Privacy Policy


This Privacy Policy explains what we do with your personal data and in what capacity we are processing data.  Below we describe how as a provider of targeted recruitment services, we collect and process your personal data, and how, in doing so, we comply with our legal obligations to you. Your privacy is important to us, and we are committed to protecting and safeguarding your data privacy rights.
This Privacy Policy applies to the personal data of our Website Users, Candidates, Clients, Suppliers, and other people whom we may contact in order to find out more about our Candidates. It also applies to the emergency contacts of our Staff.


For the purpose of applicable data protection legislation (including but not limited to the General Data Protection Regulation (Regulation (EU) 2016/679) (the “GDPR”), the company responsible for your personal data is Strallen Consulting Ltd.


We may amend this Privacy Policy from time to time. If you are dissatisfied with any aspect of our Privacy Policy, you may have legal rights and, where relevant, these are detailed below.


A number of elements of the personal data we collect from you are required to enable us to fulfil our contractual duties to you or to others. Other items may simply be needed to ensure that our relationship can run smoothly.


Depending on the type of personal data in question and the grounds on which we may be processing it, should you decline to provide us with such data, we may not be able to fulfil our contractual requirements or, in extreme cases, may not be able to continue with our relationship.


For details of the legal basis that we rely on to be able to use and process your personal data, please click here


To the extent that you access our website or read or click on an email from us, we may also collect certain data automatically or through you providing it to us.


As a provider of targeted recruitment services, we only ask for details that will help us to help you, such as your name, age, contact details, education details, employment history, emergency contacts, immigration status, financial information (and other relevant information you choose to share with us).

A more detailed description of the personal data that we collect about you can be found in this list or contact us.

We collect Candidate Data in two main ways: (although this is not exhaustive)

  • Directly from you via you submitting a CV either by request or voluntarily, or on occasion a job advert.
  • From third parties such as (whilst conducting a search and sourcing your basic details) on Linkedin and other social / job sites. A Client or your Referee may share personal information with us.


The more information we have about you the better we can tailor our searches and efforts in presenting you with only the most relevant career opportunities.


In order to progress the recruitment process we may share your personal data with our Clients. However, we will only ever do this with your direct approval, at which point you will give approval knowing with whom and why your data is being shared.


We consider meaningful contact as any dialogue whether verbal or written communication regarding career opportunities we represent. Receiving an email and not responding does not constitute meaningful contact.

If you are a Strallen customer or a potential customer (that we would like to work with) we need to collect and use information about you, or individuals at your organisation.


We collect Client Data in two main ways:

  • Directly from you when agreeing a contract and taking your exact specifications (company, role, vacancy details etc).
  • From third parties such as (whilst conducting a search and souring your basic details) on Linkedin and other social media, and other limited sources such as online media (Gartner reports etc).


The two main reasons for using information about Clients is to ensure we can approach you as appropriate regarding our services and then to ensure that the contractual obligations between Strallen and Client can be properly implemented; i.e sourcing and presenting suitably qualified candidates.

The more information we have the more accurate and tailored we can make our service.


If we contact you with any direct marketing (which is very unlikely as we do not solicit business in this way) then you will have a clear opt-out option.


We will share your data with candidates to ensure we can motivate and source the most suitable candidates and fully prepare them for your recruitment process.


The data we collect about Clients is very limited such as the details of individual contacts at your organisation (such as their names, telephone numbers and email addresses) to enable us to ensure that our relationship runs smoothly. Or, that we can initiate a relationship.

We will hold information you provide regarding your company, personnel and vacancies thus enabling us to provide you with the correct level of service.


We retain Client information indefinitely as you will always have Legitimate Interest in us and vice versa, unless you explicitly declare that you do not wish to remain considered as a potential client.


We only process data from our Suppliers to ensure we can manage the commercial relationship. Such as contact details and your bank details so that we can pay for the services you provide (if this is part of the contractual arrangements between us). We retain supplier data for 1 year after our engagement terminates.


We only ask for very basic contact details, so that we can get in touch with your referees.

We only retain this data as long as we have an existing need – ie to provide references etc.



We may collect a limited amount of data from our Website Users which we use to help us improve your experience when using our website and to help us manage the services we provide. This includes information such as how you use our website, the frequency with which you access our website, and the times that our website is most popular. Currently we do not analyse any of this data from our website.

