Privacy Policy

Effective date: 22 August 2025

Sixley is a peer-to-peer recommendations platform that allows individuals to express interest in, or recommend peers for, roles posted by hiring companies. We value privacy and confidentiality. If you are a hirer, your network remains your network—Sixley only contacts your network at your request and for the specific job. If you recommend a prospective candidate, we don’t share those details with the hiring company unless the person recommended confirms they’re interested.

This Privacy Policy explains how we collect, use, share and otherwise process information relating to individuals (“Personal Data”) and your rights and choices.

This Policy is reviewed regularly and was last updated on the date above.

1. Processing activities covered

This Policy applies to:

  • Visiting our websites that display or link to this Policy;

  • Using Sixley to hire for roles;

  • Recommending people for jobs or sharing jobs with individuals or groups;

  • Expressing interest in, or applying for, jobs;

  • Receiving communications from us (e.g., email, SMS);

  • Registering for our events.

Our site may link to third-party sites/services (including hiring companies). Their privacy statements govern their practices.

2. Who we are and our role

Controller. Sixley Ltd (85 Great Portland Street, First Floor, London, W1W 7LT, UK; “Sixley”, “we”) is the independent controller for Personal Data it processes for platform operation, provision, security, maintenance and improvement, analytics, fraud/misuse prevention, and legal/regulatory compliance.

Processor. Where we process Personal Data solely on behalf of a client in connection with that client’s recruitment activities (e.g., referrals, applications, screening, scheduling, recruitment reporting), the client is the controller (or, where it acts for a third-party controller, the client is a processor and the third party is the controller) and Sixley acts as processor under a Data Processing Addendum (DPA).

No joint controllership intended. If a competent authority determines otherwise, the parties will in good faith execute an Article 26 (or UK equivalent) arrangement allocating respective responsibilities.

Where the client acts as a processor on behalf of a third-party controller, the client warrants it is authorised to instruct Sixley and to bind the relevant controller to those instructions.

Contact: privacy@sixley.com.

3. Personal Data we collect

3.1 From you

Depending on your use, we may collect:

  • Applicants: name, role/seniority, contact details, CV/resume, LinkedIn profile, location (city/region), skills/experience, and other information you provide about your interest/fit.

  • Recommenders: name, role, contact details, your connection to the person you recommend, and any optional statement.

  • “Superconnector”/Talent Pool: your opt-in preferences and profile fields you choose to provide.

  • Website / support / events / payments: contact details, account credentials, communications, and (where relevant) billing or payout details (e.g., bank/PayPal for rewards).

Please avoid including special-category data (e.g., health, ethnicity, political opinions) unless we specifically request it and explain the lawful basis.

3.2 From other sources

  • Clients (role descriptions; whether a candidate was hired/not hired/already in process; confirmations needed for invoicing such as title, start date and base/guaranteed comp);

  • People who recommend or introduce you to Sixley;

  • Publicly available/professional sources, e.g., LinkedIn;

  • Service providers that help us validate, enrich or protect data (e.g., anti-fraud, security).

3.3 Device and usage data (websites)

We collect device/usage data (e.g., IP address, browser, pages viewed, timestamps) and use cookies and similar technologies for essential functions, analytics and—where you consent—advertising. You can manage preferences via our cookie banner and browser settings. See Section 5.

4. How we use Personal Data and legal bases

We process Personal Data for:

  • Operating and improving the platform; security and fraud/misuse prevention (legitimate interests; and, where needed, legal obligation).

  • Facilitating hiring workflows (introductions, messaging, scheduling, status updates, rewards) (contract or legitimate interests where no direct contract exists).

  • Talent Pool / anonymised profiles (see Section 6) (consent for joining; legitimate interests to present anonymised profiles; you can opt out any time).

  • Communications about your interactions, service messages and updates (contract/legitimate interests). Marketing (email/SMS) is consent-based; you can withdraw consent at any time.

  • Analytics and service improvement (legitimate interests; we use aggregate and de-identified insights where possible).

  • Payments / rewards administration (contract; legal obligation).

  • Legal and compliance (legal obligation; legitimate interests).

We may invite rejected applicants and recommenders to join the Talent Pool (legitimate interests). You can decline or opt out at any time.

Automated tools & profiling (no solely automated decisions). We use automated tools (including machine learning/AI) to help deduplicate, prioritise and categorise submissions, present relevant opportunities, detect spam/misuse and surface potential matches. These tools do not make solely automated decisions that produce legal or similarly significant effects about you; a person is always involved before such a decision would be taken. You can object to certain profiling or request human review: privacy@sixley.com.

