top of page

Privacy Policy

Privacy Notice (Data Protection Policy)

Controller: Allvistar Ltd. Effective Date: December 2025

 

1. Introduction and Who We Are

 

We are Allvistar Ltd (referred to as "we," "us," or "our"). Our core activities involve professional advisory services, including management consulting, executive search and recruitment, leadership development, market research, and related media production.

​

We are committed to protecting your personal information and being transparent about how we use it. We comply with the UK General Data Protection Regulation (UK GDPR) and the EU General Data Protection Regulation (EU GDPR) when processing data related to individuals in the European Union.

 

Our Contact Details (The Data Controller)

​

If you have any questions about this notice or wish to exercise your data rights, please contact us using the following details:

 

  • Name: Allvistar Ltd.

  • Address: 33 Brambleton Avenue, Farnham GU9 8RA, England

  • Data Protection Contact: Data Privacy Manager

  • Email for Privacy Queries: privacy [[at]] allvistar [[dot]] com (This is the primary way to contact us about your data rights).

 

2. The Personal Data We Collect and Why

​

We collect different types of data depending on your relationship with us. We only collect data that is necessary for the stated purpose and rely on a specific legal basis for each activity.

 

A. Data Processed for Clients, Suppliers & Business Partners (Management Consulting, Recruiters)

 

  • Data Collected: Contact Data (Name, Job Title, Business Email/Phone, Company details) and Billing & Payment Data (Financial contact, invoicing records).

  • Purpose: To negotiate, sign, and fulfill contracts for consulting, advisory, and supplier services; to manage our professional relationships; to issue and process invoices; and to meet tax obligations.

  • Legal Basis (GDPR): Primarily Contractual Necessity (to perform the contract) and Legal Obligation (for tax and accounting law). We also use Legitimate Interests for managing the business relationship and quality assurance.

 

B. Data Processed for Candidates (Executive Search & Recruitment)

 

  • Data Collected: Profile Data (CV, Education, Employment History, Salary, Interview Notes, Public Professional Profile Data like LinkedIn).

  • Purpose: To assess your suitability for specific job roles and manage the recruitment process on behalf of our clients. We retain data after a role closes for our Talent Pool to inform you of future relevant opportunities.

  • Legal Basis (GDPR): Primarily Legitimate Interests (for identifying, assessing, and introducing suitable candidates to roles). For Talent Pool retention, we rely on Consent (which you can withdraw at any time).

  • Special Category Data: If you voluntarily provide sensitive data (e.g., health/disability status, ethnic origin), we process this only with your Explicit Consent to monitor diversity and assist with client accommodation requests.

 

C. Data Processed for Development & Media (Training & Podcasts)

 

  1. Data Collected: Participant Data (Assessment scores, 360-feedback, attendance records) and Media Guest Data (Biographic details, photograph/image, voice recording).

  2. Purpose: To design, deliver, and report on leadership and development training services; and to produce, edit, and publish media content (e.g., podcasts).

  3. Legal Basis (GDPR): Contractual Necessity (to deliver the training or guest services) or Consent (specifically for publishing content, which is required when no contract exists).

 

D. Data Processed for Research Participants (Market Research)​

​

  • Data Collected: Interviewee Data (Name, Job Title, Employer, Business Contact Information, opinions, verbatim quotes, and interview notes).

  • Purpose: To conduct primary market research through one-on-one interviews, analyse the findings, and generate reports for our clients. We also process this data to build and maintain our internal knowledge base for future research, analytical, and statistical purposes, and to inform future consulting and advisory services.

  • Legal Basis (GDPR): Legitimate Interests (conducting professional research for business insights, provided the participant’s rights do not override our interest) or Consent (for using specific attributable quotes or if the data is sensitive). We will always obtain informed consent to participate in the interview.

​​​

3. How We Collect Your Information

 

We collect data from you and from third parties:

 

  • Directly from you: When you apply for a job, send us an email, call us, or provide information during a consulting or research interview.

