Who we are? 

Xcede Group (Techstream International Group Holdings Limited)  a limited company registered in England and Wales under registration number 11996176, with a registered office at First Floor, 3-8 Carburton Street, London, England, W1W 5AJ. The Xcede Group, incorporates Earthstream, Xcede and Etonwood. This Notice is made in representation of the entire Xcede Group.

Xcede Group is a recruitment business which provides work-finding services to its clients and work-seekers. Xcede Group must process Personal Data (and, in some cases, Special Category Personal Data) so that it can provide its recruitment services, and in doing so, the Xcede Group acts as a controller. All companies under the Xcede Group collect the same Personal Data. The only differences between the companies are the sectors they recruit within.

EarthStream: We source and select top talent across all energy sectors globally. Since 2010, EarthStream has delivered exceptional local talent along with experienced expats across a diverse range of energy companies around the world.

Xcede: We connect companies with exceptional professionals that empower growth. Founded in 2003, our vertical specialists provide global transformational talent in data, digital, technology, cyber and embedded software.Across our key areas, our experts operate with a focus on delivering excellence and expertise for our clients.

Etonwood specialises in infrastructure, development and service now recruitment, providing adaptable talent search that is closely tailored to financial markets, technology consultancy, and service management.

The Xcede Group will process your personal information in accordance with all applicable laws, including the Data Protection Act 2018 (DPA 2018), the UK General Data Protection Regulation (UK GDPR) and, where applicable, the EU General Data Protection Regulation (EU GDPR). The UK GDPR will apply if you are in the UK and the EU GDPR will apply if you are in the EU.

​

1. What Personal Data is

​

The term “Personal Data” means any information relating to you that identifies you, or through which you can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, or an online identifier or to one or more factors specific to you physical, physiological, genetic, mental, economic, cultural or social identity.

The term “Special Category Personal Data” is Personal Data revealing racial or ethic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifying someone, data concerning health and data concerning a person’s sex life or sexual orientation.

​

2.The purpose of this Privacy Notice

​

The purpose of this Privacy Notice is to let you know how we process your Personal Data when you visit our website or apply for a job. This Privacy Notice therefore explains what Personal Data we collect from you and how we collect, use, store and disclose it. This Privacy Notice also contains information about your rights under applicable data protection legislation.

We are committed to compliance with data protection laws. We believe that ensuring data protection compliance is the foundation of trustworthy business relationships.

It is important that you read this Privacy Notice together with any other Privacy Notices we provide on specific occasions when we are collecting or processing Personal Data about you so that you are fully aware of how and why we are using your data. This Privacy Notice supplements the other Privacy Notices and is not intended to override them.

​

​

3. Why we collect your Personal Data and the Type of Data Collected

​

We collect your Personal Data for the purpose of providing you with Xcede Group recruitment services. We will collect data about you, both personal data (such as your name and contact details) and, in some cases, Special Category Personal Data (such as information about your health or disability which is needed for the purpose of making reasonable adjustments for you during the recruitment process or to find out whether you would be able to undertake a function which is intrinsic to the job). Depending on the relevant circumstances and applicable local laws and requirements, we may collect:

• CVs and Application forms.

• Personal details such as name, date of birth and contact information and next of kin details and national insurance number.

• Visa details and copies of passports.

• Bank or building society account details.

• Details of job role and salary including data held on staff organisation charts.

• Pension information.

• Records concerning appraisal and training.

• Sickness and other absence details.

• Contracts or terms and conditions of employment.

• Correspondence between you and Xcede Group

• Correspondence, such as references, between Xcede Group and third parties in relation to your Employment.

• Visual images, for example if CCTV images are used as part of building security

• Records of grievances.

• Investigations into breaches of terms and conditions of employment.

• Records of disciplinary proceedings.

• Health and safety records (including accident reports).

• In some departments, workload and work allocation.

