This Privacy Policy applies to all Sataya divisions, including Sataya Collection (hospitality recruitment) and Sataya.io (business and technology recruitment), each operated by Revix UK Limited.

‍

At Sataya, we are committed to protecting the privacy and personal data of our candidates, clients and users of our website in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws. When you use Sataya, you trust us with your information and we are committed to preserving that trust and providing a safe and secure user experience. We will ensure that the information you submit to us is only used for the purposes set out in this Data Privacy Notice.

‍

This Privacy Policy outlines how we collect, use, disclose, and protect the personal information you provide to us during the recruitment process. By applying for a position or using our recruitment services, you consent to the practices described in this Privacy Policy.

Your rights under the GDPR are set out in this notice, please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

‍

‍

1. Introduction

This Privacy Policy, together with our Terms of Service, available at sataya.io ; sataya.co and satayagroup.com , and any other documents referred to, as issued by Sataya.

‍

Any queries relating to Sataya’s Privacy Policy and any reference made to an email address in the paragraphs below should be directed to info@sataya.io. 

‍

Revix UK Limited, a limited company incorporated in the United Kingdom with registration number 11713189 and registered address at Suites 3 To 5 Fulham Business Exchange, The Boulevard, London, England, SW6 2TL, and its affiliates, explains how Sataya collects, uses, shares and stores the information that you provide when you visit our website, located at sataya.io ; sataya.co and satayagroup.com  (the “Site”), any Sataya API directly or through a third-party application (“API”, or buy a Sataya service collectively, “Sataya” or our “Services”).

‍

Please read this Privacy Policy in its entirety before using our Services. Sataya respects your privacy regarding any information we may collect while operating our Site. This Privacy Policy applies to sataya.io ; sataya.co and satayagroup.com (hereinafter, “us”, “we”, or “sataya.io” OR “sataya.co” or “satayagroup.com”).

‍

We respect your privacy and are committed to protecting personally identifiable information you may provide to us. Protecting your personal data is our priority. This Privacy Policy explains what you can expect from us and what we need from you in relation to your Personal Information.
This Privacy Policy explains how Sataya processes and protects personal data about:

• Candidates who register with us for roles that we are managing for other employers and for roles at Sataya, or through our website, job boards, social media sites or other sources;
• Prospective candidates,
• Business contacts at our clients and suppliers; and
• Users of our websites.

We may amend this Privacy Policy at any time by posting the amended version on this site and noting the last revised date of the amended version. We may announce material changes to this Privacy Policy via email. By visiting the Site, you are accepting and consenting to the practices described in this Privacy Policy.

‍

2. Who controls your personal data

The Data Controller is Revix UK Limited trading as Sataya, a company registered in the UK:

‍

Company Number 11713189.

Address: Suites 3 To 5 Fulham Business Exchange, The Boulevard, London, England, SW6 2TL

‍

The Data Controller’s data protection representative is the Head of Support Services. You can contact them at info@sataya.io.

‍

Any reference to our Group means our ultimate holding company, Revix UK Limited and its subsidiaries, our associated companies as defined in section 1159 of the UK Companies Act 2006.
‍

3. What is personal data?

Personal data refers to information that can uniquely identify an individual who is alive. It encompasses general personal data, such as name, address, National Insurance number, and online identifiers or location data.

‍

Additionally, there is a category known as sensitive personal data, which encompasses information related to physical and mental health, sexual orientation, race or ethnic origin, religious beliefs, trade union membership, and criminal records. Due to its sensitive nature, extra precautions must be taken to safeguard sensitive personal data at a higher level of protection.

‍

4. Who we are, what we do

Sataya is a recruitment agency and recruitment business as defined in the Employment Agencies Act 1973 (our business).

‍

We collect the personal data from the following types of people to allow us to undertake our business:

1. Prospective and placed candidates for permanent or temporary roles;
2. Prospective and live client contacts (including referee contacts provided by candidates);
3. Supplier contacts to support our services;
4. Employees, consultants, temporary workers and contractors.

There are two possible scenarios regarding the acquisition of your information. Firstly, you might have directly applied to us, providing your details. Alternatively, we may have come across your information on a job board or social networking site. In either case, we can process your data if we have a legitimate legal basis for doing so.