  • From third parties (for Candidates and Research): Via professional networking sites (like LinkedIn) and publicly available sources to identify potential participants and assess suitability. We will notify you when we receive data about you from third parties (as required by GDPR Article 14).

  • Publicly available sources: Company registers and publicly shared media.

 

4. How We Share Your Information

 

We only share your personal data when strictly necessary and with safeguards:

 

  • Service Providers: We use third-party providers for IT, cloud storage, CRM, and security services. These parties are restricted from using your data for any other purpose and act only under our instruction (Data Processors).

  • Clients (for Candidates only): We will never share your profile, CV, or identifying details with a potential employer (our Client) without your explicit knowledge and approval for that specific role.

  • Clients (for Market Research): Research findings are typically anonymised before sharing with the client. We will not share your personal data (name, contact details, or attributable quotes) with the client unless we have informed you beforehand and obtained your specific consent for that sharing.

  • Legal Duty: If required by law, court order, or regulatory body (e.g., the ICO or HMRC).

​

5. International Data Transfers

 

We may transfer your personal data outside the UK or the European Economic Area (EEA), such as to international clients or cloud providers.

 

When we do this, we ensure your data is protected by one of the following legal safeguards:

​

  • Transferring to countries deemed 'adequate' by the European Commission or the UK (an "adequacy decision").

  • Putting in place standard contractual clauses (SCCs) approved by the relevant authorities, with supplementary technical and organizational security measures.

 

6. How Long We Keep Your Data (Retention)

​

We will only keep your personal data for as long as needed for the original purpose and to meet our legal obligations.

​

  • Client Data: Typically kept for 6 years after the contract/business relationship ends, to meet UK legal and tax obligations.

  • Candidate Data: Held for a defined period, typically 2-3 years from the last meaningful contact. Before this period expires, we will contact you to ask if you wish to remain in our talent pool (renewal of consent).

  • Market Research Data: Raw personal data (e.g., interview recordings/notes) will be deleted or anonymised after the final report is delivered and any client queries are resolved, typically within 6-12 months, unless it is retained for internal research, archiving, and statistical purposes, in which case the identifying data will be kept securely as long as it is necessary for those purposes, with additional safeguards in place.

  • Published Media Content: Data published with your consent (e.g., your voice/image in a podcast) may be held indefinitely as part of the public media archive.

​

7. Your Data Protection Rights

​

You have the following rights over your personal data. You can exercise these rights free of charge by contacting our Data Privacy Manager at privacy [[at]] allvistar [[dot]] com. We will respond to all requests within one calendar month.

 

  • Right of Access: You can ask for a copy of the data we hold about you.

  • Right to Rectification: You can ask us to correct inaccurate or incomplete data we hold about you.

  • Right to Erasure ('Right to be Forgotten'): You can ask us to delete your data where there is no good reason for us to continue processing it.

  • Right to Object: You can object to us processing your data where we are relying on our 'Legitimate Interests' (e.g., you can object to being included in our passive talent search or market research outreach).

  • Right to Restriction of Processing: You can ask us to 'pause' the processing of your data in certain circumstances.

  • Right to Data Portability: You can ask to receive your data in a machine-readable format to transfer it to another provider.

  • Right to Withdraw Consent: If we rely on your consent for processing (e.g., talent pool retention, sharing interview quotes), you can withdraw it at any time without detriment.

 

8. Automated Decision Making and Profiling

​

We do not use automated decision-making processes that produce legal or similarly significant effects concerning you. Where we use algorithmic tools for initial searching or shortlisting, all final decisions are made by a human consultant.

 

9. How to Complain

 

If you are unhappy with how we have used your data, please contact our Data Privacy Manager first.

 

If you are still not satisfied, you have the right to complain to the supervisory authority responsible for data protection:

 

  • For UK residents: The Information Commissioner’s Office (ICO).

  • For EU residents and global stakeholders: If you are located in the European Union, you may contact your national Data Protection Authority (DPA). This covers our obligation to you under the EU GDPR.

​

​

bottom of page