Privacy Policy

Purpose of this statement


The EU General Data Protection Regulation (GDPR) is the most significant piece of European privacy legislation in recent history, replacing that of the 1995 EU Data Protection Directive (European Directive 95/46/EC). The aim is to support the rights individuals have on data about themselves which is collected and stored. It also aims to detect, identify and mitigate against data breaches or leaks for all companies in the EU, as well as enforcing the reporting on these issues. This aims to create one uniform policy across the EU regardless of whether the UK is part of the European Union. Any business that deals with EU nationals and business alongside their data must comply with the legislation. 
Working alongside our employees, clients, candidates and suppliers, Broadrock Marks will comply when the GDPR legislation takes effect on 25th May 2018. This says that the personal information Broadrock Marks hold about you must be:


  • Used lawfully, fairly and in a transparent way.

  • Collected only for valid purposes that Broadrock Marks have clearly explained to you and not used in any way that is incompatible with those purposes.

  • Relevant to the purposes Broadrock Marks have told you about and limited only to those purposes.

  • Accurate and kept up to date.

  • Kept only as long as necessary for the purposes Broadrock Marks have told you about.

  • Kept securely.


Broadrock Marks use third-party suppliers and software to process, control and manage data. These systems have been audited in line with GDPR commitments and outlined below. In the context of this statement, ‘data subject’ refers to the person or entity submitting data and can include employees, candidates, clients and other individuals or organisations that Broadrock Marks works with. 



Broadrock Marks collecting data and why


Broadrock Marks source talent for assignments via a variety of channels. Predominantly through mapping the market via conversations with our network and by publicly available sources such as:


  • As a result of you responding to an advertisement posted by us on a job board, online CV library.

  • As a result of us matching your CV, as uploaded by you onto a job board, online CV library or a social media site, to an assignment Broadrock Marks is seeking to fill for one of our clients.

  • From our company website.

  • From social media platforms.

  • In the course of us providing recruitment, resourcing, outsourcing or consultancy services to you.


Data collection and processing is necessary for the performance of the recruitment process with the data subject. The terms that a data subject enters will entail Broadrock Marks Terms and Conditions which are made available to them upon request. By submitting data, the data subject agrees that this data can be processed and stored. Broadrock Marks will obtain consent to process and store personal data including but not limited to; name, professional experience, career history, education history, resume, salary information and contact information. Broadrock Marks will only collect, store, use, process, transfer and disclose personal data in so far as it is necessary for our legitimate interests in that Broadrock Marks need the information in order to assess suitability for potential assignments, to find potential candidates and to contact clients and referees.


For clients, Broadrock Marks may also rely on the need for us to perform a contract for you, for example in contacting you to discuss relevant assignments and suitable candidates. Broadrock Marks may also collect personal information about you when:


  • Broadrock Marks contact you with a view to providing services to you.

  • You email us expressing an interest in working with us.

  • You provide us with your business card or other information provided to us, given to our employees at sales and marketing events.

  • You post information or advertisements on job boards or social media websites.

  • Broadrock Marks provide services to you as an actual or a potential hirer of your services

  • Broadrock Marks complete contractual documentation relevant to the services.


Broadrock Marks usually collect the following information from or about you:


  • Your name;

  • Your postal address;

  • Your phone and e-mail details;

  • Details of your role, title and responsibilities within your organisation;

  • Any opinion or feedback you share with us regarding a candidate or consultant;

  • Details of any queries you raise with us regarding the Services;

  • Details of any recruitment and/or resourcing requirements or plans you share with us.



Sharing and disclosing your data


Broadrock Marks may share your personal data with selected third parties including:


  • Prospective employers and/or clients for the purposes of assessing your suitability, even where those prospective employers and/or clients wish to remain anonymous until later in the recruitment process.

  • Relevant third-party partners, including factoring companies, job boards and payroll service providers.

  • Insurance companies that require the data.

  • Advertisers and advertising networks that require the data to select and serve relevant adverts to you.

  • Analytics providers, some of which may be overseas.

  • Identity verification companies for the purpose of validating right to work documents and ID documents.

  • In the event that Broadrock Marks sell or buy any business or assets, in which case Broadrock Marks may disclose your personal data to the prospective seller or buyer of such business or assets.

  • If Broadrock Marks have its assets acquired by a third party, in which case personal data held by it about its candidates and clients will be one of the transferred assets.

  • If Broadrock Marks are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements or to protect the rights or property of ours, our customers’ or others’ safety. 


Your personal data may be transferred internationally in the following circumstances: 


  • To overseas clients.

