privacy policy  Stelfox Recruitment

Privacy Policy

Privacy Policy February 2024

Stelfox Limited (“Stelfox”) is committed to respecting and safeguarding your privacy and to complying with all applicable data protection and privacy laws. This privacy policy together with our terms sets out the basis on which any personal data (“Data”) we collect from you, or that you provide to us whilst visiting our website.

By visiting you are accepting and consenting to the practices described in this Privacy Policy. All Data will be obtained fairly. We will make you aware of all purposes that we intend to use your Data for at the time of collection or will be advised to you prior to use. Data will be accurate and complete and, where necessary, kept up to date. Data will be adequate, relevant and not excessive in relation to the purposes for which it was obtained. Data will be kept only for clear and legal purposes. All Data will be processed fairly and in keeping with the purposes for which it was obtained. Data will not be used, disclosed or processed in any manner incompatible with the purposes for which it was obtained.


The purpose of this document is to set out the privacy entitlements of Data Subjects, as defined in the General Data Protection Regulation (GDPR), of living persons.  Privacy can only apply to information that is not already in the public domain and GDPR only applies to such personal data.

The General Data Protection Regulation (GDPR) is a European Union Regulation that sets out the data entitlements of data subjects and the obligations of those who process the personal data of data subjects. GDPR seeks to protect and enhance the rights of data subjects. These rights cover the safeguarding of personal data, protection against the unlawful processing of personal data and the unrestricted movement of personal data within the EU.

Our Company specializes in recruitment, for permanent, contract and temporary positions.  Our company also provides useful tools in the form of employment-related information via our website which is downloaded by anyone who signs up to our website.

Personal Data

Our company collects data from you and uses that data to assist in providing you with the services we have to offer.

If you engage with our recruitment service, when you make contact with us you are agreeing to our company acting as an agent for you in your pursuit of an employment position with a third party until you either opt out (which you can do at any stage) or we decide to desist in promoting you to potential employers. Our company in their capacity as your agent operates as a Data Controller in respect of the personal data you supply to us.  We share your data with third-party Clients in order to advance your prospect of obtaining your desired position and while we require that our clients are GDPR compliant we can make no guarantees or warranties in that regard.

Where you apply on our website, you will be required to share your contacts and CV through an online form. Your details will be sent to the consultant. By applying to the job, you’re agreeing for us to hold your data indefinitely. When applying for a role through our website, you will be directed to our internal ATS system to Bullhorn via Logic Melon. Both Bullhorn and Logic Melon are based in UK. Bullhorn, our CRM provider holds data in the UK, however they have entered into Standard Contractual Clauses (SCC) to allow them to hold EU data outside of the EEA zone.

Stelfox website is managed by a company called Volcanic who are based in the UK.

If you are a candidate applying to use our recruitment services, and if you send us your CV to secure a new role with us we collect the following information from you at initial online application. This information will be added to our secure database.

  • Name

  • Address

  • Email address

  • Telephone numbers

  • Roles that you have previously worked, gathered from your CV

  • Skill set that you possess, gathered from your CV

  • Business sectors worked, gathered from your CV

  • School and college qualifications

  • Your full CV will be added to our database

If you have been shortlisted for a vacancy with us, you will be invited to an internal screening interview at our offices, or via a telephone or Skype call. During this session, we will capture the following information.

  • Your current salary details

  • Your salary expectations for a new role

  • Your referee details

  • Your wishes regarding the next steps in your career

  • Your preference for full time or contract employment

If you are successful in securing a permanent role with us, no further information will be sought. If you are successful in securing a contract role with us where you may be placed on our payroll or you may invoice us as an Independent Contractor, the following information will be required to allow us to facilitate salary/invoice payments to you.

  • Bank account name

  • Bank account sort code

  • Bank account number

  • IBAN and Swift code details

  • PPS details

  • Married / single information to facilitate tax advice

  • Company name and registration no if applicable

Our main purpose in collecting this information is to gather the relevant information on you, your skill set and level of experience. This assists us in finding a role for you that best suits your criteria and that also satisfies the requirements of our clients.

Users of our website can gain access to our resources via an email sent to them when they fill in a data form which asks for their name and email address.  We do not share the resultant database with anyone.

We collect personal data about you from the application forms and questionnaires you may be asked to complete; we also gather personal data from records of our correspondence, phone calls, emails and details of your visits to our website, including but not limited to personally identifying information like Internet Protocol (IP) addresses. This information can be used to identify visitors to our website and also to collect statistics about the behaviour of visitors to our website.

Our website uses cookies; a cookie is a text file that a Web browser stores on a user’s machine. Cookies are a way for Web applications to maintain application state. They are used by websites for authentication, storing website information/preferences, other browsing information and anything else that can help the Web browser while accessing Web servers. HTTP cookies are known by many different names, including browser cookies, Web cookies or HTTP cookies. COOKIEBOT uses cookies to help us identify and track visitors and their website access preferences. If you do not wish to have cookies placed on your computer, you should set your browser to refuse cookies before using our website.