The legal bases we rely on for processing data are:

1. Your consent to send direct marketing messages about services other than our recruitment services,
2. That the processing is necessary for the performance of a contract with you, or
3. That we have a legitimate interest in processing your personal data.

We gather information about you in order to conduct our primary business operations as well as supporting activities.

‍

5. Personal data we collect

This applies to individuals or businesses wishing to use or using our Recruitment Services or looking for a role to work with us (‘a candidate’).

‍

5.1 Candidates

When you register with us as a candidate to provide work finding services to you, you provide, and we process your personal data, including but not limited to:

• Name
• Address
• Email and other contact details
• Date of birth
• Job history (including information relating to placements through us)
• Educational history, qualifications & skills
• Visa and other right to work or identity information
• Passport
• Bank details
• National insurance and tax (payroll) information
• Next of kin and family details
• Contact details of referees
• Personal information relating to hobbies, interests, and pastimes
• Information contained in references and pre-employment checks from third parties
• Other sensitive personal information such as health records (see ‘Sensitive Personal Data’ section below)
• Your marketing preferences

We may obtain your personal data from the following sources (please note that this list is not exhaustive):

• You (e.g. a Curriculum Vitae, application, or registration form)
• A client
• Other candidates
• Online job sites
• Marketing databases
• The public domain
• Social Media such as LinkedIn
• At interview
• Conversations on the telephone or video conferencing (which may be recorded)
• Notes following a conversation or meeting
• Our websites and software applications
• Referees - when you are offered a job;
• Former employers - to confirm dates of employment;
• Educational institutions - to check your academic qualifications;
• The Disclosure and Barring Service or Disclosure Scotland - if we need to obtain details of unspent criminal convictions;
• Credit reference agencies - if we need to check your financial standing;
• Publicly available sources such as LinkedIn and social media sites to enhance the information we hold about you, in order to help us find more suitable roles for you;
• Clients to whom we have provided your CV and who have engaged with you as part of a job application or who have given feedback on your CV.

Where you are a Candidate, and we have obtained your personal data from a third party such as an online job board, it is our policy to advise you of the source when we first communicate with you.

‍

5.2 Prospective Candidates

We gather personal information about you, which may include your name, contact details, and professional biographical information obtained from publicly accessible sources like LinkedIn and social media platforms so that we can contact you if we think you may be interested in our work finding services at a future date.

‍

Additionally, we may acquire your personal data through a recommendation from another candidate or employer who suggests you as a potential contact.

‍

5.3 Prospective Business Clients

We collect your contact details and data relating to your function or position to establish commercial relationships with your company.

‍

5.4 Users of our website

We collect personal data such as your IP address and other data about your device which we need to provide our online content to you. Additionally, we gather data regarding your interaction with our website or apps, such as the pages you visit. When you reach out to us, we also collect information pertaining to your inquiry. To facilitate this data collection process, we utilise cookies and similar technologies. You can find more detailed information about this in our cookie policy.

‍

5.5 Clients

We collect personal data such as your name, job title and contact details. We process personal data related to our communications with you, such as email interactions, forwarded content, and newsletters. Furthermore, we also process feedback that you provide regarding our candidates.

‍

In cases where you provide us with information about a candidate, such as confirming their work experience or providing a reference, we obtain your details from the candidate themselves. We maintain a record of the personal data you provide about that candidate.

‍

Moreover, we process personal data sourced from publicly available platforms like LinkedIn and other social networking sites. We may also acquire your personal data if you attended one of our events or an event where the organiser shares delegate details with us, adhering to permitted data sharing practices.

‍

5.6 Suppliers

We collect your name and contact details as a business contract for your organisation.

‍

6. How we use your personal data

This applies to individuals or businesses wishing to use or using Recruitment services looking for a role to work with us (‘a candidate’).