Where we rely on legitimate interests, we balance our interests against your rights and expectations; summaries of these assessments are available on request.

5. Cookies and similar technologies

We use:

  • Essential cookies (required for site operation and security);

  • Analytics cookies (to improve our services);

  • Advertising cookies (to measure campaigns and, where you consent, show relevant ads).

We rely on consent for analytics/advertising cookies and on legitimate interests/necessity for essential cookies. You can change preferences any time via our cookie banner or your browser settings.

You can control cookies via our on-site cookie banner and your browser settings. Blocking some cookies may affect site features. We do not use legacy Flash cookies. We currently use widely adopted analytics/ad platforms and may update vendors over time.

6. Talent Pool and anonymised profiles

If you opt in to our Talent Pool:

  • We may display an Anonymised Profile (e.g., skills, seniority band, industry, years of experience, broad location and indicative compensation band). It does not include your name, personal contact details or other identifiers that would reasonably identify you.

  • If a hiring client expresses interest, we contact you to ask if you’re interested in the role or wish to recommend someone.

  • We do not disclose your identifiable details to a client unless and until you (or someone you recommend) actively apply or you give us explicit permission to share your details.

  • You can opt out or change preferences at any time via links in our messages or by contacting us.

7. How we share Personal Data

7.1 With clients (for specific roles)

If you apply for or are introduced/recommended for a specific role, we may share relevant details with that client for the sole purpose of recruiting that role (e.g., your name, role/seniority, contact details, CV/LinkedIn, your stated interest). If you do not apply/recommend for a specific role, we do not share your details with that client for that role.

If you are hired via Sixley, we may notify the person who recommended you so they can receive any reward/finder’s fee.

7.2 Service providers (sub-processors)

We use vetted providers (e.g., cloud hosting, email/SMS, analytics, payments, security, AI model providers) who process Personal Data on our behalf under contract. A current list of sub-processors is available on request.

7.3 Other disclosures

  • With event partners where necessary to register/host an event;

  • With professional advisers (lawyers, auditors, insurers) under confidentiality;

  • In connection with a corporate transaction (e.g., merger, acquisition), subject to safeguards;

  • Where required by law, court order or regulators.

We do not sell Personal Data.

8. International transfers

Where Personal Data is transferred outside the UK (and, where applicable, outside the EEA), we implement appropriate safeguards such as the UK International Data Transfer Agreement (IDTA) and/or the EU Standard Contractual Clauses with the UK Addendum, and apply technical and organisational measures to protect the data. Details are available on request. Where appropriate, we also implement supplemental technical and organisational measures (e.g., encryption in transit and at rest, access controls, and data minimisation).

9. Retention

We retain personal data only as long as necessary for the purposes set out in this Policy and to meet legal obligations. In particular, we retain certain records for at least 12 months to comply with UK employment agency legislation. We anonymise personal data for individuals who did not take action after 12 months. For individuals who did take action (e.g., applied, referred, messaged), we retain their records for up to 6 years from the last action to establish, exercise or defend legal claims, after which we anonymise them. We retain anonymised/aggregated insights indefinitely. Certain financial records (e.g., invoices, payout confirmations) may be retained for up to 6 years to meet tax and accounting obligations.

10. Your rights

Subject to law, you may have the right to access, rectify, erase, restrict or object to processing, and to data portability. You can withdraw consent at any time (for example, for marketing). We do not take decisions about you that are solely automated and produce legal or similarly significant effects; you may request human review of automated outputs, express your point of view and contest a decision.

To exercise rights, email privacy@sixley.com. We aim to respond within one month. You can also manage marketing preferences via unsubscribe links or by replying STOP to SMS.

11. Security

We use organisational, technical and physical measures to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. No method is 100% secure; please protect your account credentials and devices.

12. Children

Our services are not directed to individuals under 18, and we do not knowingly collect Personal Data from them. If you believe a child has provided Personal Data, contact us to remove it.

13. Changes to this Policy

We may update this Policy from time to time. We’ll update the effective date and, where appropriate, provide prominent notice (e.g., on our site or by email).

14. Contact & complaints

Controller/DPO contact:
Data Protection Officer
Sixley Ltd, 85 Great Portland Street, First Floor, London, W1W 7LT, UK
Email: privacy@sixley.com

You have the right to complain to the UK Information Commissioner’s Office (ICO): ico.org.uk or 0303 123 1113. If you are located in the EEA, you may also complain to your local supervisory authority.