Privacy Policy
Last updated: {insert date}
This privacy policy explains how Launchpad GCC collects, uses and protects your personal data when you use our website or engage with us as a candidate, client or contact.
1. Who we are and how to contact us
This website is operated under the Launchpad Search brand by Launchpad GCC Consulting W.L.L., the company responsible for your personal data (the "controller", referred to in this policy as "Launchpad", "we", "us" or "our").
Commercial Registration No.: 194532-1
Registered address: Office 2298, Building No. 747, Road 1124, Block 311, Salmaniya, Kingdom of Bahrain
Email: info@launchpadgcc.com
Telephone: +973 33505308
This website is not intended for children, and we do not knowingly collect data relating to anyone under 18.
We are not required by law to appoint a dedicated data protection officer, and we have not done so. Where the Bahrain Personal Data Protection Law requires it, we maintain our own register of processing activities. You can raise any privacy question, or exercise any of your rights, using the contact details above.
The laws we work to
We are based in the Kingdom of Bahrain and operate across the GCC and internationally. We handle personal data in line with the Bahrain Personal Data Protection Law (Law No. 30 of 2018, the "PDPL"), together with its Executive Regulations and the Ministerial Orders issued in 2022, as the law of our home jurisdiction; the EU General Data Protection Regulation (the "EU GDPR") where it applies to you; the UK General Data Protection Regulation (the "UK GDPR") where it applies to you; the Saudi Arabia Personal Data Protection Law (the "Saudi PDPL") where it applies to you; and any other data protection law that applies to you based on where you are located. The exact rights you have depend on which of these laws applies to you. Section 11 explains this.
2. The personal data we collect
Personal data is any information from which you can be identified. We group the data we collect as follows.
Identity data: first name, last name, any previous names, title, date of birth, nationality, photograph, and passport or national ID details where these are relevant to a role or a right-to-work check.
Contact data: home or business address, email address and telephone numbers.
Professional data: your CV, work history, qualifications, certifications, references, professional memberships, work preferences, salary expectations, notice period, right-to-work and visa status, and anything else you share with us about your career and the opportunities you are interested in.
Technical data: IP address, browser type and version, time zone and location, operating system and platform, and other details about the device you use to reach our website.
Usage data: information about how you use our website.
Marketing data: your preferences for hearing from us and your communication preferences.
If you are a client contact, we also hold transaction data, such as records of the invoices we issue and the payments we receive in connection with our work for your organisation. We do not pay candidates or contractors, and we do not collect bank or payment details from candidates.
We also use aggregated data, such as statistical or demographic information, which does not identify you and is not personal data.
2. The personal data we collect
Personal data is any information from which you can be identified. We group the data we collect as follows.
Identity data: first name, last name, any previous names, title, date of birth, nationality, photograph, and passport or national ID details where these are relevant to a role or a right-to-work check.
Contact data: home or business address, email address and telephone numbers.
Professional data: your CV, work history, qualifications, certifications, references, professional memberships, work preferences, salary expectations, notice period, right-to-work and visa status, and anything else you share with us about your career and the opportunities you are interested in.
Technical data: IP address, browser type and version, time zone and location, operating system and platform, and other details about the device you use to reach our website.
Usage data: information about how you use our website.
Marketing data: your preferences for hearing from us and your communication preferences.
If you are a client contact, we also hold transaction data, such as records of the invoices we issue and the payments we receive in connection with our work for your organisation. We do not pay candidates or contractors, and we do not collect bank or payment details from candidates.
We also use aggregated data, such as statistical or demographic information, which does not identify you and is not personal data.
3. How we collect your personal data
We collect personal data in three ways.
From you directly. When you complete a form on our website, send us your CV, ask about our services, subscribe to our insights, attend an event, or contact us by phone, email or post.
Automatically. As you use our website, we collect technical and usage data through cookies and similar technologies. Our Cookie Notice explains what we use and how to change your preferences.
