Privacy Policy

Last updated: 27 March 2019

Tessellate Careers Limited ('Tessellate', 'we' or 'us') is a company incorporated and registered in England and Wales with company number 11068969 and having its registered office at 34 West Hill Park, London, N6 6ND.

Contact email: support@tessellate.co

Table of Contents

1. What is the purpose of this policy?

1.1. This privacy policy describes how we collect and use personal information about you during and after your relationship with us.

1.2. We are a “data controller”. This means that we are responsible for deciding how we hold and use personal information about you, and for explaining this clearly to you.

1.3. This policy applies to all candidates and contractors (permanent or temporary, full or part time) collectively referred to in this policy as 'Candidates' who engage with us. It also applies to clients, contractors, service providers and suppliers to our business and to our employees.

2. What personal information are we collecting?

2.1. During the registration process we will collect, store and use the following categories of personal information about Candidates (the ‘Candidate Information’):

2.1.1. your name, username, password, addresses, telephone numbers, and personal email addresses;

2.1.2. details and proof of your educational experience, training, and qualifications

2.1.3. written references from your past tutors or employers which you voluntarily provide as part of the application process;

2.1.4. your salary, annual leave, pension and benefits information;

2.1.5. work history and employment records (including job titles, location of employment or workplace);

2.1.6. other information you voluntarily provide in a CV or cover letter or as part of the application process;

2.2. We collect "Usage Data" from users ("Users")of our services, the website and our app (together the "Application"), including: information collected automatically through the Application (or third-party services employed in this Application), which can include: the IP addresses or domain names of the computers utilized by the Users who use this Application, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilized to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server's answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system utilized by the User, the various time details per visit (e.g., the time spent on each page within the Application) and the details about the path followed within the Application with special reference to the sequence of pages visited, and other parameters about the device operating system and/or the User's IT environment.

2.3. We collect information about Users, as follows:

2.3.1. Among the types of personal data that this Application collects, by itself or through third parties, there are: Cookies (see further below), email address, password, first name, last name, picture and phone number.

2.3.2. Personal data may be freely provided by the User, or, in case of Usage Data, collected automatically when using this Application.

2.3.3. Unless specified otherwise, all data requested by this Application is mandatory and failure to provide this data may make it impossible for this Application to provide its services. In cases where this Application specifically states that some data is not mandatory, Users are free not to communicate this data without consequences to the availability or the functioning of the Service.

2.3.4. If you are uncertain about which personal data is mandatory please contact us.

2.3.5. Any use of Cookies – or of other tracking tools – by this Application or by third-party services used by this Application serves the purpose of providing the Service required by the User, in addition to any other purposes described in the present document and in the Cookie Policy, if applicable.

2.4. Users are responsible for any third-party personal data obtained, published or shared through this Application and by uploading third party information to the Application you confirm that you have the third party's consent to provide their information to us.

3. Particularly sensitive personal information

3.1. We do not anticipate collecting any special category information about you (e.g. information about your health or medical conditions, biometric data, your race or ethnicity, religious or political beliefs or information relating to criminal convictions) but we will let you know if this changes.

4. For what purpose will we use your personal information?

4.1. We use your personal information as follows:

4.1.1. to contact you about jobs that we think you might be interested in;

4.1.2. to make a decision about your eligibility for a job;

4.1.3. to manage our relationship with you

4.1.4. to provide you with other industry news and updates.

4.2. We collect information about users of the Application to:

4.2.1. monitor your use of our information and communication systems to ensure compliance with our IT policies;

4.2.2. ensure network and information security, including preventing unauthorised access to our computer and electronic communications systems and preventing malicious software distribution;

4.2.3. carry out analytics, database management, hosting and backend infrastructure and managing contacts and sending messages, as described in more detail at section 7.5; and

4.2.4. system logs and maintenance: for operation and maintenance purposes, this Application and any third-party services may collect files that record interaction with the Application (system logs) and use other personal data (such as the IP Address) for this purpose.

4.3. We collect information about employees and representatives of our clients and service providers to manage and improve our services.

4.4. Where we are permitted by law, we use contact details for marketing purposes. You can opt out of marketing at any time by contacting us at unsubscribe@tessellate.co.

5. Automated decision making including profiling

5.1. Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. We are allowed to use automated decision-making where we have notified you of the decision and where it is necessary to perform the contract with you.

