Privacy Policy

Iceberg Cyber Security Ltd is a recruitment company specialising in Finance and Technology in the UK, USA, Asia Pacific and Europe.

Your privacy is important to us and we take it very seriously. We want to help everyone who uses Iceberg Cyber Security Ltd, the Agency to get the most out of it. This policy covers all our Iceberg Cyber Security brands and their associated products and services.

The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation which replaces the Data Protection Regulation (Directive 95/46/EC). The Regulation aims to harmonize data protection legislation across EU member states, enhancing privacy rights for individuals and providing a strict framework within which commercial organisations can legally operate. Even though the UK has left the EU, the GDPR will continue to be applicable in the UK going forward. Furthermore the Information Commissioner’s Office (ICO) has laid out its intention to continue with a similar level of regulation post Brexit

This policy lies out in plain English how GDPR and the current Privacy Directive applies to the way Iceberg Cyber Security Ltd handles your personal data. Our aim is to be responsible, relevant and secure when using your data. Iceberg Cyber Security Ltd specializes in IT recruitment with in the finance and e- commerce sectors.


Agency’ – is Iceberg Cyber Security Ltd and all known entities

‘End Client’ – The company for which the Agency is working on behalf of to fill the role/job vacancy (permanent or Contract)

‘RPO’ – Recruitment processing Outsource Company who works on behalf of the End Client.

If you are apply for an Advertised role – Our expectation is that you give consent to Iceberg Cyber Security to store your CV and the data contained within for the purposed f the application. It may become necessary to share this data with a third party in order to proceed with your application. This third party may be the end Client, or their RPO.

If you are contacted by our team who has made contact via social media channels, and you have expressed interest in a role, it is expected that data shared during this time will be stored on our data base for the purpose of the application. Our expectation is that you give consent to Iceberg Cyber Security Ltd to store your CV and the data contained within for the purposed f the application. It may become necessary to share this data with a third party in order to proceed with your application. This third party may be the end Client, or their RPO

If you are a Ltd company contractor or Agency worker, we will store all relevant compliance information as requested by the end client and/or their RPO, In order for you to proceed with the application and compliance process you must allow consent.

If this is not your expectation, please do not submit your CV or other data to our portal on our website, or email a copy of your CV or other data  to a Iceberg Cyber Security Ltd/thisisiceberg  email address.

Entering your email address or uploading your CV, or supplying other data, indicates that you have read and understood the terms and conditions of the policy. Please take a moment to read through what information we collect about you, who we share it with and how they might use it.

We collect:

  • CV – This may contain Name/e-mail address/telephone number / residential address. All will only ever be used to contact you regarding a relevant job role. This will only be shared with a potential hirer with your permission to proceed with an application. You will be asked to give your consent for Iceberg Cyber Security Ltd to represent you.
  • We may request your salary expectation to allow us to match your requirement.
  • We may store details regarding previous companies worked for as listed on your CV to ensure we have a full picture of your need and requirements.
  • The End Client may request further personal information which will be requested by Iceberg Cyber Security Ltd ,  stored by Iceberg Cyber Security Ltd  during the application process and may need to be passed on to the end client for the purpose of the application process only.
  • If you work as a Ltd Company Contactor or an Agency worker via an Umbrella company we will store all compliance documentations requested by the end client and share only with their compliance processors and payroll department in line with legislation.
  • Iceberg Cyber Security Ltd use InTime an on-line processing portal to process payments. Payment details in the event of a Ltd Company Contractor and /or an Agency worker will be stored here.

Who controls my personal data?

  • The Data Controller is Iceberg Cyber Security Limited. It is  Registered in the UK Company Number 9990660
  • Registered Address: 6th Floor New London House, Fenchurch Street, London EC3R 7LP
  • The Data Controller’s representative is the HR Manager
  • You can contact them at
  • You can call them on: +44 203 887 6770
  • Iceberg Cyber Security Limited is registered as a Data Controller with the Information Commissioner’s Office Certificate Number ZA606802

What is the purpose and legal basis of the processing?

  • At Iceberg Cyber Security Ltd we will rely on your ‘consent’ to process personal data. This is defined by the General Data Protection Regulation (GDPR) standard of ‘consent’ as it’s legal basis for processing personal data
  • GDPR defines consent as ‘any freely given, specific, informed and unambiguous indication of the data subjects’ wishes by which you, by a statement or by a clear affirmation of action, signifies an agreement to the processing of personal data relating to you’
  • By replying submitting your personal data directly to the CV portal on line, responding to a an advertisement or willingly taking a call from a sales consultant and sharing your data, and expressing consent to proceed with an application process, you have accepted that you understand and accept this as a valid legal basis for processing and storing your personal data upon our database and in our InTime payment processing system.
  • Your data will not be shared with any third parties without your prior knowledge and agreement. A third party may be the end client and/or the RPO working on behalf of the end client.
  • Your personal data will not be shared with any third parties unconnected with Iceberg Cyber Security without consent.

What data will the Controller collect and process?

  • The categories of personal data are your name, e-mail address, contact telephone number, job title and other content of your CV document to assist with find you a relevant role or in line with an application your have made.
  • Personal Data may also include a link to a professional profile for example if one is available in the public domain e.g. LinkedIn, Facebook, Instagram or other social media platforms, open to viewing in the public domain.

Who will have access to the data?

  • The recipients of personal data are limited to Iceberg Cyber Security Ltd and all associated entities. From time to time we may share data with a third parties for example the end client and /or their RPO  at which we will need to submit your CV and or compliance documents to proceed with an application

Will the data leave the UK?

  • Iceberg Cyber Security Ltd advises all parties that data may be transferred outside of the UK when being submitted to a non UK based client. Please ensure you inform us if you do not wish to be submitted for an opportunity outside the UK.

How long will the data be kept for?

  • Personal Information – The Agency will maintain records for 5 years on our database to allow for us to give you   opportunity to appear in future searches and first opportunity to be informed about relevant roles on offer in your field of work. After 5 years we will seek consent to maintain information on our Database.
  • Accounting or financial information –  We  must keep your records  for 6 years from the end of the last company financial year they relate to, or longer if: they show a transaction that covers more than one of the company’s accounting periods. HMRC can carry out financial audits at any time and we, the Agency must be able to produce the documentation requested. After 6 years this information can be deleted.
  • Proof of right to work – We the Agency must keep documents for 2 years after a worker has stopped working for us the Agency/ supplier. We are required to keep passport records for Ltd company contractor (As we are the supplier – we could be investigated by Immigration any time during the assignment and for the 2 years from the end date of the assignment.
  • Iceberg Cyber Security Ltd will be required to deactivate personal data after the relevant retention period, or when they are in receipt of a data subjects request to do so, whichever is the earlier. The data subject has the right to change their mind and withdraw consent at any point during the retention period, in line with GDPR Regulation. Please be aware that immigration and HMRC rules will from time to time over rule the GDPR rules.