Who we are?
TechStream Group International Holdings Limited (“TechStream Group”) are a limited company registered in England and Wales under registration number 11996176, with a registered office at First Floor, 3-8 Carburton Street, London, England, W1W 5AJ. The Techstream Group, incorporates Cyberstream, Cloudstream, Earthstream, Autostream, Xcede and Etonwood. This Notice is made in representation of the entire TechStream Group.
TechStream Group is a recruitment business which provides work-finding services to its clients and work-seekers. TechStream Group must process Personal Data (and, in some cases, Special Category Personal Data) so that it can provide its recruitment services, and in doing so, the TechStream Group acts as a controller. All companies under the TechStream group collect the same Personal Data. The only differences between the companies are the sectors they recruit within.
CyberStream, a division of the TechStream Group, is an information & cybersecurity talent acquisition solution provider.
CloudStream is an innovative and diverse talent solutions provider, dedicated to providing advanced technology and transformation skills across consulting, start-up or enterprise environments.
EarthStream is a specialist talent solutions provider, dedicated to providing advanced engineering and technology experts across the research, production, supply, distribution, and management of energy on a global scale.
AutoStream, a division of the TechStream Group, is a specialist talent solutions business dedicated to providing Advanced Technology & Engineering skills to the Industrial Electronics, Automotive and Automation sectors.
Xcede is a technology, digital, data and analytics recruitment agency. Xcede assists with all aspects of the digital life cycle to support the hiring needs of companies.
Etonwood specialises in infrastructure and vendor technology recruitment, providing adaptable talent search that is closely tailored to financial markets, technology consultancy, and service management.
The TechStream Group will process your personal information in accordance with all applicable laws, including the Data Protection Act 2018 (DPA 2018), the UK General Data Protection Regulation (UK GDPR) and, where applicable, the EU General Data Protection Regulation (EU GDPR). The UK GDPR will apply if you are in the UK and the EU GDPR will apply if you are in the EU.
1. What Personal Data is
The term “Personal Data” means any information relating to you that identifies you, or through which you can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, or an online identifier or to one or more factors specific to you physical, physiological, genetic, mental, economic, cultural or social identity.
The term “Special Category Personal Data” is Personal Data revealing racial or ethic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifying someone, data concerning health and data concerning a person’s sex life or sexual orientation.
2. The purpose of this Privacy Notice
The purpose of this Privacy Notice is to let you know how we process your Personal Data when you visit our website or apply for a job. This Privacy Notice therefore explains what Personal Data we collect from you and how we collect, use, store and disclose it. This Privacy Notice also contains information about your rights under applicable data protection legislation.
We are committed to compliance with data protection laws. We believe that ensuring data protection compliance is the foundation of trustworthy business relationships.
It is important that you read this Privacy Notice together with any other Privacy Notices we provide on specific occasions when we are collecting or processing Personal Data about you so that you are fully aware of how and why we are using your data. This Privacy Notice supplements the other Privacy Notices and is not intended to override them.
3. Why we collect your Personal Data and the Type of Data Collected
We collect your Personal Data for the purpose of providing you with TechStream recruitment services. We will collect data about you, both personal data (such as your name and contact details) and, in some cases, Special Category Personal Data (such as information about your health or disability which is needed for the purpose of making reasonable adjustments for you during the recruitment process or to find out whether you would be able to undertake a function which is intrinsic to the job). Depending on the relevant circumstances and applicable local laws and requirements, we may collect:
• CVs and Application forms.
• Personal details such as name, date of birth and contact information and next of kin details and national insurance number.
• Visa details and copies of passports.
• Bank or building society account details.
• Details of job role and salary including data held on staff organisation charts.
• Pension information.
• Records concerning appraisal and training.
• Sickness and other absence details.
• Contracts or terms and conditions of employment.
• Correspondence between you and Techstream Group
• Correspondence, such as references, between Techstream Group and third parties in relation to your Employment.