From other sources. As a specialist executive search firm, we identify and approach potential candidates through professional networks, primarily LinkedIn, and through referrals. We may also receive information about you from referees you have nominated, current or former colleagues who introduce you, clients we are working for, public professional registers, and background or right-to-work screening providers we instruct.
If we approach you as a result of our own research rather than because you contacted us, we will tell you where we found your details, why we are getting in touch, and how to ask us to stop or to delete what we hold. Our basis for that first approach is our legitimate interest in connecting suitable professionals with relevant opportunities, balanced against your interests.
4. How and why we use your personal data
We only use your personal data where the law allows us to. The legal grounds we rely on are: performance of a contract with you, our legitimate interests (provided these do not override your rights), compliance with a legal obligation, and your consent. Where we rely on legitimate interests, we weigh the effect on you first.
Processing table reproduced in the Word pack. Purposes: registering and managing you; assessing suitability and putting you forward to employers; right-to-work, identity, reference, sanctions and background checks; delivering services to clients including invoicing; managing our relationship and enquiries; market insights and updates; running and securing the website; meeting AML, sanctions, immigration and tax duties; and establishing or defending legal claims.
Automated decisions. We do not make decisions about you by automated means alone where those decisions have a legal or similarly significant effect. A person is always involved in material decisions about you.
Marketing. We will only send you marketing where you have asked to hear from us, engaged our services, or otherwise indicated you are happy to receive it, and you have not opted out. You can stop marketing at any time using the unsubscribe link in any message or by contacting us. We will still send service messages you need for operational reasons. We will always ask for your clear consent before sharing your data with any third party for that party’s own marketing.
5. Sharing your details with employers and clients
This is the heart of what we do, so we want to be clear about it.
If you have engaged with us about a role, we may share your professional details with the relevant employer or client so they can assess you for it. We rely on our legitimate interest in providing the search service you have come to us for, and where you submit your details through our website, we will ask you to confirm at that point that you are happy for us to represent you.
Where the law that applies to you requires it, we will tell you which employer we intend to share your details with, or seek your specific consent, before each disclosure. You can ask us to stop sharing your details, or withdraw any consent you have given, at any time by contacting us. If you do, we will no longer be able to put you forward for opportunities.
6. Who else we share your personal data with
Alongside the employers and clients described above, we may share your personal data, only where necessary, with: service providers who support our business, including our IT, hosting, CRM, applicant-tracking, email, telephony and payment providers, who act only on our instructions; screening and verification providers who carry out background, identity and right-to-work checks on our or a client’s instruction; professional advisers such as lawyers, accountants, insurers and auditors; regulators, courts and authorities where we are required to disclose information by law; and a buyer or successor in the event of a sale, merger, reorganisation or insolvency of our business.
We require everyone we share data with to protect it, to use it only for the purposes we specify, and not to use it for their own purposes. We do not sell your personal data.
7. Sensitive information and CVs
Some information receives extra protection under data protection law. This includes data revealing racial or ethnic origin, family origins, religious or philosophical beliefs, political opinions, trade union membership, health, and criminal records, and, under the EU and UK GDPR, genetic and biometric data.
CVs are important here. A CV often contains this kind of information without you intending it to, for example through a photograph, your nationality, your date of birth, named memberships, or details of your health or personal circumstances. You do not need to include sensitive information in your CV, and we ask that you leave out anything that is not relevant to the roles you are interested in.
Where your CV or other materials do contain sensitive information, we only process it where a specific legal condition allows us to. Depending on the situation, this means with your explicit consent, where it is necessary to establish or defend a legal claim, where the law requires it (for example, certain right-to-work checks), or, for details you have clearly chosen to make public yourself (such as on a public professional profile), on that basis. We use it only for the purpose connected to your engagement with us, and we limit who can see it.
8. International transfers
We are based in Bahrain and work internationally, so your personal data may be transferred to, stored in, or accessed from countries outside Bahrain, the European Economic Area and the United Kingdom, including where an employer, client or service provider is located. Some of these countries do not have the same data protection laws as your own.
