Privacy Notice

Dated: 17.07.2025, Last updated: 17.07.2025

This privacy notice (Privacy Notice) details how Astral Consulting Services Limited (Astral) and the Oliver James group collects, uses and processes personal data, and complies with legal obligations.

Our contact details: [email protected] 

This Privacy Notice applies to Candidates, Clients, Employees, Suppliers, and any other individuals or entities whose data Astral may collect, store, or process in connection with the provision of recruitment services or other business communications and activities. The notice applies to visitors to the Astral website, including registered users.

Astral is subject to any applicable data protection, privacy and electronic communications regulations globally, this includes: the General Data Protection Regulation (Regulation (EU) 2016/679); the UK Data Protection Act 2018 and any applicable laws, regulations, and any local implementing legislation (Data Protection Legislation).​

For the purposes of this Privacy Notice the following definitions shall apply:

Candidate means an independent contractor, temporary employee, and a permanent role candidate, including a contractor or PAYE candidate working directly via an agency or through an umbrella company; as well as people who have supplied a speculative CV to Astral and Candidates shall be interpreted accordingly.

Client means an Astral customer, client (including managed service providers and recruitment processing outsourcing companies) and other parties to whom Astral provides Services. Clients shall be interpreted accordingly.

Employee means a prospective employee of Astral and Employees shall be interpreted accordingly.

Personal Data means any information relating to an identified or identifiable natural person.

Services means Astral recruitment services and recruitment management services, which include locating work for persons registered on the Astral database of Candidates, issuing offers for work on behalf of the Client, marketing the Astral Services to Clients and Candidates, supporting and managing the Candidate application process, introducing Candidates to Astral Clients, managing the ongoing relationship between Astral and Candidates or Clients, and all other actions reasonably necessary to ensure the smooth running of the Astral business.

Special Category Personal Data means personal data that merit specific protection under Data Protection Legislation. This includes data related to genetic, biometric and health data, sexual orientation, as well as personal data revealing racial and ethnic origin, political opinions, religious or ideological convictions or trade union membership.

Suppliers means suppliers and prospective suppliers of services to Astral.

Personal Data processed by Astral

Subject to Data Protection Legislation Astral may process some or all of the following categories of Personal Data:

  • name, title, addresses, telephone numbers, and personal email addresses;
  • age/date of birth;
  • next of kin and emergency contact information;
  • social security number/national insurance (or equivalent in the relevant country) and any other tax-related information;
  • salary, annual leave, pension and benefits information;
  • right to work documentation;
  • references and other information included in a CV or cover letter or as part of the application process (including psychometric test scoring and results);
  • work history and employment records (including job titles, working hours, training records, work experience, skills and professional memberships);
  • financial information (where needed to carry out financial background checks);
  • information on interests and needs regarding future employment, both collected directly and inferred, for example from jobs viewed or articles read on Astral website;
  • photographs;
  • feedback from Clients on Candidate performance;
  • extra information that is voluntarily shared with Astral by referees, Clients or Candidates;
  • other information relevant to help us provide recruitment services including insurance details and company details;
  • marketing preferences;
  • website user journey info:
    • Technical information, including login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform.
    • ​Information about visits, including the full Uniform Resource Locators (URL) clickstream, through Astral site (including date and time); services viewed or searched for; page response times, download errors, length of visits to certain pages and page interaction information (such as scrolling or clicks).

Subject to Data Protection Legislation Astral may process some or all of the following categories of Special Category Personal Data:

  • health information, including information relating to any disability, to comply with Astral legal obligations to make reasonable adjustments to Services, for example, if special arrangements for an interview are required;
  • where required by law or where this is a condition of contract imposed by a Client for the position a Candidate has applied for (such as information relating to criminal convictions).

Collection of Personal Data 

Astral may collect Personal Data:

  • directly from a Candidate who registers with or contacts Astral in relation to Services;
  • when Astral contacts Candidates, Clients or other third parties by telephone (including call recording and transcription), SMS, email, social media, or other means;
  • throughout the application and recruitment process, either directly from Candidates, Employees or from third parties, including recruitment agencies, previous employers, credit reference agencies, background check providers, job boards or referral;
  • from publicly available sources including social media sites such as LinkedIn; and
  • from Clients in relation to Candidate performance.

Processing of Personal Data

Astral may process Personal Data in the following situations:

  • to provide Astral Services to Clients or Candidates (including arranging interviews, negotiating compensation packages, providing feedback, conducting compliance checks, producing invoices, and any other relevant purposes for the provision of Services);
  • to enable Candidates to submit information, apply online (including through websites) for jobs or to subscribe to alerts about jobs Astral think may be of interest to Candidates;
  • to facilitate the supply of services from Suppliers to Astral;
  • to manage Astral relationship with Candidates, Clients or other third parties;
  • to develop and market other services offered by Astral (where consent has been provided for such purposes);
  • ensure network and information security, including preventing unauthorised access to Astral computer and electronic communications systems and preventing malicious software distribution; and
  • to comply with any legal obligations.

Where relevant for Candidates, Astral may also use Personal Data to:

  • check Candidate legal entitlement to work in the relevant country where a Client is seeking Services.
  • ascertain fitness to work;
  • carry out pre-employment screening checks;
  • verify compliance information, which Astral may do using publicly available sources;
  • monitor use of Astral information and communication systems to ensure compliance with Astral IT policies; and
  • conducting data analytics studies to review and better understand Employee retention and attrition rates.

