Sign In

Web Privacy & Cookie Policy

This Policy applies as between you, the User of this Website and/or “the Services” (as described in our Terms of Services) and G&D Recruitment Ltd (“G&D Recruitment”), the owner and provider of this Website. This Policy applies to our use of any and all Data collected by us in relation to your use of the Website and any Services or Systems therein. Please also see our full terms and conditions of service.
This policy sets out our commitment to ensuring that any Personal Data which we process is carried out in compliance with Data Protection Law (Data Protection Act 2018, the General Data Protection Regulation 2016/679 and all relative European Union and Member State data protection legislation in force and as amended or replaced from time to time). We are committed to ensuring that good data protection practice is embedded in the culture of our staff and our organisation.
G&D Recruitment acts primarily as a data processor, processing Personal Data in the course of providing services to its clients. G&D Recruitment also acts as a data controller insofar as it processes the Personal Data of its staff and any of our clients who are sole traders and partners (other than Scottish partnerships) and contacts at our corporate clients, suppliers and contractors.
This policy applies to all Personal Data processed by G&D Recruitment and is part of our approach to compliance with Data Protection Law. G&D Recruitment staff are expected to comply with this policy.
Our data protection lead may be contacted by you in relation to any queries or concerns or you have regarding your Personal Data or if you wish to exercise any of your rights: – Please contact GABRIEL at office@g&
Last updated: July 2020

In this Policy the following terms shall have the following meanings:
“Account” means collectively the personal information, Payment Information and credentials used by Users to access Material and/or any communications System on the Website;
“Content” means any text, graphics, images, audio, video, software, data compilations and any other form of information capable of being stored in a computer that appears on or forms part of this Website;
“Cookie” means a small file that resides on your computer’s hard drive that often contains an anonymous unique identifier and is accessible only by the website that placed it there, not any other sites
“Data” means collectively all information that you submit to the Website. This includes, but is not limited to, Personal Data, Account details and information submitted using any of our Services or Systems;
“Personal Data” means any information relating to an identified or identifiable natural person;
“Services” means collectively any online facilities, tools, services or information that Firefish Software makes available through the Website either now or in the future;
“Special Category Personal Data” means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data and biometric data being processed for the purpose of uniquely identifying a natural person, data concerning health, including physical and mental health and data concerning a natural person’s sex life or sexual orientation;
“System” means any online communications infrastructure that Firefish Software makes available through the Website either now or in the future. This includes, but is not limited to, web-based email, message boards, live chat facilities and email links;
“User” / “Users” means any third party that accesses the Website and is not employed by Firefish Software and acting in the course of their employment;
and “Website” means the website that you are currently using and any sub-domains of this site, unless expressly excluded by their own terms and conditions.

Without limitation, any of the following Data may be collected:
job title;
company name;
contact information such as email addresses and telephone numbers;
demographic information such as post code;
financial information such as credit / debit card numbers;
IP address (automatically collected);
web browser type and version (automatically collected); 2.9 operating system (automatically collected);
a list of URLS starting with a referring site, your activity on this Website, and the site you exit to (automatically collected);
and Cookie information (see clause 10 below).
We may collect this information in a variety of ways including directly from you, when you use our online tools or from third parties including your employer.

