Data Protection Statement

Reckiapp Ltd
Last Updated: 22/02/2026

1. Our Commitment to Data Protection

Reckiapp Ltd (“Reckiapp”, “we”, “our”, or “us”) is committed to safeguarding personal data and maintaining the highest standards of privacy, security, and regulatory compliance across all our products and services.

As a provider of Salesforce-native recruitment and intelligence applications, we design our technology with data protection, governance, and transparency at its core. Protecting customer data is fundamental to how we build, deploy, and support our platform.

2. Our Role

In most engagements, Reckiapp acts as a Data Processor.

Our customers — recruitment agencies, staffing firms, and organisations using Salesforce — act as Data Controllers, determining the purpose and lawful basis for processing personal data within their Salesforce environment.

Reckiapp processes personal data only:

  • On documented customer instructions

  • Within the customer’s Salesforce instance

  • In accordance with applicable data protection legislation

We do not independently control or monetise customer data.

3. Regulatory Framework

Reckiapp operates in alignment with:

  • UK General Data Protection Regulation (UK GDPR)

  • EU General Data Protection Regulation (EU GDPR)

  • Data Protection Act 2018

  • Other applicable international privacy regulations where relevant

Compliance responsibilities relating to lawful processing, consent, and retention remain with the Data Controller.

4. Data Processed Through Our Applications

Depending on product configuration, Reckiapp applications may process:

  • Contact information (names, email addresses, phone numbers)

  • Candidate and placement records

  • Compliance documentation references and expiry data

  • Engagement history and activity records

  • Relationship intelligence and scoring data

  • Availability and scheduling information

  • Skills and structured metadata

  • Consent preferences and lawful processing indicators

All such data resides within the customer’s Salesforce environment.

Reckiapp does not extract, sell, or commercially exploit personal data.

5. Infrastructure & Hosting

Reckiapp applications operate natively within Salesforce.

We do not replicate or store customer production data externally unless explicitly required under a contractual agreement.

Security and hosting standards therefore align with Salesforce enterprise-grade infrastructure, including:

  • Encrypted data transmission (TLS/HTTPS)

  • Role-based access controls

  • Platform-level security and monitoring

  • Audit logging capabilities

6. Security Controls

We implement appropriate technical and organisational safeguards, including:

  • Principle of least privilege access

  • Secure authentication procedures

  • Access logging and monitoring

  • Metadata-driven governance controls

  • Controlled write-back logic within applications

  • Structured audit visibility within system workflows

Access to customer systems for support purposes is limited, controlled, and documented.

7. Data Minimisation & Purpose Limitation

Our products are engineered to:

  • Process only data required for functional performance

  • Avoid unnecessary duplication of records

  • Maintain structured and auditable workflows

  • Support compliance through transparent logic

We apply Privacy by Design principles throughout our development lifecycle.

8. Data Retention

Reckiapp does not independently determine how long personal data is retained.

Retention policies are controlled by:

  • The customer (Data Controller)

  • Salesforce configuration

  • Applicable legal and regulatory requirements

Where temporary access is granted for support or troubleshooting, data is accessed only for the duration necessary to fulfil service obligations.

9. Sub-Processors

Where necessary, Reckiapp may engage carefully selected sub-processors to support operational activities such as:

  • Secure development infrastructure

  • Service monitoring

  • Non-identifiable system performance analytics

All sub-processors are subject to appropriate contractual data protection obligations.

Details can be provided upon request.

10. International Transfers

If access to data occurs outside the UK or European Economic Area, appropriate safeguards are applied, including:

  • Standard Contractual Clauses (SCCs)

  • Data Processing Agreements (DPAs)

  • Secure encrypted connections

11. Data Subject Rights

As a Data Processor, Reckiapp supports customers in responding to Data Subject Rights requests, including:

  • Right of access

  • Right to rectification

  • Right to erasure

  • Right to restriction

  • Right to data portability

Requests should be directed to the relevant Data Controller.

12. Incident Management

Reckiapp maintains internal procedures for managing security incidents.

In the unlikely event of a personal data breach affecting customer data:

  • Customers will be notified without undue delay

  • Relevant details will be provided to support regulatory reporting

  • Appropriate remediation steps will be taken promptly

13. Customer Responsibilities

Customers remain responsible for:

  • Establishing lawful bases for processing

  • Managing consent and preference records

  • Configuring appropriate user permissions

  • Defining retention policies

  • Ensuring operational compliance with applicable laws

Reckiapp provides tools to support compliance but does not replace legal obligations of the Data Controller.

14. Contact Information

For data protection enquiries, please contact:

Reckiapp Ltd
9 Bourne Road
Bexley
England
DA5 1LW

Email: hello@reckiapp.io

15. Updates

This Data Protection Statement may be updated periodically to reflect changes in legislation or operational practice. The most current version will always be available via our website.