‍

6.1 Candidates

We use your personal data to:

• Collect and storing your personal data, whether in manual or electronic files
• Notify you of potential roles or opportunities
• Assess and review your suitability for job roles
• Introduce and/or supplying you to actual or potential Clients
• Engage with you for a role with us or with our Clients, including any related administration e.g. timesheets and payroll
• Collate market or sector specific information and providing the same to our Clients
• Send information to third parties with whom we have or intend to enter into arrangements which are related to our Recruitment Services
• Provide information to regulatory authorities or statutory bodies, and our legal or other professional advisers including insurers
• To market our Recruitment Services
• Retain a record of our dealings
• Establish quality, training, and compliance with our obligations and best practice for the purposes of backing up information on our computer systems

‍

6.2 Prospective Candidates and Business Clients

‍

We use your personal data to:

• Determine if you may be interested in our services and how we can assist you; 
• To contact you and find out if you are interested in our services

6.3 Users of our Website

‍

We use your personal data to:

• Improve and personalise your experience when you use our website or apps; and
• Personalise advertising you receive from us.

6.4 Clients

‍

We use your personal data to:

• To provide recruitment services to you;
• To communicate with you;
• To get feedback from you on our services through client satisfaction surveys, in order to improve our services and to develop new services;
• To maintain our business relationship with you;
• To answer your enquiries when you contact us;
• To fulfil contractual obligations to you;
• To establish, exercise or defend legal claims; and
• For direct marketing purposes.

6.5 Suppliers

‍

We use your personal data to:

• To communicate with you;
• To maintain our business relationship with you;
• To answer your enquiries when you contact us;
• To fulfil contractual obligations to you; 
• To establish, exercise or defend legal claims; and 
• For direct marketing purposes.

You can unsubscribe from receiving marketing communications from us, using the unsubscribe methods contained in communications we send to you or by contacting us.

‍

7. Why we process your personal data and our legal groups for doing so

‍

7.1 Candidates

‍

Our legal basis for the processing of personal data is our legitimate business interests, although we will also rely on contract, legal obligation and consent for specific uses of data.

‍

Under the UK GDPR, we rely on contract, legal obligation and consent to process your personal data:

• Performing a contract: We will rely on a contract if we are negotiating or have entered into a placement agreement with you or your organisation or any other contract to provide services to you or receive services from you or your organisation.
• Compliance with a legal obligation: We will rely on legal obligation if we are legally required to hold information to fulfil our legal obligations.
• Our legitimate interests or those of a third party: We will in some circumstances rely on consent for particular uses of your data, and you will be asked for your express consent, if legally required. Examples of when consent may be the lawful basis for processing include permission to introduce you to a client (if you are a candidate).

‍

7.2 Automated Decisions

‍

We do not take decisions based solely on automated processing; there is always human intervention before making a decision; however, we may use software to review the personal data of individuals recorded on our database, or who have applied for specific roles.

‍

The software may determine suitability for a specific role via targeted questions relating to the role, and/or may identify and select individual personal information according to the stored characteristics. For example, the software may enable us to quickly identify individuals from our database who have specific skills, e.g. an engineer and exclude individuals whose characteristics do not match particular requirements of a job role.

‍

Where we use software to assist us with our assessment of your suitability for a particular job role, and you consider that any such assessment has been made wrongly or incorrectly, you may ask for an explanation.

‍

7.3. Consent to Processing your Data

‍

We may process your personal data based on your explicit consent for specific purposes. For instance, if you apply for a particular role, you may provide consent for us to process the data you have provided in order to assess your suitability and progress your application. Similarly, you may have given your consent, either written or verbal, to use your data for receiving marketing updates about our additional services.

‍

You have the right to withdraw your consent for the processing of your personal information for a specific purpose at any time. However, please note that if we have a legitimate interest, legal obligation, or contractual requirement to retain or use your personal information, we may continue to do so even after your withdrawal of consent. In such cases, our processing will be limited to what is necessary to fulfil those interests or obligations. It is important to note that the withdrawal of consent will not affect the lawfulness of any processing that occurred prior to the withdrawal.

‍

7.4. What if we Obtain your Personal Data from a Third Party?

As part of our business operations, we engage in researching information about individuals to fulfil job roles. This process may involve obtaining personal data from various online sources. For instance, we may collect information from social media platforms like LinkedIn and job boards. While some of this information is publicly accessible, we may also obtain data from sites or providers with whom we have subscribed or partnered. Additionally, we occasionally receive personal information about you from hiring organisations, colleagues, former employers, or individuals with whom you have provided services or engaged in other capacities.