• Where appropriate, audio and/or video recordings of lectures, presentations and workshops and team incentives. 

In some jurisdictions, we are restricted from processing some of the data outlined above. In such circumstances, we will not process the data in those jurisdictions.

​

4. How we collect your Personal Data 

​

We will collect your Personal Data directly from you in the following ways:

• Job application via the Group’s website

When you apply for a job via Xcede Group, you will be required to provide personal data for your application. For example, your contact details and your, right to work and employment history.

• Xcede’s website profile creation

When you create a profile on one of the websites within the Xcede Group, you will be required to provide contact details.

• Job applications via the direct job advert

When you apply for a job directly, you will be required to provide contact details and job history.

• Applicants found on the job board via the CV search function

If we find you on the job board, you will have already provided your contact details in order to apply for prospective jobs.

• Applicants found on LinkedIn

If we find you on LinkedIn, you will have already provided your employment history on your LinkedIn profile.

• Applicants found via Headhunt

This system is used to understand where key hires are placed, so the Xcede Group will contact candidates directly to introduce them to a role and then request more data.

• Applicants found on Daxtra

Daxtra sits in between applications and entry onto the CRM, creating coversheets entering candidates if flagged in Broadbean or sent via email to Daxtra. This data will include contact details and employment history.

• Applicants found via Broadbean

Broadbean is an applicant tracking system that sits between Xcede and the Job boards. Applicant data is stored in AdCourier. This data will include contact details and employment history.

• Details stored on CRM systems – Permanent placements

Our CRM systems will store candidate details, such as contact details, employment history and salary details. Our systems can also be used to communicate with clients to confirm candidates’ placements or offers.

• Communications via email

We may communicate with you via email in order to discuss your job applications or you may apply for jobs via an email sent directly to the Xcede Group. During that correspondence, you will be providing Personal Data. We will process the Personal Data you provide to us to respond to you and provide our recruitment services. Emails will be stored in accordance with our retention period set out in the Schedule of Processing which can be found at the end of this document.

• Security checks using Verifile

Special Category Personal Data may be collected in order to carry out DBS checks for successful candidates. This will include your name, proof of address, and your passport.

​

5. How we use your Personal Data 

​

We will use your Personal Data in order to provide you with the Xcede Group service. In particular, when you access and interact with our website or recruitment consultants, we need to track your activities to enable you to connect to our website. We use tracking cookies to identify you in performance of this service, information of which is provided in detail in our Cookie Policy.

We will only use your Personal Data for the purpose we collected it and in accordance with the law. We will not use your Personal Data for any other purpose without your prior consent. The only exception to this is if it is required or permitted by law, such as where it is necessary for the prevention, investigation, detection or prosecution of criminal offences or the enforcement of civil law matters.  

​

6. Our Lawful Bases for processing your Personal Data

​

The UK GDPR and the EU GDPR (our global standard of compliance) requires that a controller must have a lawful basis for processing Personal Data. More details are provided in the Schedule of Processing but, in most instances, our lawful bases for processing your personal information are:

• The processing is necessary Article 6(b) of the UK GDPR or the EU GDPR for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract. This is where you engage with the Xcede Group such as by applying directly on the website, jobs board, or LinkedIn, with a view to securing an employment contract;

• We need to comply with a legal obligation under Article 6(c) of the UK GDPR or the EU GDPR. For example, this is where the law requires us to obtain Personal Data in relation to things like DBS checks, making reasonable adjustments, and in relation to maintaining personal and financial records according to the relevant legislation;

• It is necessary for our legitimate interests (or those of a third party, including you) and there are no overriding interests under Article 6(f) of the UK GDPR and the EU GDPR. This is where we will communicate with you about potential jobs available, and, where relevant send marketing material; and

• We have your consent under Article 6(a) of the UK GDPR and the EU GDPR. This is where you agree either in writing or verbally for us to store and process your Personal Data.

