For the Attention of Vacancysoft subscribers

The effective date of this document is 25th May, 2018


Vacancysoft LLP is UK registered business, company registration number OC327354.

Vacancysoft LLP has previously entered into a contract for the supply of data with <<Client Name>>, where the data supplied is what they have specifically requested.

 This document constitutes a breakdown of the data policies and processes implemented by Vacancysoft LLP so it is compliant with GDPR, specifically in regards to its statutory duties as a data processor.

This document also outlines the terms by which clients can use the data, they purchase from Vacancysoft.


Data regulation:

The GDPR Data Protection regulations taking effect from 25th May 2018, specifically ((EU)2016/679) In the event the GDPR is no longer applicable in the UK the prevailing Data Protection act 1998 will constitute the legal framework for data protection. Similarly, in the event new regulations take effect which supersede GDPR and/or the data protection act 1998, Vacancysoft LLP will provide an update to our terms to ensure ongoing compliance.

Personal Data:

The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular in reference to an identifier.

This definition provides for a wide range of personal identifiers to constitute personal data, including their name and even pseudonym in the event it is easy to attribute it to a particular individual.

Sensitive Personal Data:

The GDPR refers to sensitive personal data as “special categories of personal data.” Special categories include genetic, biometric, ethnic or religious data amongst other categories.


a. Vacancysoft LLP is registered with the ICO under registration number ZA377784 and as such is compliant with the requirements set out by the ICO. Through this registration,  Vacancysoft has authorisation to collect personal data captured online when it is directly relevant to the commercial business proposition. Information captured may include personal data such as who the hiring contact is, within a given organisation.

 b. Vacancysoft LLP acknowledge that for the purposes of the Data Protection legislation, Vacancysoft is the data processor.

c. Vacancysoft LLP in order to deliver on its contractual obligations, uses a third party processor, namely Vacancysoft s.p.zoo, which is a separate legal entity based in Poland. e. Staff within Vacancysoft s.p.zoo have full and unfettered access to the personal data of the data controller supplied to Vacancysoft LLP. <<Client name>> accepts that the personal data supplied to Vacancysoft LLP for the delivery of services agreed in contract, will require that personal data to be shared with Vacancysoft s.p.zoo.

  •  For the avoidance of doubt, Vacancysoft s.p.zoo is regulated by the Polish equivalent of GDPR (RODO) which is derived from the same EU legal framework and is equivalent in every way. 

d. As part of this agreement Vacancysoft LLP is also authorised by <<Client name>> to provide access to other parties to the personal data of the <<Client name>> but only when deemed necessary for the delivery of the contract Vacancysoft LLP has with the <<client name>>

e. Vacancysoft LLP commit to comply with all applicable requirements of the GDPR regulation. In order to achieve this, data processing protocols are as follows for the personal data supplied by <<client name>>


  1. All personal data provided is used for the explicit purpose of enabling personalised data feeds by email, also to allow for personal access to the Vacancysoft Search function.
  2. Personal data supplied is also incorporated into relevant market intelligence reports email distribution channels, such as the fortnightly Recruitment Industry Insights newsletters.
  3. As part of this, Vacancysoft LLP stores all personal data on secured servers which only designated staff have access to.
  4. When <<Client name>> informs Vacancysoft LLP that individuals are no longer working in the organisation, Vacancysoft LLP commits to archiving the relevant information.
  5. Should any individual want to know what information Vacancysoft LLP holds about them, they have the right to request through gdpr@vacancysoft.com, where Vacancysoft LLP commit to responding within 30 days in writing and will not charge to handle the request, unless extenuating circumstances apply.
  6. Should any individual want to have the information held about them by Vacancysoft LLP edited or deleted, they have the right to request this through gdpr@vacancysoft.com, where Vacancysoft LLP commit to responding within 30 days in writing stipulating what action has been taken. Vacancysoft LLP will not charge to handle the request, unless extenuating circumstances apply.
  7. In the event <<client name>> cancels their contractual agreement with Vacancysoft LLP, Vacancysoft LLP reserves the right to keep the information supplied under the grounds of legitimate business interests, so to contact individuals within that organisation in the future about recommencing their subscription.
  8. Vacancysoft commits to not requesting or processing sensitive personal data.


        a. Vacancysoft LLP commits to implementing appropriate technical and organisational measures, to protect against unauthorised or unlawful processing of personal data. To ensure this, we commit to:

          1. Having an information security policy, which <<client name>> can request to have access to. This encompasses robust breach detection, investigation and internal reporting procedures.
          2. Have a designated person responsible for the implantation and management of the information security policy.
          3. Have backup processes in place, in the event of any incidents to restore access to personal data for the purpose of service delivery.
          4. Conduct regular testing and reviews of security measures to ensure they remain effective and act on those results where they highlight areas for improvement.


            b. Vacancysoft LLP ensures that all personnel who have access to and/or process Personal Data:

              1. Keep the personal data confidential.
              2. Do not transfer the personal data outside of the EEA unless there is clear written approval by the data processor. 
              3. Assist <<client name>> with any specific request regarding a data subject so ensuring compliance with its obligations under the data protection regulation. 
              4. Notify <<client name>> within 24 hours of becoming aware of a material personal data breach.


                a. Clients who subscribe to Vacancy Tracker are supplied vacancy data where the IP belongs to Vacancysoft LLP, while the client is entitled to use this data as part of their standard operations.

                b. Vacancy data therefore is for internal use only, meaning that there is no right to republish data gathered in the public domain, either in granular or aggregate form, without prior agreement.

                c. Clients who subscribe to Vacancy Tracker are also provided access to the client portal (https://client.vacancysoft.com) which gives them the opportunity to download data which they have subscribed to, up to five years retrospectively.

                d.Clients who subscribe to Vacancy Analytics are provided access to the analytics portal sitting between (https://client-v2.vacancysoft.com/home) and (https://client.vacancysoft.com) which also has download functionality for vacancy data.

                e.For reference only, Vacancysoft also make available a directory of companies which we gather from, to enable clients to make recommendations of businesses they would like to see monitored. This data is not available for download, equally if clients wish to have Vacancysoft organisational data for their own purposes, it is available at a price point of £20 per row, where this would include all requested data listed on the site.

                f.Vacancysoft LLP do not grant permission to clients to gather data not otherwise available to download, either manually or through automated processes, unless there is prior agreement.

                4. GDPR CONTACT PROTOCOLS

                a. In the event further clarification is needed in regards to anything stipulated above, in the first instance please address any correspondence to: gdpr@vacancysoft.com. A response will be made within 24 hours.

                b. Otherwise, the designated contact within Vacancysoft LLP for any questions in regards to the data policies implemented as a result of GDPR is the Chief Executive Officer.

                Contact us

                If you have any questions about this privacy pledge or feel that your privacy has been compromised, please contact us at support@vacancysoft.com.