Any Personal Data you submit will be retained by Firefish Software for as long as you use the Services and Systems provided on the Website [and for a period of 24 months thereafter], or for up to a period of six months following any inactivity.
Unless we are obliged by law to do so, and subject to Clause 4, your Data will not be disclosed to third parties for their own purposes or for sending their own marketing communications to you.
All Personal Data is stored securely in accordance with the principles of the General Data Protection Regulation as follows;
Personal Data: –
is processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);
is collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; (‘purpose limitation’)
is all adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed; (‘data minimisation’)
is all accurate and, where necessary, kept up to date and that reasonable steps will be
taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’)
is kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; (‘storage limitation’)
is processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).
Any or all of the above Data may be required by us from time to time in order to provide you with the best possible service and experience when using our Website or the Services. Specifically, Data may be used by us for the following reasons:
internal record keeping and billing;
delivery and improvement of our Website or Services;
transmission by email of promotional or other communications materials to you;
contact for market research purposes which may be done using email, telephone, fax or mail. Such information may be used to customise or update the Website;
producing reports or statistics on the people accessing the Website;
using the name and/or logo of the company you work for in marketing or publicity material, unless you specifically tell us otherwise. Your name and all other personal information will remain confidential at all times.
We do not store any credit card details or bank details. These are stored on our behalf by Recurly, and Go Cardless Inc who are PCI-DSS compliant. (See 4. Third Party Websites and Services)
Where you are an individual or a partner in a non-Scottish Partnership with whom we have a contract, we will process your Personal Data in order to implement our contractual obligations and exercise our rights in relation to that contract.
Where we do not have a contract with you but we use your Personal Data in relation to such a contract, we have a legitimate interest to use your Personal Data relevant to that contract. We also have a legitimate interest in processing your Personal Data where you are an employee at one of our contractors or suppliers.
We also have a legitimate interest to send marketing information to you at your business address and to your personal address where you have previously purchased services from us and you have not opted out of receiving such marketing.
We have internal policies and controls in place to try to ensure that your Data is not lost, accidentally destroyed, misused or disclosed and is not accessed except by its employees in the performance of their duties. We use appropriate standards for technology and operational security to protect your Personal Data.
We will not transfer any Personal Data to a country outside the EU or an international organisation without ensuring the level of protection provided by Data Protection Law is not undermined.
G&D Recruitment only processes Special Category Personal Data in relation to our employees.
4. Third Party Websites & Services
G&D Recruitment may, from time to time, employ the services of other parties for dealing with matters that may include, but are not limited to, payment handling, delivery of purchased services, search engine facilities, advertising and marketing. The providers of such services do not have access your Personal Data unless it is necessary for them to perform the services that G&D Recruitment requests. Any data that is shared is limited to what is required for them to provide the service only. Any use for other purposes is strictly prohibited. Furthermore, any Data that is processed by third parties must be processed within the terms of this Policy and in accordance with the Data Protection Law. This may include the transfer of your personal data to one or more countries outside the UK, or the European Economic Area.
Where we engage a third party to process Personal Data on our behalf, they only process your Personal Data on the basis of our written instructions, they are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure security of data. They are also not allowed to use your Personal Data for their own purposes.
Where any Personal Data is transferred outwith the EU, we will ensure that adequate safeguards are in place, an adequacy agreement or other contractual arrangement is in place as required by law.
G&D Recruitment uses Stripe Inc, Recurly Inc. and Go Cardless Inc for payments and subscription handling, HubSpot Inc for its CRM and email delivery service, ChurnZero for Customer Success, Facebook Inc for social posting and advertising services, Google Inc for its web analytics service, and Zendesk for its customer support application.
We use Hotjar in order to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behaviour and their devices (in particular device’s IP address (captured and stored only in anonymized form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), preferred language used to display our website). Hotjar stores this information in a pseudonymized user profile. Neither Hotjar nor we will ever use this information to identify individual users or to match it with further data on an individual user. For further details, please see Hotjar’s privacy policy by clicking on this link.
You can opt-out to the creation of a user profile, Hotjar’s storing of data about your usage of our site and Hotjar’s use of tracking cookies on other websites by following this opt-out link.
5. Changes of Business Ownership & Control
G&D Recruitment may, from time to time, expand or reduce its business and this may involve the sale of certain divisions or the transfer of control of certain divisions to other parties. Data provided by Users will, where it is relevant to any division so transferred, be transferred along with that division and the new owner or newly controlling party will, under the terms of this Policy, be permitted to use the Data for the purposes for which it was supplied by you.
In the event that any Data submitted by Users will be transferred in such a manner, you will be contacted in advance and informed of the changes. When contacted you will be given the choice to have your Data deleted or withheld from the new owner or controller. Data transferred for this purpose will be subject to confidentiality agreements.
6. Controlling Access to your Data
Wherever you are required to submit Data, you will be given options to restrict our use of that Data. This may include 1) use of Data for direct marketing purposes and 2) sharing Data with third parties.