5.2. The Application uses algorithms to determine whether or not your profile is a match for any job opportunity. If you do not have the requisite skills or experience you will not be matched to certain roles. It is therefore important that you keep your profile and skills up to data and let us know of any changes.

5.3. If we make an automated decision on the basis of any particularly sensitive personal information, we will only do so with your explicit written consent unless it is justified in the public interest, and we have taken appropriate measures to safeguard your rights.

5.4. Please contact us if you wish to discuss further how the Application matches Candidates to jobs or if you are unhappy with any decision about you made by the Application.

6.1. We share anonymised information with our clients to determine whether you are suitable for a particular role. We only share your identity and contact details with your consent.

6.2. We will only use your personal information when the law allows us to do so. Most commonly, we will use your personal information in the following circumstances:

6.2.1. where it is necessary to perform the contract we have entered into with you (such as your user registration information);

6.2.2. where we need to comply with a legal obligation; and

6.2.3. where it is necessary for our legitimate interests (or those of a third party, including sharing Candidate Information with our Clients) to ensure the smooth running of our or their business. We are allowed to do this as long as our or their activities do not disproportionately intrude on your privacy.

6.3. We will also use your personal information in the following situations, which are likely to be rare:

6.3.1. where we need to protect your interests or someone else's interests;

6.3.2. or otherwise with your consent.

6.4. Some of the above grounds for processing your personal information will overlap, and there may be several grounds which justify our use of this information.

7. Who are we going to share your personal information with and what will they do with it?

7.1. Unless this would be unfair to you, we have a legitimate interest in the smooth running of our business and in promoting and growing it. To do this, we will share your personal data with:

7.1.1. our Clients as prospective employers;

7.1.2. to government bodies and/or law enforcement agencies as required or permitted by law;

7.1.3. if we have previously placed you in a contractor or permanent position, we may provide a reference (with your prior consent) to any future employer we place you with.

7.2. If you object to our sharing or continuing to use your personal information with any specific recruiter or potential employer please contact us.

7.3. We may share your data with third-party service providers (including providers of services to our business, contractors and designated agents), and other entities that provide certain services on our behalf.

7.4. All our third-party service providers are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes.

7.5. Personal data is collected for the following purposes and using the following services:

7.5.1. Analytics: The services contained in this section enable Tessellate to monitor and analyse web traffic and can be used to keep track of User behaviour.

Google Analytics (Google LLC): Google Analytics is a web analysis service provided by Google LLC (“Google”). Google utilizes the data collected to track and examine the use of this Application, to prepare reports on its activities and share them with other Google services. Google may use the data collected to contextualize and personalize the ads of its own advertising network.

Personal data collected: Cookies and Usage Data.

Place of processing: United States.

Lawful basis for transfer of data outside the EEA: Privacy Shield.

7.5.2. Hosting and backend infrastructure: This type of service has the purpose of hosting data and files that enable this Application to run and be distributed as well as to provide a ready-made infrastructure to run specific features or parts of this Application. Some of these services work through geographically distributed servers, making it difficult to determine the actual location where the personal data are stored.

Google Cloud Storage: Google Cloud Storage is a hosting service provided by Google LLC.

Personal data collected: various types of data as specified in the privacy policy of the service.

Place of processing: United Kingdom.

7.5.3. Managing contacts and sending messages: This type of service makes it possible to manage a database of email contacts, phone contacts or any other contact information to communicate with the User. These services may also collect data concerning the date and time when the message was viewed by the User, as well as when the User interacted with it, such as by clicking on links included in the message.

Twilio (Twilio, Inc.): Twilio is a phone numbers management and communication service provided by Twilio, Inc. personal data collected: phone number.

Place of processing: United States.

Lawful basis for transfer of data outside the EEA: Privacy Shield.

7.5.4. Registration and authentication: By registering or authenticating, Users allow this Application to identify them and give them access to dedicated services. Depending on what is described below, third parties may provide registration and authentication services. In this case, this Application will be able to access some data, stored by these third-party services, for registration or identification purposes.

Auth0 (Auth0, Inc): Auth0 is a registration and authentication service provided by Auth0, Inc. To simplify the registration and authentication process, Auth0 can make use of third-party identity providers and save the information on its platform.

Personal data collected: Cookies, email address, first name, last name, password, picture and various types of data as specified in the privacy policy of the service.