We are committed to taking all reasonable and appropriate steps to protect the personal information that we hold from misuse, loss, or unauthorised access. We do this by having in place a range of appropriate technical and organisational measures. These include measures to deal with any suspected data breach.
If you suspect any misuse, loss of or unauthorised access to your personal information or want to review a copy of our Data Breach Policy please contact us.


Once you have granted Consent and for a period of 12 months thereafter if we have not had meaningful contact with you (or, where appropriate, the company you are working for or with), we will revert to a Legitimate Interest basis for processing / holding your Data unless you explicitly withdraw your consent or request deletion. Data is only retained on emails and within Linkedin and on occasion (such a job descriptions etc in our online file storage)



Right to object: If we are using your data because we deem it necessary for our legitimate interests to do so, and you do not agree, you have the right to object. We will respond to your request within 30 days (although we may be allowed to extend this period in certain cases).


Right to withdraw consent: Where we have obtained your consent to process your personal data for certain activities (for example, for submitting details to a Client), you may withdraw your consent at any time.
Data Subject Access Requests (DSAR): You have the right to ask us to confirm what information we hold about you at any time, and you may ask us to modify, update or Delete such information by submitting a DSAR. Please contact us for a copy of the DSAR.


Right to erasure: In certain situations (for example, if we have processed your data unlawfully), you have the right to request us to “erase” your personal data. We will respond to your request within 30 days (although we may be allowed to extend this period in certain cases). If we do agree to your request, we will Delete your data but will generally assume that you would prefer us to keep a note of your name on our register of individuals who would prefer not to be contacted. That way, we will minimise the chances of you being contacted in the future where your data is collected in unconnected circumstances. If you would prefer us not to do this, you are free to say so. We will delete your personal data from our systems unless we believe in good faith that the law or other regulation requires us to preserve it (for example, because of our obligations to tax authorities or in connection with any anticipated litigation).
Right of data portability: If you wish, you have the right to transfer your data from us to another data controller. We will help with this – either by directly transferring your data for you, or by providing you with a copy in a commonly used machine-readable format.
Right to lodge a complaint with a supervisory authority: You also have the right to lodge a complaint with your local supervisory authority, details of which can be found here.



Strallen Consulting LTD is UK based and as such all Data is stored in the UK. But Strallen deal internationally, this is what enables us to offer the level of service that we do. In order for us to continue operating in this way, we may have to transfer or store your data internationally.  For details of transfer of data internationally click here.



Strallen do not process any personal data from our website.

We use them to track activity to help ensure you get the smoothest possible experience when visiting our website. We can use the information from cookies to ensure we present you with options tailored to your preferences on your next visit. We can also use cookies to analyse traffic and for advertising purposes.

Explicitly we use Google Analytics for tracking a website data analytics.


Depending on the relevant circumstances and applicable local laws and requirements, we may collect some or all of the information listed below to enable us to offer you employment opportunities which are tailored to your circumstances and your interests. In some jurisdictions, we are restricted from processing some of the data outlined below. In such cases, we will not process the data in those jurisdictions:


Age/date of birth; (only saved on your actual CV if you have added)


Marital status; (only saved on your actual CV if you have added)

Contact details;

Education details;

Employment history;

Referee details;

Immigration status

Details about your current remuneration, pensions and benefits:

Information on your interests and needs regarding future employment, both collected directly and inferred, for example from jobs viewed or articles read on our website;

Information regarding your achievements such as targets etc;

Extra information that you choose to tell us;

Extra information that your referees choose to tell us about you;

Extra information that our Clients may tell us about you, or that we find from other third party sources such as job sites;

The dates, times and frequency with which you access our services;

Please note that the above list of categories of personal data we may collect is not exhaustive.







Where appropriate and in accordance with local laws and requirements, we may share your personal data, in various ways and for various reasons, with the following categories of people:

  • Individuals and organisations who hold information related to your reference or application to work with us, such as current, past or prospective employers, educators and examining bodies and employment and recruitment agencies;
  • Tax, audit, or other authorities, when we believe in good faith that the law or other regulation requires us to share this data (for example, because of a request by a tax authority or in connection with any anticipated litigation);
  • Third party service providers who perform functions on our behalf (including external consultants, business associates and professional advisers such as lawyers, auditors and accountants, technical support functions and IT consultants carrying out testing and development work on our business technology systems);
  • Third party outsourced IT and document storage providers where we have an appropriate processing agreement (or similar protections) in place;
  • In the case of Candidates; with potential employers but only with your prior consent.
  • In the case of Clients; with potential candidates to whom we feel we can motivate to consider being part of your team.


