It describes how we collect, use and process your personal data, and how, in doing so, we comply with our legal obligations to you. Your privacy is important to us, and we are committed to protecting and safeguarding your data privacy rights.
What kind of personal data do we collect?
Candidate Data: To provide the best possible employment opportunities that are tailored to you, we need to process certain information about you. We only ask for details that will genuinely help us to help you, such as your name, contact details, education details, employment history, emergency contacts, proof of right to work in the UK, (and of course you may choose to share other relevant information with us). Where appropriate and in accordance with other requirements, we may also collect information related to your health and ability.
Several elements of the personal data we collect from you are required to enable us to fulfil our contractual duties to you or to others. For example, dates of birth and National Insurance numbers, are required by HMRC. Other items may simply be needed to ensure that our relationship can run smoothly.
Depending on the type of personal data in question and the grounds on which we may be processing it, should you decline to provide us with such data, we may not be able to fulfil our contractual requirements or, in extreme cases, may not be able to continue with our relationship.
Client Data: The data we collect is minimal. We need to have a name, job title and contact details during finding candidates who are the right fit for your organisation, and to enable us to ensure that our relationship runs smoothly.
People whose data we receive from Candidates and staff, such as referees and emergency contacts: We would only ever ask for very basic contact details, so that we can get in touch with you either for a reference or because you’ve been listed as an emergency contact for one of our Candidates or Staff members.
Website Users: We collect a limited amount of data from our website users, which we use to help us to improve your experience when using our website and to help us manage the services we provide. This includes information such as how you use our website, the frequency with which you access our website, and the times that our website is most popular.
How do we collect your personal data?
Candidate Data: There are a few main ways in which we collect your personal data:
Leaving a hard copy CV at a Strata recruitment event, job fair or office;
Emailing your CV to one of our team, or being interviewed by them;
Entering your personal details into or applying for jobs through certain job boards;
Client Data: There are two main ways in which we collect your personal data:
Directly from you; and
From third parties (e.g. candidates) and other limited sources (e.g. online and offline media).
People whose data we receive from Candidates and staff, such as referees and emergency contacts: We collect your contact details only where a candidate or a member of our staff puts you down as their emergency contact or where a candidate gives them to us for you to serve as a referee.
Website Users: We collect your data automatically via cookies when you visit our website, in line with cookie settings in your browser. We will also collect data from you when you contact us via the website, for example by using the contact form.
How do we use your personal data?
Candidate Data: The main reason for using your personal details is to help you find employment in roles that are suitable for you. The more information we have about you, your skillset and your ambitions, the more bespoke we can make our service. We’ve listed below various ways in which we may use and process your personal data for this purpose. Please note that this list is not exhaustive.
Storing your details (and updating them when necessary) on our database, so that we can contact you in relation to recruitment;
Providing you with our recruitment services and to facilitate the recruitment process;
Assessing data about you against vacancies which we think may be suitable for you;
Sending your information to clients to apply for jobs or to assess your eligibility for jobs;
Carrying out our obligations arising from any contracts entered between us;
Carrying out our obligations arising from any contracts entered between Strata and third parties in relation to your recruitment;
Facilitating our invoicing processes;
Complying with our legal obligations in connection with the detection of crime or the collection of taxes or duties.
Client Data: The main reason for using information about clients is to ensure that the contractual arrangements between us can properly be implemented so that the relationship can run smoothly by finding the candidates best suited to your organisation. The more information we have, the more bespoke we can make our service.
People whose data we receive from Candidates and staff, such as referees and emergency contacts: We only use referees’ personal data to help our candidates to find employment which is suited to them. If we can verify their details and qualifications, we can make sure that they are well matched with prospective employers. We only use the personal details of emergency contacts in the case of an accident or emergency affecting that candidate or member of staff.
Website Users: We use IP addresses to analyse trends, administer the site, track user’s movement, and gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information.
Please note that communications to and from Strata staff including emails may be reviewed as part of internal or external investigations or litigation.
Who do we share your personal data with?
Candidate Data: Primarily we will share your information with prospective employers to increase your chances of securing the job you want. There is potential it could be accessed through third parties who perform functions on our behalf, such as our IT consultants during carrying out their duties, lawyers or auditors.
Client Data: We would share your details with a candidate to arrange interviews, to be able to supply you with our service. There is also the potential it could be accessed through third parties who perform functions on our behalf, such as our IT consultants during carrying out their duties, or lawyers, auditors, or accountants.