‍

Where information from third party sources is of no use to us, or where you have notified us that you do not want us to provide you with services, we shall discard such information. However, to prevent duplicative processes, we may retain a limited record. If we consider that information may be beneficial for the provision of our Recruitment Services, any processing will be carried out in accordance with this Privacy Notice. You do have the right to object to processing, please see Section 12 ‘Your rights’.

‍

7.5. Sensitive Personal Data (SPD)

‍

Sensitive personal data is information which is personal to you and is usually irrelevant to our consideration of your suitability for a job role. Examples of SPD include information which reveals your political, religious or philosophical beliefs, sexual orientation, race or ethnic origin, or information relating to your health.

‍

Regardless of the basis for your dealings with us, we kindly request that you refrain from sharing any sensitive personal data with us unless it is absolutely necessary. However, if you choose to provide us with any sensitive personal data during our conversations, we will solely use that data for the purpose of our relationship with you or for providing our Recruitment Services. This will be done for one or more of the following reasons:

‍

• Explicit Consent: You have explicitly given your consent for us to process the sensitive personal data.
• Suitability Assessment: It is necessary for us to assess your suitability for job roles or evaluate your working capacity.
• Legal Obligations: Processing the data is required to fulfil our obligations or exercise our rights under employment, social security, or social protection laws.

Record Keeping: We maintain records of our interactions to address any potential future disputes, including the establishment, exercise, or defence of legal claims.

Please note that we will handle any sensitive personal data provided to us with the utmost confidentiality and in compliance with applicable data protection laws.

‍

Record Keeping: We maintain records of our interactions to address any potential future disputes, including the establishment, exercise, or defence of legal claims.

Please note that we will handle any sensitive personal data provided to us with the utmost confidentiality and in compliance with applicable data protection laws.

‍

7.6. Clients

‍

Compliance with legal obligations (regulatory and statutory obligations)

In order to provide our Recruitment Services, we are obligated to adhere to various statutory provisions that require the processing of personal data. These include the Conduct of Employment Agencies and Employment Businesses Regulations 2003. This regulation mandates us to assess candidate suitability and obtain relevant information from our clients, among other obligations.

We are also required to comply with statutory and regulatory obligations relating to business generally, for example tax, bribery, and fraud/crime prevention legislation, and co-operating with regulatory authorities such as HMRC.

‍

Our legitimate interests  (carrying on  the commercial activity of Recruitment Services):

In providing our Recruitment Services, we will carry out some processing of data, which is necessary for our legitimate interests. For our commercial viability and to pursue these legitimate interests, we may continue to process your personal information for as long as we consider reasonably appropriate for these purposes.

‍

We utilise your personal data for the following purposes:

‍

• To contact you regarding our Recruitment Services.
• To assess suitability of candidates and roles, for example, referencing or gathering feedback.
• To collate market information or trends, including providing analysis to potential or actual clients.
• Fulfilling our obligations and providing our Recruitment Services to clients, suppliers, or other relevant parties.
• To personalise your experience and our offering, whether via our website or other means.

‍

Additionally, we retain records of our interactions and transactions for the following reasons:

• Ensuring compliance with contractual obligations with clients or suppliers.
• Addressing any query or dispute including establishing, exercising or defending any legal claims.
• Safeguarding our reputation.
• Maintaining system backups to restore the system in the event of a failure or security breach.
• Evaluating quality and compliance, including compliance with this Privacy Notice.
• Determining staff training needs and system requirements.

‍

7.7. Consent

‍

We may process your personal data based on your explicit consent for a specific purpose. For instance, if you have provided us with your contact details to receive information about our additional services, you may have given your consent for us to process that data for that particular purpose. Similarly, in other cases, you may have provided your consent, either written or verbal, for us to use your data for specific reasons, such as requesting references from you.

