services
4.2 Data obtained from third-party sources
We may also obtain personal data from the following sources:
• Publicly available professional profiles: We may source personal data from publicly available professional networking platforms, including LinkedIn, where this is relevant to our recruitment services. Where we do so, we will inform you at the point of first contact and confirm the lawful basis on which we process your data.
• Referees: We may obtain references from individuals you have nominated.
• Clients: Our client organisations may provide us with your contact details in the context of a recruitment assignment.
4.3 Data collected automatically
When you visit our website (www.hero.ie), we may automatically collect technical information including your IP address, browser type and version, time zone, operating system, and information about your visit such as pages viewed, time spent, and clickstream data. Please see Section 11 (Cookies and Website Analytics) below for further details.
5. How and Why We Use Your Personal Data
We process your personal data for the following purposes:
• Recruitment services: Reviewing your CV against suitable opportunities, matching you with roles, and sharing your details with prospective employers (with your consent).
• Client services: Providing recruitment services to our clients, including sourcing, screening and shortlisting candidates.
• Communication: Responding to your enquiries, providing career advice, and keeping you informed of relevant opportunities.
• Marketing: With your consent, sending job alerts, industry news, event invitations and information about our services.
• Compliance and legal obligations: Complying with legal and regulatory requirements, including employment law, tax obligations, and data protection legislation.
• Service improvement: Analysing how our services and website are used to improve our offerings.
6. Lawful Basis for Processing
We rely on the following lawful bases under Article 6 of the GDPR for the processing of your personal data:
• Consent (Article 6(1)(a)): Where you have given us your explicit consent to process your personal data for specified purposes, including direct marketing communications. You may withdraw your consent at any time (see Section 9 below).
• Performance of a contract (Article 6(1)(b)): Where processing is necessary for the performance of a contract to which you are a party, or to take steps at your request prior to entering into a contract.
• Legitimate interests (Article 6(1)(f)): Where processing is necessary for the purposes of our legitimate interests, provided those interests are not overridden by your rights and freedoms. Our legitimate interests include the effective provision of recruitment services, business development, and ensuring the security of our systems and data. Where we rely on legitimate interests, we carry out a balancing assessment and make this available on request.
• Legal obligation (Article 6(1)(c)): Where processing is necessary for compliance with a legal obligation to which we are subject.
7. Use of Artificial Intelligence and Automated Processing
HERO uses artificial intelligence (“AI”) tools as part of our recruitment operations to assist with activities such as candidate matching, CV analysis, communications drafting, and administrative processes.
We wish to be transparent about our use of AI:
• AI as an assistive tool: AI tools are used to support and enhance our consultants’ work. Our recruitment consultants retain oversight and final decision-making authority over all candidate-related decisions. AI outputs are reviewed by a human before any action is taken.
• No solely automated decision-making: We do not use AI or automated processing to make decisions that produce legal effects or similarly significantly affect you without meaningful human involvement. In the event that this position changes, we will update this statement and notify affected individuals in accordance with Article 22 of the GDPR.
• AI Act compliance: We are committed to compliance with the EU AI Act (Regulation (EU) 2024/1689), including the transparency obligations applicable to AI systems used in recruitment and employment contexts.
• Data protection: Where AI tools process personal data, this is done in accordance with the GDPR and the principles set out in this statement, including data minimisation, purpose limitation, and security.
If you have any questions about our use of AI, or wish to request further information about any automated processing that has been applied to your data, please contact our Data Protection Officer.
8. Sharing Your Personal Data
We may share your personal data with the following categories of recipients:
• Clients and prospective employers: With your consent, we will share your CV and relevant personal data with clients for the purpose of specific recruitment assignments.
• Service providers: We engage third-party service providers who process personal data on our behalf, including our CRM and applicant tracking system provider (TrackerRMS), IT support providers, cloud hosting providers, and marketing platforms. All such providers are bound by data processing agreements and are required to implement appropriate technical and organisational safeguards.
• Professional advisors: We may share data with our legal, accounting and insurance advisors where necessary.
• Regulatory bodies: We may disclose personal data where required by law, regulation, or order of a court or regulatory authority, including the Data Protection Commission.
We will not sell your personal data to any third party, nor share it with any third party for their own marketing purposes.
