Who are we?
Buy Side Recruitment is a specialist finance recruitment business. We place finance professionals across the buy side in London, including private equity, infrastructure, asset management, private credit, real estate, hedge funds, and venture capital. Every mandate is led personally by the founder, Michael Muir.
For questions about this policy or how we handle your data, contact us at: michael.muir@buysiderec.com
What does this policy cover?
This policy:
- Sets out the types of personal data we collect about you
- Explains how and why we collect and use your personal data
- Explains how long we keep your personal data
- Explains when, why, and with whom we share your personal data
- Sets out the legal basis we have for using your personal data
- Explains what happens if you choose not to provide data or ask us to stop processing it
- Explains your rights and how to exercise them
- Explains how we may contact you and how you can contact us
What personal data do we collect?
We collect information necessary to identify suitable opportunities and assess eligibility through the recruitment process. This includes:
- Name and contact details (email address, phone number, LinkedIn profile)
- CV, work history, qualifications, and career background
- Compensation information, where relevant to a specific search
- Notes from conversations, interviews, and candidate assessments
- References, where provided
We only collect sensitive personal data (such as health information or diversity data) where you have given explicit consent.
Where do we collect personal data from?
We collect personal data from the following sources:
- Directly from you — information you provide when registering interest, submitting a CV, or engaging with us during the recruitment process
- Publicly available professional profiles — including LinkedIn, the FCA register, Preqin, and industry directories
- Referrals — recommendations from colleagues, former employers, or others in your network
- Client firms — where a client provides contact details for individuals relevant to a mandate
- This website — if you submit an enquiry or lead capture form
How do we use your personal data?
We use your personal data to match your skills, experience, and background with relevant opportunities in buy-side finance. This includes:
- Identifying and approaching candidates for specific roles
- Assessing suitability and progressing candidates through a search process
- Presenting candidate profiles to client firms (with your knowledge)
- Maintaining our proprietary database of buy-side finance professionals in London
- Responding to enquiries received through this website
How long do we keep your personal data?
We retain personal data only for as long as it is necessary for the purposes described above. When determining how long to keep data, we consider:
- Our contractual obligations in relation to the data involved
- Any legal obligation to retain data for a defined period
- Our legitimate interests, assessed through a balancing test
- Whether you have requested deletion of your data
- Guidance issued by the Information Commissioner's Office (ICO)
As a practical guide: candidates in an active search are retained for the duration of that mandate plus six months. Candidates held on our broader database are retained for up to three years from the date of last contact, after which we will either re-confirm your consent or delete your data. Client contact data is retained for the duration of the relationship and up to two years after the last active mandate.
You may request deletion of your data at any time, regardless of these periods.
Who do we share your personal data with?
We do not sell or rent personal data. We may share data with:
- Client firms — with your knowledge, as part of an active recruitment process. Most of our clients are buy-side investment managers based in the UK, some with global offices.
- Technology providers — our CRM and communication tools that process data on our behalf. These providers are contractually bound to handle data securely and in line with UK GDPR.
We will not share your data with any third party for marketing or any purpose unrelated to recruitment without your explicit consent.
What is our legal basis for using your data?
For candidates and clients, our primary legal basis is legitimate interests: we have a legitimate business reason to process the data of finance professionals relevant to buy-side hiring, and to maintain contact with hiring firms. Before relying on this basis, we carry out a balancing test to ensure our legitimate interests do not override your fundamental rights. You can request details of these balancing tests by contacting us.
For clients, we may also rely on performance of a contract where processing is necessary to fulfil a recruitment mandate.
Where we process sensitive personal data (such as health or diversity information), we will always ask for your explicit consent before doing so.
What happens if you do not provide data or ask us to stop?
If you do not provide the personal data we need, or ask us to stop processing your data, we may not be able to match you with or progress you through available opportunities. Withdrawal of consent does not affect the lawfulness of any processing that took place before withdrawal.
Do we make automated decisions about you?
No. We do not use automated profiling or automated decision-making in our recruitment process. All assessments and decisions are made by Michael Muir personally.
Do we use cookies?
We do not currently use third-party tracking cookies or analytics tools on this website. If this changes, this policy will be updated and a cookie notice will be displayed.
Do we transfer your data outside the UK or EEA?
The majority of our clients are based in the UK. Where a client has offices outside the UK or EEA, candidate data may be shared with those offices as part of an active search process. In such cases, we take appropriate steps to ensure your data remains protected, including relying on adequacy decisions or standard contractual clauses where required. Contact us for further information on specific transfer safeguards.
Your rights
Under UK GDPR, you have the following rights in relation to your personal data:
| Right | What it means |
|---|---|
| Right to be informed | You have the right to clear, transparent information about how we use your data — which is what this policy provides. |
| Right of access | You can request a copy of the personal data we hold about you, and information about how we use it. |
| Right to rectification | You can ask us to correct any inaccurate or incomplete data we hold about you. |
| Right to erasure | You can ask us to delete your personal data where there is no compelling reason to continue processing it. We will comply within one month and remove data from all systems where it is held. |
| Right to restrict processing | You can ask us to pause or limit the way we use your data in certain circumstances. We will maintain a record of this restriction. |
| Right to data portability | You can ask us to provide your personal data in a structured, machine-readable format so you can transfer it to another service. |
| Right to object | You can object to processing based on legitimate interests, including being contacted about potential opportunities. |
| Right to withdraw consent | Where processing is based on consent, you can withdraw it at any time. Withdrawal does not affect the lawfulness of prior processing. |
| Right to complain | You have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe we have not handled your data appropriately. |
We respond to all requests free of charge within one month. For requests that are complex or numerous, we may extend this by a further two months, and will let you know. We may charge a reasonable administrative fee for requests that are manifestly unfounded or excessive.
How will we contact you?
We may contact you by email, phone, or LinkedIn message. If you have a preferred method of contact, please let us know and we will respect that preference.
Changes to this policy
We may update this policy from time to time. The current version will always be available on this page with the date of last update shown above. Where changes are material, we will notify individuals whose data we hold where appropriate.
Contact us
For any questions about this policy, to exercise your rights, or if you are unhappy with how we have handled your data: