For all of our Data Privacy information/policies please click HERE


1) What is GDPR?

The General Data Protection Regulation is a new, European-wide law that replaces the Data Protection Act 1998. It strengthens and unifies data protection, changing the legal basis for collection and processing of personal data, applying stricter requirements for consent. It places greater obligations on how organisations handle and process personal data.

2) Who does the GDPR affect?

The GDPR will affect every business and apply in all EU member states from 25 May 2018. It also affects businesses outside the EU who process the personal data of EU residents and offer them goods and services, irrespective of whether payment is required; or where the processing by a business relates to the monitoring of the behaviour of EU residents in so far as their behaviour takes place within the EU.

3) Does Brexit matter?

The UK is implementing a new Data Protection Bill which largely includes all the provisions of the GDPR.

4) What is Techfellow doing to prepare for the GDPR?

Techfellow has always taken the protection, privacy and security of your data very seriously. With the introduction of the GDPR we have reviewed our systems, processes and procedures to ensure we’re fully compliant by May 25, 2018. For example we have:

* updated all of our electronic systems increasing data integrity, confidentiality and availability.

* introduced a new Data Processing Agreement which we and you agree to undertake from May 25, 2018 onwards.

* updated our Privacy Policy to empower you to make the best decisions about the information you share with us, and to ensure our compliance in respect of the data we hold about you.

* made all our consent mechanisms clear and understandable.

5) What information does the GDPR apply to?

The GDPR applies to ‘Personal Data’, which means any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier. This applies to both automated personal data and to manual filing systems.

6) How long will you keep my data?

Where you have provided your consent, we will only retain your personal data for the lawful basis for our recruitment processing activity, the provision of:

– work-finding services.

– suitable professionals to employ.

– professional services under a contract for services.

We will not use your personal data for an unrelated process, therefore we will keep your data until such time that you decide to exercise your right to withdraw consent and decide to have your personal data erased. We may refuse to comply with a request for erasure where personal data is processed to comply with a legal obligation or official authority.

7) What is Subject Access Request (SAR)?

Individuals (Data Subjects) have a right to be informed by an organisation whether or not it is processing personal data that relates to them and, if so, to be told:

* what personal data it is processing.

* the purposes for which the personal data is being processed.

* who, if anyone, the personal data is disclosed to.

* the extent to which it is using the personal data for the purpose of making automated decisions relating to the data subject and, if so, what logic is being used for that purpose.

Techfellow are required to respond to an SAR by providing, in an intelligible form, copies of the personal data and any information about the sources of the data. We have a month to respond to the request. If we believe that the request is excessive, in terms of an unreasonable amount of historical data, we may refuse with a clear explanation. We will not charge for an audit report.

8) What data will you keep relating to me?

We are required to retain certain information for audit, legal and compliance purposes. The data retained will be your name and job title, contact information including email address, Curriculum Vitae information and data, demographic information such as postcode, preferences and interests, and any other information relevant to our recruitment processing activity.

9) Do you have a nominated Data Protection Officer (DPO)?

Our DPO is Paul Redman, his contact email is The DPO is responsible for promoting awareness of the GDPR across the organisation, continued assessment of our GDPR policies and procedures, identifying any gap areas and implementing the new policies, procedures and measures.