Legal bases for processing Personal Data

Astral will only process Personal Data when there is a relevant legal basis for processing. Most commonly, Astral will process Personal Data in the following circumstances:

  • to perform contractual obligations including the provision of Services
  • to comply with legal obligations;
  • where it is necessary for Astral legitimate interests to ensure the smooth running of Astral business as a recruitment agency so long as these activities do not disproportionately intrude any individual’s privacy; or
  • where consent has been provided for Astral to use an individual’s  information.

As such Astral may process Personal Data without knowledge or consent, where this is required or permitted by Data Protection Legislation.

Failure to provide Personal Data

Failure to provide certain Personal Data or other information when requested may prevent Astral from being able to provide Services or carry out contractual obligations. This may mean that Astral is unable to introduce Candidates to Clients or provide payment to Candidates.

Change of processing purpose

Astral will only use Personal Data for the purposes for which it is collected, unless Astral reasonably consider that it is necessary to use Personal Data for another purpose which is compatible with the original purpose.

Automated Decision-Making 

Astral leverages modern technologies to enhance the recruitment process and increase efficiency. This includes, where appropriate, the use of automated technologies for the provision of summaries and descriptions. This may also include the processing of Personal Data by automated means, subject to adherence to Data Protection Legislation. At present all Astral recruitment activities involve human-decision making, although Astral may in the future use fully automated technologies such as expert systems or machine learning to complete a Candidate selection process from end-to-end, where appropriate and in accordance with Data Protection Legislation. Astral may use automated processes to review the Personal Data provided to Astral to supplement the information available to Astral consultants.

Where required, Astral will seek consent to carry out some or all these activities. If consent is not provided this is likely to decrease the likelihood of Astral successfully making a Candidate referral.

Data Sharing

Astral may share Personal Data with the following third parties who might process Personal Data for their own purposes:

  • potential Clients to find Candidates suitable positions;
  • Clients that Astral have placed candidates with to manage the ongoing relationship and to raise invoices or make payments;
  • other recruitment agencies and intermediaries, including a Candidate service provider (if applicable) to place a Candidate for a position and for the management of the relationship;
  • individuals and organisations who hold information related to Candidate references or applications to work with us, such as current, past or prospective employers, educators and examining bodies and employment and recruitment agencies; third parties who Astral have retained to provide services to use, including KYC services (such as reference, qualification and, if applicable, criminal convictions checks;
  • Astral Service Providers such as IT support, mailing services, payroll, website hosting, other third-party service providers who perform services on Astral’s behalf (including external technical consultants);
  • on a business or asset sale, to the prospective buyer of such Astral business or assets;
  • Astral business associates and professional advisers such as lawyers, auditors and accountants, tax, audit, or other authorities; and
  • Astral international offices for the purpose of providing Services. All offices within Olier James have access to the Astral centralised system used for placing candidates globally.

All Astral Suppliers and other entities in the Oliver James group are required to take appropriate security measures to protect Personal Data in line with Astral policies.  Where possible, Astral does not allow Suppliers to use personal data for their own purposes.

​ Astral may share the results of diversity and inclusion monitoring on an anonymised, aggregated basis.

Data Storage

Astral will store Personal Data on the Astral central database which is held on secure servers within the European Economic Area (EEA). Information stored on the Astral database may be accessed by Astral or Oliver James group companies from local offices within the EEA (Dublin, Amsterdam, Frankfurt, Milan, Antwerp and Brussels), from offices in countries that have received an Adequacy Decision (London, Manchester) and from Astral offices located outside the EEA (United States, Hong Kong and Singapore).

To ensure Personal Data receives an adequate level of protection, Astral has put in place standard contractual clauses adopted by the European Commission between Astral and the Oliver James Group members. This ensures that to that extent any data is transferred outside of the EEA by Astral is treated in a way that is consistent with and which respects Data Protection legislation.

Data Security

Astral have put in place appropriate security measures to prevent Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered, or disclosed. Astral has put in place procedures to deal with any suspected data security breach and will notify relevant parties and any applicable regulator of a suspected breach where legally required to do so.

Astral utilises strict access controls (including physical access controls), encryption, regular back up, monitoring and logging of access, intrusion detection and prevention (inc. Incident response plan) along with additional security measures to ensure the integrity of stored Personal Data and maintain required levels of protection as set out in relevant Data Protection Legislation.

Data Retention

Astral makes commercially reasonably efforts to ensure that Personal Data is deleted as soon as the purpose for which the Personal Data was collected is no longer relevant.

Personal Data may be retained for the purposes of satisfying any legal, accounting, or reporting requirements and as required for the provision of Services. Any retention of personal data will be done in compliance with Data Protection Legislation and industry standards.

Astral operates anonymisation, archiving and deletion processes where appropriate.

Personal Data Rights

Under Data Protection Legislation, data subjects may have certain rights in relation to their Personal Data including:

  • Right of access – the right to ask Astral for copies of Personal Data.
  • Right to rectification – the right to ask Astral to rectify Personal Data which is inaccurate or to complete information which is incomplete.
  • Right to erasure – the right to ask Astral to erase Personal Data in certain circumstances.
  • Right to restriction of processing – the right to ask Astral to restrict the processing of Personal Data in certain circumstances.
  • Right to object to processing – the right to object to the processing of Personal Data in certain circumstances.
  • Right to data portability – the right to ask that Astral transfer Personal Data to another organisation, or to the data subject, in certain circumstances.
  • Right to withdraw consent – When consent is used as the lawful basis for Personal Data processing this consent can be withdrawn.

To contact Astral about Personal Data rights please contact: [email protected].

Astral may need to request specific information to help confirm an individual’s identity and establish any right to access the relevant Personal Data.

Additionally, data subjects have the right to lodge a complaint with the relevant supervisory authority.

Changes to this Privacy Notice 

This Privacy Notice may be updated from time to time, and the updated version will be posted onto the Astral website.