To that end, please note that you have the right to object:
- at any time to STAM’s use of your personal information for direct marketing purposes;
- to STAM’s processing of your personal information where it is based on our legitimate interests, unless we have compelling legitimate grounds to process the information, or we need to do so in relation to legal claims.
STAM collects, receives, stores and processes the following information:
- information that you provide when using the Site, including information you provide when registering to use certain portions of the Site;
- information you provide when applying for a job with STAM which includes the information you provide within any CV submitted to STAM;
- any information you provide when subscribing to any marketing or mailing initiatives;
- information contained in, or relating to, any communications you send to us or send through the Site (including the communication content and meta data associated with the communication).
STAM will use your personal information for various purposes which include:
- to provide our services to you;
- to administer the Site;
- to maintain our business relationship, where you are a user of the Site, a client or a recruitment candidate;
- to provide you with information that you have specifically requested or that we have asked if you would like to receive including marketing and invitations to conferences and/or events;
- to deal with enquiries and complaints made by or about you relating to us or the Site;
- to keep the Site and systems secure and prevent fraud;
- where relevant, to meet legal, regulatory and compliance requirements;
- where relevant, for the establishment, exercise or defence of legal claims;
- to protect the rights, property, or safety of STAM, our clients, or others;
- to compile anonymous statistical data about the use of the Site to improve its content and usability.
Under the GDPR, the main grounds that STAM relies upon in order to process your personal information are the following:
- Necessary for entering into, or performing, a contract – in order to perform obligations that we undertake in providing service(s) to you, or in order to take steps at your request to enter into a contract with us, it will be necessary for us to process your personal data;
- Necessary for compliance with a legal obligation – we are subject to certain legal requirements which may require us to process your personal data. We may also be obliged by law or for national security reasons to disclose your personal data to a regulatory body, government agency, court of competent jurisdiction, regulatory body or law enforcement agency in response to a lawful request submitted by court order, subpoena, warrant, or similar legal mechanism that carries equal weight;
- Necessary for the purposes of legitimate interests – either we, or a third party, will need to process your personal data for the purposes of our (or a third party’s) legitimate interests, provided we have established that those interests are not overridden by your rights and freedoms, including your right to have your personal data protected. Our legitimate interests include responding to requests and enquiries from you or a third party, optimizing our website and customer experience, informing you about our services and ensuring that our operations are conducted in an appropriate and efficient manner;
- Consent – in some circumstances, we may ask for your consent to process your personal data in a particular way. To the extent that we are processing your personal information based on your consent, you will have the right to withdraw your consent at any time. You can do this by contacting us using the details in the Contact section at the bottom of this page.
You have certain rights in relation to personal information we hold about you. Details of these rights and how to exercise them are set out below. We will require evidence of your identity before we are able to act on your request.
You have the right at any time to ask us for a copy of your personal information that we hold. Where we have good reason, and if the GDPR permits, we can refuse your request for a copy of your personal information, or certain elements of the request (for example, if we would also be disclosing third party personal data). If we refuse your request or any element of it, we will provide you with our reasons for doing so.
If personal information we hold about you is not accurate, out of date or incomplete, you have a right to have the data rectified, updated or completed. Therefore, please advise us of any changes to your information. You can let us know by contacting us using the details in the Contacts section at the bottom of this page.
In certain circumstances, you have the right to request that personal information we hold about you is erased e.g. if the information is no longer necessary for the purposes for which it was collected or processed or our processing of the information is based on your consent (which you wish to withdraw) and there are no other legal grounds on which we may process the information.
STAM does not intend that children should visit the Site. STAM understands that children merit special protection and will never knowingly process their personal information.
STAM will not share any personal information collected on the Site with third parties unless required by law, required to enable the fulfilment of the purpose for which the personal information was originally supplied or as otherwise set out in this policy. STAM may transfer all or part of its business in the circumstances of a merger or sale of part or all of its business. In such circumstances personal information you supply may be transferred but this will be only in circumstances where the acquiring company has agreed to the same standards and terms of privacy as are set out in this policy. Control Risks remains liable to you in respect of its obligations concerning your personal data in cases of onward transfers to third parties.
- necessary for the purpose of our or our client’s legitimate interests. These interests may include ensuring that the client does not take actions that could result in legal liability, reputational impact or other adverse effects;
- necessary for the prevention or detection of an unlawful act;
- necessary for the establishment, exercise or defence of a legal claim;
- the data has been manifestly made public by the data subject.