Data Privacy Notice

Data Privacy Notice – Republic of Ireland

Last updated 15/12/25


Gi Group are committed to protecting and respecting your privacy. This Data Privacy Notice explains how we collect, use, store, and protect your personal data in compliance with the General Data Protection Regulation (GDPR) and applicable Irish data protection laws. This notice applies to all candidates, clients, and other individuals whose data we process.


Who We Are


Gi Group Recruitment Ireland Limited Registration Number 744968 is a recruitment agency operating in Southern Ireland. Our registered office is located at River House, Blackpool Retail Park, Blackpool, Cork, T23 R5TF, Ireland. We act as a data controller when processing your personal data. hereby referenced as “THE ORGANISATION”.


If you have any questions regarding this notice, please contact us at: Email: uk.privacy@gigroup.com


Gi Group has appointed a Data Protection Officer (DPO), that can be contacted at uk.privacy@gigroup.com

For any enquiries about this privacy policy or to exercise any rights under this policy please email uk.privacy@gigroup.com


What Personal Data We Collect


We may collect and process the following categories of personal data:


  • Candidate Data: Name, contact details (email, phone number, address), CV/resume, employment history, education details, skills, qualifications, references, salary expectations, and any other information you voluntarily provide to us.
  • Client Data: Contact details of client representatives, business details, contract information, and any relevant communications.
  • Sensitive Personal Data (Special Categories): Where necessary and only with your explicit consent, we may process sensitive information under GDPR Article 9 exceptions, such as for employment law, social welfare, legal claims, public health, vital interests, substantial public interest, all while ensuring strong safeguards and compliance with Irish Data Protection Law.
  • Furthermore, to carry out some data processing pursued for sending you marketing messages with automated means (e.g. emails) – as described within this statement – THE ORGANISATION could ask for your consent as a legal base.


How We Collect Your Data


We collect your personal data through:


  • Direct interactions (e.g., when you submit your CV, register on our website, or contact us).
  • Online job boards and professional networking platforms (e.g., LinkedIn).
  • Referrals or recommendations from third parties.
  • Publicly accessible sources.


Why We Process Your Personal Data (Legal Basis)


We process your data for the following purposes, based on the corresponding legal basis:


  • To provide recruitment services, such as matching candidates to job opportunities (performance of a contract).
  • To comply with legal obligations (e.g., verifying your right to work in Ireland).
  • For legitimate business interests, such as improving our services and maintaining records.
  • With your explicit consent, where required (e.g., to process sensitive data or retain your CV for future opportunities).


Who We Share Your Data With


Your personal data may be shared with the following parties:


  • Prospective employers or clients for recruitment purposes.
  • Trusted third-party service providers (e.g., IT support, payroll processing, or background check providers).
  • Regulatory or legal authorities where required by law.
  • We ensure that all third parties comply with the GDPR and handle your data securely.


International Data Transfers


If we transfer your personal data outside the European Economic Area (EEA), we will ensure that appropriate safeguards (e.g., Standard Contractual Clauses) are in place to protect your data. Your information will be shared internally, including between companies in THE ORGANISATION’s group, members of the People and recruitment team, and IT staff if access to the data is necessary for performance of their roles.


Data provided within our platform MyGiGroup will be made available to Gi Group Holdings Recruitment Ltd, registered company no. 07577190 and subsidiaries, to allow candidates to speed up the registration procedure to the reserved areas of the respective portals of these companies who act as independent data controllers within the Gi Group of companies.


THE ORGANISATION shares your data with third parties to obtain references from other employers, obtain employment background checks from third-party providers and obtain necessary criminal records checks from the Garda vetting. THE ORGANISATION may also share your data with third parties in the context of a sale of some or all its business or with THE ORGANISATION’s clients in relation to providing services related to finding suitable workers. In those circumstances, the data will be subject to confidentiality arrangements.


We also use a trusted third-party service provider, Jobg8 Ltd, to help us send job alerts to candidates who have opted in to receive these updates. Where you sign up for job alerts via our website or other registration points, your email address and relevant preferences may be shared with Jobg8 solely for the purposes of delivering these alerts. Jobg8 acts as a data processor on behalf of THE ORGANISATION and adheres to its own privacy policy, which can be found at Jobg8 Privacy.


The Data Protection Commission (DPC) of Ireland plays a critical role in regulating and supervising data protection compliance within Ireland and, by extension, the European Union (EU). When it comes to international data transfers, the DPC operates within the framework of the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679). Below is an overview of how the DPC manages international data transfers, including the relevant legal provisions and mechanisms:


GDPR and International Data Transfers


Under Chapter V of GDPR (Articles 44–50), international transfers of personal data to countries outside the European Economic Area (EEA) must ensure that the level of data protection is equivalent to that within the EU. The DPC enforces these rules in Ireland and oversees compliance by organisations.


