GRADSMART LTD – Privacy and Cookie Policy

Last updated May 2023


Your privacy is important to GradSmart Ltd. This policy sets out information on the personal data we collect about you, and your rights in respect of this data. This policy applies whether you use  or interact with our website (, and our related or associated web pages, social media platforms, landing pages or other online platforms (the “Websites” ).

Our Websites may contain links to third party websites that are not covered by policy. We therefore ask you to review the privacy statements of other websites and applications to understand their information practices.

This policy contains the following information:

  • Information about who we are

  • The changes we may make to the policy

  • Information on what we can collect

  • Information on cookies

  • How we store your personal data

  • How we disclose your information

  • Your rights regarding your personal data

  • What happens when we link to other websites

  1. Who We Are

Our company name is GRADSMART LTD (12329845). Our registered address is 9 Sandy Lane, Skelmersdale, England, WN8 8LA. We are the data controller and responsible for your personal data. If you have any questions about this privacy policy, including any requests to exercise your legal rights, please contact us using the contact details set out below.

Contact details

Our full details are:

Full name of legal entity: GRADSMART LTD

Contact: Jack Lam 

Postal address: 9 Sandy Lane, Skelmersdale, England, WN8 8LA

Email address: [email protected] 

We respect your right to privacy and will only process personal information about you in accordance with applicable data protection laws. We comply with General Data Protection Regulation (2016/679) (GDPR) and the UK Data Protection Act 2018. If any of these laws are replaced or superseded, we will also comply with that.

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues ( We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance. 

  1. Changes to the privacy policy and your duty to inform us of changes 

We keep this privacy notice under regular review and, if we make any changes to this notice, we will place an updated version on our website and, where appropriate, notify you by e-mail. Regularly reviewing this page ensures you are always aware of what personal information we collect, how we use it and under what circumstances, if any, we will share it with other parties.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

  1. What we may collect

Personal data, or personal information, is any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, use, store and transfer different kinds of personal data about you when you use our Websites. Whenever we collect personal data about you, we must have a legal ground to do so.  We will ensure that your personal data is processed lawfully, fairly, and transparently without adversely affecting your rights. The type of data we collect is as follows:

Table 1

Type of data 


Lawful Basis 

Identity Data

includes first name, last name, username, job title, social media account, or similar identifier. When you email, phone, live chat or otherwise, we may collect information such as your first name, last name, email address and phone number. 

includes, job specific details including preferred location, industry and company size. 

includes, details regarding employment and education, such as degrees, employment history.

We will use this information to carry out the contract with you and manage our relationship with you. 

This information is necessary for us to perform our contract with you, i.e. to give you access to the service our Website provides.

This information is also necessary to comply with our legal obligation to inform you if we change this policy or our terms and conditions.

We also have a legitimate interest to keep our records updated to ensure we are providing you with the best possible service.

Contact Data

includes email address and telephone numbers.

This information is necessary for us to perform our contract with you, i.e. to give you access to the service our Website provides.

We also need this data to allow third parties (i.e. employers) to present relevant content, products and services to you.

Personality Data

includes information about yourself that you input into our personality test.

This information is necessary for us to perform our contract with, i.e. to give you the outcome of your personality test, which can then be used for the rest of your experience using the Website.

Technical Data

includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our websites.

This information is necessary for us to perform our contract with you, i.e. to give you access to the service our Website provides.


Interaction Data

includes any information that you might provide to any discussion forums on our websites.

This information is necessary for us to perform our contract with you, i.e. to give you access to the service our Website provides.

We also need this information to study how you use our Website, in order to improve and develop the services we provide, and better inform our marketing strategies.

Cookies Data

like many websites, we use "cookies" to enhance your experience and gather information about visitors and visits to our websites. Please refer to the "Do we use 'cookies'?" section below for information about cookies and how we use them and what kind.

This information is necessary for us to perform our contract with you, i.e. to give you access to the service our Website provides.

We also need this information to study how you use our Website, in order to improve and develop the services we provide, and better inform our marketing strategies.

Third Parties and Information

we receive from other sources. We may receive information about you if you use any of the other websites we operate. In this case we will have informed you when we collected that data that it may be shared internally and combined with data collected on our websites or through our services. We are also working closely with third parties (including, for example, business partners, suppliers, sub-contractors, advertising networks, analytics providers, and search information providers) and may receive information about you from them. 

This information is necessary in order to perform a contract that you have entered into, or to take steps at your request before entering into a contract.

Marketing and Communications Data

includes your preferences in receiving marketing from us and our third parties and your communication preferences.

This information is necessary for our legitimate interest to present relevant content, products and services to you (only where you have provided your consent that we do so).


includes third-party analytics services (such as Google Analytics) to evaluate your use of the website, compile reports on activity, collect demographic data, analyse performance metrics, and collect and evaluate other information relating to the website and internet usage. These third parties use cookies and other technologies to help analyse and provide us the data. By accessing and using the website, you consent to the processing of data about you by these analytics providers in the manner and for the purposes set out in this Privacy Policy

This information is necessary for our legitimate interest to present relevant content, products and services to you.

