Privacy Policy

At Mosaic Island Limited we are committed to safeguarding and preserving the privacy of our visitors.

This Privacy Policy explains what happens to any personal data that you provide to us, or that we collect from you whilst you visit our site. We do update this Policy from time to time so please do review this Policy regularly.

We ask that you read this privacy notice carefully as it contains important information on who we are, how and why we collect, store, use and share personal information, your rights in relation to your personal information, how to contact us and details of the supervisory authorities in the event you have a complaint.

1. Who we are

Mosaic Island Ltd collects, uses and is responsible for certain personal information about you. When we do so we are regulated under all applicable data protection and privacy legislation in force in the UK including the General Data Protection Regulation ((EU) 2016/679) and the Data Protection Act 2018 (UK Data Protection Legislation) and we are responsible as 'controller' for the purposes of those laws.

2. The personal information we collect and use

2.1 Information collected by us

In the course of delivering Design & Delivery Assurance outcomes for our clients and recruiting great people for challenging and rewarding opportunities, we collect the following personal information when you provide it to us:

  • name
  • contact information including address, email and phone number
  • CV and job experience / history
  • Professional networking site details (e.g. LinkedIn) and social media username
  • information necessary for identity verification checks
  • recruitment information associated with interviews attended and outcomes
  • financial information so that we can pay our suppliers and manage our legal reporting obligations
  • information pertinent to supplying consultancy services on behalf of our client organisations

2.2 Information collected from other sources

We also obtain personal information from other sources as follows:

  • Job Boards
  • Professional Networking sites
  • Responses to our own advertising for role opportunities
  • Reference requests and identity checks
  • Credit checking organisations

The provision of contact information, CV data, identification data and payment details are required from you to enable us to engage with clients, match your skills with our job opportunities, to process offers and if engaged, to on-board and to pay and charge for the services provided.

2.3 How we use your personal information

We will only use your personal data for specific purposes so that we can;

  • Maintain business contacts with our clients and our suppliers
  • Make contact to discuss job opportunities with registered candidates
  • Support our job interview, offer and on-boarding processes
  • Contract with and pay our staff and our suppliers
  • Prepare anonymised profiles to demonstrate the skills and experience within our network
  • Respond to any legal requests for personal information from regulating authorities (e.g. HMRC)

We want the experience of working with Mosaic Island to be positive for everyone concerned. Your personal data will help us to operate our business in the most efficient and effective way we can. In the case of employees this will require Mosaic Island to maintain contact information, provide licenced tools and services, maintain effective personnel records, run a payroll, offer benefits and deliver any statutory reporting to the relevant UK authorities. For our Associates and Candidates, holding your personal data will allow us to contact you when we have an opportunity we would like to discuss with you and to establish the appropriate business systems to maintain an effective commercial relationship with your company.

2.4 Who we share your personal information with

Only after discussion in person, we may share your name and job experience details with clients with whom we are engaged to provide consultancy services. In addition we may pass your personal information to our third party suppliers including ;

  • Our Payroll Provider (employees only)
  • Third party HR organisation (employees only)
  • Third party Pension Provider (employees only)
  • Other Benefit Providers (employees only)
  • Productivity tool providers (e.g. email) where we set up a user id for you to access this service
  • Time Accounting system providers where we set up timesheet recording services for you
  • UK Authorities (only where sharing your personal data is a legal requirement)

This data sharing enables Mosaic Island to meet its legal obligations and provide the capabilities required to keep our business operating efficiently. Any third party recipients of your personal data may only use that data for the purposes agreed in our contract with them. If we stop using their services, any of your data held by them will either be deleted or rendered anonymous. Certain third party recipients may be based outside the United Kingdom — for further information including on how we safeguard your personal data when this occurs, see ‘Transfer of your information out of the United Kingdom’.

We will share personal information with law enforcement or other authorities if required by applicable law.

We may, from time to time, expand, reduce or sell Mosaic Island Ltd and this may involve the transfer of divisions or the whole business to new owners. If this happens, your personal data will, where relevant, be transferred to the new owner or controlling party, under the terms of this Privacy Notice.

2.5 How long your personal information will be kept

  • If you are engaged or employed by Mosaic Island to work on one of our client engagements, we will hold your personal details for up to 3 years after the completion of the engagement. After this time your data may be deleted or anonymised for skills profiling purposes.
  • If engaged or employed by Mosaic Island, we will maintain your National Insurance number, VAT registration, bank account and payment data whilst you remain engaged or employed and for 6 years after (this is required by the relevant authorities).
  • If engaged or employed by Mosaic Island we will maintain any additional identification data for no more than 6 months after termination of employment or the completion of an engagement where there is no follow-on assignment.

2.6 Reasons we can collect and use your personal information

We will only use your personal data in an identifiable form for the following reasons.

Consent: We rely on your consent as the lawful basis on which we use your personal data to put you forward to our client organisations for roles that match your skills and experience against our requirements.

Contractual obligations: If we engage you or your company, we will use your personal data to fulfil our contractual obligations to you for instance to capture timesheets and to establish payment arrangements.

Legal compliance: We will use your personal data if required by law, for instance to provide reports to the appropriate authorities (e.g. HMRC).

Legitimate Interest: We will use your personal data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests. For instance your personal data may be used to send you information about client organisations and roles that may be of interest, to exchange contact data for interview scheduling, to record the personal data required for tool and equipment provisioning and to use anonymised CV data for profiling the breadth of our skills networks.

3. Transfer of your information out of the United Kingdom

We may transfer your personal information outside the United Kingdom. For example, like many companies, we may use cloud services from outside the United Kingdom.

Where we transfer your information outside the United Kingdom, it will only be transferred to countries that have been identified as providing adequate protection for United Kingdom data (for instance New Zealand and countries in the European Economic Area (EEA)) or to a third party where we have approved the transfer mechanisms in place to protect your personal data - i.e. by entering into appropriate United Kingdom or European Union Standard Contractual Clauses.

If you would like further information please contact our Head of Information Security (see ‘How to contact us’ below).

4. Your rights

Under the UK Data Protection Legislation you have a number of important rights free of charge. In summary, those include rights to:

  • fair processing of information and transparency over how we use your use personal information
  • access to your personal information and to certain other supplementary information that this Privacy Notice is already designed to address
  • require us to correct any mistakes in your information which we hold
  • require the erasure of personal information concerning you in certain situations
  • receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations
  • object at any time to processing of personal information concerning you for direct marketing
  • object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
  • object in certain other situations to our continued processing of your personal information
  • otherwise restrict our processing of your personal information in certain circumstances
  • claim compensation for damages caused by our breach of any data protection laws

For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals' rights under UK Data Protection Legislation.

If you would like to exercise any of those rights, please:

  • email our Head of Information Security at: ,
  • let us have enough information to identify you (e.g. account number, user name, registration details),
  • let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill), and
  • let us know the information to which your request relates, including any account or reference numbers, if you have them.

5. Keeping your personal information secure

We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit Get Safe Online is supported by HM Government and leading businesses.

6. How to complain

We hope that we can resolve any query or concern you raise about our use of your information.

UK Data Protection Legislation also gives you right to lodge a complaint with the Information Commissioner who may be contacted at

7. Changes to this privacy notice

This privacy notice was published in September 2021.

We may change this privacy notice from time to time, when we do we will inform our contacts who have provided their consent via email and direct you to the latest information.

8. How to contact us

Please contact Head of Information Security if you have any questions about this privacy notice or the information we hold about you.

If you wish to contact us, please send an email to Head of Information Security at