• Visual images, for example if CCTV images are used as part of building security
• Records of grievances.
• Investigations into breaches of terms and conditions of employment.
• Records of disciplinary proceedings.
• Health and safety records (including accident reports).
• In some departments, workload and work allocation.
• Where appropriate, audio and/or video recordings of lectures, presentations and workshops and team incentives.
In some jurisdictions, we are restricted from processing some of the data outlined above. In such circumstances, we will not process the data in those jurisdictions.
4. How we collect your Personal Data
We will collect your Personal Data directly from you in the following ways:
• Job application via the Group’s website
When you apply for a job via Techstream Group, you will be required to provide personal data for your application. For example, your contact details and your, right to work and employment history.
• Techstream’s website profile creation
When you create a profile on one of the websites within the Techstream Group, you will be required to provide contact details.
• Job applications via the direct job advert
When you apply for a job directly, you will be required to provide contact details and job history.
• Applicants found on the job board via the CV search function
If we find you on the job board, you will have already provided your contact details in order to apply for prospective jobs.
• Applicants found on LinkedIn
If we find you on LinkedIn, you will have already provided your employment history on your LinkedIn profile.
• Applicants found via Headhunt
This system is used to understand where key hires are placed, so the TechStream Group will contact candidates directly to introduce them to a role and then request more data.
• Applicants found on Daxtra
Daxtra sits in between applications and entry onto the CRM, creating coversheets entering candidates if flagged in Broadbean or sent via email to Daxtra. This data will include contact details and employment history.
• Applicants found via Broadbean
Broadbean is an applicant tracking system that sits between Techstream and the Job boards. Applicant data is stored in AdCourier. This data will include contact details and employment history.
• Details stored on CRM systems – Permanent placements
Our CRM systems will store candidate details, such as contact details, employment history and salary details. Our systems can also be used to communicate with clients to confirm candidates’ placements or offers.
• Communications via email
We may communicate with you via email in order to discuss your job applications or you may apply for jobs via an email sent directly to the TechStream Group. During that correspondence, you will be providing Personal Data. We will process the Personal Data you provide to us to respond to you and provide our recruitment services. Emails will be stored in accordance with our retention period set out in the Schedule of Processing which can be found at the end of this document.
• Security checks using Verifile
Special Category Personal Data may be collected in order to carry out DBS checks for successful candidates. This will include your name, proof of address, and your passport.
5. How we use your Personal Data
We will use your Personal Data in order to provide you with the TechStream Group service. In particular, when you access and interact with our website or recruitment consultants, we need to track your activities to enable you to connect to our website. We use tracking cookies to identify you in performance of this service, information of which is provided in detail in our Cookie Policy.
We will only use your Personal Data for the purpose we collected it and in accordance with the law. We will not use your Personal Data for any other purpose without your prior consent. The only exception to this is if it is required or permitted by law, such as where it is necessary for the prevention, investigation, detection or prosecution of criminal offences or the enforcement of civil law matters.
6. Our Lawful Bases for processing your Personal Data
The UK GDPR and the EU GDPR (our global standard of compliance) requires that a controller must have a lawful basis for processing Personal Data. More details are provided in the Schedule of Processing but, in most instances, our lawful bases for processing your personal information are:
• The processing is necessary Article 6(b) of the UK GDPR or the EU GDPR for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract. This is where you engage with the TechStream Group such as by applying directly on the website, jobs board, or LinkedIn, with a view to securing an employment contract;
• We need to comply with a legal obligation under Article 6(c) of the UK GDPR or the EU GDPR. For example, this is where the law requires us to obtain Personal Data in relation to things like DBS checks, making reasonable adjustments, and in relation to maintaining personal and financial records according to the relevant legislation;
• It is necessary for our legitimate interests (or those of a third party, including you) and there are no overriding interests under Article 6(f) of the UK GDPR and the EU GDPR. This is where we will communicate with you about potential jobs available, and, where relevant send marketing material; and
• We have your consent under Article 6(a) of the UK GDPR and the EU GDPR. This is where you agree either in writing or verbally for us to store and process your Personal Data.
