Privacy Notice
It is important that you read this Privacy Notice so that you are aware of what we do with your Personal Data.
Who we are
TechStream Group International Ltd (“TechStream Group”) are a limited company registered in England and Wales under registration number 08356900, with a registered office at First Floor, 3-8 Carburton Street, London, England, W1W 5AJ. TechStream Group International Ltd are the ‘Controller’ of any personal information we collect about you. The Techstream Group, incorporates Cyberstream, Cloudstream, Earthstream, Autostream, Xcede and Etonwood. This Notice is made in representation of the entire TechStream Group.
TechStream Group is a recruitment business which provides work-finding services to its clients and work-seekers. TechStream Group must process personal data (including sensitive personal data) so that it can provide their recruitment services, in doing so, the TechStream Group act as a data controller. All companies under the TechStream group collect the same personal data, the only difference between the companies are the sectors they recruit within.
CyberStream, a division of the TechStream Group, is an information & cybersecurity talent acquisition solution provider.
CloudStream is an innovative and diverse talent solutions provider, dedicated to providing advanced technology and transformation skills across consulting, start-up or enterprise environments.
EarthStream is a specialist talent solutions provider, dedicated to providing advanced engineering and technology experts across the research, production, supply, distribution, and management of energy on a global scale.
AutoStream, a division of the TechStream Group, is a specialist talent solutions business dedicated to providing Advanced Technology & Engineering skills to the Industrial Electronics, Automotive and Automation sectors.
Xcede is a technology, digital, data and analytics recruitment agency. Xcede assist with all aspects of the digital life cycle to support companies hiring needs.
Etonwood specialises in infrastructure and vendor technology recruitment, providing adaptable talent search that is closely tailored to financial markets, technology consultancy, and service management.
The TechStream Group will process your personal information in accordance with all applicable laws, including the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA 2018).
What Personal Data is
The term “Personal Data” means any information relating to you that identifies you, or through which you can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, or an online identifier or to one or more factors specific to you physical, physiological, genetic, mental, economic, cultural, or social identity.
The purpose of this Privacy Notice
The purpose of this Privacy Notice is to let you know how we process your Personal Data when you visit our website or apply for a job. This Privacy Notice therefore explains what Personal Data we collect from you and how we collect, use, store and disclose it when you use our website. This Privacy Notice also contains information about your rights under applicable data protection legislation.
We are committed to compliance with data protection laws. We believe that ensuring data protection compliance is the foundation of trustworthy business relationships.
It is important that you read this Privacy Notice together with any other privacy notice we provide on specific occasions when we are collecting or processing Personal Data about you so that you are fully aware of how and why we are using your data. This Privacy Notice supplements the other notices and is not intended to override them.
Why we collect your Personal Data and the Type of Data Collected
We collect your Personal Data for the purpose of providing you with TechStream Group recruitment services. We will collect data about you, both personal data (such as your name and contact details) and sensitive personal data (such as information in your CV). Depending on the relevant circumstances and applicable local laws and requirements, we may collect:
- CV’s and Application forms.
- Personal details such as name, date of birth, contact and next-of-kin details, and national Insurance number.
- Visa details and copies of passports.
- Bank or building society account details.
- Details of job role and salary including data held on staff organisation charts.
- Pension information.
- Records concerning appraisal and training.
- Sickness and other absence details.
- Contracts or terms and conditions of employment.
- Correspondence between you and TechStream Group
- Correspondence, such as references, between TechStream Group and third parties in relation to your Employment.
- Visual images, for example if CCTV images are used as part of building security
- Records of grievances.
- Investigations into breaches of terms and conditions of employment.
- Records of disciplinary proceedings.
- Health and safety records (including accident reports).
- In some departments, workload and work allocation.
- Where appropriate, audio and/or video recordings of lectures, presentations and workshops and team incentives.
In some jurisdictions, we are restricted from processing some of the data outlined above. In such circumstances, we will not process the data in those jurisdictions.
How we collect your Personal Data
We will collect your Personal Data directly from you in the following ways:
- Job application via the Group websites - When you apply for a job via TechStream Group, you will be required to provide personal data in relation to your application. For example, your contact details, right to work employment history.
- TechStream Group website profile creation - When you create a profile on any of the TechStream Group websites, you will be required to provide contact details.
- Job applications via the direct job advert - When you apply for a job directly you will be required to provide contact details and job history.
- Applicants found on job board via the CV search function - Here candidates will have provided their contact details in order to apply for prospective jobs.