When we transfer personal data internationally, we put appropriate safeguards in place: transfers to countries recognised as providing an adequate level of protection by the Bahrain Personal Data Protection Authority, the European Commission, or the UK Government, as relevant; the Standard Contractual Clauses approved by the European Commission, or the UK International Data Transfer Agreement or Addendum, with our recipients, backed by additional measures where needed; authorisation from the Bahrain Personal Data Protection Authority where the PDPL requires it; and strong contractual and security commitments from every recipient.
We rely on your explicit consent for a transfer only where no other safeguard is available and the transfer is occasional, for example a one-off introduction to an employer in a country without an adequacy decision. You can ask us for a copy of the safeguards that apply to a specific transfer using the contact details in this policy.
9. Data security
We have appropriate technical and organisational measures in place to protect your personal data against loss, misuse, unauthorised access, alteration and disclosure. We limit access to those who need it for their work, and they are bound by a duty of confidentiality.
We have procedures to handle any suspected personal data breach. Where a breach is likely to cause significant harm, we will notify the Bahrain Personal Data Protection Authority, and any other supervisory authority we are required to inform, and we will tell you where the law requires us to.
10. How long we keep your personal data
We keep your personal data only for as long as we need it for the purposes we collected it, including to meet legal, tax, accounting and regulatory requirements. In deciding how long to keep data, we consider its amount, nature and sensitivity, the risk of harm, the purpose, and whether we can achieve that purpose another way.
As a guide: candidate records, for as long as we are in contact with you about opportunities, and for up to two years after our last meaningful contact (you can ask us to delete your record at any time); records of completed placements, for the length of the engagement plus the period required by tax, immigration, employment and contract law, typically six to seven years; client and client-contact records, for the length of our relationship plus the period required by tax and contract law, typically six to seven years; and marketing data, until you unsubscribe, plus a short period afterwards so we can honour your opt-out. Where we anonymise data so it can no longer be linked to you, we may keep and use it indefinitely.
11. Your rights
You have rights over your personal data. The exact rights you have depend on the law that applies to you, but they generally include the right to be informed about how we use your data; to access the personal data we hold about you; to correct data that is inaccurate or incomplete; to request erasure of your data in certain circumstances; to object to processing we carry out on the basis of legitimate interests; to object at any time to direct marketing, which we will always honour; to request that we restrict our processing in certain circumstances; and to withdraw consent at any time where we rely on it, which does not affect anything we did lawfully before you withdrew it.
If the EU or UK GDPR applies to you, you also have the right to data portability (to receive certain data in a portable format or have it sent to another provider) and the right not to be subject to a solely automated decision with legal or similarly significant effects.
If you are resident in another jurisdiction, such as the United States, you may have additional rights under your local law. Contact us and we will tell you what applies and how to exercise it.
To use any of these rights, contact us using the details in section 1. You will not normally pay a fee, although we may charge a reasonable fee or decline a request that is clearly unfounded, repetitive or excessive. We may ask you to confirm your identity first, so that we do not disclose your data to the wrong person. We aim to respond within one month, and will tell you if a complex or high-volume request needs longer.
12. Complaints
If you have a concern about how we handle your personal data, please raise it with us first using the details in section 1. We would genuinely rather put something right than have you go elsewhere.
If you are not satisfied, you have the right to complain to a supervisory authority, including: in Bahrain, the Personal Data Protection Authority, whose functions are exercised through the Ministry of Justice, Islamic Affairs and Waqf (pdp.gov.bh); in the United Kingdom, the Information Commissioner’s Office (ico.org.uk); and in the European Economic Area, the data protection authority of the country where you live, work, or where the issue arose.
13. Changes to this policy
We keep this policy under regular review. This version was last updated on the date shown at the top. You can ask us for previous versions. Please keep us informed if your details change, so that what we hold stays accurate.
14. Third-party links
Our website may link to other websites, plug-ins and applications. Following those links may allow third parties to collect data about you. We do not control those sites and are not responsible for their privacy practices, so we encourage you to read the privacy policy of any site you visit.