Coded People Limited is committed to respecting your privacy and providing quality services to you. This notice outlines our ongoing obligations to you in respect of how we manage your personal information.

Who we are?
Coded People Limited, whose registered address is: Crystal Gate House, 28 – 30 Worship Street, London, EC2A 2AH, specialise solely in the Information Technology sector; supplying permanent and contract IT staff across the UK, mainland Europe and the United States of America.

Coded People Limited will act as the ‘data controller’ of the personal data obtained from its clients who have a need for recruitment services. Coded People will ensure that all the information submitted via its website or through our office is only used for the purposes explained in this privacy notice and is compliant with the General Data Protection Regulation (GDPR).

The EU GDPR (Regulation (EU) 2016/679) replaces the Data Protection Act (Directive 95/46/EC) from 25 May 2018. It is designed to harmonise data privacy laws across Europe, to protect and empower all EU citizens.

What is personal data?
Personal data is the data that relates to a living individual who can be identified from this data or other information which is in possession of, or is likely to come into the possession of, the data controller. This also includes sensitive personal data which consists of information regarding race or ethnic origin, political opinions, religious beliefs, trade union membership, physical or mental health, sexual orientation and criminal records.

Sensitive data will only be used:

  • With explicit written consent;
  • Where it is needed to establish, bring or defend legal claims;
  • Where needed to carry out our legal obligations relating to employment law, social security law or social protection law; and
  • Where it is needed to assess working capacity on health grounds, subject to appropriate confidentiality safeguards.

What data do we collect?

  • Name
  • Job role
  • Telephone number
  • E-mail
  • References about candidates or other personnel
  • Information regarding our relationship with you (records of meetings or discussions)
  • Credit rating (if we perform a contract with you)
  • Marketing preferences

Where do we collect your data from?*

  • You
  • Candidates
  • Staff or other members of your organisation
  • Social Media
  • Marketing databases
  • Search engines
  • Conversations- telephone calls, meetings

*This list is not exhaustive

Why we need your data?

  • To collect, store and process it
  • To communicate with you
  • To provide recruitment services to you and to facilitate the recruitment process
  • To market our recruitment services
  • To send information to third parties which relate to our recruitment services
  • To carry out our obligations arising from any contracts entered into between us and the third party you work for
  • To notify you of any changes to our services
  • To provide information to regulatory authorities or statutory bodies
  • From time to time we may seek your consent to process, use or disclose your information for any other purpose not listed above

Our lawful basis to process your data is our legitimate interests, contract, consent and legal obligation.

  1. Legitimate interests- in order to provide our services, the processing of your data is necessary for our legitimate interests. We may use your data for contacting you regarding our services; to assess candidate suitability for job roles (feedback, references, etc.)
  2. Contract- we may enter into a contract with you. Thereby, most of personal data processing will be carried out according to the lawful basis of contract. To do so, certain information is needed from you such as your contact details, credit rating etc.
  3. Consent- in order to process your data for some cases, we may need your consent. Such cases are when you consent to receive direct marketing or to use data for a specific reason, for instance, for reference requesting. You may withdraw your consent at any time.
  4. Legal obligation- in order to provide our services, sometimes we may need to process personal data and, where appropriate and in accordance with local laws and requirements, sensitive personal data to exercise or defend legal claims. It also applies to the business generally when complying with fraud/crime prevention, data protection legislation and co-operating with regulatory authorities such as Information Commissioner’s Office or HMRC.

Third parties:
Where reasonable and practicable to do so, we will collect your personal data only from you. However, in some circumstances we may be provided with information by third parties. In such a case we will take responsible steps to ensure that you are made aware of the information provided to us by the third party.

Coded People is a recruitment company specialising in Microsoft .Net, Opensource Technologies and Business Intelligence and our sister company Marcus Donald People Ltd specialise in IT Operations. Your personal information may be shared across both companies, other third party suppliers (IT support, storage service providers, accountancy suppliers, etc.) and any regulatory or statutory body.

Data transfer:
To provide our recruitment services we may transfer your personal data outside the European Economic Area (EEA). Coded People want to make sure that your data is stored and transferred in a secure way, therefore we will only transfer your data where it is compliant with data protection legislation in accordance with the European Commission. If this is not the case, it is our policy to take steps to identify risks and ensure that appropriate safeguards are in place.

Security of personal data
Your personal data is stored in a manner that reasonably protects it from misuse and loss and from unauthorised access, modification or disclosure. When your personal data is no longer required for the purpose for which it was obtained, we will take reasonable steps to destroy or permanently de-identify your personal data.

Maintaining the quality of your personal data
It is important to us that your personal data is up-to-date. We will take reasonable steps to make sure that your personal data is accurate, complete and up-to-date. If you find that the information we have is inaccurate, please advise us as soon possible so we can update our records and ensure we can continue to provide quality services to you.

Data retention:
We will delete your personal data from our systems if we have not had any meaningful contact with you (or, where appropriate, the company you are working for or with) for three years (or for such longer period as we believe in good faith that the law or relevant regulators require us to preserve your data). After this period, it is likely your data will no longer be relevant for the purposes for which it was collected.

Your rights:

  • Right to be informed about the collection and use of your personal data.
  • Right to access your personal data and supplementary information. If you would like to make a request for information, please contact
  • Right to rectification when your data is inaccurate or incomplete. We will respond to such a request within 1 month.
  • Right to erasure where there is no compelling reason for personal data to be further processed. Agencies are required to keep certain records such as ID or right to work checks and payroll records for certain periods of time. These obligations will override any request to erase data or any objection to processing for so long as they must keep the data.
  • Right to restrict processing of your personal data in certain circumstances.
  • Right to data portability when you want to obtain and reuse your personal data across different services.
  • Right to object of your data where that processing is based upon legitimate interest and there are no compelling grounds for the continued processing of that data;
  • Object to our processing of your data where that processing is based upon legitimate interest and there are no compelling grounds for the continued processing of that data; any decision, which significantly affects you, being taken solely by a computer or via another automated process; direct marketing.
  • Withdraw your consent to our processing of your personal data for a particular purpose at any stage. However, please note that we may continue to retain, or use your personal information thereafter where we have a legitimate interest or a legal or contractual obligation to do so. Our processing in that respect will be limited to what is necessary in furtherance of those interests or obligations. Consent can be withdrawn by emailing to
  • Make a complaint to the Information Commissioner’s Office.

Should you wish your personal data to be removed from our database earlier, please email us on

Changes to our privacy notice:
We keep our privacy notice under regular review and may be updated from time to time to reflect changes in our business, or legal or commercial practice. Where an update is relevant to our processing of your data, we shall notify you of the same.

If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law you can complain to us by emailing to: or the Information Commissioner’s Office (ICO).

Should there be any queries, please do not hesitate to contact us at: or by writing to:

Data Controller
Coded People Limited
28-30 Worship Street