On rare occasions we may need to use your Personal Data as follows:
• We need to protect your vital interests or someone else’s. This relates to life-or-death type scenarios.
7. Who we share your Personal Data with?
Your Personal Data may be shared internally at the TechStream Group for purpose of providing our recruitment services. Your Personal Data may also be shared as follows:
• Service Providers
This can include database management systems that we use to store data, finding prospective candidates and sharing that information with our clients.
• Sharing data with prospective employers and other third parties
This is essential to carry out our business and place candidates.
• Data transfer due to legal obligation
If we are obligated to transfer your Personal Data to a third party based on a legal obligation or in order to comply with applicable laws and governmental bodies, we will only do so in accordance with those laws (i.e.: DPA 2018, EU GDPR and UK GDPR). This may include for example, defending or pursuing legal claims, investigating fraud and co-operating with criminal investigations, such as complying with a subpoena, or similar legal process, or with the data protection supervisory authority.
8. Marketing
With your consent, we may contact you via email to promote our services. To start or stop receiving marketing from us, simply contact us via our job website portal.
Where we are legally required to obtain your consent to provide you with marketing material, we will only provide you with such marketing materials if you have provided consent for us to do so.
If you want to unsubscribe from mailing lists or any marketing, you should look for and follow the instructions we have provided in our relevant communications to you.
If you choose to unsubscribe from any or all marketing, we may retain information sufficient to identify you so that we can honour your request.
9. How long we will keep your Personal Data
We will only keep your Personal Data for as long as is necessary to fulfil the purposes we collected it for, which may include satisfying any legal, accounting, or reporting requirements. The retention period depends on the type of Personal Data and the reason we are processing it. Further details of retention periods are set out in the Schedule of Processing which can be found at the end of this document.
When calculating the appropriate retention period for your data, we consider the nature and sensitivity of the data, the purposes for which we are processing the data, and any applicable statutory retention periods. Using these criteria, we regularly review the Personal Data which we hold and the purposes for which it is held and processed.
When we determine that Personal Data can no longer be retained (or where we must comply with your request for us to delete your Personal Data in accordance with your right to do so) we ensure that this Personal Data is securely deleted or destroyed.
10. Security of your Personal Data
In order to protect your Personal Data, we put in place appropriate organisational and technical security measures. These measures include ensuring our internal IT systems are suitably secure and implementing procedures to deal with any suspected data breach.
In the unlikely event of a data breach, we will take steps to mitigate any loss or destruction of data and, if required, will notify you and any relevant supervisory authority of such a breach.
Although we use appropriate security measures once we have received your Personal Data, you will appreciate that the transmission of data over the internet (including by email) is never completely secure. We endeavour to protect Personal Data, but we cannot guarantee the security of data transmitted to or by us.
11. International Transfers
In order to provide our services, we may need to send your Personal Data outside the UK and, in some cases, outside the EEA. For example, although part of the Techstream Group is based only in the UK (Etonwood), other divisions of the Techstream Group have offices, not only in the UK, but in Europe (Spain & Germany) and in Africa, Asia and North America. It may therefore be necessary to transfer your Personal Data to our other offices outside the UK and/or the EEA. Also, it may be necessary to send your Personal Data outside the UK and/or the EEA in order to share it with third parties, such as, your prospective employer.
