Want to join our G&F network?
Check out our opportunities for all remote & hybrid work, including Outside IR35.
See current vacancies
At Gathered & Found, we mobilise experienced project teams, bringing our capability with managing complex Digital Transformations and modern engineering practices to our clients.
We may deploy fully formed squads to support outcome-based services and the delivery of products or provide augmentation to get our clients' own squads situated perfectly; either way, we have you covered.
With 20+ years’ experience working with the UK's most talented and expert technology associates, we select and engage our own teams of consultants to provide Gathered and Found’s consultancy services as well as other professional and administrative staff to support, advise and structure such services.
Our legal entity is listed below:
This Data Processing Notice applies to you if you are an independent contractor who is looking for a consultancy or contract position.
We have issued this Data Processing Notice in accordance with the General Data Protection Regulation (EU) 2016/679 (‘GDPR’) and any associated legislation e.g. the Data Protection Act 2018, and the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019. In this Data Processing Notice, any references to GDPR also relate to associated legislation. The relevant legislation may be updated from time to time.
Gathered and Found is committed to respecting your right to privacy. As such, this Data Processing Notice covers the following topics:
To engage our candidates as part of our consultancy services, we may process the following personal data:
Furthermore, if you are hired by Gathered and Found to work as a worker or consultant for us or one of our clients, additional personal details may be processed. This could include:
For enhanced screening or compliance purposes, we may also ask you to provide us with additional documentation. If this is the case, then we will tell you what documents we need.
We may also have to collect other documents which may relate to you as an individual, including information relating to any limited company directorships or shareholdings you have (e.g. your company, this can be your own limited company or a nominated umbrella company) certificate of incorporation, proof of tax & social security status, VAT certificate (when applicable), bank statement (usually not a personal bank account) and insurance documents and where applicable statutory information (IR35).
We will process data about your assignment(s) and relevant payments to your business in connection with your assignment(s).
We are sometimes instructed by our client to conduct a background check. This is often requested by clients who operate in the public sector or the Financial Services Industry. A “background check” is (which could include credit checks and/ or fraud checks) a verification of your antecedents by making use of the services of an agency which specialises in performing background checks. The details to be verified in this background check would typically include, but are not limited to:
If background checks apply, we will tell you what is expected of you when initiating or conducting a background check. Unless we inform you otherwise, we will not share the outcome of the background check with any other party other than the client, and this will only be communicated to people with a ‘need to know’. Some clients, however, may require a copy of the background check as they need to abide by internal or external compliance standards.
The background checks may be carried out in-house or this may be outsourced to a third-party background check screening company (screening company). If the latter is the case, then you need to speak to the screening company if you have any questions about how your personal data is processed.
If you want to know exactly what documents we hold on file about you, please contact your talent lead or email hello@gatheredandfound.co.uk
The following include the different sources from which we may collect your personal data:
Directly from you. For example:
From an agent/third party acting on your behalf. For example:
Through (publicly) available sources. For example:
By reference or word of mouth. For example:
In most circumstances your data will not be retained for more than 6 years from the last point at which we provided any services or otherwise engaged with you. It is our policy to only store your personal data for as long as it is reasonably necessary for us to comply with our legal obligations and for our legitimate business interests. The following sets out the lengths of time we are required by law to retain your data or certain elements of your data:
However, we may retain data for longer than a 6-year period where we have a legal or contractual obligation to do so, or we form the view that there is otherwise a continued basis to do so, for example where your personal information identifies specialist skill sets which may remain in demand, or we are subject to a legal obligation which applies for a longer period.
If, however, you believe that we should delete your personal data at an earlier date, please inform us in writing of your reasons. Please see below for ‘What Are Your Rights’.
This section outlines in more detail the purposes and the consequences of processing your personal data. We will be using your personal data to:
Where background checks and specifically Cifas (fraud) checks are carried out, the personal information we have collected from you will be shared with Cifas who will use it to prevent fraud, other unlawful or dishonest conduct, malpractice, and other seriously improper conduct. If any of these are detected, you could be refused certain services or employment. Your personal information will also be used to verify your identity.
Further details of how your information will be used by us and Cifas, and your data protection rights, can be found by accessing https://www.cifas.org.uk/fpn. If we carry out a Cifas check, we will provide you with the ‘fair processing notice for the internal fraud database’.
We will only share your personal data (usually profile and relevant project experience) with our clients if you have explicitly consented to this.
We may share your personal details with an umbrella or management company if you have confirmed a desire to utilise a particular approved umbrella company.
We will not conduct any form of automated processing of your personal data consisting of the use of personal data to evaluate certain personal aspects relating to you.
We will not analyse or predict aspects concerning your economic situation, health, personal preferences, interests, reliability, behaviour, location or movements. Furthermore, we will not make decisions that are based solely on automated processing which produces legal effects or similarly significantly affects your rights.
If we process your personal data, we mostly rely on the following legal bases:
If you are a candidate, the legal basis on which we usually rely for processing your information will be from legitimate interests.
Please note that the list of legal bases is not exhaustive.
We may market relevant products and services to you unless you inform us of your wish to opt out (which you are entitled to do at any stage). Some emails we send are market insight driven, others are service, and project related. We also approach our network for feedback and insight.
As our servers are based in the United Kingdom, your personal data is shared, stored and processed outside the European Economic Area (EEA).
We will, however, only transfer your data outside the EEA to countries which the European Commission believes offer an adequate level of protection to you or where appropriate safeguards have been put in place to preserve the privacy of your data.
By law, you have several rights regarding your personal data. You are entitled to lodge a so-called Subject Access Request (‘SAR’). These types of SAR’s and your rights have been summarised in the table below. Further information and advice about your rights can be obtained from the Information Commissioner’s Office.
We will respond to any request within 1 month (this can be extended to 2 months in exceptional circumstances). However, where requests are manifestly unfounded or excessive, in particular because of its repetitive character, we may refuse to act upon your request. If this happens then we will inform you within one month of about the possibility of lodging a complaint with a supervisory authority (in the UK, this will be the ICO) or seeking a judicial remedy.
The fact that you make a deletion request does not necessarily mean that we will grant your request in every instance, especially if we have legitimate reasons to retain your personal data. We will always give reasons if we decline your request.
Please note that should we receive any requests from you to erase personal data or stop processing your information, we may retain a record of such requests as well as the actions taken by us. This will serve as both evidence of our compliance to your request, as well as enable us to take steps to curtail any future processing of your data should it be received again from a third-party source.
We take all reasonable steps to ensure that your personal data is adequately secured. We use market suppliers such as SourceWhale, Microsoft market, Vincere, Salesforce and Timesheet Portal all of which are leading and up-to-date technologies.
If you are based in the UK and are unhappy about any aspect of the way in which your Personal Data is processed by us, in the first instance please contact us at hello@gatheredandfound.co.uk. This does not affect your right to make a complaint to the Information Commissioner’s Office https://ico.org.uk.
If you are based in the EU and are unhappy about any aspect of the way in which your Personal Data is processed by us, in the first instance please contact us at hello@gatheredandfound.co.uk
It is important to note that we may amend this Data Processing Notice from time to time. Please visit this page if you want to stay up to date as we will post any changes here.
Last updated: May 2025