external-linkgrid-blockgrid-listicon-playmute-icon speakerimage/svg+xml

Application Portal Privacy Policy


Important information and who we are

Welcome to Stein IAS’s “Application Portal Privacy Policy”.

At Stein IAS (“we”, “us”, or “our”) we are committed to protecting and respecting your privacy and Personal Data in compliance with the United Kingdom General Data Protection Regulation (“GDPR”), the Data Protection Act 2018 and all other relevant and applicable data protection laws and regulations.

This Privacy Policy is only applicable to prospective employees of Stein IAS (hereinafter referred to as “applicants”) who wish to work for (or with) us. For Stein IAS’s full privacy policy, applicable in all other circumstances, kindly visit www.steinias.com/privacy

As your Data Controller, Stein IAS will determine the purposes for which and the way any Personal Data is processed. Additionally, Stein IAS will be responsible for your personal data as well as compliance with data protection principles.


Stein IAS Holdings LTD, 34 Bow Street,London, WC2E 7AU

Privacy Contact Email:


ICO Registration Number:


Any inquiries about your data should be sent to the above email. It can also be sent directly to the company, if you prefer, in a letter to the listed address. We cannot guarantee prompt responses if physical mail is your chosen method of communication.

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.


1.1 Types of Data / Policy Scope

Personal Data” means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We collect, use, store and transfer different kinds of Personal Data about our applicants which we have outlined below. Not all the following types of data will necessarily be collected, but this is the full scope of data that could be collected from our applicants:

  • Contact Data: This covers any data relating to your phone number, addresses, email addresses, phone numbers.
  • Application Data: This includes; applicants name (or organizations name), employment information, educational information.
  • Communications Data: This is your preferences in receiving information from us related to your job preferences. This could be, for example, similar job openings related to your initial application.
  • Technical Data: This is your IP address, browser type and version, time zone setting and location, operating system and platform, and other technology on the devices you use to engage with us.

1.2 The Legal Basis for Collecting That Data

There are several justifiable reasons under the UK GDPR that allow the collection and processing of Personal Data. The main bases we rely upon are the following:

  • Consent”: Certain situations allow us to collect your Personal Data, such as when you tick a box that confirms you are happy to receive email newsletters from us, or ‘opt in’ to a service.
  • Contractual Obligations”: We may require certain information from you in order to fulfil our contractual obligations and provide you with the promised service.
  • Legal Compliance”: We’re required by law to collect and process certain types of data, such as fraudulent activity or other illegal actions.
  • Legitimate Interest”: We might need to collect certain information from you to be able to meet our legitimate interests - these cover aspects that can be reasonably expected as part of running our business, that will not have a material impact on your rights, freedom or interests. Examples could be your address, so that we know where to deliver something to, or your name, so that we have a record of who to contact moving forwards. When legitimate interest is relied upon, we will conduct a Legitimate Interest Assessment (LIA) to validate the processing is not considered unfair or infringing on the data protection rights of any individuals we work with.

The lawful basis we rely on to process any information you provide as part of your application which is special category data, such as health, religious or ethnicity information is article 9(2)(b) of the UK GDPR, which relates to our obligations in employment and the safeguarding of your fundamental rights. And Schedule 1 part 1(1) of the DPA 2018 which again relates to processing for employment purposes is with your express Consent.


2.1 What will we do with the application data?

We’ll use all the information you provide during the recruitment process to progress your application with a view to considering your suitability for, and potentially offering you, an employment contract with us and, where required, to fulfil our legal or regulatory requirements.

We will not share any of the information you provide with any third parties for marketing purposes. We will share your application information with our parent company, MSQ Partners Limited. See section 2.6 below for further information.

We’ll use the contact details you give us to contact you to progress your application. We may also contact you to request your feedback about our recruitment process based on our legitimate interest in developing and improving our future recruitment campaigns.

2.2 Assessments & offers

We may ask you to participate in assessment tests and to complete tests; attend an interview; or a combination of these. Information will be generated by you and by us. For example, you might complete a written test, or we might take interview notes. This information is held by us.

If you are unsuccessful after assessment for the role, we may ask if you would like your details retained in our talent pool. If you say yes, we will proactively contact you should any further suitable vacancies arise.

2.3 How do we utilise a talent pool?

As part of the application process, we offer applicants the opportunity to be included in our “talent pool” for a period of 1 (‘one’) year on the basis of consent within the meaning of Art. 6 Para. 1 lit. a. and Art. 7 UK GDPR. This consent is provided upon sign-up and is not necessary for your application. Your contact information will be processed to provide you with related job postings if you provide consent upon signup. This can be revoked in your application profile settings.

The application documents in the talent pool will be processed solely within the framework of future job advertisements and the employee search and will be destroyed at the latest after the deadline. Applicants are informed that their consent to be included in the talent pool is voluntary, has no influence on the current application process and that they can revoke this consent at any time for the future. Your standard UK GDPR rights apply.

2.4 Sources of Data

We primarily obtain the data from applicants upon the initial application stage. If we do not collect the personal data directly from applicants, we will also tell you the source of the personal data.

2.5 Content Updates & Communications

Applicants will receive new content communications from us if you have created an account and chosen to opt into receiving those communications. From time to time we may make suggestions and recommendations to you about related job openings or Group news that may be of interest to you as an applicant.