7. Your Right to Withhold Information
You may access certain areas of the Website without providing any Data at all. However, to use all Services and Systems available on the Website you may be required to submit Account information or other Data. You may not restrict your internet browser’s use of Cookies; they are essential for provision of the Services. For more information see clause 10 below.
Where Personal Data is processed on the basis of our contractual relationship with you, failure to provide that Personal Data may prevent us from fully implementing the contract or giving effect to your rights there under.
8. Accessing your own Data and other rights
G&D Recruitment will ensure that it has procedures in place to allow data subjects to exercise the following data subject rights under the GDPR:-
Subject access: the right to request information about how Personal Data is being processed including whether Personal Data is being processed and the right to be allowed access to that data and to be provided with additional information about how your data is being processed.
Rectification: the right to have us rectify inaccurate Personal Data concerning you without undue delay.
Erasure: the right to have data erased in certain circumstances, and to have confirmation of erasure.
Restriction of processing: the right to ask for certain processing to be restricted in the certain circumstances.
Data portability: you have the right to receive a copy of the Personal Data you have provided to us and certain information generated by us, if our processing is carried by automated means, which will allow you to transfer it to another data controller.
Object to processing: you have the right to object, on grounds relating to your particular situation, to certain forms of processing being carried out.
Object to automated decision making: if we are making decisions about you based on automated processing which have a legal or similar effect on you, then in some circumstances you have the right to object to this decision being made solely on the basis of automated processing.
G&D Recruitment maintains a register of data breaches and all Personal Data breaches are recorded in this register which will be monitored. Action will be taken in relation to any issues identified in this register, particularly if any pattern of breaches is identified.
Where acting as a data controller, we will report Personal Data breaches which are likely to result in a risk to the rights and freedoms of the data subject to the Information Commissioner’s Office. G&D Recruitment will also communicate any Personal Data breach which is highly likely to result in a risk to the rights and freedoms of the data subject to the data subject or subjects involved.
If we embark on a new project which involves the processing of Personal Data, particularly one using new technologies, we will carry out a data protection impact assessment (DPIA). The decision to carry out a DPIA will take into account the nature, scope, context and purposes of the processing and determine if there is likely to be high risk to the rights and freedoms of natural persons.
9. Security
Data security is of great importance to G&D Recruitment and to protect your Data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure Data collected online. Please refer to our Trust & Data Security outline.
10. Cookies
Strictly Necessary cookies – These are cookies that allow you to use different parts of our site. Without them different features that you have requested cannot be provided. These are usually set in response to an action performed by the user like clicking on a job advert or failing to enter the correct password to their account.
Functional cookies – These help us to make your experience within our site more personal. For instance, knowing if you have been on the site before so that messages for new visitors are not displayed to you.
First party cookies – These are cookies that are set by our website. And only we can read them.
Session cookies – These are stored while you browse our site and then deleted once you leave.
Persistent cookies – These are saved on your computer and won’t be deleted when you close the web page. We use these to provide functionality like keeping you logged in when you come back to the site.
Performance cookies – These help us to track how people are using our site. They help us to know what pages people are using most and how users navigate around the site, we use this information to make informed decision about how we can improve the user experience of our site.
The information we get using these cookies is completely anonymous and we will make no attempt to identify you or influence your experience of our site while you are on it. If you use the “Do Not Track” browser setting, we currently don’t respond to DNT requests.
Third party cookies – These can be things like Google Analytics and other embedded content.
Cookies we use
Cookie Name
Cookie Description
Cookie Type
We use this to identify each session that is open on our site. This cookie holds no personal data. All it stores is an ID number generated by us.
First Party Cookie & Session Cookie
This is used to stop the cookie policy banner popping up every time you visit our site. This cookie holds no personal data.
First Party Cookie & Persistent Cookie
We use this cookie to notify a user that they are using an outdated version of IE and that they should upgrade. This cookie holds no personal data.
First Party Cookie & Session Cookie
This cookie is used to identify when a user has opened the current job advert page from a link sent to them by email from us. Eg. Job Alerts or Mailshots.
First Party Cookie & Functional Cookie
We use this to identify each session that is open on our site. This cookie holds no personal data. All it stores is an ID number generated by us.
First Party Cookie
This is a cookie we use to authenticate a logged in user on our site, effectively this is how we keep you logged into our site and able to navigate the site without needing to login every time.
First Party Cookie & Persistent Cookie
11. Changes to this Policy
G&D Recruitment reserves the right to change this Web Privacy & Cookie Policy as we may deem necessary from time to time or as may be required by law. Any changes will be immediately posted on the Website and we will additionally notify you of any significant changes by sending a notice to your primary email address as specified in your G&D Recruitment, or by a notice on the Website, and you are deemed to have accepted the revised terms of the Policy on your first use of the Website following the alterations.
If you believe that G&D Recruitment has not complied with your rights or if you have any concerns about how your Personal Data is being process you can complain to the Information Commissioner: –
Information Commissioner’s Office
Coniston Gardens
Company Number: SC37 VAT Number: 9840
© 2020 G&D Recruitment