If we do transfer your Personal Data outside the UK and/or the EEA, we will ensure that it receives the same protection as if it were being processed inside the UK or the EEA. For example, we will ensure that the country we are sending it to has an adequacy decision issued by the European Commission. (Whilst the UK is no longer in the EU, the UK recognises all adequacy decisions already made by the European Commission). In the absence of an adequacy decision, TechStream will adopt other appropriate safeguards to protect your Personal Data, such as Standard Contractual Clauses (SCC) issued by the European Commission. Again, whilst the UK is no longer in the EU, the UK recognises the SCC for the time being. The SCC can be found here Standard Contractual Clauses (SCC) | European Commission (europa.eu)
12. Your Rights
You have rights under the data protection legislation and, subject to certain legal exemptions, we must comply when you inform us that you wish to exercise these rights. There is no charge, unless your requests are manifestly unfounded or excessive. In such circumstances, we may make a reasonable charge or decline to act on your request. Before we action your request, we may ask you for proof of your identity. Once in receipt of this, we will process the request without undue delay and within one month. In order to exercise your rights please contact gdpr@techstreamgroup.com
Your rights in connection with personal information are set out below.
• Subject Access Request
o You have a right to receive a copy of the Personal Data we hold about you.
• Rectification
o If any of the Personal Data we hold about you is incomplete or inaccurate, you have a right to have it corrected.
• Erasure
o This is also known as the “right to be forgotten”. You have a right to ask us to delete your Personal Data where there is no good reason for us to continue to process it. However, certain criteria apply and if we have a legitimate reason to continue processing your Personal Data, we will not be legally required to delete it.
• Objection
o You have a right to object where we are relying on legitimate interests as our lawful basis for processing your Personal Data but, in certain circumstances we may be able to continue with the processing. For example, if we have compelling legitimate grounds which override your interests, rights and freedoms or your Personal Data is needed for the establishment, exercise or defence of legal claims. However, you have an absolute right to object to us processing your Personal Data for direct marketing purposes.
• Restriction
o You have a right to ask us to restrict the processing of your Personal Data in certain circumstances. For example, you may require us to suspend processing information about you whilst checks are made to ensure it is accurate.
• Portability
o You have the right to ask us to transfer any Personal Data you have provided to us to another party, subject to certain criteria being satisfied. We will provide this Personal Data in a structured, commonly used and machine-readable format.
• Right to withdraw consent
o If you have given us your consent for the processing of your Personal Data, you can withdraw this at any time. Please note, the withdrawal has no effect on the legality of the data processing carried out in the past on the basis of your consent.
• Right to complain
o If you are unhappy with the way in which your personal information has been or is being processed, you have the right to make a complaint about it to the relevant supervisory authority. In the UK this is the Information Commissioner’s Office (ICO). They can be contacted at:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
13. Your obligations
If any of your Personal Data changes whilst you are a user of our services, it is important that you update the information within your account or otherwise notify us to ensure that the data we hold about you is accurate and up to date.
14. How to contact our Data Protection Officer
We have appointed a global Data Protection Officer (DPO) to handle data protection matters. You can contact via email dpo@dataprivacyadvisory.com or via gdpr@techstreamgroup.com
15. Questions or Concerns
You can contact us if you wish to complain about how we collect, store and/or use your Personal Data. It is our goal to provide the best possible remedy with regard to your complaints. However, if you are not satisfied with our answer, you can also contact the relevant supervisory authority
16. The Data Protection Principles
We will comply with the EU GDPR, UK GDPR and the DPA 2018. Article 5 of the UK GDPR and the EU GDPR contains the data protection principles, which require that Personal Data shall be:
• Processed lawfully, fairly and in a transparent way.
• Collected for specified, explicit and legitimate purposes and not used in any way that is incompatible with those purposes.
• Adequate, relevant and limited to what is necessary.
• Accurate and, where necessary, kept up to date.
• Kept for no longer than is necessary for the purposes we have told you about.
• Kept securely.
We operate according to the principles of the UK GDPR and the EU GDPR.
17. Changes to this Privacy Notice
We reserve the right to update this Privacy Notice from time to time. Updates to this Privacy Notice will be published on our website. To ensure you are aware of when we make changes to this Privacy Notice, we will amend the revision date at the top of this page. Changes apply as soon as they are published on our website. We therefore recommend that you visit this page regularly to find out about any updates that may have been made.