We may process your data for compliance with a regulatory requirement or legal obligation to which we are subject too. Your data will only be processed if processing the data to comply with such an obligation is a reasonable and appropriate way of achieving compliance. 

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Policy.

Where we may collect Special Categories of Personal Data about you when we conduct our GradSmart personality test (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data, including but not limited to your illness history) and it is necessary to do so for the services, we will obtain your specific consent, unless we have another lawful basis to do so.

  1. Third Parties 

We work with third-party partners who help us provide and improve our products and services. We, acting under a lawful basis, (as set out in section 3) may have to share your personal data (as set out in Table 1) with the following third parties (but not limited to):

  • O*Net Online ( – providers of the personality test API. The answers you generate are shared to the API, and this returns your results

  • Google for location geocoding data

  • Tide business banking account for acceptance of payment details, where you make a purchase     

In addition, we will share the results of your personality tests with graduate employers only where you have consented to us doing so. Where we do this, this personal data will then be held by these companies in accordance with their own privacy policies.

  1. Information on cookies

We use cookies in accordance with the Privacy and Electronic Communications Regulations (implementing the EU Directive 2002/58/EC).

Cookies are small text files placed on your device when you visit our site and are used to make the user's      experience more efficient. We are able to store cookies on your computer where they are necessary for the operation of the site however, for non-essential cookies we need your permission.

We use cookies to distinguish users and to improve our Website. We analyse how you use our website, and we look at aggregate statistics about your usage, and how others use our Website. We collect certain information from these cookies, and this includes information about your IP address, your location when you access the Website, the date and time you access the Website, the language you use and the type of browser you use.

We do not track individual users or use cookies to identify individuals. We use cookies to recognise you and your preferences, improve our site's performance and collect analytical information for ourselves and our business partners. Without the knowledge gained we would not be able to provide the service we do.

These are the types of cookies we use.

  • 'Session cookies' allow us to track your actions during a single browsing session, but they do not remain on your device afterwards

  • 'Persistent cookies' remain on your device between sessions. We use them to authenticate you and to remember your preferences. We can also use them to balance the load on our servers and improve your experience on our Website

Session and persistent cookies can be either first or third party cookies. A first-party cookie is set by the Website being visited; a third-party cookie is set by a different website. Both types of cookie may be used by us or our business partners.

The third party cookies we use are:

  • Google Analytics – this is a web analytics service provided by Google, Inc. The cookies used by Google Analytics help us to analyse how users use our website and to count the number of people who use it. Google Analytics stores your IP address anonymously. Google does not associate your IP address with any personally identifiable information.

All our cookies are categorised by the role they fulfil on our Website:

a. Strictly Necessary: these are essential to enable you to move around our Website and use features such as secure services. Without these cookies such services could not be provided;

b. Functionality: allow the website to remember your choices and to personal certain features. These cookies may be anonymised and cannot track your browsing activity on other websites; and

c. Performance: collect information as to how users use the Website. These cookies don't collect information that identifies a visitor. The information collected is aggregated and used to improve our Website.

d. None of the cookies employed are classified as Behavioural Targeting.

We will always ask for your consent to use non-essential cookies. You are free to withhold consent to this, but it means that we might not be able to provide the full Website experience to you.

If at any time you wish to disable our cookies, you may do so through the settings on your browser, or whenever the pop-up appears on our Website (each time you access the Website).

  1. How we store your personal data

We store all your personal data on our servers within the United Kingdom.

If we ever need to transfer your data outside the EEA, we will ensure that we have standard contractual clauses in place with these contractors before transferring data outside the EEA, and we will conduct regular due diligence on those contractors to ensure that they comply with the General Data Protection Regulation (2016/679). 

Data security is of great importance to us, and to protect your data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure data collected through our Website. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

We will still be responsible for protection of your personal data, even where we have transferred it outside the EEA.

We regularly review our data retention obligations to ensure we are not retaining data for longer to fulfil the purposes we collected it for, including for the purposes of satisfying any legal accounting, or reporting requirements.

  1. How we disclose your information

We may disclose your information in the following cases:

  • If we want to sell our business, or our company, we can disclose it to the potential buyer

  • We can disclose it to other businesses in our group, as defined in the Companies Act 2006

  • We can disclose it if we have a legal obligation to do so, or in order to protect other people's property, safety or rights

  • We can exchange information with others to protect against fraud or credit risks

We may contract with third parties to supply services to you on our behalf. These include cloud services used to send emails and technology providers that assist in providing the communication to you.

  1. Your Legal rights

When you provide us with personal data, you have certain legal rights, and these include:

  • To request access to, deletion of or correction of, your personal data held by us at no cost to you

  • To request that your personal data be transferred to another person (data portability)

  • To be informed of what data processing is taking place

  • To restrict processing

  • To object to the processing of your personal data

  • To complain to a supervisory authority

  • Right to withdraw consent 

If you wish to access, rectify, erase or transfer your personal data, please contact us at [email protected] 

  1. What happens when we link to other websites

This privacy policy only relates to our Websites. We might have links on our Website to other websites, and these websites will have their own terms and conditions and privacy policies. You should check those privacy policies before providing your personal data to those websites     .

