Cookies & Privacy

This page describes the information that Marks Sattin collects about data subjects, how it is used and shared, and the data subjects’ rights regarding it.

Privacy notice for Marks Sattin

We want you to know that when you use our organisation you can trust us with your information. We are determined to do nothing that would infringe your rights or undermine your trust. This Privacy Notice describes the information we collect about you, how it is used and shared, and your rights regarding it.

Data Controller

We are registered with the Information Commissioner’s Office (ICO) as a Data Controller for the personal data that we hold and process.

Our registered address is:

LABS,9 90 High Holborn, London, England, WC1V 6LJ

Our registration number is 01594927.

Marks Sattin is part of the Gi Group and the Data Protection Officer for Marks Sattin/Gi Group is Mr. Gabriele Faggioli. For any enquiries about this privacy policy or to exercise any rights under this policy please email

You can make a subject access request by completing a SARs form - Please click here.

Data Collection

The vast majority of the information that we hold about you is provided to us by yourself when you seek to use our services. We will tell you why we need the information and how we will use it.

Our lawful basis for processing your information

The General Data Protection Regulation (GDPR) requires all organisations that process personal data to have a Lawful Basis for doing so. The Lawful Bases identified in the GDPR are:

  • Consent of the data subject 
  • Performance of a contract with the data subject or to take steps to enter into a contract 
  • Compliance with a legal obligation 
  • To protect the vital interests of a data subject or another person 
  • Performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
  • The legitimate interests of ourselves, or a third party, except where such interests are overridden by the interests, rights or freedoms of the data subject

Examples of legitimate interests include:

Where the data subject is a client or in the service of the controller

Our Lawful Basis is legitimate interest and our Legitimate Interest is you as a candidate are in the service of Marks Sattin as a controller. 

We use your information to:

  • Provide services
  • Process or support payments services

We do not use automated decision-making in the processing of your personal data.

We collect and process both personal data and special categories of personal data as defined in the GDPR. This includes:

Customer/client data
  • Name;
  • Payment or bank details;
  • Address;
  • Email;
  • Date of birth;
  • Location details;
  • Phone number;

Employee Data

  • Name;
  • Payment or bank details;
  • Address;
  • Email;
  • Date of birth;
  • Family & next-of-kin details;
  • Phone number

We may share your personal data with:

Delivery partners; Our business partners; Our subsidiaries; Our legal advisors in the event of a dispute or other legal matter; Law enforcement officials, government authorities, or other third parties to meet our legal obligations; In connection with, or during negotiations of, any merger, sale of company assets, consolidation or restructuring, financing, refinancing, or acquisition of some or all of our business by another company; Any other party where we ask you and you consent to the sharing.

We may share your personal data with potential clients on a speculative basis as by making your CV available to us (whether directly or via a job board for the express reason of employers being able to access this data) it is likely that your intention is to have Marks Sattin access your CV and share it with their clients or prospective clients.  As such, the legitimate interest of Marks Sattin and their clients to fill vacancies would not be overridden by any interests of rights of yours.  In fact, those legitimate are likely to align with your interests in circulating your CV in order to find a job.

Transfers to third countries and international organisations

If we transfer personal data to third countries or international organisations using the identified safeguards, such a contractual model clauses. We have satisfied ourselves that such transferred data is fully protected and safeguarded as required by the General Data Protection Regulation.

We retain your personal data while you remain a candidate, unless you ask us to delete it. Our Retention and Disposal Policy (copy available on request) details how long we hold data for and how we dispose of it when it no longer needs to be held. We will delete or anonymise your information at your request unless:

  • There is an unresolved issue, such as claim or dispute;
  • We are legally required to; 
  • There are overriding legitimate business interests, including but not limited to fraud prevention and protecting customers' safety and security.

Your rights

The General Data Protection Regulation gives you specific rights around your personal data. For example, you have to be informed about the information we hold and what we use it for, you can ask for a copy of the personal information we hold about you, you can ask us to correct any inaccuracies with the personal data we hold, you can ask us to stop sending you direct mail, or emails, or in some circumstances ask us to stop processing your details.

Finally, if we do something irregular or improper with your personal data you can seek compensation for any distress you are caused or loss you have incurred. You can find out more information from the ICO’s website: and this is the organisation that you can complain to if you are unhappy with how we deal with you.

Accessing and correcting your information

You may request access to, correction of, or a copy of your information by contacting us at:

Marketing opt-outs

You may opt out of receiving emails and other messages from our organisation by following the instructions in those messages.


Cookies are text files containing small amounts of information which are downloaded to your device when you visit a website. Cookies are then sent back to the originating website on each subsequent visit, or to another website that recognises that cookie. Cookies do lots of different jobs, like letting you navigate between pages efficiently remembering your preferences, and generally improve your web site experience. They can also help to ensure that adverts you see online are more relevant to you and your interests.

We can split cookies into four main categories:

Category 1: Strictly necessary cookies
Category 2: Performance cookies
Category 3: Functionality cookies
Category 4: Targeting cookies or advertising cookies

Category 1 - Strictly necessary cookies

These cookies are essential in order to enable you to move around the website and use its features, such as accessing secure areas of the website. Without these cookies services you have asked for, like register for job alerts, cannot be provided.
Please be aware our site uses this type of cookie.

