- About us
- What we do
- Workforce solutions
- Employer branding
- Gattaca Projects
- IR35 hub
- Start Hiring
- Results centre
- Regulatory news
- Shareholder information
- Attract, engage and retain talent
- Control workforce cost and risk
- Optimise workforce strategies
- Workforce events & resources
- Building STEM futures
- Workforce insights
- Client portal
Privacy & Cookies Statement
If you require our privacy statement on how we collect and use your data in our North America regions please click here.
Privacy & Cookies Statement (version 8 updated May 2023)
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By visiting our website (“our site”) you are accepting and consenting to the practices described in this statement.
This statement will be updated from time to time and the most current version will always be available on our website.
Who are we?
We are Gattaca Plc, and this privacy statement applies to our Group companies in the UK, EU and internationally, excluding citizens residing and native to North and South America where the above linked statements will apply. Please click here for further details on the entities in which the below statement applies.
For the purpose of the General Data Protection Regulation (Regulation (EU) 2016/679) (the GDPR), the data controller is Gattaca Plc or the relevant subsidiary as detailed above.
What is the purpose of this statement?
We are committed to protecting the privacy and security of your personal information.
This privacy statement describes how we collect and use personal information about you during and after your working relationship with us, in accordance with the GDPR as updated from time to time. It applies to all clients, candidates and contractors, referees, and investors. Employees of Gattaca Plc should refer to the Group’s Employee Privacy Statement, which is available on the intranet.
We will comply with data protection law. This says that the personal information we hold about you must be:
1. Used lawfully, fairly and in a transparent way.
2. Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
3. Relevant to the purposes we have told you about and limited only to those purposes.
4. Accurate and kept up to date.
5. Kept only as long as necessary for the purposes we have told you about.
6. Kept securely.
Our legal basis for using your personal data
For prospective candidates, candidates, contractors, referees, and clients, we will only collect, store, use, process, transfer and disclose personal data in so far as it is necessary for our legitimate interests in that we need the information in order to assess suitability for potential roles, to find potential candidates, to make payments to contractors and to contact clients and referees.
For prospective candidates, candidates, and contractors, we may also rely on the need to comply with a legal obligation to transfer and disclose personal data in relation to you.
For prospective candidates and candidates, we may rely on contract if we are negotiating or have entered into a placement agreement with you in order to process special category personal data about you, please see below.
What personal data will we collect from you?
Throughout your dealings with us, calls may also be monitored for training and quality purposes, depending on the applicable local laws and requirements. We may collect, store, and process the following categories of personal data:
1. Personal data you give us
You may give us personal data by filling in forms on our site or by corresponding with us by phone, e-mail or otherwise. This includes information you provide when you register to use our site, subscribe to our service, submit your CV (Curriculum Vitae) to us and when you report a problem with our site. Throughout your dealings with us, calls may also be monitored for training and quality purposes and on occasion these may be transcribed.
Here are some examples of the type of personal data you may give us:
- personal contact details such as name, title, addresses, telephone numbers, and personal email addresses;
- date of birth;
- next of kin and emergency contact information;
- National Insurance number;
- bank account details
- payroll records and tax status information;
- recruitment information (including copies of right-to-work documentation, references and other information included in a CV or cover letter or video recordings, call recordings or the transcription of calls as part of the application process);
- results of HMRC employment status check;
- details of your interest in and connection with the intermediary through which your services are supplied.
contact details (including email and telephone number) and photographic information where you visit our premises.
2. Special category personal data
We may collect and process special category or more sensitive personal data only so far as is necessary to ensure we conform to legal or contractual requirements, such as equal opportunities laws or obligations imposed upon us by our clients (to enable them to comply with their own legal requirements).
Special category data is information about any of the following:
- religious beliefs
- sex life
- sexual orientation
- political opinions
- trade union membership
- genetics and biometrics
In addition, as part of our commitment to equality of opportunity and to monitor compliance with our Equal Opportunities and Diversity policy, we may ask you to complete an equality monitoring form, information is provided voluntarily and on an anonymous basis for statistical analysis. It is not stored with your other personal records.
3. Criminal offence data
We may collect and process data related to criminal allegations, proceedings, convictions, offences, or related security measures only under the control of an official authority or when authorised by applicable law.