2.6 How is my applicant data shared within the MSQ Group?

The subsidiary marketing agencies that make up the MSQ Partners Limited group are controlled undertakings which, in accordance with the UK GDPR Art. 4 (19), Recital 37 + 48, allow for a legitimate interest in the MSQ Group accessing and controlling the processing of personal data during your application. MSQ Partners Limited are only administering the Applicant Tracking System (ATS) and do not process your data for any other purpose. Your data will not be shared with other agencies in the group, and MSQ will not access it for the purpose of evaluating your application.

2.7 Change of Purpose

We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your Personal Data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.


3.1 What Rights Do I Have Over Stein IAS’s Use of My Personal Data?

As a data subject under the UK GDPR, you have the right in law to:

  • Information, in accordance with Art. 15 UK GDPR,
  • Rectification, in accordance with Art. 16 UK GDPR,
  • Data erasure ("right to be forgotten"), in accordance with Art. 17 UK GDPR, 
  • Limitation of processing, pursuant to Art. 18 UK GDPR, 
  • Data portability, according to Art. 20 UK GDPR and/or 
  • Objection to the processing, pursuant to Art. 21 UK GDPR.

To exercise these rights, you can send an email to us at any point at the following email address: privacy@steinias.com

We will handle any request to exercise these rights in accordance with the relevant laws, but please note that these rights may not be absolute. We may refuse or deny a request in accordance with these rules, though where possible you will be informed why this is happening.

You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, if your request is clearly unfounded, we could refuse to comply with your request.

We may also need to request specific information from you to help us confirm your identity and ensure you have the right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response

3.2 Information On The Right To Object Pursuant To Article 21 (4) UK GDPR

You have the right to object at any time, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) or (f) of the UK GDPR; this also applies to profiling based on these provisions. We will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the assertion, exercise, or defence of legal claims.

If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling that is related to direct marketing.

3.3 What Control Do I Have Over My Application Account With Stein IAS?

You may delete your account at any time – this will remove your application account page from our systems and our related software.

Your application account information will be protected by a password for your privacy and security. You need to prevent unauthorized access to your account and personal information by selecting and protecting your password appropriately and limiting access to your computer or device and by signing off after you have finished accessing your account.

You can access information associated with your application account by logging into your account you created with us.

California Privacy Rights: Under California Civil Code sections 1798.83-1798.84, California residents are entitled to ask us for a notice identifying the categories of personal customer information which we share with our affiliates and/or third parties for marketing purposes and providing contact information for such affiliates and/or third parties. If you are a California resident and would like a copy of this notice, please submit a written request to privacy@steinias.com

3.4 How Do We Protect Applicant Personal Data?

We are concerned with keeping your data secure and protecting it from inappropriate disclosure. Any Personal Data collected by us is only accessible by a limited number of employees who have special access rights to such systems and are bound by obligations of confidentiality. When we use subcontractors to store your data, we will not relinquish control of your Personal Data or expose it to security risks that would not have arisen had the data remained in our possession.

However, unfortunately no transmission of data over the internet is guaranteed to be completely secure. It may be possible for third parties not under our control to intercept or access transmissions or private communications unlawfully. While we strive to protect your Personal Data, we cannot ensure or warrant the security of any Personal Data you transmit to us. Any such transmission is done at your own risk. If you believe that your interaction with us is no longer secure, please contact us at privacy@steinias.com

3.5 Opting Out of future roles

You will only receive emails with related roles and news if you have actively opted-in upon signup. This will add you to our talent pool. Applicants can ask us to stop this service at any time by unsubscribing in your profile.

Where applicants opt out of receiving these vacancies, we will continue to retain other Personal Data provided to us as a result of interactions with us not related to your job vacancy preferences.


4.1 Will We Share Your Data With Third Parties?

We may share non-Personal Data with third parties. We may share your Personal Data with Subprocessors for screening and with your consent. The Subprocessors are also subject to our confidentiality obligations to use it only for the purposes for which we disclose it to them and pursuant to our instructions.

Linkedin / Linkedin Recruiter

Vacancies at Stein IAS may be listed on Linkedin / Linkedin Recruiter. Stein IAS relies on a 3rd party recruitment consultancies ( Linkedin / Linkedin Recruiter) to assist in our applicant management and filtering process. Access to your data is only provided for this purpose, and the consultancies is bound by a Data Processing Agreement (DPA) to ensure your data is processed safely.

Stein IAS relies on the Linkedin/ Linkedin administer and manage applicants. Linkedin / Linkedin Recruiter uses the following Subprocessors:



Vacancies at Stein IAS may be listed on Indeed.com. Stein IAS relies on Indeed to assist in our applicant management and filtering process. Access to your data is only provided for this purpose, and the consultancies is bound by a Data Processing Agreement (DPA) to ensure your data is processed safely.

Stein IAS relies on Indeed to administer and manage applicants.

Indeed.com privacy policy and processors can be found here:


Steinias.com careers

Vacancies for jobs at Stein IAS will be listed on the Stein IAS website. www.steinias.com

Application from Steinias.com uses the following Subprocessors:

Iomart – Process: Data capture – Location: Manchester UK

Microsoft- Process: Office 365 – Location: European Union

4.2 Third-Party Links

This Site may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our Site, we encourage you to read the privacy policy of every website you visit.


We store applicant documents for a period of six months if the application does not lead to an employment relationship and no further storage has been agreed.


We keep our Privacy Policy under review and will place any updates on this webpage. If we are obliged to inform you of drastic changes, you will receive an email detailing these changes.

If you have questions about the processing of your personal data, please contact us at privacy@steinias.com . If you have questions about the processing we conduct on our main website, please view the privacy policy found on the agency homepage at www.steinias.com/privacy

Date: 05 October 2022