Category 2 - Performance cookies

These cookies collect information about how visitors use a website, for instance which pages visitors go to most often, and if they get error messages from web pages. These cookies don’t collect information that identifies a visitor. All information these cookies collect is aggregated and therefore anonymous. It is only used to improve how a website works. By using our website and online services, you agree that we can place these types of cookies on your device.

Category 3 - Functionality cookies

These cookies allow the website to remember choices you make (such as your user name and password) and provide enhanced, more personal features. These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customise. They may also be used to provide services you have asked for such as watching a video or commenting on a blog. The information these cookies collect may be anonymous and they cannot track your browsing activity on other websites.
By using our website and online services, you agree that we can place these types of cookies on your device.

Category 4 - Targeting cookies or advertising cookies

These cookies are used to deliver adverts more relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaign. They remember that you have visited a website and this information is shared with other organisations such as advertisers. Quite often targeting or advertising cookies will be linked to site functionality provided by the other organisations.

We do have links to other web sites and once you access another site through a link that we have provided it is the responsibility of that site to provide information as to how they use cookies on the respective site.

You can find more information about cookies by visiting or Google also have a brief video which explains the use of cookies. Download Gi Groups full Privacy Policy here. 

Download our full GDPR policy here.

We will occasionally update our Privacy Notice. When we make significant changes, we will publish the updated notice on our website.



Name Domain Expiration Description
_pk_id.43.0c63 1 year This cookie is used by Matomo for site performance tracking purposes.
_pk_ses.43.0c63 30 minutes This cookie is used by Matomo for site performance tracking purposes.
_ga 2 years This cookie name is associated with Google Universal Analytics - which is a significant update to Google's more commonly used analytics service. This cookie is used to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in each page request in a site and used to calculate visitor, session and campaign data for the sites analytics reports. By default it is set to expire after 2 years, although this is customisable by website owners.
_gid 1 day This cookie name is associated with Google Analytics. It is used by gtag.js and analytics.js scripts and according to Google Analytics this cookie is used to distinguish users.
_gat_UA-21726342-16 1 minute This is a pattern type cookie set by Google Analytics, where the pattern element on the name contains the unique identity number of the account or website it relates to. It appears to be a variation of the _gat cookie which is used to limit the amount of data recorded by Google on high traffic volume websites.
_hjTLDTest Session When the Hotjar script executes, Hotjar try to determine the most generic cookie path they should use, instead of the page hostname. This is done so that cookies can be shared across subdomains (where applicable). To determine this, Hotjar try to store the _hjTLDTest cookie for different URL substring alternatives until it fails. After this check, the cookie is removed.
_hjid 1 year Hotjar cookie that is set when the customer first lands on a page with the Hotjar script. It is used to persist the Hotjar User ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID.
_hjFirstSeen 30 minutes This cookie is used by Google Tag Manager to determine if the visitor has visited the website before, or if it is a new visitor on the website.
wisepops 2 years Where persistant data is stored for example the popups the visitor has seen / converted.
_hjIncludedInPageviewSample 2 minutes This cookie is set to let Hotjar know whether that visitor is included in the data sampling defined by your site's pageview limit.
_hjAbsoluteSessionInProgress 30 minutes This cookie is used by Hotjar to detect the first pageview session of a user. This is a True/False flag set by the cookie.
wisepops_visits 2 years This cookie stores the date of the visit or visits of the visitor using the site.
wisepops_session Session This cookie is used by Wisepop to collect data on the initial referrer, UTM params and the popups seen during the session.
COP_Vacancies Session This cookie is used to remember a user’s previously viewed content which is then used to tailor the users ongoing experience
GPS 30 minutes This cookie is set by YouTube to track views of embedded videos and display targeted advertising to web visitors.
lissc 1 year Used by LinkedIn to ensure there is correct SameSite attribute for all cookies in that browser
li_gc 1 year 12 months Used by Linkedin to store consent of guests regarding the use of cookies for non-essential purposes


Name Domain Expiration Description
NID 6 months 3 days This cookie is set by DoubleClick (which is owned by Google) to help build a profile of your interests and show you relevant ads on other sites.
VISITOR_INFO1_LIVE 6 months This cookie is set by Youtube to keep track of user preferences for Youtube videos embedded in sites;it can also determine whether the website visitor is using the new or old version of the Youtube interface.
YSC Session This cookie is set by YouTube to track views of embedded videos.
IDE 1 year This cookie carries out information about how the end user uses the website and any advertising that the end user may have seen before visiting the said website.
bcookie 2 years This is a Microsoft MSN 1st party cookie for sharing the content of the website via social media.
bscookie 2 years Used by the social networking service, LinkedIn, for tracking the use of embedded services.
lidc 1 day This is a Microsoft MSN 1st party cookie that ensures the proper functioning of this website.


Name Domain Expiration Description
lang Session There are many different types of cookies associated with this name, and a more detailed look at how it is used on a particular website is generally recommended. However, in most cases it will likely be used to store language preferences, potentially to serve up content in the stored language.


Name Domain Expiration Description
.AspNetCore.Antiforgery.6YYsGt-Vbxo Session This cookie is generated by the application server and used to prevent malicious cross-site request forgery (known as XSRF and CSRF)