Grayce Privacy Statement

We do our best to protect and respect your personal data. This statement explains how we collect that data, why we use it and how we keep it safe.

Who are we?

Grayce Group Limited is a private limited company, incorporated in 2012, company number 08160777. Registered address is 1st Floor Hilton House, Hilton Street, Manchester M1 2EH. Grayce works with leading UK businesses to help them deliver business change and transformation through its Managed Service. We select high calibre, high performing graduates and give them the tools and qualifications needed to begin a successful career in change management and transformation, data and digital.

How do we collect your information?

We obtain information about you when you make contact with us. For example, when you apply for our Change+, Data+, Tech+ Development Programme roles, or HQ roles – or as a client, if you complete our Enquiry Form online. We also find client information from public social forums such as LinkedIn.

What types of information do we hold?

Candidates looking to work for Grayce

The information we collect might include your name, address, email address and phone numbers. We may also ask for physical forms of identification if you apply for a role with us. We ask for information on employment history and education, but also information that helps us perform employee checks before we offer employment.

Clients looking to work with Grayce

We will collect information regarding your name, job title, business email and telephone number so we can market our services to you effectively.

Why do we collect your information?

We only use your information in accordance with the law. This gives us various powers to use your data. These are effectively the reasons for our processing and are:

  • To perform or take steps to progress you through our recruitment process or enter in to an employment contract with you.
  • For the purposes of our legitimate interests. This includes being able to send you marketing.
  • Compliance with a legal obligation.
  • If you consent for us to do so.
  • Collecting and using your data will mean we are able to provide services to you as a client and enter in to an employment process / contract with you as a candidate. It will enable us to ask for your views on our services and matters relating to the profession Grayce.

Data protection applies to personal data held about individuals. It does not always cover ‘business to business’ contacts or information. However, we will also do our best to secure and protect the contact details of our corporate contacts, as clients and potential clients.


Who has access to your information?

Staff of Grayce will have controlled access to your information to enable us to provide you with services. We store your information on our software and platforms that are provided to Grayce by trusted third parties. This will include information you provide when you apply to us, and any additional information you provide to us in various ways. Whilst processing your application we may contact you by phone or email, and collect additional information you provide in correspondence.

We will not sell or rent your information to third parties, whether client or candidate.

We may share personal information you provide to us to trusted third parties:

  • for recruitment purposes (i.e., to facilitate a productive recruitment process, including through survey’s and feedback requests);
  • to perform reference checks (please note, we will seek the permission of all candidates before conducting any reference checks. Where you have provided details of a referee, it is your responsibility to ensure the referee is aware that you have forwarded their details and you have their consent to do so);
  • with our clients in order to find you a suitable position as a candidate;
  • for onboarding purposes (i.e., to get you started at Grayce or our clients); and
  • to verify your details for any vetting requirements (both as required by Grayce or by our clients).

We will not share your information with third parties for them to market to you.

Your choices

You have a choice about whether and how you wish to receive information from us. You will be asked to make your preferences clear when we collect your information, at the point of application and if you submit an enquiry form. For most users, this will be online. Your preferences can be updated at any point. Simply email to update. You may also choose to tell us which subjects most interest you and this can be used to tailor communications to you. The accuracy of your information is important to us. Please do regularly check and update your information if anything changes.

Your rights

You have the right to ask us at any time for a copy of the personal data that Grayce currently holds on you – this will include, but is not limited to, the information supplied by you when joining the organisation, and qualifications attained throughout your time with Grayce.

You have the right to request that any personal information that we hold is rectified if inaccurate or incomplete.

You have the right to request that the personal information that we hold is deleted, where there is no compelling reason for us to continue to hold this information. Please note that we are required by law to store your personal information for 7 years.

You have the right to complain about Grayce’s data policy.

Please send all above requests to, and we will respond to your query within 72 hours of receipt.

You have various legal rights over your information which we will always respect. Further detail is available from the Information Commissioner.

How do we protect your data?

We take several steps to protect your data. This includes robust IT security. All staff receive data protection training and our premises are secured. We have contracts with providers requiring them to protect your information. If we transfer your data outside of the EU we will ensure that extra checks are in place.

Use of ‘cookies’ and automated decision making

We use cookies but we do not have systems that use your information for automated decision making.

IP addresses

An internet protocol (IP) address can allow us to track which organisations visit our webpages. We may use software to plan our services and provide information on what topics specific organisations may be interested in. We will not match IP addresses to an individual.

Links to other websites

This statement applies only to our site and we are not responsible for the policies and practices of other organisations.

16 or Under?

We particularly wish to protect the privacy of children aged 16 or under. If you are aged 16 or under‚ please get your parent/guardian’s permission before you provide us with personal information.

Review of this statement

We keep this statement under review as part of our overall Data Protection Policy. It was last updated in January 2024.

Footer Curve