- Applicants found on LinkedIn - Here the candidates have provided their employment history on their LinkedIn profile.
- Applicants found via Headhunt - This system is used to understand where key hires are placed, so the TechStream Group will contact candidates directly to introduce them to a role and then request more data.
- Applicants found on Daxtra - Daxtra sits in between applications and entry onto the CRM, creating coversheets entering candidates if flagged in broadbean or sent via email to Daxtra. This data will include contact details and employment history.
- Applicants found via Broadbean - Broadbean is an applicant tracking system that sits between TechStream Group and the Job boards. Applicant data is stored in AdCourier. This data will include contact details and employment history.
- Details stored on CRM systems – Permanent placements. Our CRM systems will store candidate details, such as contact details, employment history and salary details. Our systems can also be used to communicate with clients to confirm candidates’ placements or offers.
- Communications via email - We may communicate with you via email in order to discuss your job applications or candidates may apply for jobs via an email sent directly to the TechStream Group. During that correspondence, you will be providing Personal Data. We will process the Personal Data you provide to us to respond to you and provide our recruitment services. Emails will be stored in accordance with our retention period set out in the Schedule of Processing which can be found at the end of this document.
- Security checks using Verifile - Special category personal data will be collected in order to carry out DBS checks for successful candidates, this will include your name, proof of address, and your passport.
How we use your Personal Data
We will use your Personal Data in order to provide you with the TechStream Group service. When you access and interact with our website or recruitment consultants, we need to track your activities to enable you to connect to our website. We use tracking cookies to identify you in performance of this service, information of which is provided in detail in our Cookie Policy.
We will only use your Personal Data for the purpose we collected it and in accordance with the law. We will not use your Personal Data for any other purpose without your prior consent. The only exception to this is if it is required or permitted by law, such as where it is necessary for the prevention, investigation, detection or prosecution of criminal offences or the enforcement of civil law matters.
Our Legal Basis for processing your Personal Data
The GDPR, (Our Global standard of compliance) requires that a Controller must have a legal basis for processing Personal Data. More details are provided in the Schedule of Processing but, in most instances, our legal bases for processing your personal information are:
- We are complying with a contract under article 6(b) (this is where the candidate engages with the TechStream Group in one for the prescribed methods (applying directly on the website, jobs board, or LinkedIn) in order to obtain a position with one of our clients);
- We need to comply with a legal obligation under article 6(c) (this is where the law requires us to obtain data in relation to the data subject, for example, DBS checks, making reasonable adjustments, and in relation to maintaining personal and financial records according to the relevant legislation);
- It is necessary for our legitimate interests (or those of a third party, including you) and there are no overriding interests under article 6(f) (this is where we will communicate with candidates about potential jobs available, where relevant (marketing communication); and
- We have your consent under article 6(a) (this is where you agree either in writing or verbally for us to store and process your data).
On rare occasions we may need to use your Personal Data as follows:
- We need to protect your vital interests or someone else’s (this relates to life-or-death type scenarios).
Who we share your Personal Data with?
Your Personal Data may be shared internally at the TechStream Group for purpose of providing our recruitment services. Your Personal Data may also be shared as follows:
- Service Providers - This can include database management systems that we use to store data, finding prospective candidates and sharing that information with our clients.
- Sharing data with prospective employers and other third parties - This is essential to carry out our business and place candidates.
- Data transfer due to legal obligation - If we are obligated to transfer your data to a third party based on a legal obligation or in order to comply with applicable laws and governmental bodies, we will only do so in accordance with local applicable laws (DPA 2018, EU GDPR and UK GDPR). This may include for example, defence or pursuit of our legal claims involving your use of the carpooling services, investigate fraud, cooperating with criminal investigations, such as compliance with a subpoena, or similar legal process, or to the data protection supervisory authority.
Marketing
With your consent we may contact you via email to promote our services. To start or stop receiving marketing from us, simply contact us via our job website portal.
If you have provided consent, we may also contact you to promote services provided by third parties (e.g., insurance products and other services as they become available).
Where we are legally required to obtain your consent to provide you with marketing materials, we will only provide you with such marketing materials if you have provided consent for us to do so.
If you want to unsubscribe from mailing lists or any marketing, you should look for and follow the instructions we have provided in our relevant communications to you.
If you choose to unsubscribe from any or all marketing, we may retain information sufficient to identify you so that we can honour your request.
How long we will keep your Personal Data
We will only keep your Personal Data for as long as is necessary to fulfil the purposes we collected it for, which may include satisfying any legal, accounting, or reporting requirements. The retention period depends on the type of Personal Data and the reason we are processing it. Further details of retention periods are set out in the Schedule of Processing which can be found at the end of this document.