  • To clients within your country who may, in turn, transfer your data internationally.

  • To a cloud-based storage provider.


Broadrock Marks will always make sure that your personal data is stored and transferred in a way which is secure. Therefore, Broadrock Marks will only transfer data outside of the EEA where it is compliant with data protection legislation and the means of transfer provides adequate safeguards in relation to your data, for example:


  • By way of data transfer agreement, incorporating the current standard contractual clauses adopted by the European Commission for the transfer of personal data by data controllers in the EEA to data controllers and processors in jurisdictions without adequate data protection laws.

  • By signing up to the EU-U.S. Privacy Shield Framework for the transfer of personal data from entities in the EU to entities in the United States of America or any equivalent agreement in respect of other jurisdictions.

  • Transferring your data to a country where there has been a finding of adequacy by the European Commission in respect of that country’s levels of data protection via its legislation.

  • Where it is necessary for the conclusion or performance of a contract between ourselves and a third party and the transfer is in your interests for the purposes of that contract (for example, if Broadrock Marks need to transfer data outside the EEA in order to meet our obligations under that contract if you are a client of ours).

  • Where you have consented to the data transfer.



Data Retention


Broadrock Marks will keep data on file for a period of 7 years unless otherwise stipulated. Data will be hard erased after this time unless the data subject requests otherwise. Data subjects have the right to request personal data on themselves in a portable format. Data subjects must request their data by email or letter stipulating what data they would like to access. The data request will be processed within 25 days. Broadrock Marks will send confirmation of this either by email or letter (whichever is most appropriate). If data has been deleted, erased or otherwise irretrievable the subject will also be informed of this. 

Under certain circumstances, by law, you have the right to:


  1. Request correction of the personal data that Broadrock Marks hold about you. This enables you to have any incomplete or inaccurate information Broadrock Marks hold about you corrected.

  2. Request erasure of your personal information. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing.

  3. Object to the processing of your personal data where Broadrock Marks are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where Broadrock Marks are processing your personal data for direct marketing purposes.

  4. Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.

  5. Request the transfer of your personal data to another party.


If you want to access your personal data, please email detailing what information you require, and confirming your full name and postal address as a way of confirming your identity. Broadrock Marks are entitled to refuse the request if it is deemed excessive or a repetition of a previous request.



Broadrock Marks ATS and Database


Broadrock Marks use a dependable and resilient ATS system for data processing. As a data controller Broadrock Marks rely on a compliant ATS System and Database which applies rigorous security standards. International data transfers: our ATS and database complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States, respectively. It has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. 


Data Movability


GDPR pertains to certain requirements on data controllers for the portability of personal data. The data stored on our ATS and database is controlled by the Company. Broadrock Marks permit the portability of data on mobile devices such as mobiles or laptops, as well as advocating home working, under restriction and/or limitations. This is also for the benefit of data subjects. Access to this data can be terminated or limited as and when necessary to prevent data breaches or leaks. Every reasonable step is taken to ensure that Broadrock Marks data accessed outside of our network is secure. 


IT Policies for GDPR


Broadrock Marks is responsible for its IT system maintenance and management. Broadrock Marks is responsible for safeguarding the network and terminals with access to the network. Broadrock Marks manage the anti-virus on the machines, encryption and security updates to mitigate against data breaches and leaks. Broadrock Marks is responsible for employee accessibility in granting, limiting or terminating accessibility where necessary. 



Internal Policies for GDPR


Broadrock Marks execute a stringent security and access policy for employees that safeguards data and protects the integrity of data. Broadrock Marks also ensures this doesn’t impact business functions and data subjects or data subjects experiences. Broadrock Marks have a data security policy, confidentially policy and password policy. These policies aim to mitigate any instance of data breach or leaks and employees are trained in maintaining data security.  



Reporting Data Breaches


As per the GDPR guidelines, Broadrock Marks would analyse any suspected data breach and report it within 72 hours of becoming aware of the breach. Unless the breach itself is considered low risk. Breaches would be reported to the top authorities, which would be ICO (Information Commissioner’s Office). Once a data breach or leak has been detected then it would be reported to this authority. A data breach or leak includes but is not limited to; a lost USB stick, loss or theft of portable devices or data sent to the wrong person. Broadrock Marks has processes and policies in place to avoid any potential data breaches. Broadrock Marks train all of its staff on the importance of data security and what their responsibilities are with safeguarding data that Broadrock Marks processes. 


This statement is provided as of May 2018, for informational purposes to explain Broadrock Marks stance on GDPR legislation and compliance. It is subject to change or removal without notice.


For any further information please send an email to