‍

You have the right to withdraw your consent to the processing of your personal data for a specific purpose at any time. However, it's important to note that even if you withdraw your consent, we may still retain or use your personal information if we have a legitimate interest, legal obligation, or contractual requirement to do so. In such cases, our processing will be limited to what is necessary to fulfil those interests or obligations. It's important to understand that withdrawing consent will not affect the lawfulness of any processing that occurred based on consent before its withdrawal.

‍

What if we obtain your personal data from a third party?

As part of our business operations, we engage in researching information for the purpose of finding and filling job roles. This process may involve collecting personal data from various sources, such as job boards, advertisements, LinkedIn, and other social media platforms. While some information may be publicly available, we may also obtain data from sites or providers with whom we have subscribed.

‍

Additionally, we occasionally receive personal data about you from hiring organisations, colleagues, former employers, or individuals with whom you have provided services or engaged in other capacities.

‍

If we determine that information obtained from third-party sources is irrelevant to our operations, we will discard that information. However, in order to avoid duplication of processes, we may maintain a limited record. If we believe that certain information may be beneficial for providing our Recruitment Services, any processing will be done in accordance with this Privacy Policy.

‍

8. Who we Share your Personal Information with

‍

We shall not share your personal information unless we are entitled to do so.

‍

We may share your personal information with the following categories of individuals:

• Individuals, hirers and other third parties, necessary for the provision of our Recruitment Services.
• Any regulatory authority or statutory body pursuant to a request for information or any legal obligation which applies to us.
• Parties who process data on our behalf include: IT support, storage service providers including cloud, background screening providers, legal and professional adviser and insurers

We do not sell or rent your personal data to third parties.

‍

9. Data Transfer Transfer of Data to Other Jurisdictions

‍

In the course of the provision of our Recruitment Services we may transfer data to countries or international organisations outside the European Economic Area (EEA). This may, for example, be to Clients or Candidates, or third parties who provide support services to us. Where information is to be transferred, it may be to a country in respect of which there is an adequacy decision from the EU Commission. However, if this is not the case, it is our policy to take steps to identify risks and in so far as is reasonably practicable, ensure that appropriate safeguards are in place.

10. If you do not Wish to Provide us with Necessary Data

‍

There may be circumstances where we require you to provide data which is necessary for us to meet statutory or contractual obligations, or perform our Recruitment Services. If you do not wish to provide us with information we request, then please notify us. However, please be aware that as a result we may be unable to provide you, or the party you represent, with a Recruitment Service, and in some cases, this may result in a breach of the contract we have with you or a third party you represent.

‍

For transfers outside the UK and EEA, we rely on adequacy decisions, or where not available, standard contractual clauses approved by the UK Information Commissioner’s Office (ICO) or the European Commission, as applicable.

‍

10.1 Group Companies & Transfer

‍

Although this Privacy Notice applies to Sataya, your data may be accessible to, and shared with other organisations within our group including Sataya for any of the purposes set out within this Privacy Notice, or where we have shared administration systems and staff.

‍

10.2 Sale, Merger or Liquidation of Business

‍

In the event of a sale, merger, liquidation, receivership, or the transfer of all or part of our assets to a third party, we may need to transfer your information to a third party. Any transfer will be subject to the agreement of the third party to this Privacy Notice and any processing being only in accordance with this Privacy Notice.

‍

11 Data Security and Confidentiality

‍

At Sataya, we prioritise the security and confidentiality of our systems and records. We take all necessary measures to ensure that unauthorised third parties cannot access our systems and records, aligning with contemporary practice.

‍

Sataya takes every reasonable precaution to safeguard your personal information. However, you should be aware that the use of email/ the Internet is not entirely secure and for this reason, Sataya cannot guarantee the security or integrity of any personal information which is transferred from you or to you via email/ the Internet.

‍

To safeguard our users' information, Sataya implements various precautions. Our data is securely stored on password-protected devices, and we have established staff procedures and training to ensure that user information is not misused or shared beyond its intended purpose. When necessary, Sataya engages third-party companies that act as Data Processors in compliance with the General Data Protection Regulation (GDPR). Each of these suppliers has declared their adherence to the GDPR's requirements for data processors.