When calculating the appropriate retention period for your data, we consider the nature and sensitivity of the data, the purposes for which we are processing the data, and any applicable statutory retention periods. Using these criteria, we regularly review the Personal Data which we hold and the purposes for which it is held and processed.
When we determine that Personal Data can no longer be retained (or where we must comply you request us to delete your data in accordance with your right to do so) we ensure that this data is securely deleted or destroyed.
Security of your Personal Data
In order to protect your Personal Data, we put in place appropriate organisational and technical security measures. These measures include ensuring our internal IT systems are suitably secure and implementing procedures to deal with any suspected data breach.
In the unlikely event of a data breach, we will take steps to mitigate any loss or destruction of data and, if required, will notify you and any applicable authority of such a breach.
Although we use appropriate security measures once we have received your Personal Data, you will appreciate that the transmission of data over the internet (including by email) is never completely secure. We endeavour to protect Personal Data, but we cannot guarantee the security of data transmitted to or by us.
Transferring your Personal Data outside the EEA
To provide our services, we may need to share your Personal Data with third parties and suppliers outside the European Economic Area (the “EEA”). If we do this, we will ensure your Personal Data receives the same protection as if it were being processed inside the EEA. For example, our contracts with our suppliers stipulate the standards they must follow to process Personal Data.
Your Rights
You have rights under the data protection legislation and, subject to certain legal exemptions, we must comply when you inform us that you wish to exercise these rights. There is no charge, unless your requests are manifestly unfounded or excessive. In such circumstances, we may make a reasonable charge or decline to act on your request. Before we action your request, we may ask you for proof of your identity. Once in receipt of this, we will process the request without undue delay and within one month. To exercise your rights please contact the Data Protection Officer at gdpr@techstreamgroup.com
Your rights in connection with personal information are set out below.
- Subject Access Request - You have a right to receive a copy of the Personal Data we hold about you.
- Rectification - If any of the Personal Data we hold about you is incomplete or inaccurate, you have a right to have it corrected.
- Erasure - This is also known as the “right to be forgotten”. You have a right to ask us to delete your Personal Data where there is no good reason for us continuing to process it. However, certain criteria apply and if we have a legitimate reason to continue processing your personal data, we will not be legally required to delete it.
- Objection - You have a right to object where we are relying on legitimate interests as our legal basis for processing your Personal Data but, in certain circumstances we may be able to continue with the processing. For example, if we have compelling legitimate grounds which override your interests, rights and freedoms or your personal information is needed for the establishment, exercise or defence of legal claims. However, you have an absolute right to object to us processing your Personal Data for direct marketing purposes.
- Restriction - You have a right to ask us to restrict the processing of your Personal Data in certain circumstances. For example, you may require us to suspend processing information about you whilst checks are made to ensure it is accurate.
- Portability - You have the right to ask us to transfer any Personal Data you have provided to us to another party, subject to certain criteria being satisfied. We will provide this Personal Data in a structured, commonly used and machine-readable format.
- Right to withdraw consent - If you have given us your consent for the processing of your Personal Data, you can withdraw this at any time. Please note, the withdrawal has no effect on the legality of the data processing carried out in the past on the basis of your consent. To exercise your right to withdraw consent go to your profile and uncheck the relevant check box or slider in the App.
- Right to complain - If you are unhappy with the way in which your personal information has been or is being processed, you have the right to make a complaint about it to the Information Commissioner’s Office (ICO). They can be contacted at:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Your obligations
If any of your Personal Data changes whilst you are a user of our services, it is important that you update the information within your account to ensure that the data we hold about you is accurate and up to date.
How to contact our Data Protection Officer
We have appointed a Global Data Protection Officer (DPO) to handle data protection matters. If you wish to contact us in order to exercise any of your rights referred to above or any other data protection matter, please contact our global DPO at gdpr@techstreamgroup.com
Questions or Concerns
You can contact us if you wish to complain about how we collect, store, and use your Personal Data. It is our goal to provide the best possible remedy regarding your complaints. However, if you are not satisfied with our answer, you can also contact the relevant competent supervisory authority, please refer the ‘Relevant Independent Authority Schedule’ for the details outlining the applicable authorities for each country the company operates in.
The Data Protection Principles
We will comply with the EU GDPR, UK GDPR and the DPA 2018. Article 5 of the EU GDPR contains the data protection principles, which require that Personal Data shall be:
- Processed lawfully, fairly and in a transparent way.