Data Minimisation Principle:We will only collect the information we need so that we can ensure adequate information is provided to our employer/clients consistent with the requirements of the particular placement relevant to you, as the contract is being performed, it may be necessary to obtain further data from you, we will do this if and when it is necessary and only the necessary data will be obtained.  This agency does not sell or broker your data.

How do we collect your personal data?

Currently, there are a number of ways that candidates can contact Stelfox Ltd. and express a wish to engage further with us, these are outlined below. It is important to note that we only accept an official application by each candidate submitting their CV to us via our secure web portal or email.

  • Email application

  • Website application

  • By post

  • Monster recruitment portal

  • IrishJobs recruitment portal

  • Direct text messaging to team members

  • Phone, skype applications

  • Referrals from other candidates

  • Facebook

  • Twitter

  • LinkedIn

  • Relevant marketing, data and digital institutes and places of education

  • Other job boards

  • Online journals and magazines

Data Subjects

This company has different categories of data subjects:

  1. Data subjects who are general candidates looking for temporary or permanent work.

  2. Data subjects who are engaged in a contract of employment by our company to be placed in temporary assignments in our client companies.

  3. Data subjects who are our own internal employees carrying out the work of the recruitment agency and for whom there are a dedicated data protection and confidentiality provision in our staff handbook.

  4. Data subjects who have sought access to our online resources.

  5. Data subjects for whom we have only their contact details because they are contact personnel in our Client, prospective Client and Supplier companies

There are different categories of data required between the differing data subject categories and only the information necessary to conduct the contractual relationship and perform the contract unique to each data subject will be collected.

Legal Basis For Processing Any Personal Data 

We rely upon the following legal bases for data collection:


Candidates: Information is required in order to perform the contract of “Employment agent” on behalf of our candidates with potential employers.  The basis of data gathering in that instance is contractual requirement. This will include identification information such as but not limited to name, address, date of birth, information regarding education/qualifications and reference checks.

Clients/Suppliers: We will process data pursuant to business to business transactions, but where so required, we will rely on the lawful basis of necessary for the performance of the contract for the processing of personal data within this relationship.

Statutory/Legal Obligation: Information is required in order to perform our statutory obligations such as tax returns and compliance with employment permit legislation.  This information will include PPS numbers and, where relevant, evidence of entitlement to work.

Legitimate Interest

Clients: We will utilise personal data in the form of email addresses and contact telephone numbers in order to keep our clients and potential clients informed in relation to the careers and market related information.  We consider that this is in the legitimate interest of our business to maintain our market presence.

Candidates: Information is processed in the legitimate interests of the business of the employment agency, and where so processed it will be in accordance with and subject to your data subject rights and entitlements. We process your data when it is in the legitimate interests of our company to do so and we do this balancing your data protection rights.  We consider that our legitimate interest is that you have registered with us because you are interested in gaining access to the information we provide in relation to salary surveys, marketplace analysis, regulatory changes etc., and/or information in relation to the career opportunities with our clients and prospective clients.

In balancing your data protection rights against this legitimate interest of our company, we have considered:

    1. The frequency of notifications to you in order to ensure that no nuisance is caused to you;

    2. The security and integrity of the data you have provided to us;

    3. Your rights and entitlements to stop the processing of your data with ease and to this end, we put you in control of the data that is accessible on our website

Consent: On occasion, we may rely on consent in the collection and processing of some data. Given the nature of the relationship of agent to Candidate and agent to Client, we consider that consent is not an appropriate ground on which to rely and therefore it will only be utilised in rare occasions.

Vital Interests: Information sought to secure your vital interests, for example next of kin details so that we can contact a family member in the event of an emergency.


A necessity of our contractual engagement is that we share your personal data with our employer/clients in order to assist you in securing a position.  We have in place Data Sharing Agreements (in the form of actual agreements or merely additional clauses within the terms and conditions of engagement between the agency and its clients) or Data Processing Agreements with all such employer/clients and we have done our utmost to ensure that all such parties process your data in a manner that is consistent with this Privacy Notice and GDPR. Our employer/clients may themselves be subject to third-party audits either in the form of ethical audits, governmental/statutorily required audits or legal obligations, these are deemed a necessity of the contract of engagement between you and our company and on this legal basis your personal data will be shared to comply with these requirements.

Links To Other Websites

On occasion, we may include links to third parties on this website. Where we provide a link, it does not mean that we endorse or approve that site’s policy towards visitor privacy. You should review their privacy policy before sending them any personal data.

At times potential employers are based outside of the EEA in such circumstances we will advise you in advance of sending your data to them.

We do not broker or pass on information gained from your engagement with the agency. However, we may disclose your Personal Information to meet legal obligations, regulations or valid governmental requests. The agency may also enforce its Terms and Conditions, including investigating potential violations of its Terms and Conditions to detect, prevent or mitigate fraud or security or technical issues; or to protect against imminent harm to the rights, property or safety of our company, its clients and/or the wider community.


We will process personal data during the duration of any contract and will continue to store only the personal data needed for periods after the contract has expired to meet any legal obligations as set out in the table below.  After these periods any personal data not needed will be deleted.

Candidates who have been successful at the screening stage may have their data retained indefinitely or until such time as they request to be removed from our database.  This is for the purposes of upholding contractual and statutory obligations.