Place of processing: United States – Privacy Shield.

7.5.5. User database management: This type of service allows us to build user profiles by starting from an email address, a personal name, or other information that the User provides to this Application, as well as to track User activities through analytics features. This personal data may also be matched with publicly available information about the User (such as social networks' profiles) and used to build private profiles that we can display and use for improving this Application. Some of these services may also enable the sending of timed messages to the User, such as emails based on specific actions performed on this Application.

Intercom (Intercom Inc.): Intercom is a User database management service provided by Intercom Inc. Intercom can also be used as a medium for communications, either through email, or through messages within this Application.

Personal data collected: Cookies, email address, Usage Data and various types of data as specified in the privacy policy of the service.

Place of processing: United States

Lawful basis for transfer of data outside the EEA: Privacy Shield.

HubSpot CRM (HubSpot, Inc.): HubSpot CRM is a User database management service provided by HubSpot, Inc.

Personal data collected: email address, phone number and various types of data as specified in the privacy policy of the service.

Place of processing: United States.

Lawful basis for transfer of data outside the EEA: Privacy Shield.

7.6. Cookie Policy: this Application uses Cookies. To learn more and for a detailed cookie notice, the User may consult the Cookie Policy.

8. If you fail to provide personal information

8.1. In order for us to provide our service, you are contractually required to provide the personal information set out in 2.1 of this notice. If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you (such as introducing you to our clients).

8.2. It is important that the personal information we hold about you is accurate and current. You must keep us informed if any of your personal information changes during your working relationship with us by email to the address at support@tessellate.co.

9. Change of purpose

9.1. We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

9.2. Please note that we may process your personal information without your knowledge or consent where this is required or permitted by law.

10. Where will we store your personal information

10.1. Any personal information that you submit to us will be held on secure servers, based within the European Economic Area (EEA) or the UK.

10.2. Transferring information outside the EEA We only transfer in formation outside the UK or the EEA where we are permitted by law.

10.2.1. We transfer information outside the UK or the EEA to the third parties identified in section 7.5, above.

10.2.2. We may transfer information about you outside the UK or the EEA. We will only do so where necessary for a specific job opportunity and with your consent.

10.2.3. By accessing our service from outside the UK or the EEA you consent to us transferring information to any address which you provide.

11. Data security

11.1. We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

12. How long will we use your personal information for?

12.1. We will keep your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

12.2. For all Candidates we will keep your personal information in our database for as long as you maintain an active account, plus up to 12 months for our internal processes to securely review and delete inactive records.

12.3. We will retain your information for any period required by law, for example for compliance with HMRC requirements. Where we are not under a legal obligation to retain your information, we will determine what is necessary by reference to the lawful basis for processing set out above and our legitimate interests.

12.4. You have the opportunity to upload your CV and cover letter and references on our website. We will send email reminders to you on a regular basis to prompt you to update this information when required, to ensure that the information we hold in our database is accurate and up to date.

13. Your rights in relation to our processing of your personal information

13.1 You have the right to be informed about what we are doing with your personal information. We do this by providing you with this privacy notice. If we change what we are doing, we will provide you with an updated version of this notice.

13.2. You have the right to object to the processing of your personal information.

13.3. You have the right to request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.

13.4. If the personal information we hold about you is incorrect or out of date you can ask us to correct it.

13.5. You have the right to ask us to delete the information that we hold about you where there is no good reason for us continuing to process it. You also have the right to ask us to stop processing personal information where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground. If you ask us to delete your personal information we will not be able to provide our services to you.

13.6. You have the right to ask us to restrict how we use your personal information for a period of time if you claim that it is inaccurate and we want to verify the position, or if our processing is unlawful but you do not want us to erase your personal information, or for some other limited circumstances. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it. If you ask us to restrict our use of your personal information, we may not be able to provide you with our services.
13.7. You can also ask us to send another organisation information that you have provided to us in a format that can be read by computer.

13.8. Where we rely on consent to process your personal information you have the right to withdraw that consent.

13.9. If you want to exercise any of your rights set out at 13.1 to 13.8, please contact us.

13.10. We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights).

14. Changes to this privacy notice

14.1. We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.

14.2. If you have any questions about this privacy notice, please contact us.

15. Complaints procedure

15.1. If you consider that we have not acted properly when using your personal information you can contact the Information Commissioner's Office: ico.org.uk.