Privacy Policy

GDPR / Privacy Statement

We are committed to protecting and respecting your privacy.  This notice sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand how we will use your personal data and your rights in relation to your personal data.

We are committed to the privacy and confidentiality of the information you have provided to us. We have appropriate physical, electronic and managerial protection measures in place to prevent unauthorised access or disclosure of your Personal Data and we educate our personnel to ensure that your trust in us is not misplaced.

“Candidates” are job candidates or prospective job candidates that we may contact speculatively to see if they would be interested in a new role with our client(s).
“Clients” are recruitment or search businesses who contract with us to provide them with details of Candidates who are willing to be considered for work directly with the Clients.

Who are we?

Company Name:  Bowden Mayes (company number 07004995)
Address: The Office, Saxon House, 2 Upper Marlborough Rd, St Albans AL1 3UR
GDPR contact:  Michael Bowden
Telephone: 01727 761407

We use a third-party supplier and software (Invenias) to process, control and manage data. These systems have been audited in line with GDPR commitments.

What personal data do we collect about you?

For Candidates: We collect the information necessary to be able to identify appropriate job opportunities for you and any further information needed to assess your eligibility through the various stages of the recruitment process. This information may include your name, address, mobile number, email address, work number, area of specialism, CVs and work history, educational records, salary data, employment references, commentary on fit to role, relevant information about your life situation (such as marital status) and relevant information about your personal life (such as hobbies, interests and commitments) and any relevant contact notes.  We do not collect any Special Category of information such as racial or ethnic origin, political opinions, religious or other similar beliefs, trade union memberships, physical or mental health, sex life, or criminal record or proceedings.

For Clients: We collect details that are necessary to perform the contract with you, including names, phone numbers, email addresses, company and necessary billing information. 

Where do we collect personal data about you from?

Candidates: Examples of sources from which we may collect Personal Data include the following:

  • We may obtain your Personal Data when you provide it to us (e.g., where you contact us (or we contact you) via email or telephone, or by any other means).
  • We may collect your Personal Data in the ordinary course of our relationship with you (e.g., if we offer to connect you with our Clients we may collect your Personal Data that relates to Client opportunities, such as your curriculum vitae).
  • We may collect Personal Data that you manifestly choose to make public, including via social media such as LinkedIn (e.g., we may collect information from your social media profile(s), to the extent that you choose to make your profile publicly visible).
  • We may receive your Personal Data from third parties who provide it to us (e.g., past employers; referees; industry contacts; and clients).

Clients: directly from you or a colleague or through publicly available sources.

How and why do we use your personal data?

Candidates: We may use your personal data to match your skills, experience and education with appropriate job opportunities. We will initially collect basic information on you such as contact details, job role and experience. If you are suitably qualified and interested in proceeding, we will, with your agreement, collect more information from you as you progress through the process e.g. to our interview stage and then to Client interview stage.  We will retain your personal data for consideration for further opportunities with our Clients unless expressly requested in writing.

Clients: We use your personal data for contacting you about Candidate opportunities, promoting your business to Candidates and for billing purposes.

Who do we share your personal data with?

Candidates: Your personal data is shared with the Client who initiates a search for personnel, to ascertain whether you might be a fit for the position. We may also conduct checks on you to verify the information you have provided and where we do this we may share your information with third parties for this purpose.  We may also share your information with our lawyers for the purposes of obtaining legal advice or with other appropriate bodies as required by law.

Clients: We do not share your information without your consent unless it is necessary to disclose your details to our lawyers for obtaining legal advice or as required by law.

How long do we keep your personal data for?

We keep data on file for a period of 7 years unless otherwise stipulated. Data would be hard erased after this time unless the candidate or client requests otherwise or has been engaged with during this time and data on them is necessary for archiving purposes in the public interest.

What legal basis do we have for using your information?

We have a legitimate interest in carrying out the Processing, which is not overridden by your interests, fundamental rights, or freedoms. Where we rely on this legal basis, our legitimate interests are:

  • our legitimate interest in the management and operation of our business;
  • our legitimate interest in the provision of services to our clients; and
  • our legitimate interest in the provision of information to our clients and candidates.