Access to your information is granted solely to employees who require it for specific tasks, such as consultants, accounts assistants, and marketing assistants.

‍

12. Cookies

‍

We may obtain data about you from cookies. These are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. Cookies also enable us to deliver more personalised content.

‍

Most web browsers allow some control of most cookies through the browser settings.

‍

12.1 The Cookies we Use:

‍

• Strictly necessary: Essential cookies to enable you to use the site effectively, i.e. applying for a job or submitting a CV. Accepting these cookies is a condition of using the site.
• Functionality: These cookies help our site remember the choices you made, for example, username, and also help make the most of our enhanced features, such as providing news or updates relevant to you.
• Performance: These cookies help us monitor the performance of our site, providing us with the information to constantly optimise and develop our site to get the best user experience for you, for example site visits or source of visitors.
• Personalisation: We use personalisation or targeting cookies to make sure we advertise the jobs that we think may be of interest to you, making your user experience a personalised one
• Third party: As you use our site, you will notice that we have content from other sites, for example, YouTube or Google Maps. We also facilitate the opportunity to engage with us further through social media channels, for example Twitter and Facebook. We use third party cookies to help deliver relevant information to you and integrate content with social networks.
• Google Analytics: These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited.

12.2 Your permission to use cookies

‍

If the settings on your browser that you are using to view our website are adjusted to accept cookies, we take this, and your continued use of our website, to mean that you are happy to have cookies enabled.

‍

12.3 Turning Cookies Off

‍

Please be aware that by not accepting cookies you will not be able to use some key functions of www.sataya.io/ website including:

• Registering with sataya.io
• Signing in to sataya.io
• Applying for jobs on sataya.io
• Submitting a CV

If you don’t want us to store a cookie on your PC to make your journey on our website the best it can be, you can switch cookies off by adjusting your browser settings to stop it from accepting cookies. Each browser acts differently, so remember to check your browsers ‘help’ settings.

Please click here to review our Cookies Policy.

‍

13. Retaining your Data

‍

In most circumstances your data will not be retained for more than 6 years from the last point at which we provided any services or otherwise engaged with you and it is our policy to only store your personal data for as long as is reasonably necessary for us to comply with our legal obligations and for our legitimate business interests. The following sets out the lengths of time we are required by law to retain certain elements of your data:

‍

• For 12 months from the date we last provided our recruitment services to you for the purposes of providing evidence of the recruitment services we provided to you (Regulation 29 of the Conduct of Employment Agencies and Employment Businesses Regulations 2003);
• For 2 years from the end of your last period of engagement or employment for the purposes of providing evidence that right to work checks were carried out under The Immigration (Restrictions of Employment) Order 2007;
• For 3 years from the end of the relevant year for the purposes of any parental/adoption leave records or statutory maternity or paternity pay; and
• For 6 years from the end of each tax year for the purposes of retaining payroll records under the Income Tax (Employment and Pensions) Act 2003,
• For 6 years from the end of each tax year for the purposes of keeping VAT records for any VAT registered limited company contractors.

However, we may retain data for longer than a 6 year period where we have a legal or contractual obligation to do so, or we form the view that there is otherwise a continued basis to do so, for example where your personal information identifies specialist skill sets which may remain in demand, or we are subject to a legal obligation which applies for a longer period. If however you believe that we should delete your personal data at an earlier date, please inform us in writing of your reasons. Please see Section 13 ‘Your Rights’ below.

‍

14. Your Rights

‍

You have the following rights under data protection law:

• Access – to request a copy of the personal data we hold about you.
• Correction – to ask us to correct inaccurate or incomplete data
• Deletion – to ask us to delete your data where we have no lawful reason to keep it.
• Restriction – to ask us to pause or limit our use of your data.
• Portability – to receive your data in a usable format and transfer it to another provider.
• Objection – to object to our use of your data, including for marketing.
• Automated decisions – to not be subject to decisions based solely on automated processing.

You can also withdraw consent at any time where we rely on it.

‍

To exercise your rights, please email info@sataya.io.

You also have the right to complain to the ICO or your local regulator.

‍

15. Contact

‍

If you have any enquiries you can contact us at info@sataya.io.

‍