- Collected for specified, explicit and legitimate purposes and not used in any way that is incompatible with those purposes.
- Adequate, relevant and limited to what is necessary.
- Accurate and, where necessary, kept up to date.
- Kept for no longer than is necessary for the purposes we have told you about.
- Kept securely.
We operate according to the principles of the EU GDPR, regardless of the location of the data subject.
Changes to this Privacy Notice
We reserve the right to update this Privacy Notice from time to time. Updates to this Privacy Notice will be published on our website and App. To ensure you are aware of when we make changes to this Privacy Notice, we will amend the revision date at the top of this page. Changes apply as soon as they are published on our website and App. We therefore recommend that you visit this page regularly to find out about any updates that may have been made.
Schedule of Processing
Ref | Purpose of Processing | Type of Personal Data | Who has Access | Legal Basis | Retention Period |
1. | Job application via the Group’s website | Identity/contact data and employment history | TechStream staff | Contractual obligation | 3 years |
2. | Contacting candidates regarding job applications | Identity/contact data and employment history | TechStream staff | Contractual obligation | 3 years |
3. | Onboarding candidates (Details of unsuccessful applicants) | Identity/contact data | TechStream staff | Contractual obligation | 3 years |
4. | Xcede’s website profile creation | Identity/contact data | TechStream staff | Contractual obligation | 3 years |
5. | Job applications via the direct job advert | Identity/contact data and employment history | TechStream staff | Contractual obligation | 3 years |
6. | Applicants found on job board via the CV search function | Identity/contact data and employment history | TechStream staff | Legitimate interests | 3 years |
7. | Applicants found on LinkedIn | Here the candidates have provided their employment history on their LinkedIn profile along with some contact information. | TechStream staff | Legitimate interests | 3 years |
8. | Applicants found via Headhunt | Identity/contact data | TechStream staff | Legitimate interests | 3 years |
9. | Applicants found on Daxtra | Identity/contact data and employment history | TechStream staff | Contractual obligation | 3 years |
10. | Applicants found via Broadbean | Identity/contact data and employment history | TechStream staff | Legitimate interests | 3 years |
11. | Details stored on CRM systems – Permanent placements | Identity/contact data, employment history, and salary details. | TechStream staff | Contractual obligation | 3 years |
12. | Security checks using Verifile (Security checks) | Name, proof of address, and passport. | TechStream staff | Contractual obligation | 6 years |
13. | Communications via email | Identity/contact data | TechStream staff | Legitimate interests or contractual obligation | 3 years (this is dependent on the subject matter of the correspondence) |
14. | Financial information | Bank details, tax bills, receipts and statements, tax returns, sales tax records | TechStream staff | Legal obligation | 7 years |
15. | Financial Information | Tax-exemption documents and related correspondence, and annual returns information | TechStream staff | Legal obligation | Indefinitely |
16. | Annual Audit Records | Annual plans and budget, bank statements, cancelled cheques, employee expense records, interim financial statements | TechStream staff | Legal obligation | 7 years |
17. | Annual Reports | Financial reports, audit reports, record of profits, any other performance indicators | TechStream staff | Legal obligation | Indefinitely |
18. | Right to work | Passport, national identity cards | TechStream staff | Legal obligation | 6 years |
19. | Employment contracts | Contact details, salary details | TechStream staff | Legal obligation | 6 years after the employee leaves the company |
20. | Employee personal records | Contact details, attendance records, application forms, performance evaluations, training, qualifications, disciplinary records. | TechStream staff | Legal obligation | 6 years after the employee leaves the company |
21. | Sickness and absence records | Medical data | TechStream staff | Legal obligation | 6 years |
22. | Equal opportunities and reasonable adjustments | Data relating to disabilities and ethnic background | TechStream staff | Legal obligation | 6 years |
23. | Legal Memoranda and opinions | Case files | TechStream staff | Legal obligation | 7 years after the case file is closed |
24. | Litigation case files | Case files where proceedings have been initiated | TechStream staff | Legal obligation | 1 year after expiration of appeals |
25. | Court Orders | Court Orders (any other applicable documentation issued by the court) | TechStream staff | Legal obligation | Indefinitely |
26. | Insurance documentation | Insurance certificates, claims files, correspondence, medical records, insurance policies | TechStream staff | Legal obligation | Indefinitely |
27. | Corporate records | Company minutes, records of incorporation, annual corporate reports, licenses and permits) | TechStream | Legal obligation | Indefinitely |