In order to provide you with the best service and to carry out the purposes described in this Privacy Policy, your data may be transferred:

– to overseas Clients or Candidates;

– to a cloud-based storage provider; and

We only transfer data outside of the European Economic Area or EEA (i.e. the Member States of the European Union, together with Norway, Iceland and Liechtenstein) where it is compliant with data protection legislation and the means of transfer provides adequate safeguards in relation to your data, for example:

  • by way of data transfer agreement, incorporating the current standard contractual clauses adopted by the European Commission for the transfer of personal data by data controllers in the EEA to data controllers and processors in jurisdictions without adequate data protection laws; or
  • by signing up to the EU-U.S. Privacy Shield Framework for the transfer of personal data from entities in the EU to entities in the United States of America or any equivalent agreement in respect of other jurisdictions; or
  • transferring your data to a country where there has been a finding of adequacy by the European Commission in respect of that country’s levels of data protection via its legislation; or
  • where it is necessary for the conclusion or performance of a contract between ourselves and a third party and the transfer is in your interests for the purposes of that contract (for example, if we need to transfer data outside the EEA in order to meet our obligations under that contract if you are a Client of ours); or
  • where you have consented to the data transfer.









We have completed a thorough assessment of the data we process and hold; and we have concluded that we are processing under Article 6(1)(f) of the GDPR;

“We are processing your data where it’s necessary for the purposes of legitimate interests pursued by us or a third party (client or candidate), except where such interests are overridden by the interests of fundamental rights or freedoms of you which require protection of personal data.”
Our core service offering of recruitment services doesn’t prejudice individuals in any way; in fact, they help us to offer you a more tailored, efficient service.



It’s reasonable to expect that if you are looking for employment or have posted your professional CV / Data information on a job board or professional networking site, that you are happy for us to collect and use your personal data to offer or provide our recruitment services to you and assess your skills against our bank of vacancies. We will only share this data with Clients on consent though.

If we secure you the job, your future employer may also want to double check any information you’ve given us or to confirm your references, to the extent that this is appropriate and in accordance with local laws. We need to do these things so that we can function as a profit-making business, and to help you.

This extends to referee / reference details.

We also keep records of our conversations, meetings, vacancies discussed and placements.

We only store this data on email (Microsoft 365) ,within the LinkedIn dialogue we have with you (and any public available LinkedIn Data), or as a notes on the Strallen Linkedin record that we can see for you. If you send a CV via any means to Strallen we may hold this CV against your LI record for future review.

We believe this is reasonable – we deem these uses of your data to be necessary for our legitimate interests as an organisation providing various recruitment services to you.


To ensure that we provide you with the best service possible, we store your personal data and/or the personal data of individual contacts at your organisation as well as keeping records of our conversations, meetings, vacancies and placements.

We believe this is reasonable – we deem these uses of your data to be necessary for our legitimate interests as an organisation providing various recruitment services to you.

We also hold your financial details, so that we can pay you for your services. We deem all such activities to be necessary within the range of our legitimate interests as a recipient of your services.

When wishing to send your Candidate Data to a Client we will always ensure we have your consent to hold and process your Data. The consent period is 12 months yet within this period we will still seek explicit approval to submit to any client. Depending on exactly what we are doing with your information, this consent will be opt-in consent or soft opt-in consent.

Article 4(11) of the GDPR states that (opt-in) consent is “any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.” In plain language, this means that:

you have to give us your consent freely, without us putting you under any type of pressure; that what your consenting to is clear; you have to give positive and affirmative action in giving consent.

We will keep records; of consents given and if consent is withdrawn by you at any point.


Sometimes it may be necessary for us to process personal data and, where appropriate and in accordance with local laws and requirements, sensitive personal data in connection with exercising or defending legal claims. Article 9(2)(f) of the GDPR allows this where the processing “is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity”.
This may arise for example where we need to take legal advice in relation to legal proceedings or are required by law to preserve or disclose certain information as part of the legal process.




If you wish to reach out to us to access, amend or take back the personal data that you have given to us; if you suspect any misuse or loss of or unauthorised access to your personal information; to withdraw your consent to the processing of your personal data (where consent is the legal basis on which we process your personal data); with any comments or suggestions concerning this Privacy Policy you can write to us at the following address:

Strallen Consulting Ltd, PO BOX 1373, Warrington, WA4 9WE

Alternatively, you can send an email to:


The Information Commissioner’s Office.

Phone: 0303 123 1113