GDPR Statement

Last updated: 24 October 2025 

This GDPR Statement summarises how Quantum People complies with the UK/EU General Data Protection Regulation (GDPR). For operational specifics (categories of data, purposes, retention, transfers, and your rights), please see our Global Privacy Notice. 

Who we are (Controller) 

Quantum People is the trading name of Talent Staffing Services Limited (England & Wales No. 16667216). Registered office: 71–75 Shelton Street, Covent Garden, London, WC2H 9JQ. VAT No. 500462049. 

Contact: privacy@quantumpeople.net 

EU/EEA representation & DPO: If and when required by law, we will appoint an EU representative and/or Data Protection Officer and update this page accordingly. 

Scope & applicability 

This statement applies to the personal data we process in delivering our global recruitment and talent‑advisory services to candidates, clients, prospects, event participants, and partners, regardless of location. 

Our GDPR commitments (Article 5 principles & accountability) 

1) Lawfulness, fairness & transparency 

We process personal data only where there is a valid lawful basis and are transparent about our uses. Our Global Privacy Notice sets out purposes and legal bases (legitimate interests, contract, legal obligation, consent where required). 

2) Purpose limitation 

We collect personal data for specific, explicit, and legitimate purposes (e.g., sourcing, screening, presenting candidates, coordinating interviews) and avoid incompatible further processing. 

3) Data minimisation 

We collect only what is necessary for recruitment and related operations and keep information relevant and proportionate to each engagement. 

4) Accuracy 

We take reasonable steps to keep data accurate and up to date, including by refreshing candidate profiles and offering corrections via privacy@quantumpeople.net. 

5) Storage limitation 

We retain personal data only for as long as needed and then delete or anonymise it per our retention rules (e.g., active candidate profiles typically up to 24 months from last meaningful contact; placement/commercial records up to 6 years, subject to legal holds). See Section 7 of our Global Privacy Notice for details. 

6) Integrity & confidentiality (security) 

We protect personal data with appropriate technical and organisational measures (encryption in transit, access controls/least‑privilege, logging, confidentiality, vendor due diligence, and incident response). 

7) Accountability 

We maintain Records of Processing Activities (ROPA), perform DPIAs where risk warrants, train staff, apply role‑based access, and govern our vendors via data processing terms and transfer safeguards. 

Legal bases we rely on (summary) 

  • Legitimate interests – delivering and improving recruitment services for candidates and clients, balanced against rights and expectations 

  • Contract – taking steps at your request before entering a contract or performing a contract with you 

  • Legal obligation – e.g., right‑to‑work or statutory record‑keeping where applicable 

  • Consent – where required (e.g., certain electronic marketing and non‑essential cookies in the UK/EU) 

International data transfers 

As a global business, we may transfer data outside the UK/EEA. We use approved safeguards such as adequacy decisions, Standard Contractual Clauses (SCCs) with the UK Addendum/IDTA, and additional organisational and technical measures. Details are provided in our Global Privacy Notice and available on request. 

Sharing data & service providers 

We share personal data only as necessary with: clients (to consider you for roles and manage hiring processes); service providers under contract (e.g., secure email/productivity, hosting/analytics, candidate systems); and regulators/courts/law enforcement where required by law. 

We do not sell personal data and we do not “share” personal information for cross‑context behavioural advertising under California law. 

Your rights 

Under UK/EU GDPR you have the right to access, rectify, erase, restrict processing, object (including to direct marketing), data portability, and to withdraw consent where applicable. 

To exercise your rights, contact privacy@quantumpeople.net. You may also lodge a complaint with the UK Information Commissioner’s Office (ICO) or your local EEA supervisory authority. 

We map these GDPR‑style rights to other global regimes (e.g., US state privacy laws) for consistency. If our practices change in a way that requires additional choices (for example, a new category of processing), we will update this Statement/Notice and provide any legally required options before doing so. 

Cookies, marketing & PECR/ePrivacy 

We operate consent‑based controls for non‑essential cookies in the UK/EU and respect B2B marketing rules and opt‑out rights. See our Cookie Notice and the marketing section of our Global Privacy Notice for categories, lifespans, and how to change your choices. 

Children 

Our services are aimed at adults and professional users. We do not knowingly collect data from children under 16 (or under 13 in the US). If you believe a child has provided data to us, please contact us so we can delete it. 

Contact & complaints 

Email: privacy@quantumpeople.net 

Registered office: 71–75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom. 

Changes to this statement 

We may update this GDPR Statement from time to time. When we do, we will revise the “Last updated” date above and, where appropriate, provide additional notice consistent with applicable laws.