Mechanisms for International Data Transfers


The DPC ensures that organisations use one of the following lawful mechanisms for international data transfers:


a. Adequacy Decisions (Article 45 GDPR)


  • The European Commission may determine that a third country, territory, or international organisation ensures an adequate level of data protection. Transfers to such countries are permitted without further authorization.
  • For example, countries like Japan, the United Kingdom, and Canada (commercial organisations) have adequacy decisions.
  • The DPC monitors compliance with these adequacy decisions and assists organisations in determining their applicability.


b. Appropriate Safeguards (Article 46 GDPR)


If no adequacy decision exists, organisations must implement appropriate safeguards to protect data. The DPC monitors and provides guidance on the use of these safeguards, which include:


  • Standard Contractual Clauses (SCCs): Pre-approved contractual clauses ensuring data protection.
  • Binding Corporate Rules (BCRs): Internal rules for multinational companies to transfer data within their corporate group. BCRs must be approved by the DPC or another EU Data Protection Authority (DPA).
  • Codes of Conduct and Certification Mechanisms: These mechanisms are encouraged by the DPC as alternative safeguards.


Data Retention


We will retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. The Gi Group Data Retention Policy can be requested by emailing UK.Privacy@gigroup.com


Your Data Protection Rights


Under the GDPR, you have the following rights:


  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request corrections to inaccurate or incomplete data.
  • Erasure: Request deletion of your personal data where applicable.
  • Restriction: Request that we limit the processing of your data.
  • Data Portability: Receive your data in a structured, commonly used, machine-readable format.
  • Objection: Object to the processing of your data for certain purposes (e.g., direct marketing).
  • Withdraw Consent: Withdraw your consent at any time, where processing is based on consent.


You can make a subject access request by completing THE ORGANISATION’s SARs form which can be accessed via this link or by emailing UK.Privacy@gigroup.com


In the limited circumstances where you may have provided your consent to the collection, processing, and/or transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. You may at any time request us to stop using your personal data for direct marketing purposes, or unsubscribe from our marketing communications, if you wish to do this please click on the link “Unsubscribe” on the bottom of our e-mails or by updating your preferences on your online registration portal.


To exercise your rights, please contact us at UK.Privacy@gigroup.com. We aim to respond to all requests within one month.


How We Protect Your Data


We implement appropriate technical and organisational measures to protect your data against unauthorised access, loss, or misuse. This includes secure storage systems, encryption, and regular staff training on data protection.


Cookies


A cookie is a small text file or piece of code, which often includes a unique identifier that is sent to your computer, tablet or mobile phone web browser from a website’s computer and is stored on your device’s hard drive. A cookie cannot read data on your hard disk or read cookie files created by other sites. Cookies do not damage your system.


Each website can send its own cookie to your web browser if your browser’s preferences allow it. Many websites do this whenever a user visits their website in order to track online traffic flows. You can manage your preferences on cookies through the dedicated area on our website. When you visit the website for the first time or return after 1 year a cookie banner appears on the bottom of the website, which allows you to accept all cookies, reject cookies (other than those which are essential for our website to work), or manage your cookie preferences. You can also set your browser to block cookies generally (not just in respect of our website) or to alert you to when a cookie is being set. Please note that if you choose not to accept our cookies, some of the features of our site may not function as intended.


We only use cookies for the purposes of website administration and to give us information about the number of visitors to different parts of our website.


Changes to This Privacy Notice


We may update this notice periodically to reflect changes in our practices or legal requirements. The latest version will always be available on our website at Privacy Policy for Website Visitors & Candidates | Gi Group Ireland


Offensive or Inappropriate Content


If you post or send offensive, inappropriate, or objectionable content anywhere on any Gi Group or associated company platforms or to THE ORGANISATION or otherwise engage in any disruptive behaviour on any of THE ORGANISATION’s services, THE ORGANISATION may use your personal information to stop such behaviour.


Where THE ORGANISATION reasonably believes that you are or may be in breach of any applicable laws (e.g. because content you have posted may be defamatory), the company may use your personal information to inform relevant third parties (such as law enforcement agencies) about the content and your behaviour.


Links


THE ORGANISATION’s website or other online services may contain hyperlinks to websites owned and operated by third parties. These third-party websites have their own privacy policies and are also likely to use cookies. They will govern the use of personal information you submit, which may also be collected by cookies whilst visiting these websites. We do not accept any responsibility or liability for the privacy practices of such third-party websites and your use of such websites is at your own risk. This Privacy Notice applies only to personal data collected by THE ORGANISATION, and to how THE ORGANISATION processes personal data.


Automated decision-making


We do not make decisions about candidates, website users or other individuals based on automated decision-making.


Contact and Complaints


If you have any questions or concerns regarding this notice or how we process your data, please contact us at: Email: uk.privacy@gigroup.com


If you are not satisfied with our response, you have the right to lodge a complaint with the Data Protection Commission (DPC) in Ireland:

Website: https://www.dataprotection.ie

Phone: +353 57 868 4800


Signed: Paulo Canoa - Regional Head UK, Ireland and Netherlands, Country Manager UK & Ireland


Date: December 2025