• On rare occasions we may need to use your Personal Data as follows:

• We need to protect your vital interests or someone else’s. This relates to life-or-death type scenarios.

​

7. Who we share your Personal Data with?

​

Your Personal Data may be shared internally at the Xcede Group for purpose of providing our recruitment services. Your Personal Data may also be shared as follows:

• Service Providers
  This can include database management systems that we use to store data, finding prospective candidates and sharing that information with our clients.

•  Sharing data with prospective employers and other third parties
  This is essential to carry out our business and place candidates.  

• Data transfer due to legal obligation
  If we are obligated to transfer your Personal Data to a third party based on a legal obligation or in order to comply with applicable laws and governmental bodies, we will only do so in accordance with those laws (i.e.: DPA 2018, EU GDPR and UK GDPR). This may include for example, defending or pursuing legal claims, investigating fraud and co-operating with criminal investigations, such as complying with a subpoena, or similar legal process, or with the data protection supervisory authority.

​

8. Marketing

​

With your consent, we may contact you via email to promote our services. To start or stop receiving marketing from us, simply contact us via our job website portal.

Where we are legally required to obtain your consent to provide you with marketing material, we will only provide you with such marketing materials if you have provided consent for us to do so.

If you want to unsubscribe from mailing lists or any marketing, you should look for and follow the instructions we have provided in our relevant communications to you.

If you choose to unsubscribe from any or all marketing, we may retain information sufficient to identify you so that we can honour your request.

​

9. How long we will keep your Personal Data

​

We will only keep your Personal Data for as long as is necessary to fulfil the purposes we collected it for, which may include satisfying any legal, accounting, or reporting requirements. The retention period depends on the type of Personal Data and the reason we are processing it. Further details of retention periods are set out in the Schedule of Processing which can be found at the end of this document.

When calculating the appropriate retention period for your data, we consider the nature and sensitivity of the data, the purposes for which we are processing the data, and any applicable statutory retention periods. Using these criteria, we regularly review the Personal Data which we hold and the purposes for which it is held and processed.

When we determine that Personal Data can no longer be retained (or where we must comply with your request for us to delete your Personal Data in accordance with your right to do so) we ensure that this Personal Data is securely deleted or destroyed.

​

10.Security of your Personal Data

​

In order to protect your Personal Data, we put in place appropriate organisational and technical security measures. These measures include ensuring our internal IT systems are suitably secure and implementing procedures to deal with any suspected data breach.

In the unlikely event of a data breach, we will take steps to mitigate any loss or destruction of data and, if required, will notify you and any relevant supervisory authority of such a breach.

Although we use appropriate security measures once we have received your Personal Data, you will appreciate that the transmission of data over the internet (including by email) is never completely secure. We endeavour to protect Personal Data, but we cannot guarantee the security of data transmitted to or by us.

​

11.International Transfers

​

In order to provide our services, we may need to send your Personal Data outside the UK and, in some cases, outside the EEA. For example, although part of the Xcede Group is based only in the UK (Etonwood), other divisions of the Xcede Group have offices, not only in the UK, but in Europe (Spain & Germany) and in Africa, Asia and North America. It may therefore be necessary to transfer your Personal Data to our other offices outside the UK and/or the EEA. Also, it may be necessary to send your Personal Data outside the UK and/or the EEA in order to share it with third parties, such as, your prospective employer.

If we do transfer your Personal Data outside the UK and/or the EEA, we will ensure that it receives the same protection as if it were being processed inside the UK or the EEA. For example, we will ensure that the country we are sending it to has an adequacy decision issued by the European Commission. (Whilst the UK is no longer in the EU, the UK recognises all adequacy decisions already made by the European Commission). In the absence of an adequacy decision, Xcede Group will adopt other appropriate safeguards to protect your Personal Data, such as Standard Contractual Clauses (SCC) issued by the European Commission. Again, whilst the UK is no longer in the EU, the UK recognises the SCC for the time being. The SCC can be found here Standard Contractual Clauses (SCC) | European Commission (europa.eu)

​

12.Your Rights

​

You have rights under the data protection legislation and, subject to certain legal exemptions, we must comply when you inform us that you wish to exercise these rights. There is no charge, unless your requests are manifestly unfounded or excessive. In such circumstances, we may make a reasonable charge or decline to act on your request. Before we action your request, we may ask you for proof of your identity. Once in receipt of this, we will process the request without undue delay and within one month. In order to exercise your rights please contact dataprivacy@techstreamgroup.com. 

