This document explains how GreySpark Partners may collect and use your personal information when we deal with you, whether you are a client, prospect, candidate or a supplier. It describes what sort of information we collect, how we use it and what rights you have.

You are encouraged to read this notice so that you know what we are doing with your personal information.

We may update this notice from time to time to reflect changes to the type of personal data that we process and/or the way in which it is processed. We also encourage you to check this notice on a regular basis.

What Categories of Personal Data are Collected and Why

Personal data is any information that relates to an identifiable natural person. The types of Personal Data collected will depend on your relationship with GreySpark Partners.
When providing or promoting our services to you or administering a job application, information is collected in order to fulfil a legal obligation or on the basis of legitimate interests. You may also be contacted in order to provide you with information about GreySpark Partners’ services such as research that GreySpark publishes from time to time.

By way of example, the personal data collected may include:

  • Names, addresses, telephone numbers, e-mail addresses and other contact details
  • Information about which services you use or are interested in
  • Notes from meetings or interviews with you
  • Biometric information such as CCTV images captured by security systems

For recruitment purposes only:

  • Date of birth, gender and marital status
  • Details of education, career history experience and skills
  • Proof of identity documentation such as a passport, driving licence or utility bill
  • Right to work, residency and/or other visa information
  • Psychometric test results

Most personal data is provided directly by you when you contact GreySpark Partners for information about the services we provide or when you apply for a job. We also create some personal data ourselves and obtain some personal data from other sources. We obtain it from other people and organisations, including some public sources, such as publicly available directories and other online resources.


Who has Access to your Personal Data and How is it Kept Secure

Access to personal data is controlled on a need-to-know basis within the GreySpark group of companies.

We take specific steps (as required by applicable data protection laws) to protect your personal data from unlawful or unauthorised processing and accidental loss, destruction or damage.
GreySpark retains this information to the extent necessary for the management of your GreySpark account(s), relationship, or as contractually required, including any stages of contract formation. It will be stored securely for the maximum reasonable period as permitted by the law, to evidence our communications or any instructions we receive from you.

Outside the GreySpark Group

From time to time we may ask third parties to carry out certain business functions for us. Examples of these third-parties include service providers, sub-contractors, IT systems software and maintenance, back up, and server hosting providers.

Personal data will not be shared with other, or non-contracted third-parties without your explicit consent.

From time to time we contract with third party clients to perform research and soft marketing services. Examples of these third-parties include technology vendors, market operators, professional services firms and financial institutions. When performing these services for our clients, on occasion, GreySpark may pass your contact information on to a client where:

  • you are included on a GreySpark mailing list
  • you have consented to GreySpark sharing your information where you have expressed an interest by clicking on or opening up an email from GreySpark containing information on a research topic or research artefact produced by GreySpark for a client.


Where in the world is your personal data transferred to?

If any of our processing activities require your personal data to be transferred outside the European Economic Area, we will only make that transfer if:

  • The country to which the personal data is to be transferred ensures an adequate level of protection for personal data;
  • We have put in place appropriate safeguards to protect your personal data, such as an appropriate contract with the recipient;
  • The transfer is necessary for one of the reasons specified in data protection legislation, such as the performance of a contract between us and you; or
  • You explicitly consent to the transfer.


How Long does GreySpark Partners Keep your Personal Data

We will retain your personal data for a limited period of time. This will depend on a number of factors, including:

  • Any laws or regulations that we are required to follow;
  • Whether we are in a legal or other type of dispute with each other or any third party;
  • The type of information that we hold about you; and
  • Whether we are asked by you or a regulatory authority to keep your personal data for a valid reason.


What are your Rights in Relation to your Personal Data

You have certain legal rights including to access and understand the personal data held and in some cases to ask for it to be erased or amended, or for GreySpark Partners to stop processing it. This is subject to certain exemptions and limitations.

Where processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. If you do decide to withdraw your consent we will stop processing your personal data for that purpose, unless there is another lawful basis we can rely on – in which case, we will let you know. Your withdrawal of your consent won’t impact any of our processing up to that point.

Where the processing of your personal data is necessary for our legitimate interests, you can object to this processing at any time. If you do this, GreySpark Partners will need to show either a compelling reason why the processing should continue, which overrides your interests, rights and freedoms or that the processing is necessary for us to establish, exercise or defend a legal claim.

If you wish to exercise any of your rights please send an email to in the first instance.

You also have the right to lodge a complaint with the Information Commissioner’s Office, which is the UK data protection regulator. More information can be found on the Information Commissioner’s Office website at


Where can you find out more?

If you want more information about any of the subjects covered in this privacy notice or if you would like to discuss any issues or concerns with us, you can contact us in any of the following ways:

  • By email at:
  • By telephone at: +44 2070 119 870
  • By post at: Capacity House, 2-6 Rothsay Street, London, SE1 4UD