Privacy and Data Processing Policy

Stopgap Limited processes personal data in relation to work-seekers, individual client contacts and its staff. It is vitally important that we abide by the principles of the General Data Protection Regulations (GDPR) set out below. Stopgap takes your privacy seriously. This policy describes how and why we obtain, store and process data which can identify you. In connection with these activities Stopgap is the Data Controller.

Stopgap Limited holds data on individuals for the following general purposes:

  • Administration and processing of work-seekers personal data for the purposes of work-finding services
  • Recording the details of client contacts, where these contacts are representatives of companies seeking to fill a role
  • Recording the details of supplier contacts, where these contacts are representatives of suppliers who provide services to Stopgap
  • Advertising, marketing and public relations
  • Accounts and records
  • Staff Administration

For work seekers (candidates) Stopgap processes the following data:

  • Name, address, contact details, email addresses and telephone numbers
  • Skills and qualifications, work history, pastimes and hobbies/interests, interview notes
  • Passport information including visas
  • References from previous employment
  • Character analysis results
  • Date of birth, National Insurance number, personal tax information and bank account details (where required for payrolling purposes)
  • Email exchanges with the candidate regarding work opportunities
  • Notes in our CRM database of telephone conversations with the candidate
  • Financial information regarding proposed roles and placements related to the candidate

If you are a candidate, most of the information above is collected when you register with us, apply for a job or when you contribute to or use some of the other features on our web site. Some of this information will help us personalise your use of our web site, to assist your use of the site and improve the site generally. If you apply for a job through the Stopgap website your data is processed by our web site host company Datatherapy. If you apply for a job through an external job board site your application is initially processed by our partner Broadbean, whose technologies we use to pass your application to our database. In both cases your data is then processed by software provided by the company Daxtra where it is parsed and filtered before entering our secure database. We have GDPR compliant agreements with all three companies that protect the data you are sending.

When you register with us some of the emails you will receive are generated using our account with Mandrill/Mailchimp, an email marketing service based in the USA. This means your name and email address are held on a server in the USA. However, Stopgap is still the data controller of this data and we have an EU compliant agreement with Mailchimp that protects your data in just the same way as if the data was in the EU.

We sometimes use another email service called Survey Monkey to ask questions and collect information about the services we offer or have completed for you. This company is also based in the USA but has an EU compliant date protection policy.

In addition we my collect your IP address and use cookies unless you configure your web browser not to accept them. You can read our cookies policy here.

We will only pass on information about you as an individual to third parties to enable us to perform services requested by you or with your prior agreement, such as pursing work opportunities for you with our clients. This may involve background or criminal record checks, if required by our clients. When we submit your data to a client you are agreeing to the use of the data in order for the client to evaluate if you are suitable for the role. You are also agreeing to the client sharing this data within their organisation as part of this assessment. In some cases this may mean the client passes the data to another department or one of their advisors. On occasion this may be outside the EU, but Stopgap will endeavour to require that the client seek your agreement to this where this process is required.

We will never share your information with third parties for marketing purposes but may need to work with third parties in order to obtain references or information relating to your application for a role. We may also update you on job offers/promotions from time to time. There will be an opportunity to unsubscribe at the bottom of every marketing email we send. We also collect aggregate information to help us understand how our site is used and for statistical purposes. If you are registered you may update the information we hold at any time by logging in and editing your profile. You can also do this by contacting a member of the team by email or telephone.

If you are engaged by Stopgap as a Temporary Agency Worker and we process you through our PAYE payroll, as part of this process we are required to send all relevant payment information to HMRC.

If you are engaged by Stopgap to work through your own Limited Company and we process the payments to you, we are required to collect information regarding you, your Limited Company and the payments we make and report these to HMRC.

In certain circumstances we may need to disclose information about you if you breach this policy or if you breach the Terms and Conditions. We may also disclose or access your account if required to do so by law or by a Government body.

We will only pass on information about you as an individual (as opposed to aggregate information) to third parties overseas to enable us to perform services requested by you.

For client contacts Stopgap processes the following data:

  • Name, work address, work contact details, email addresses and telephone numbers
  • Email exchanges with the contact regarding job roles, candidates and other information relevant to our services, where the contact is seeking to fill a role
  • Email exchanges with the contact regarding services they supply or may supply to Stopgap
  • Notes in our CRM database of telephone conversations with the contact

As the Data Controller the GDPR requires Stopgap to process data in accordance with the principles of data protection. These require that data shall be:

  • Processed lawfully, fairly and in a transparent manner
  • Collected for specified, explicit and legitimate purposes and not further processed that is incompatible with those purposes
  • Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed
  • Accurate, and where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that is inaccurate, having regard for the purposes for which they are processed, are erased or rectified without delay
  • Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed
  • Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage
  • Not transferred to countries outside the European Economic Area without adequate protection.

Legal basis for processing data

Stopgap processes data under the following GDPR conditions:

  • Processing is necessary for the performance of a contract with the data subject or to take steps to enter into a contract
  • Processing is necessary for a legal obligation
  • Processing is necessary for the purpose of legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests, rights or freedoms of the data subject.

Work Seekers (candidates)

Stopgap will process your data in order to find a suitable job for you, either permanent or temporary, when you submit your information to us. This is part of our legitimate interest as a recruitment company. Under the legitimate interests condition Stopgap will endeavour to match you with roles on which our clients have briefed us. This is in both the interest of Stopgap as a business, providing specialist recruitment services, and of you as the candidate, who is seeking a job within the marketing sector.  In this process the interests of both parties are aligned. However, this process does not affect your rights, which are available under the GDPR.

The data submitted may be in relation to a specific role but may be used in relation to other roles for which we believe you may be suitable.

We always check with you before we submit you for a role, to check you are happy for us to pass on your details, CV and other relevant information.

If you create a personal account on our website we keep the personal data connected to this account and other information about you in order for us to provide you with the services you have requested.

If you apply for a job, either through the website, directly or through an external job board similarly we keep your personal data to allow us to provide the services connected with the application and other roles that we feel might be of interest to you.

If you have a personal account you can log in at any time and update your preferences. If you no longer require your account you can contact us and we will deactivate access to your personal area.

Automated Decision Making

Our systems filter out spam emails of multiple CVs and multiple CV applications from overseas. This is largely from countries outside the EU.

Individual Rights

The GDPR provides the following rights for individuals whose data is held:

  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Rights in relation to automated decision making and profiling

All data subjects (individuals) have the right to be informed about the use of their data. Stopgap has listed in this document what data we collect and how we use it. Individuals can request to see what data we hold through a Subject Access Request. Stopgap will respond to any request made as soon as possible and in any case within one month, as per the requirements of the GDPR. Individuals can ask for data to be corrected or erased and to restrict the use of the data.

Any requests regarding the above can be made by contacting the person responsible for our data management using the following email address: datamanager@stopgapgroup.co.uk

Any complaints regarding the holding of data can be made to the Information Commissioners Office by contacting their website at https://ico.org.uk/

Stopgap Ltd | Registered Office 5 Union Court, Richmond, TW9 1AA | Registered in England No 04359844 VAT No 197483650

Are you a candidate?
Start your career journey
Are you an employer?
See how we add value
Register with us
Challenge the recruitment industry's reputation for bad practice and poor service