Signed in as:
filler@godaddy.com
Signed in as:
filler@godaddy.com
Introduction
At Steadman & Chase, we do one thing exceptionally well, connect the world's top engineering and strategic talent with organisations where they make a difference. To do this with precision, discretion, and compliance, we process personal and professional data under the highest data protection standards, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 whilst also respecting the data rights of individuals under other applicable privacy laws, including the EU GDPR and local regulations in the jurisdictions where we operate.
This policy sets out how we collect, use, and protect your information, and the rights you hold.
Purpose and Legal Basis
We process personal data strictly to:
Steadman & Chase has conducted a Legitimate Interests Assessment (LIA) in line with UK GDPR Article 6(1)(f) to support our processing of candidate and client data for executive search and recruitment services.
This assessment concluded that:
Safeguards include:
This LIA confirms that our legitimate interest is balanced with the rights and expectations of the individuals we contact. A full copy or summary can be provided upon request.
Our processing is based on Legitimate Interest, as defined by Article 6(1)(f) of the UK GDPR, where:
This processing is limited to professional contexts where individuals have made their information publicly available or are otherwise likely to expect outreach for career related opportunities.
How We Source and Collect Data
We use lawful, transparent, and GDPR-aligned sources:
Transparency for Indirect Data Collection (Article 14 UK GDPR)
In some cases, we may obtain your professional contact information from publicly available sources or trusted third-party platforms such as LinkedIn, Lusha, company websites, or referrals. This data is collected strictly for recruitment and talent advisory purposes, where there is a clear and relevant connection between your professional profile and a potential opportunity or service.
We may use GDPR-aligned contact enrichment platforms such as Lusha to supplement publicly available professional information. We take care to ensure such data is relevant, accurate, and used only for recruitment-related outreach. Where data is not collected directly, we ensure that individuals are informed at first contact or upon request, and that all data rights are respected.
In accordance with Article 14 of the UK GDPR, we ensure the following:
We do not obtain personal data from covert, unethical, or non-transparent sources. If we contact you, it is because your professional background appears relevant to a specific opportunity or service. We fully respect your data rights and respond to all requests promptly and transparently.
What We Collect
Candidates:
We may store personal email addresses or mobile numbers if this is the most appropriate, secure, and discreet means of contact, particularly for individuals actively employed. This approach protects candidates from potential employment risk and is fully aligned with Article 6(1)(f).
Where personal mobile numbers are used, we ensure these are obtained via publicly available professional profiles or trusted platforms in compliance with PECR and UK GDPR. We never use numbers sourced from non-consensual or non-transparent means, and we always offer the ability to opt out immediately.
We only collect and store data that is strictly necessary for our recruitment or client services. We regularly review our records to remove or update information that is no longer relevant, ensuring compliance with Article 5(1)(c) of UK GDPR.
Clients:
We do not collect sensitive or special category data (e.g. ethnicity, religion, health data, or personal addresses).
Talent Vault - Confidential Talent Exposure & Legal Protections
The anonymised profiles hosted within this platform are the intellectual property of Steadman & Chase Ltd, displayed only with the explicit, written consent of the individuals represented, including a waiver authorising anonymised publication for strategic client exposure. These profiles are shared solely for the purpose of strategic talent identification under Article 6(1)(f) of the UK General Data Protection Regulation (UK GDPR), based on legitimate interest and mutual business benefit.
All identifying information has been removed to prevent retaliation, coercion, or reputational harm against any individual who may be exploring new opportunities. Under Article 21 of the UK GDPR, all data subjects have the right to object to processing that results in adverse effects, including employment-related consequences. Steadman & Chase enforces these protections rigorously and ensures that candidates’ identities are protected at all stages.
Any attempt by an employer, representative, or third party to use this platform, directly or indirectly, to identify, discipline, or investigate an employee without their informed consent constitutes a potential breach of UK GDPR Article 5(1)(a) and (b), namely, failure of lawful, fair, and transparent data processing and use beyond the original purpose.
Clients viewing these profiles are bound by confidentiality. Any misuse, reverse-engineering, or attempts to de-anonymise profiles may be treated as a violation of data protection law, actionable under both civil and regulatory frameworks. Steadman & Chase may refer any such actions to the Information Commissioner’s Office (ICO) or the appropriate regulatory authority in the relevant jurisdiction.
Furthermore, under UK employment law and ethical recruiting standards, individuals are entitled to seek new employment without employer retaliation. By accessing these profiles, you agree to indemnify Steadman & Chase Ltd and the candidates represented against any legal or professional harm arising from misuse of this platform, and confirm that:
All profiles remain under the sole representation of Steadman & Chase Ltd. Redistribution or reuse of these profiles without express permission is strictly prohibited.
For legal or regulatory enquiries, contact: legal@steadmanchase.com
Why We Process Data
We use data to:
We do not:
How We Store and Protect Your Data
Data is securely stored in Bullhorn, which meets global security benchmarks:
Communication: Respectful, Relevant, and One-to-One
All first-time contact is made under the lawful basis of Legitimate Interest (UK GDPR Article 6(1)(f)) and only where we believe there is a relevant, proportionate, and professional reason to reach out. We do not rely on the soft opt-in exemption unless a prior relationship exists. Every email or call is individual, contextual, and based on professional relevance. We do not use mass email tools for candidate outreach. If we contact you, it's because your experience or role meaningfully aligns with an opportunity or service. You have the right to object or request removal at any time.
When initial contact is made via phone, we provide information on the source of the data, our identity, and your rights upon request or where appropriate and we will always be fully transparent if asked.
You always retain the right to:
All requests can be sent to: privacy@steadmanchase.com
Your Data Rights (UK GDPR)
You have the right to:
To make a request, contact privacy@steadmanchase.com.
We will respond within 30 days, as required by law.
Data Retention
We retain professional data only while it remains relevant and proportionate to ongoing or future recruitment services. Our team routinely reviews stored data for accuracy and relevance. You may request deletion at any time.
Data Sharing
We do not sell, rent, or trade your data. We only share it when:
Complaints and Oversight
If you’re concerned about how we handle your data:
Policy Review
This policy is reviewed annually, or sooner if:
Steadman & Chase Ltd
Registered Office: 86-90 Paul Street, London, EC2A 4NE
Company No: 16360741
Email: privacy@steadmanchase.com
Last updated: 17th May 2025