Please note that our terms and conditions and our policies will not apply to other websites that you get to via a link from our Website. We have no control over how your data is collected, stored or used by other websites and we advise you to check the privacy policies of any such websites before providing any data to them.

  1. The changes we may make to this policy

We can update this policy from time to time as laws change or as Websites change. If we make material changes to the policy, and we need your consent to those changes, we will contact you by email to do so.

  1. GDPR Consent - Job seekers

At GradSmart, we understand that as a candidate searching for a job, you value the potential opportunities that may arise from connecting with prospective employers. To facilitate this process, we offer the service of sharing your personal data, including, but not limited to, your CV, contact details, name, location, education, and work experience with potential employers, in the form of a job application on your behalf.

By utilising our platform and submitting your application through GradSmart, you expressly give GradSmart and its employees permission to disclose and transfer your personal data to potential employers for the purpose of facilitating your job search. We will ensure that your personal data is shared securely and only with relevant employers who have expressed interest in your profile.

It is important to note that GradSmart will not disclose any additional personal data beyond what is necessary for the job application process. Your privacy remains a priority for us, and we take extensive measures to protect your personal information in accordance with applicable data protection laws and regulations.

Potential employers who receive your job application data through GradSmart are expected to handle your personal information in a manner consistent with their own privacy policies and legal obligations. We encourage you to review the privacy policies of the potential employers to understand how they handle your personal data.

While GradSmart strives to facilitate connections between candidates and employers, we cannot guarantee the actions or behaviors of potential employers in relation to your personal data. We don't control them and don't accept responsibility for their actions, any data they possess, or any loss you suffer from them. Therefore, it is essential for you to exercise caution and conduct your own due diligence when engaging with employers.

If you have any concerns or questions about the sharing of your personal data with potential employers, please reach out to our privacy team at [contact email]. We are committed to addressing any inquiries you may have and ensuring that your privacy rights are respected throughout the job application process.

By continuing to use GradSmart's services and submitting your job applications through our platform, you acknowledge and agree to the sharing of your personal data, as outlined in this section.

  1. GDPR Consent - Employers

As an employer utilising GradSmart's platform for hiring purposes, it is essential to acknowledge and comply with the General Data Protection Regulation (GDPR) requirements when handling personal data of candidates. This additional section outlines the data protection responsibilities and consent requirements for employers who use our site to hire individuals.

Lawful Basis for Processing Personal Data: By using GradSmart's platform to access and review candidate profiles, you understand and agree that you will process personal data, including, but not limited to, CVs, contact details, names, locations, education, and work experience, for the purpose of evaluating candidates and making hiring decisions. You must ensure that you have a lawful basis for processing this data, such as the necessity for the performance of a contract or your legitimate interests in hiring suitable candidates.

Data Protection Obligations: As an employer, you are responsible for handling candidate personal data in accordance with GDPR principles. This includes implementing appropriate technical and organisational measures to protect the data from unauthorised access, disclosure, alteration, or destruction. You must also adhere to data retention periods and securely delete personal data when it is no longer necessary for the hiring process.

Consent for Data Sharing: By using GradSmart's platform, you acknowledge that candidates have given consent for their personal data to be shared with potential employers, including your organisation, in the form of job applications. However, it is essential to respect the limitations set forth by candidates and use the shared data solely for evaluating their suitability for employment within your organisation. It is prohibited to disclose or use candidate data for any other purposes without obtaining separate and explicit consent.

Data Transfer and Security: When accessing candidate data through GradSmart's platform, you agree to handle the personal data securely and only share it with relevant personnel involved in the hiring process. The personal data should not be transferred to third parties or countries outside the European Economic Area (EEA) unless adequate safeguards, such as Standard Contractual Clauses or an equivalent legal framework, are in place to ensure an adequate level of data protection.

Rights of Candidates: As an employer, you must respect the rights of candidates as data subjects under the GDPR. This includes providing transparency regarding the processing of their personal data, honoring their right to access, rectify, or erase their data when applicable, and facilitating the exercise of these rights within the limits of the law.

Data Breach Notification: In the event of a personal data breach affecting candidate information, you must promptly notify GradSmart and the relevant supervisory authority as required by the GDPR. Additionally, you should cooperate with GradSmart and take appropriate measures to mitigate the impact of the breach and prevent future incidents.

By utilising GradSmart's platform to evaluate candidates and access their personal data, you confirm your understanding and adherence to the GDPR requirements outlined in this section, and consent to GradSmart sharing your details with potential candidates.

Match. Hire. Thrive

Check our socials

With intelligent matchmaking and targeted promotion, we craft meaningful connections. Graduates meet fitting roles, employers meet their future - it's where career and business thrive.

© 2024 GradSmart