We may also collect the following type of personal data when you visit our site(s) or call us:
- technical information, including the internet protocol (IP) address used to connect your computer to the internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system, and platform;
- information about your visit, including the full uniform resource locators (URL) clickstream to, through and from our site (including date and time); page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page;
- any phone number used to call our consultants.
- a digital recording of the telephone conversation may be recorded and transcribed; and
- a telephone number of both parties (internal and external)
5. Personal data we receive from other sources
We may receive personal data about you if you use any of the other sites we operate or the other services we provide, which could also be via any telephone systems or social media applications. We also work closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, and credit reference agencies) and may receive information about you from them.
We use LinkedIn and job boards, online curriculum vitae libraries; and their affiliate partners as publicly available sources of personal data for recruitment purposes. We may also receive information about you by word of mouth, for example by a recommendation from a friend, former or current employer(s) or former or current colleague(s).
How will we use your personal data?
We will only use your personal data when the law allows us to.
Most commonly, we will use your personal data in the following circumstances:
- to make it (including your CV) available to our consultants in connection with the recruitment process, unless you request otherwise;
- if you have applied for a job the information you provide, including your CV identifying you by name, will be used to determine your suitability for the position and, if applicable, in determining terms of employment or engagement;
- if your application is progressed further, details may be disclosed to third parties (such as educational institutions, present and past employers, our employees and directors, credit reference agencies, insurance companies etc.) for reasons such as the verification of, or obtaining extra, information or providing you with a quote for insurances should this be required;
- for the purposes of ensuring the validity of right to work documents and other ID your details may be disclosed to an identity verification company who will conduct a soft credit check as part of the verification. This check, although present on your credit file, will not affect your credit score;
- if your application is unsuccessful, we may try to find you employment or work with alternative clients and may, therefore, disclose your details to other prospective employers and clients in connection with the recruitment process (which for these purposes includes the process of gaining employment and any ongoing administrative process involved, unless you tell us otherwise);
- if required by law or for the purposes of our business requirements (e.g., to auditors or third-party service suppliers such as training companies that work to keep our candidate base up to date with trade related competencies);
- to provide you with information about other services and opportunities we offer that are similar to those that you have already enquired about;
- to contact you about industry and sector specific information that might be of interest to you;
- to deal with legal disputes involving you, or other employees, workers, contractors, or clients, including accidents at work;
- to carry out our obligations arising from any contracts we intend to enter into or have entered into between you and us;
- to notify you about changes to our service; • to pay you and, if you are an employee or deemed employee for tax purposes, deduct tax and National Insurance contributions (NICs); • to administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- to improve our site to ensure that content is presented in the most effective manner for you and for your computer;
- to allow you to participate in interactive features of our service, when you choose to do so;
- to personalise the content displayed on our website in order to present you with more relevant jobs and content based on your interests;
- to set up an online profile for you on our site. • as part of our efforts to keep our site safe and secure;
- to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you;
- to make suggestions and recommendations to you and other users of our site about services that may interest you or them in management information used to monitor recruitment initiatives and equal opportunities policies; and;
- in management information, used to monitor recruitment initiatives and equal opportunities policies;
- to assist in the quality monitoring of staff performance.
- to identify training needs; and
- to ensure the Company is able to monitor and adhere to quality standards.
How will we share or disclose your personal data?
Most commonly, we will share your personal data with members of our Group. This is to enable us to provide you with the best service possible, and to benefit from the specialist knowledge and experience of our relevant brands.
Additionally, we may share your personal data with selected third parties including:
- prospective employers and/or clients and other recruitment agencies or other recruitment businesses for the purposes of assessing your suitability.
- relevant third-party partners, including job boards, payroll service providers and audit and assessment companies;
- insurance companies that require the data to contact you with a quote for business insurances (where appropriate);
- advertisers and advertising networks that require the data to select and serve relevant adverts to you and others;
- analytics and search engine providers, some of which may be overseas, that assist us in the improvement and optimisation of our site and with the verification of placements; and
- identity verification companies for the purpose of validating right to work documents and ID documents;
- in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;
- if we or one of our subsidiaries has substantially all of its assets acquired by a third party, in which case personal data held by it about its candidates and clients will be one of the transferred assets; and
Where is your personal data stored?
