At Stein IAS (“we”, “us”, or “our”) we are committed to protecting and respecting your privacy and Personal Data in compliance with the United Kingdom General Data Protection Regulation (“GDPR”), the Data Protection Act 2018 and all other relevant and applicable data protection laws and regulations.
As your Data Controller, Stein IAS will determine the purposes for which and the way any Personal Data is processed. Additionally, Stein IAS will be responsible for your personal data as well as compliance with data protection principles.
|Stein IAS Holdings LTD, 34 Bow Street,London, WC2E 7AU|
Privacy Contact Email:
ICO Registration Number:
Any inquiries about your data should be sent to the above email. It can also be sent directly to the company, if you prefer, in a letter to the listed address. We cannot guarantee prompt responses if physical mail is your chosen method of communication.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
“Personal Data” means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We collect, use, store and transfer different kinds of Personal Data about our applicants which we have outlined below. Not all the following types of data will necessarily be collected, but this is the full scope of data that could be collected from our applicants:
There are several justifiable reasons under the UK GDPR that allow the collection and processing of Personal Data. The main bases we rely upon are the following:
The lawful basis we rely on to process any information you provide as part of your application which is special category data, such as health, religious or ethnicity information is article 9(2)(b) of the UK GDPR, which relates to our obligations in employment and the safeguarding of your fundamental rights. And Schedule 1 part 1(1) of the DPA 2018 which again relates to processing for employment purposes is with your express Consent.
We’ll use all the information you provide during the recruitment process to progress your application with a view to considering your suitability for, and potentially offering you, an employment contract with us and, where required, to fulfil our legal or regulatory requirements.
We will not share any of the information you provide with any third parties for marketing purposes. We will share your application information with our parent company, MSQ Partners Limited. See section 2.6 below for further information.
We’ll use the contact details you give us to contact you to progress your application. We may also contact you to request your feedback about our recruitment process based on our legitimate interest in developing and improving our future recruitment campaigns.
We may ask you to participate in assessment tests and to complete tests; attend an interview; or a combination of these. Information will be generated by you and by us. For example, you might complete a written test, or we might take interview notes. This information is held by us.
If you are unsuccessful after assessment for the role, we may ask if you would like your details retained in our talent pool. If you say yes, we will proactively contact you should any further suitable vacancies arise.
As part of the application process, we offer applicants the opportunity to be included in our “talent pool” for a period of 1 (‘one’) year on the basis of consent within the meaning of Art. 6 Para. 1 lit. a. and Art. 7 UK GDPR. This consent is provided upon sign-up and is not necessary for your application. Your contact information will be processed to provide you with related job postings if you provide consent upon signup. This can be revoked in your application profile settings.
The application documents in the talent pool will be processed solely within the framework of future job advertisements and the employee search and will be destroyed at the latest after the deadline. Applicants are informed that their consent to be included in the talent pool is voluntary, has no influence on the current application process and that they can revoke this consent at any time for the future. Your standard UK GDPR rights apply.
We primarily obtain the data from applicants upon the initial application stage. If we do not collect the personal data directly from applicants, we will also tell you the source of the personal data.
Applicants will receive new content communications from us if you have created an account and chosen to opt into receiving those communications. From time to time we may make suggestions and recommendations to you about related job openings or Group news that may be of interest to you as an applicant.
The subsidiary marketing agencies that make up the MSQ Partners Limited group are controlled undertakings which, in accordance with the UK GDPR Art. 4 (19), Recital 37 + 48, allow for a legitimate interest in the MSQ Group accessing and controlling the processing of personal data during your application. MSQ Partners Limited are only administering the Applicant Tracking System (ATS) and do not process your data for any other purpose. Your data will not be shared with other agencies in the group, and MSQ will not access it for the purpose of evaluating your application.
We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your Personal Data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
As a data subject under the UK GDPR, you have the right in law to:
To exercise these rights, you can send an email to us at any point at the following email address: firstname.lastname@example.org
We will handle any request to exercise these rights in accordance with the relevant laws, but please note that these rights may not be absolute. We may refuse or deny a request in accordance with these rules, though where possible you will be informed why this is happening.
You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, if your request is clearly unfounded, we could refuse to comply with your request.
We may also need to request specific information from you to help us confirm your identity and ensure you have the right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response
You have the right to object at any time, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) or (f) of the UK GDPR; this also applies to profiling based on these provisions. We will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the assertion, exercise, or defence of legal claims.
If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling that is related to direct marketing.
You may delete your account at any time – this will remove your application account page from our systems and our related software.
Your application account information will be protected by a password for your privacy and security. You need to prevent unauthorized access to your account and personal information by selecting and protecting your password appropriately and limiting access to your computer or device and by signing off after you have finished accessing your account.
You can access information associated with your application account by logging into your account you created with us.
California Privacy Rights: Under California Civil Code sections 1798.83-1798.84, California residents are entitled to ask us for a notice identifying the categories of personal customer information which we share with our affiliates and/or third parties for marketing purposes and providing contact information for such affiliates and/or third parties. If you are a California resident and would like a copy of this notice, please submit a written request to email@example.com
We are concerned with keeping your data secure and protecting it from inappropriate disclosure. Any Personal Data collected by us is only accessible by a limited number of employees who have special access rights to such systems and are bound by obligations of confidentiality. When we use subcontractors to store your data, we will not relinquish control of your Personal Data or expose it to security risks that would not have arisen had the data remained in our possession.
However, unfortunately no transmission of data over the internet is guaranteed to be completely secure. It may be possible for third parties not under our control to intercept or access transmissions or private communications unlawfully. While we strive to protect your Personal Data, we cannot ensure or warrant the security of any Personal Data you transmit to us. Any such transmission is done at your own risk. If you believe that your interaction with us is no longer secure, please contact us at firstname.lastname@example.org
You will only receive emails with related roles and news if you have actively opted-in upon signup. This will add you to our talent pool. Applicants can ask us to stop this service at any time by unsubscribing in your profile.
Where applicants opt out of receiving these vacancies, we will continue to retain other Personal Data provided to us as a result of interactions with us not related to your job vacancy preferences.
We may share non-Personal Data with third parties. We may share your Personal Data with Subprocessors for screening and with your consent. The Subprocessors are also subject to our confidentiality obligations to use it only for the purposes for which we disclose it to them and pursuant to our instructions.
Linkedin / Linkedin Recruiter
Vacancies at Stein IAS may be listed on Linkedin / Linkedin Recruiter. Stein IAS relies on a 3rd party recruitment consultancies ( Linkedin / Linkedin Recruiter) to assist in our applicant management and filtering process. Access to your data is only provided for this purpose, and the consultancies is bound by a Data Processing Agreement (DPA) to ensure your data is processed safely.
Stein IAS relies on the Linkedin/ Linkedin administer and manage applicants. Linkedin / Linkedin Recruiter uses the following Subprocessors:
Vacancies at Stein IAS may be listed on Indeed.com. Stein IAS relies on Indeed to assist in our applicant management and filtering process. Access to your data is only provided for this purpose, and the consultancies is bound by a Data Processing Agreement (DPA) to ensure your data is processed safely.
Stein IAS relies on Indeed to administer and manage applicants.
Vacancies for jobs at Stein IAS will be listed on the Stein IAS website. www.steinias.com
Application from Steinias.com uses the following Subprocessors:
Iomart – Process: Data capture – Location: Manchester UK
Microsoft- Process: Office 365 – Location: European Union
We store applicant documents for a period of six months if the application does not lead to an employment relationship and no further storage has been agreed.
Date: 05 October 2022