Privacy Policy

We are Cydea, a limited company registered in England & Wales. Our registered address is Cydea Ltd, 99 Park Drive, Milton Park, Abingdon, OX14 4RY.

We use third party services to develop, manage and deliver our services, publish work, keep in touch with people and understand how we can do these things better.

Here you can find out what these services are and how we handle data for website visitors, potential and existing clients, and job applicants.

Regular review

Every quarter, we review our documentation of the data we handle and third party services we use. This helps us continuously improve our processes and hold ourselves to account.

If necessary we will update this document.

The current version of our privacy notice will be available on our website: https://cydea.com/privacy/. You can see previous versions and changes on GitHub.

This notice was last reviewed and updated on 10th July 2023.

Website visitors

What type of information we have

We may collect and process information for visitors to our websites including:

  • IP address
  • Timestamp of visit
  • Country of visit
  • Referrer (the site or page you arrived from)
  • Operating system
  • Browser
  • Screen resolution
  • Device type
  • Device brand and model
  • Pages visited during session

How we get the information and why we have it

Most of the personal information we process is provided to us directly by you by visiting one of our websites.

Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are:

  • Your consent. You are able to remove your consent at any time (see below)

What we do with the information we have

We use the information that you have given us in order to understand how visitors are using our websites and improve their experience.

How we store your information

We primarilly use Google Analytics to store this information and they are the data processor of this information. You can view how they safeguard your data and privacy policy, as well as details of how you can opt-out of this collection.

We keep website visitor information for 26 months. We will then dispose of your information automatically on a monthly basis.

We may also use services from LinkedIn to understand aggregate information about the sectors, typical job titles, geographic locations and other metadata about visitors to our website and the content they have interacted with. This is only available above a threshold of 300 visitors and they also provide methods to opt-out and manage your LinkedIn cookie preferences.

Potential and existing clients

What type of information we have

We currently collect and process the following information from potential and existing clients who are interested in conducting business with us:

  • Name
  • Email address
  • Phone number
  • Social media
  • Job title
  • Company
  • Company address
  • Working hours
  • Website visitor information (see above)
  • Testimonials

How we get the information and why we have it

Most of the personal information we process is provided to us directly by you for one of the following reasons:

  • You have contacted us because you are interested in our services
  • You have provided a testimonial for our services

We also receive personal information indirectly, from the following sources in the following scenarios:

  • Client referrals where an existing client may believe our services are of use to a potential client

Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are:

  • Your consent. You are able to remove your consent at any time (see below)
  • We have a contractual obligation

What we do with the information we have

We use the information that you have given us in order to create and manage client relationships.

We may share testimonial information with other potential and existing clients.

How we store your information

Your information is securely stored in our Customer Relationship Management (CRM) system that is hosted within the European Union. It is accessed from, and therefore copies may temporarily be stored on devices within, the United Kingdom (where we are based) or from those same devices in other countries where we are traveling to for short periods of time (e.g. to conferences).

We keep potential client data for 24 months from last contact or activity. We keep existing client data for 36 months from last contact or activity.

Where an existing client provides a testimonial this is stored in our CRM system and may be published on our website and in other promotional materials. We will keep this information for 60 months.

We will then dispose your information by deleting your records from our CRM system and removing any testimonial from our website and promotional materials.

Job applicants

What type of information we have

We currently collect and process the following information for job applicants interested in joining our team:

  • Full name
  • Email address
  • Phone number
  • CV and supporting information
  • Covering letter
  • References
  • Notes from interviews

We don’t collect any special category data or ask for any background checks as part of the application process.

How we get the information and why we have it

Most of the personal information we process is provided to us directly by you for one of the following reasons:

  • You are interested in working for Cydea

We also receive personal information indirectly, from the following sources in the following scenarios:

  • Staff referrals
  • Social media
  • Recruitment agencies (we only accept candidate profiles from agencies we have commercial relationships with)

Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are: (a) Your consent. You are able to remove your consent at any time (see below)

What we do with the information we have

We use the information that you have given us in order to assess suitability for a role and communicate with job applicants.

How we store your information

Your information is securely stored on our applicant tracking system, email, and file server. Only staff involved in the recruitment process have access to job applicant data.

Job applicant data are deletedwith 6 months when a candidate leaves the recruitment process, is offered a job, or their application is unsuccessful. If a job applicant has requested we notify them of other roles they may be interested in with will keep this information for 18 months. We will then dispose your information by deleting it from our file server.

Virtual SMEs

What type of information we have

We currently collect and process the following information for Virtual Subject Matter Experts (SMEs) that support delivery of our services from time-to-time as associates of Cydea:

  • Full name
  • Email address
  • Phone number
  • CV and supporting information
  • LinkedIn Profile URL
  • Typical day rate
  • Ideal roles
  • Notes from interviews
  • Your consent to use your likeness in proposals
  • Self-declaration of your right to work within the UK

We don’t collect any special category data or ask for any background checks as part of the application process.

How we get the information and why we have it

Most of the personal information we process is provided to us directly by you for one of the following reasons:

  • You are interested in working for Cydea

We also receive personal information indirectly, from the following sources in the following scenarios:

  • Referrals
  • Social media

Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are: (a) Your consent. You are able to remove your consent at any time (see below)

What we do with the information we have

We use the information that you have given us in order to assess suitability for a role and communicate with candidates for roles that we are not able to resource directly.

How we store your information

Your information is securely stored in a CRM system and file server. The CRM system is hosted in the United States and we have adopted the European Union ‘Standard Contractual Clauses’ to protect your data. Only staff involved in the resourcing process have access to Virtual SME data.

Virtual SME data are deleted when a candidate indicates that they no longer wish to work with us. You ca do this by following the ‘opt-out’ links on any Virtual SME communications. If a Virtual SME candidate has requested we notify them of other roles they may be interested in with will keep this information for 18 months from our last point of contact. We will then dispose your information by deleting it from our CRM and file server.

Data sharing

We are Data Controller for your information. We may rely on third-parties to act as a Data Processor on our behalf. We have reviewed the privacy policies of third-party services we use. They provide adequate protections when information is shared outside of the European Economic Area.

We do not engage in other data sharing arrangements, though exemptions to data protection regulations may require us to share data about you, for example if requested by law enforcement.

Data breaches

In the event of a data breach, we are required to notify the Information Commissioner’s Office. We will do so following their guidance.

Your data protection rights and getting in touch

Under data protection law, you have rights including:

  • Your right of access - You have the right to ask us for copies of your personal information.
  • Your right to rectification - You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
  • Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
  • Your right to restriction of processing - You have the right to ask us to restrict the processing of your information in certain circumstances.
  • Your right to object to processing - You have the right to object to the processing of your personal data in certain circumstances.
  • Your right to data portability - You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances.

Getting in touch with us

Please contact us at privacy@cydea.com if you wish to make a request.

You are not required to pay any charge for exercising your rights. If you make a request, we will respond to you within 28 days.

If you still have concerns

We are registered with the UK Information Commissioner’s Office (ICO). You can make a complaint to the ICO if you are unhappy with how we have used your data.

Their address is: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

You can also contact them by telephone using their Helpline number: 0303 123 1113.