9. International Data Transfers
In the course of providing our recruitment services, your personal data may be transferred outside the European Economic Area (“EEA”). This may occur in the following circumstances:
• Where decision-makers within our client organisations are based outside the EEA and your data is shared with them in the context of a recruitment assignment;
• Where our third-party service providers (such as cloud hosting or CRM providers) process data on servers located outside the EEA; or
• Where you have applied for a role that involves an employer or work location outside the EEA.
Where personal data is transferred outside the EEA, we ensure that appropriate safeguards are in place in accordance with Chapter V of the GDPR. These safeguards may include:
• Adequacy decisions: Transfers to countries that the European Commission has determined provide an adequate level of data protection.
• Standard Contractual Clauses (SCCs): We use the EU Commission-approved Standard Contractual Clauses as the primary transfer mechanism where no adequacy decision is in place.
• Your explicit consent: In limited circumstances, and where no other safeguard is available, we may seek your explicit consent to a specific transfer.
You may request further information about the safeguards we have in place for international data transfers by contacting our Data Protection Officer.
10. Data Retention
We retain your personal data for a period of 5 years from the date on which you last engaged with our services or gave us consent to hold your information, whichever is later.
This retention period is justified on the basis that career management is a lengthy process. In our experience, candidates may return to the market at various stages over a multi-year period, and retaining data for this period enables us to provide a continuity of service. This retention period is reviewed regularly and kept under assessment.
At the end of the retention period, your data will be securely deleted or anonymised in accordance with our Data Destruction Policy. You may request deletion of your data at any time (see Section 12 below).
Where we are required to retain certain data for longer periods to comply with legal or regulatory obligations (for example, tax and employment records), we will do so for the minimum period required by law.
11. Cookies and Website Analytics
Our website uses cookies to distinguish you from other users, to improve your browsing experience, and to analyse how our website is used. When you first visit our website, you will be presented with a cookie consent banner. We will only place non-essential cookies on your device with your consent, in accordance with the ePrivacy Regulations 2011.
For further details about the specific cookies we use and how to manage your cookie preferences, please refer to our Cookie Policy, available on our website.
12. Your Rights
Under the GDPR, you have the following rights in relation to your personal data:
• Right of access (Article 15): You have the right to request a copy of the personal data we hold about you.
• Right to rectification (Article 16): You have the right to request that we correct any inaccurate or incomplete personal data.
• Right to erasure (Article 17): You have the right to request the deletion of your personal data in certain circumstances.
• Right to restriction of processing (Article 18): You have the right to request that we restrict the processing of your personal data in certain circumstances.
• Right to data portability (Article 20): You have the right to receive your personal data in a structured, commonly used and machine-readable format, and to transmit it to another controller.
• Right to object (Article 21): You have the right to object to processing based on legitimate interests or for direct marketing purposes.
• Rights related to automated decision-making (Article 22): You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you.
• Right to withdraw consent: Where processing is based on your consent, you may withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal.
To exercise any of these rights, please contact our Data Protection Officer using the details at Section 14 below. We will respond to your request within one month of receipt. In certain circumstances, this period may be extended by a further two months, in which case we will inform you of the extension and the reasons for it.
There is no charge for exercising your rights. However, where requests are manifestly unfounded or excessive, we may charge a reasonable fee or refuse the request, in accordance with the GDPR.
13. Right to Lodge a Complaint
If you are dissatisfied with how we have handled your personal data, you have the right to lodge a complaint with the Data Protection Commission:
Data Protection Commission 21 Fitzwilliam Square South Dublin 2, D02 RD28 Telephone: +353 (0)1 765 0100 / 1800 437 737 Email: info@dataprotection.ie Website: www.dataprotection.ie
We would, however, appreciate the opportunity to address your concerns before you approach the DPC, so please contact us in the first instance.
14. Data Protection Officer
Our Data Protection Officer is Michelle Kilcar. If you have any questions about this Privacy Statement, our data protection practices, or wish to exercise any of your rights, please contact:
Michelle Kilcar, Data Protection Officer HERO Recruitment Limited 39D Briarhill Business Park, Briarhill, Galway Telephone: 091 730022 Email: DPO@hero.ie
15. Changes to This Privacy Statement
We may update this Privacy Statement from time to time to reflect changes in our practices, legal requirements, or regulatory guidance. Any material changes will be posted on our website. Where changes are significant, we will take reasonable steps to notify you directly. We encourage you to review this statement periodically.
This statement was last reviewed and updated in April 2026.