Your rights in connection with personal information are set out below.

Subject Access Request

You have a right to receive a copy of the Personal Data we hold about you.

Rectification
If any of the Personal Data we hold about you is incomplete or inaccurate, you have a right to have it corrected.

Erasure

This is also known as the “right to be forgotten”. You have a right to ask us to delete your Personal Data where there is no good reason for us to continue to process it. However, certain criteria apply and if we have a legitimate reason to continue processing your Personal Data, we will not be legally required to delete it.

Objection
You have a right to object where we are relying on legitimate interests as our lawful basis for processing your Personal Data but, in certain circumstances we may be able to continue with the processing. For example, if we have compelling legitimate grounds which override your interests, rights and freedoms or your Personal Data is needed for the establishment, exercise or defence of legal claims.However, you have an absolute right to object to us processing your Personal Data for direct marketing purposes. 

Restriction
You have a right to ask us to restrict the processing of your Personal Data in certain circumstances. For example, you may require us to suspend processing information about you whilst checks are made to ensure it is accurate.  

Portability
You have the right to ask us to transfer any Personal Data you have provided to us to another party, subject to certain criteria being satisfied. We will provide this Personal Data in a structured, commonly used and machine-readable format.

Right to withdraw consent
If you have given us your consent for the processing of your Personal Data, you can withdraw this at any time. Please note, the withdrawal has no effect on the legality of the data processing carried out in the past on the basis of your consent.

Right to complain
If you are unhappy with the way in which your personal information has been or is being processed, you have the right to make a complaint about it to the relevant supervisory authority. In the UK this is the Information Commissioner’s Office (ICO). 

They can be contacted at: 

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
www.ico.org.uk

13.Your obligations

If any of your Personal Data changes whilst you are a user of our services, it is important that you update the information within your account or otherwise notify us to ensure that the data we hold about you is accurate and up to date.

​

14. How to contact our Data Protection Officer 

We have appointed a global Data Protection Officer (DPO) to handle data protection matters. You can contact via email dpo@dataprivacyadvisory.com or via dataprivacy@techstreamgroup.com

15.Questions or Concerns

You can contact us if you wish to complain about how we collect, store and/or use your Personal Data.It is our goal to provide the best possible remedy with regard to your complaints. However, if you are not satisfied with our answer, you can also contact the relevant supervisory authority

​

16.The Data Protection Principles

We will comply with the EU GDPR, UK GDPR and the DPA 2018. Article 5 of the UK GDPR and the EU GDPR contains the data protection principles, which require that Personal Data shall be:

• Processed lawfully, fairly and in a transparent way.

• Collected for specified, explicit and legitimate purposes and not used in any way that is incompatible with those purposes.

• Adequate, relevant and limited to what is necessary.

• Accurate and, where necessary, kept up to date.

• Kept for no longer than is necessary for the purposes we have told you about.

• Kept securely.

We operate according to the principles of the UK GDPR and the EU GDPR.

17.Changes to this Privacy Notice  

We reserve the right to update this Privacy Notice from time to time. Updates to this Privacy Notice will be published on our website. To ensure you are aware of when we make changes to this Privacy Notice, we will amend the revision date at the top of this page.Changes apply as soon as they are published on our website. We therefore recommend that you visit this page regularly to find out about any updates that may have been made.

18. Schedule of Processing

​

​