Privacy Policy

Last updated: April 2026

Introduction

AMG Search Limited (“AMG”, “we”, “us”, “our”) specialises in Financial Services and Wealth Management recruitment. The personal data that we process relates to our clients, candidates, and staff.

This policy sets out our commitment to ensuring that any personal data we process — including special category personal data — is handled in compliance with applicable data protection law, including the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and all relevant UK and EU data protection legislation.

We are committed to ensuring that good data protection practice is embedded in the culture of our staff and our organisation.

Scope

This policy applies to all personal data processed by AMG Search Limited. It forms part of our approach to compliance with data protection law, and all AMG staff are required to comply with it.

Our Data Protection Principles

We process personal data in line with the following principles:

  • Lawfulness, fairness and transparency — data is processed lawfully, fairly, and in a transparent manner.
  • Purpose limitation — data is collected for specified, explicit, and legitimate purposes and not used in a way that is incompatible with those purposes.
  • Data minimisation — we collect only what is necessary for the purposes we have identified.
  • Accuracy — data is kept accurate and, where necessary, up to date. We take reasonable steps to erase or correct inaccurate data without delay.
  • Storage limitation — data is kept only for as long as it is needed for the purposes for which it was collected.
  • Integrity and confidentiality — data is processed securely, using appropriate technical and organisational measures to protect against unauthorised access, loss, destruction, or damage.

We are committed to facilitating any request from a data subject who wishes to exercise their rights under data protection law, promptly and transparently.

How We Process Personal Data

AMG Search will:

  • Only collect and process personal data that is necessary for a purpose we have identified in advance.
  • Identify a lawful basis for processing personal data (including any special category data) before we process it.
  • Take reasonable steps to ensure the personal data we hold is accurate.
  • Retain personal data only for as long as is required, then securely dispose of or delete it.
  • Provide a privacy notice to anyone from whom we collect personal data, explaining why we are collecting it and what we intend to do with it.
  • Ensure appropriate security measures are in place for personal data held in both digital and paper formats.
  • Ensure staff who handle personal data are trained, supervised, and aware of their responsibilities under this policy.

Staff who breach this policy may be subject to disciplinary proceedings. Processing personal data in breach of data protection law can also be a criminal offence.

Your Rights as a Data Subject

You have the following rights under data protection law:

Right of access — You can ask what personal data we hold about you and receive a copy of it, along with information about why we process it, who we share it with, how long we keep it, and where it came from if not from you.

Right to rectification — You can ask us to correct inaccurate personal data concerning you without undue delay.

Right to erasure (“right to be forgotten”) — You can ask us to delete your personal data in certain circumstances, including where:

  • The data is no longer necessary for the purpose for which it was collected;
  • You have withdrawn your consent;
  • There is no lawful basis for the processing; or
  • We are under a legal obligation to erase it.

Right to restriction of processing — You can ask us to limit how we use your data if:

  • You contest its accuracy;
  • Our processing is unlawful but you do not want the data erased;
  • We no longer need the data but you need it to establish, exercise, or defend a legal claim; or
  • You have objected to the processing, pending verification.

Right to data portability — Where our processing is based on consent or a contract and is carried out by automated means, you have the right to receive a copy of the personal data you provided to us in a structured, commonly used, machine-readable format, and to transfer it to another data controller.

Right to object — You have the right to object to processing based on our legitimate interests or carried out in the public interest, unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.

Right to lodge a complaint — You have the right to complain to the Information Commissioner’s Office (ICO) if you believe we have not handled your personal data properly. You can contact the ICO at ico.org.uk or by phone on 0303 123 1113.

Special Category Personal Data

“Special category data” includes personal data revealing:

  • Racial or ethnic origin
  • Political opinions
  • Religious or philosophical beliefs
  • Trade union membership
  • Genetic data
  • Biometric data used to uniquely identify an individual
  • Data concerning health
  • Data concerning a person’s sex life or sexual orientation
  • Data about criminal convictions and offences

We only process special category data where we have a lawful basis to do so. Access to this data is restricted, additional security measures are in place, and we retain it only for as long as is strictly necessary.

Responsibility for Data Processing

If you have any concerns about how we handle your personal data, or if you wish to exercise any of your rights, please contact our Data Protection Lead:

Andy Gavin Email: andy.gavin@amgsearch.com Phone: 07800 837337

Monitoring and Review

This policy is reviewed at least every two years, or sooner if there are material changes to our processing activities or to data protection law. It was last updated in April 2026.