Source of Obligation

Retention Period

Revenue Commissioners, Collector General, Companies Acts legislative provisions

6 years rolling retention of records

Personal Injuries related records

Records are retained for a period of 3 years past the date of the cause of action, unless it involves a minor, in which case the retention period will be up until 3 years after the minor reaches the age of 18.

Breach of Contract related records

Records are retained 6 years from the date of the breach

Employment Agency Candidate for Interviews/Placements Records

Candidates who are unsuccessful at the screening or interview stage and who may hold a different skill set than that required by our clients, will have their data retained indefinitely unless the candidate exercises their entitlement to a termination of processing. Candidates who have been successful at the screening stage may have their data retained indefinitely or until such time as they request to be removed from our database. This is for the purposes of upholding contractual and statutory obligations.

Employment contract/terms of employment-related information

Duration of the employment and 1 year post termination of employment – this includes everything from the application form, interview notes, contract related, performance appraisals, references.

Organisation of Working Time – timesheets/holiday and public holiday records National Minimum Wages Protection of Employment – Temporary Agency Workers, Part Time Workers, Fixed Term Workers Protection of Young Persons

3 years post the termination of the employment.  Records kept are sufficient to show compliance with legal obligations in accordance with the statutory provisions.

Protected Leave Related

8 years – records kept show the dates when a qualifying employee availed of the parental leave and force majeure leave provisions.

Employment Equality

All records, including interviews and applications are kept for a period of one year.

Health and Safety Records

All records relating to health and safety will be kept for a period of 10 years

Data Law Compliance

Records in relation to our compliance with Data Law and GDPR will be kept for a five year period.

Statutory Sick Pay Records

Records must be retained for a period of four years.

Domestic Violence Leave Records

The employer must keep records of all domestic violence leave taken by employees. These records must be kept for a period of 3 years.

Data Storage

Data is held in Ireland using different (multiple) servers. We do not store personal data outside the EEA.

We do our utmost to protect user privacy through the appropriate use of security technology. We ensure that we have appropriate physical and technological security measures to protect your information.

Unfortunately, the transmission of information via the internet is not completely secure.  Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk.  Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

Your Rights As A Data Subject 

For the entirety of the time that we are in possession of your data, you have the following rights:

  • Right of access– you have the right to request a copy of the information that we hold about you.

  • Right of rectification– you have a right to correct data that we hold about you that is inaccurate or incomplete.

  • Right to be forgotten– in certain circumstances you can ask for the data we hold about you to be erased from our records and we will comply with this request in accordance with our own obligations to keep records for statutory purposes

  • Right to restriction of processing– where certain conditions apply you have a right to restrict the processing.

  • Right of portability– you have the right to have the data we hold about you transferred to another organisation.

  • Right to object– you have the right to object to certain types of processing such as direct marketing.

  • Right to object to automated processing, including profiling – you also have the right not to be subject to the legal effects of automated processing or profiling.

These rights may on occasion need to be modified/curtailed by statutory or competing obligations, for example, you may request that we delete your data, however if we have been your employer will can only do so after the statutory period of record retention has expired.  In the event that we are obliged to refuse your request in accordance with your data subject rights, or if we are obliged to place conditions on our assent to your request, we will provide you with a reason as to why, which you have the right to legally challenge.

At any time following a request from you we can confirm what information we hold about you, as well as how and why it is being processed.

You Can Request The Following Information:

    • Identity and the contact details of the person or organization that has determined how and why to process your data.

    • Contact details of the data protection officer, where applicable.

    • The purpose of the processing as well as the legal basis for processing.

    • If the processing is based on the legitimate interests of our company or a third party such as one of its clients, information about those interests.

    • The categories of personal data collected, stored and processed.

    • Recipient(s) or categories of recipients that the data is/will be disclosed to.

    • How long the data will be stored.

    • Details of your rights to correct, erase, restrict or object to such processing.

    • Information about your right to withdraw consent at any time.

    • How to lodge a complaint with the supervisory authority (Data Protection Regulator).

    • Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and the possible consequences of failing to provide such data.

    • The source of personal data if it wasn’t collected directly from you.

    • Any details and information of automated decision making, such as profiling and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing.

To Access What Personal Data Is Held, Identification Will Be Required 

We will accept the following forms of ID when information on your personal data is requested: a copy of your national ID card, driving license, passport, birth certificate and a utility bill not older than three months. A minimum of one piece of photographic ID listed above and a supporting document is required. If we are dissatisfied with the quality, further information may be sought before personal data can be released.

All requests should be made to gdpr@stelfox.comor writing to us at 239/240, Capel Buildings, Mary's Abbey, Dublin 7, Ireland.


In the event that you wish to make a complaint about how your personal data is being processed by us or by our partners, you have the right to complain to

If you do not get a response within 30 days you can complain to the OFFICE OF THE DATA COMMISSIONER, Supervising Authority of Ireland.

Data Protection Commissioner 

Canal House

Station Road


R32 AP23 Co. Laois 

Telephone:  +353 57 8684800

Lo Call Number: 1890 252 231