Trust Centre · Data protection
GDPR & Data Protection Policy
Infinity Quest, how we collect, use and protect personal data. This policy applies to all personal data we process in the course of our business, in line with the UK GDPR, the Data Protection Act 2018 and, where applicable, the EU GDPR.
Last updated · 1 July 2026
1. Introduction
InfinityQuest Limited (“InfinityQuest”, “IQ”, “we”, “us”, “our”) is committed to protecting the privacy and security of personal data. This policy explains how we collect, use, store, share and protect personal data belonging to our clients, candidates, employees, contractors and website visitors, in line with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and, where applicable, the EU General Data Protection Regulation (EU GDPR).
This policy applies to all personal data processed by InfinityQuest in the course of our business, including data processed through our website (i-q.co), our recruitment and consultancy activities, and our client engagements across the UK, Poland, India and Germany.
2. Who we are
InfinityQuest is a Data and AI consultancy.
For the purposes of data protection law, InfinityQuest is the “data controller” of personal data processed through our website, recruitment activity, and general business operations. Where we process personal data on behalf of a client as part of a consultancy engagement, we do so as a “data processor”, under the terms agreed with that client.
3. Our Data Protection Officer
Questions, requests or concerns about this policy or how we handle personal data should be directed to our Data Protection Officer (or nominated privacy contact):
Email: hello@i-q.co
Post: Avon House, 435-441 Stratford Road, Shirley, Solihull, England, B90 4AA
4. What personal data we collect
Depending on your relationship with us, we may collect and process the following categories of personal data:
- Identity data — name, job title, employer, date of birth (where relevant to recruitment).
- Contact data — email address, telephone number, postal address.
- Professional data — CV, employment history, qualifications, skills and references (for candidates and contractors).
- Technical data — IP address, browser type, device information, and website usage data collected via cookies and analytics.
- Communications data — records of correspondence, meeting notes and enquiry details.
- Client and engagement data — information processed on behalf of clients in the course of a consultancy engagement, as governed by the applicable client contract.
Special category data
We do not knowingly collect special category data (such as health, religious or biometric information) unless it is necessary and lawful to do so, for example to support a reasonable adjustment during recruitment, and we will always identify a specific lawful basis before doing so.
5. How we collect personal data
We collect personal data directly from you, for example when you submit an enquiry through our website, apply for a role, or engage us as a client. We may also collect data indirectly, from recruitment platforms such as LinkedIn, from publicly available professional sources, or from third parties such as referees, with your knowledge where required by law.
6. How we use your data and our lawful basis
We only process personal data where we have a valid lawful basis to do so under Article 6 of the UK GDPR. The list below summarises our principal purposes and the corresponding lawful basis.
- Responding to enquiries and providing information about our services — legitimate interests.
- Delivering and managing client engagements and contracts — performance of a contract.
- Recruitment, including assessing candidate suitability — legitimate interests and, where applicable, taking steps prior to entering a contract.
- Marketing communications, such as newsletters or event invitations — consent, or legitimate interests where permitted, with an option to opt out at any time.
- Complying with legal, regulatory, tax and accounting obligations — legal obligation.
- Improving our website and services through analytics — legitimate interests, or consent where required by cookie law.
7. Sharing your data
We do not sell personal data. We may share personal data with:
- Trusted service providers who support our operations, such as IT hosting, email and analytics providers, under contracts that require them to protect your data.
- Professional advisers, including lawyers, auditors and insurers, where necessary.
- Regulators, law enforcement or other authorities, where we are required to do so by law.
- Clients or partner organisations, strictly where necessary to deliver an engagement, and only in line with the applicable contract.
8. International data transfers
Infinity Quest operates across the UK, Poland, India and Germany. Where personal data is transferred outside the UK or the European Economic Area, we ensure an adequate level of protection is in place, for example through the UK International Data Transfer Agreement, EU Standard Contractual Clauses, or a recognised adequacy decision, before any such transfer takes place.
9. Data retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy any legal, accounting or reporting requirements. Recruitment data not resulting in an offer of engagement is typically retained for 12 months, after which it is securely deleted or anonymised, unless you have consented to a longer retention period for future opportunities.
10. Keeping data secure
We maintain appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure or destruction. This includes access controls, encryption where appropriate, secure cloud infrastructure, and regular review of our data handling practices. Access to personal data is limited to those who need it to perform their role.
11. Your rights
Under the UK GDPR, you have the right to:
- Access the personal data we hold about you.
- Request correction of inaccurate or incomplete data.
- Request erasure of your data, in certain circumstances.
- Request that we restrict or object to certain processing.
- Request a copy of your data in a portable format.
- Withdraw consent at any time, where processing is based on consent.
- Lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk, or your local supervisory authority.
Exercising your rights
To exercise any of these rights, please contact us using the details in Section 3. We will respond within one month, in line with statutory requirements.
12. Cookies
Our website uses cookies and similar technologies to support core functionality, understand how visitors use the site, and improve our content. You can manage your cookie preferences through your browser settings or via the cookie banner presented on first visit to i-q.co.
13. Children's data
Our website and services are directed at business professionals and are not intended for individuals under the age of 18. We do not knowingly collect personal data from children.
14. Changes to this policy
We may update this policy from time to time to reflect changes in our practices or legal obligations. The version and effective date will always be shown below. We encourage you to review this policy periodically.
15. Contact us
If you have any questions about this policy or how we handle your personal data, please contact us at hello@i-q.co or write to us at Avon House, 435-441 Stratford Road, Shirley, Solihull, England, B90 4AA.
InfinityQuest Limited — GDPR & Data Protection Policy · Version 1.0 · Effective date: 01 Jul 2026 · Next review: 01 Jun 2027
Questions? Email hello@i-q.co.