Information can be provided to us in different forms, Gattaca have put in appropriate security measures to protect the data we receive, and we will do our best to protect your personal data, although the transmission of information via the internet is not completely secure, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access, misuse, or loss.
If you suspect any unauthorised access to or misuse or loss of your data, please contact us immediately using our contact details here.
How long do we keep your personal data?
We only retain your information for as long as is necessary for us to use your information as described above or to comply with our legal obligations. If we assess that processing your data is no longer necessary, we may delete or anonymise that data.
As a guide, however, we keep your personal data in accordance with the following data retention principles:
Candidate personal data and call recordings (including transcription is applicable) – after 5 years since the last contact with you, where contact means addition of your personal data to our database, placement into a role or there is a record of verbal (oral or written) communication with you, we will delete your data. ‘Candidate’ includes applicants for all vacancies we advertise, including permanent, part-time, and temporary positions with any of our clients. This also includes individuals put forward by any of our clients. Call recordings and transcriptions may be deleted earlier than 5 years if necessary.
Contractor financial data – after 7 years since the last payment made to you, we will delete your data. Contractors includes any Candidate who we have placed and made a payment to.
Client Records – after 8 years from the last contact with you, we will delete your data.
Web Accounts – after 2 years since the last time you successfully logged into the platform, we will delete your data.
Visitor Management System – after 1 years may be deleted earlier than 1 year if necessary.
Please be advised that we may retain some of your information after you cease to use our services, for instance if this is necessary to meet our legal obligations, such as retaining the information for tax and accounting purposes.
When determining the relevant retention periods, we will take into account factors including:
- our contractual obligations legal obligation(s) under applicable law to retain data for a certain period of time;
- our legitimate interests where we have carried out a balancing test statute of limitations under applicable law(s);
- any (potential) disputes;
- if you have made a request to have your information deleted; and guidelines issued by relevant data protection authorities.
Otherwise, we will endeavour to permanently delete or anonymise your personal data once it reaches the end of its retention period. In some cases, for archiving purposes, your data may still exist in within our systems; this data will be put beyond operational use, meaning that while it still exists on a system, operational systems, processes, or staff cannot readily access it.
Use of automated profiling tools
We do not carry out any automated profiling in our recruitment process.
Direct Digital Marketing
Gattaca Plc do not market to our candidates or contractors, we do however send industry and sector related updates from time to time that may be of interest to you.
Occasionally we do send e-marketing campaigns to client contacts
If you do not wish to receive any communications from us, you can manage your preferences here.
Transfer of data outside of the UK and European Economic Area
Your personal data may be transferred internationally in the following circumstances:
- between and within our Group;
- to third parties (such as advisers or other suppliers to our Group);
- to overseas clients;
- to clients within your country who may, in turn, transfer your data internationally; and
- to a cloud-based storage provider.
We want to make sure that your personal data is stored and transferred in a way, which is secure. We will therefore only transfer data outside of the UK and European Economic Area (EEA) where it is compliant with data protection legislation and the means of transfer provides adequate safeguards in relation to your data, for example:
- by way of data Intra Group Transfer Agreements incorporating the current standard contractual clauses adopted by the European Commission or UK for the transfer of personal data by data controllers in the EEA or UK to data controllers and processors in jurisdictions without adequate data protection laws;
- transferring your data to a country where there has been a finding of adequacy by the European Commission or UK in respect of that country's levels of data protection via its legislation;
- where it is necessary for the conclusion or performance of a contract between ourselves and a third party and the transfer is in your interests for the purposes of that contract (for example, if we need to transfer data outside the EEA or UK in order to meet our obligations under that contract if you are a client of ours); or
- where you have consented to the data transfer.
Access to and correction of your information
Your duty to inform us of changes
- It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.
Your rights in connection with personal data
Under certain circumstances, by law you have the right to:
- request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected;
- request deletion of your personal information. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it.
- You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below);
- object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes;
- request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it; and
- request the transfer of your personal data to another party.
If you want to verify, correct, or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal data to another party, please contact email@example.com in writing. You also have the right to:
- request access to your personal data (commonly known as a “data Subject Access Request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
If you want to access your personal data, please email SAR@gattacaplc.com detailing what information you require, and confirming your full name and postal address as a way of confirming your identity.