What happens if you do not provide us with the information we request or ask that we stop processing your information?

Candidates:  If you do not want us to process any of your personal data, we will not be able to contact you or consider you for any executive search assignments.

Clients: If you do not provide the personal data necessary, or request that we stop processing your personal data, we may not be able to fulfil the contract with you.

How do we safeguard your personal data?

We have implemented appropriate technical and organisational security measures designed to protect your Personal Data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, unauthorised access, and other unlawful or unauthorised forms of Processing, in accordance with applicable law. These include measures to deal quickly and efficiently with any suspected data breach; encryption on all digital devices; and processes to increase data safety and awareness.

What rights do you have in relation to the data we hold on you?

Subject to applicable law (GDPR), you have multiple rights when it comes to your personal data including those detailed below. Further information and advice about your rights can be obtained from the Information Commissioner’s Office (ICO) or the data protection regulator in your country.

  • The right of access to, or copies of your personal data that we control
  • The right to request rectification of any inaccuracies in your personal data
  • The right to request, on legitimate grounds the erasure of your personal data that we process or control, or restriction of processing your data that we process or control.
  • The right to object, on legitimate grounds, to the processing of your personal data.
  • The right to withdraw consent for us to process or control your data

Candidates and clients have the right to request personal data on them in a portable format. Data subjects must request their data by phone, email or letter stipulating what data they would like to access to, and this will be processed within 48 hours. We would send confirmation of this either by email or letter (whichever is most appropriate).  Any information will be provided free of charge, unless the request is repetitive, unfounded, or excessive, at which point we will charge a reasonable fee, as permitted under GDPR or we may be entitled to refuse to act on the request.  If data has been deleted, erased or otherwise irretrievable the subject will also be informed of this.

Changes to this statement

Any changes we may make to our Privacy Policy in the future will be posted on this page. We encourage you to periodically review this Statement to be informed of how Bowden Mayes is protecting your information.


Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a pleasant experience when you browse our website and allows us to improve our website. By continuing to browse the website, you are agreeing to our use of cookies.   Your browser and other choices may impact your experiences with our websites. You may delete and block all cookies or decide to just block certain types of cookie via your browser setting. However, if you choose to block or delete cookies, this may affect the functionality of the Site.

Cookies we use:

wp-settings-time- WordPress WordPress also sets a few wp-settings-{time}-[UID] cookies. The number on the end is your individual user ID from the users database table. This is used to customize your view of admin interface, and possibly also the main site interface.
wp-setting- WordPress WordPress also sets a few wp-settings-[UID] cookies. The number on the end is your individual user ID from the users database table. This is used to customize your view of admin interface, and possibly also the main site interface.
wordpress_test_cookie WordPress WordPress sets this cookie when you navigate to the login page. The cookie is used to check whether your web browser is set to allow, or reject cookies.
wordpress_sec WordPress Essential WordPress session management cookies for logged in users.
wordpress_logged_in WordPress After login, wordpress sets the wordpress_logged_in_[hash] cookie, which indicates when you’re logged in, and who you are, for most interface use.
gdpr_popup Bowden Mayes Used to detect if GDPR popup has been shown previously
_ga Google Analytics Used to determine a user’s inclusion in an experiment and the expiry of experiments a user has been included in.
_gid Google Analytics Used to distinguish users.
_gat_UA-********-1 Google Analytics This is a pattern type cookie set by Google Analytics, where the pattern element on the name contains the unique identity number of the account or website it relates to. It appears to be a variation of the _gat cookie which is used to limit the amount of data recorded by Google on high traffic volume websites.


If you wish to raise a complaint on how we have handled your Personal Data, you can contact our GDPR officer, Michael Bowden on  If you are not satisfied with our response or believe we are not Processing your Personal Data in accordance with the law, you can raise the complaint to the Information Commissioner’s Office.