18. Schedule of Processing
Ref | Purpose of Processing | Type of Personal Data | Who has Access | Lawful Basis | Retention Period |
1. | Job application via the TechStream Group’s website | Identity/contact data and employment history | TechStream staff | Contract | 3 years from date of last meaningful contact for unsuccessful applicants and 6 years from the date the contract ends for successful placements. |
2. | Contacting candidates regarding job applications | Identity/contact data and employment history | TechStream staff | Contract | 3 years from date of last meaningful contact for unsuccessful applicants and 6 years from the date the contract ends for successful placements. |
3. | Onboarding candidates | Identity/contact data | TechStream staff | Contract | 3 years from date of last meaningful contact for unsuccessful applicants and 6 years from the date the contract ends for successful placements. |
4. | TechStream’s website profile creation | Identity/contact data | TechStream staff | Contract | 3 years from date of last meaningful contact for unsuccessful applicants and 6 years from the date the contract ends for successful placements. |
5. | Job applications via the direct job advert | Identity/contact data and employment history | TechStream staff | Contract | 3 years from date of last meaningful contact for unsuccessful applicants and 6 years from the date the contract ends for successful placements. |
6. | Candidates found on job board via the CV search function | Identity/contact data and employment history | TechStream staff | Legitimate interests | 3 years from date of last meaningful contact. |
7. | Candidates found on LinkedIn | Employment history and contact information. | TechStream staff | Legitimate interests | 3 years from date of last meaningful contact. |
8. | Candidates found via Headhunt | Identity/contact data | TechStream staff | Legitimate interests | 3 years from date of last meaningful contact. |
9. | Candidates found on Daxtra | Identity/contact data and employment history | TechStream staff | Legitimate interests | 3 years from date of last meaningful contact. |
10. | Candidates found via Broadbean | Identity/contact data and employment history | TechStream staff | Legitimate interests | 3 years from date of last meaningful contact. |
11. | Details stored on CRM systems – Permanent placements | Identity/contact data, employment history, and salary details. | TechStream staff | Contract | 6 years from date the placement ends. |
12. | Security checks using Verifile (Security checks) | Name, proof of address, and passport. | TechStream staff | Contract | 2 years from date the placement ends |
13. | Communications via email | Identity/contact data | TechStream staff | Legitimate interests or contractual obligation | 3 years (dependent on the subject matter of the email) from the date of the last meaningful contact |
14. | Financial information | Bank details, tax bills, receipts and statements, tax returns, sales tax records | TechStream staff | Legal obligation | 7 years from the date of the record |
15. | Financial Information | Tax-exemption documents and related correspondence, and annual returns information | TechStream staff | Legal obligation | Indefinitely |
16. | Right to work | Passport, national identity cards | TechStream staff | Legal obligation | 2 years from date the contract ends |
17. | Employment contracts | Contact details, salary details | TechStream staff | Legal obligation | 6 years from the contract ends. |
18. | Employee personal records | Contact details, attendance records, application forms, performance evaluations, training, qualifications, disciplinary records. | TechStream staff | Legal obligation | 6 years from the date the contract ends. |
19. | Sickness and absence records | Medical data | TechStream staff | Legal obligation | 6 years from the date the contract ends. |
20. | Equal opportunities and reasonable adjustments | Data relating to disabilities and ethnic background | TechStream staff | Legal obligation | 6 years from the date the contract ends |
21. | Legal Memoranda and opinions | Case files | TechStream staff | Legal obligation | 7 years after the case file is closed. |
22. | Litigation case files | Case files where proceedings have been initiated | TechStream staff | Legal obligation | 1 year after expiration of appeals |
23. | Court Orders | Court Orders (any other applicable documentation issued by the court) | TechStream staff | Legal obligation | Indefinitely |
24. | Insurance documentation | Insurance certificates, claims files, correspondence, medical records, insurance policies | TechStream staff | Legal obligation | Indefinitely |
25. | Corporate records | Company minutes, records of incorporation, annual corporate reports, licenses and permits) | TechStream | Legal obligation | Indefinitely |