People whose data we receive from Candidates and staff, such as referees and emergency contacts: While we would never ‘share’ your data, as with the others, there is potential it could be accessed through third parties who perform functions on our behalf, such as our IT consultants during carrying out their duties, or auditors.
Website Users: Unless you specify otherwise, we may share your information with providers of web analytics services,
How do we safeguard your personal data?
We are committed to taking all reasonable and appropriate steps to protect the personal information that we hold from misuse, loss, or unauthorised access. We do this by having in place a range of appropriate technical and organisational measures. These include measures to deal with any suspected data breach. All technology-based information is held on a secure server bank which is protected by multiple advanced firewalls. While we use encryption to protect sensitive information online, we also do everything in our power to protect user-information off-line. All of our users’ information, not just sensitive information is restricted in our offices and within our web development partners server system. Only employees who need the information to perform a specific job are granted access to personally identifiable information.
If you suspect any misuse or loss of or unauthorised access to your personal information, please let us know immediately by contacting us on 01242 244 767 or emailing , or by using the contact us form on our website.
Alternatively, you can contact the ICO directly on 0303 123 1113 or at
How long do we keep your personal data for?
If we have not had meaningful contact with you (or, where appropriate, the company you are working for or with) for a period of six years, we will delete your personal data from our systems unless we believe in good faith that the law or other regulation requires us to preserve it (for example, because of our obligations to tax authorities or in connection with any anticipated litigation).
When we refer to “meaningful contact”, we mean, for example, communication between us (either verbal or written), or where you are actively engaging with our services. If you are a candidate we will consider there to be meaningful contact with you if you submit your updated CV either directly or through a third party. We will also consider it meaningful contact if you communicate with us about potential roles, either by verbal or written communication or click through from any of our marketing communications. Your receipt, opening or reading of an email or other digital message from us will not count as meaningful contact – this will only occur in cases where you click-through or reply directly.
How can you access, amend or take back the personal data that you have given to us?
Even if we already hold your personal data, you still have various rights in relation to it. To get in touch about these, please email firstname.lastname@example.org. We will seek to deal with your request without undue delay, and in any event in accordance with the requirements of any applicable laws. Please note that we may keep a record of your communications to help us resolve any issues which you raise.
Right to object: If we are using your data because we deem it necessary for our legitimate interests to do so, and you do not agree, you have the right to object. We will respond to your request within 30 days (although we may be allowed to extend this period in certain cases). Generally, we will only disagree with you if certain limited conditions apply.
Right to withdraw consent: Where we have obtained your consent to process your personal data for certain activities (for example, for profiling your suitability for certain roles), you may withdraw your consent at any time.
Data Subject Access Requests (DSAR): You have the right to ask us to confirm what information we hold about you at any time, and you may ask us to modify, update or delete such information.
Right to erasure: In certain situations (for example, where we have processed your data unlawfully), you have the right to request us to “erase” your personal data. We will respond to your request within 30 days (although we may be allowed to extend this period in certain cases) and will only disagree with you if certain limited conditions apply. If we do agree to your request, we will *delete your data. Due to us not being able to keep records of people who have asked to be deleted, there is a slim chance that we request your consent in the future if we receive your details in unrelated circumstances.
*Delete– while we will endeavour to permanently erase your personal data once it reaches the end of its retention period or where we receive a valid request from you to do so, some of your data may still exist within our systems, for example if it is waiting to be overwritten. For our purposes, this data has been put beyond use, meaning that, while it still exists on an archive system, this cannot be readily accessed by any of our operational systems, processes or staff.
Right of data portability: If you wish, you have the right to transfer your data from us to another data controller.
Right to lodge a complaint with a supervisory authority.
What are cookies and how do we use them?
If you want to check or change what types of cookies you accept, this can usually be altered within your browser settings.
How to reject cookies
Most web browsers will accept cookies but if you would rather we didn’t collect data in this way you can choose to accept all or some or reject cookies in your browser’s privacy settings. However, rejecting all cookies means that you may not be able to take full advantage of all our website’s features. Each browser is different, so check the “Help” menu of your browser to learn how to change your cookie preferences.
For more information generally on cookies, including how to disable them, please refer to aboutcookies.org. You will also find details on how to delete cookies from your computer.
Establishing, Exercising or defending legal claims
Sometimes it may be necessary for us to process personal data and, where appropriate, sensitive personal data in connection with exercising or defending legal claims. Article 9(2)(f) of the GDPR allows this where the processing “is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity”.
This may arise for example where we need to take legal advice in relation to legal proceedings or are required by law to preserve or disclose certain information as part of the legal process.