We will confirm with you what the response date will be, which will usually be within one month. We are entitled to refuse the request if it is deemed excessive or a repetition of a previous request.
Cookies contain information that is transferred to your computer's hard drive or device. Important things for you to know about cookies are:
- they are not used to identify you personally - we will not pass your data on to advertising networks or other third parties;
- any third-party links to social media channels only deploy third party cookies if you have already signed up to those channels and are logged in;
- you will normally see a message on the site before we store a cookie on your computer; and
- cookies also remember notifications you may have already seen so that you don't get shown them again.
We analyse the operation of our website and users’ website behaviour to improve the website and its usefulness via Google Analytics (a freemium web analytics service offered by Google that tracks and reports website traffic). This includes analysing application data such as the data source, number of applicants etc.
We use Google Analytics software to collect information about how our websites are used. This means we can make sure we are meeting the needs of our users and make continuous improvements based on this information.
Google Analytics stores information about:
- the web pages visited by users;
- the length of time users spend on each web page;
- how a user came to the site (e.g., 3rd party link, social media channel, organic search); and
- what clicks are made while a user is visiting the site.
We do not collect or store your personal information (e.g., your name or address); stored cookies cannot be used to identify who you are.
We may at times utilise personalisation. Personalisation enhances your experience by providing personalised content and features, including more relevant adverts based on a user’s activity on our website (e.g. a page visit, a job search, a vacancy submission, a download).
We use the following cookies:
- essential cookies: these are cookies that are required for the operation of our site. They include, for example, cookies that enable you to log into secure areas of our site;
- analytical/performance cookies: they allow us to recognise and count the number of visitors and to see how visitors move around our site when they are using it. This helps us to improve the way our site works, for example, by ensuring that users are finding what they are looking for easily;
- functionality cookies: these are used to recognise you when you return to our site. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of region); and
- targeting cookies: these cookies record your visit to our site, the pages you have visited and the links you have followed. We will use this information to make our site and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.
Cookies on Gattaca Plc and subsidiaries:
|Google Analytics||Tracks user activity, page visits, conversions (e.g., job applications, vacancy submissions, form downloads)||Analytics|
|Google Ads||Tracks user activity if user has come through via one of our google ads (e.g., job applications, vacancy submissions, form downloads)||Marketing and Analytics|
|Unbounce||Used to track a user that has activity on one of our landing pages built on the Unbounce platform||Analytics|
|Bullhorn Automation||Used to track user activity such as page visits||Analytics|
chat app tracks if a user has visited a certain page on our website
|Indeed||Tracks if user has completed a job application that originally came from the Indeed website.||Analytics|
|Appcast||Tracks if user has completed a job application that originated from a job board sourced through Appcast||Analytics|
|Used for Remarketing||Marketing and Analytics|
|Tracks user activity, page visits||Marketing and Analytics|
|LeadForensics||Tracks user activity, page visits||Analytics|
|RadiumOne||Tracks user activity, page visits||Analytics|
How long cookies last
We us persistent cookies, which last for a fixed period time that is defined within each cookie (unless a user ‘clears’ the cookie), and allow our websites to recognise devices again when a user returns to that website on that device.
Opting out of Google Analytics:
You can opt out of Google Analytics by installing the Google Analytics Browser Opt-out Browser Add-on.
You may block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site.
For more information on Google’s uses of information, click here.
Changes to our privacy statement
Any changes we may make to our privacy statement in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy statement.
Links to other sites
Our site may, from time to time, contain links to and from the sites of our partner networks, advertisers, and affiliates. If you follow a link to any of these sites, please note that these sites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these sites.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
How will we contact you?
We may contact you by phone or email. You can update your contact preferences here . Any changes to your preferences will be updated within one month of your request.
How can you contact us?
To contact us with any queries around data or this privacy statement, you can contact us in the following ways:
Post: Compliance Team, Gattaca Plc, 1450 Parkway, Solent Business Park, Whiteley, Fareham, PO15 7AF
Please note we may keep a record of your communications to help us resolve any issues, which you raise.
How can you contact the supervisory authority?
The supervisory authority in the UK is the Information Commissioner's Office (ICO). You can contact them in the following ways:
Phone: 0303 123 1113
Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
If you are based in the EU, you can contact your local supervisory authority.