Contact Us
Contact Us

Data Protection Policy

Data Protection Policy

Table of Contents

Our Commitment to Data Privacy and Security

At Prostaffing we regard the lawful and correct treatment of personal information as very important to our successful operation and to maintaining confidence between us and those with whom we carry out business. We are committed to protecting the privacy and security of personal data in accordance with the General Data Protection Regulation (GDPR) and UK data protection legislation.

Introduction

We may have to collect and use information about people with whom we work. This personal information must be handled and dealt with properly, however it is collected, recorded and used, and whether it be on paper, in computer records or recorded by any other means.
We will ensure that we treat personal information lawfully and correctly. To this end we fully endorse and adhere to the principles of the General Data Protection Regulation (GDPR).
This policy applies to the processing of personal data in manual and electronic records kept by us. It also covers our response to any data breach and other rights under the GDPR.

Scope of This Policy

This policy applies to the personal data of:

  • Job applicants
  • Existing and former employees
  • Apprentices and volunteers
  • Placement students and candidates
  • Agencies and contractors
  • Workers and self-employed contractors

These are referred to in this policy as relevant individuals.

Key Definitions 

Personal Data

Information that relates to an identifiable person who can be directly or indirectly identified from that information, for example:

  • A person’s name
  • Identification number
  • Location data
  • Online identifier
  • Pseudonymised data

Special Categories of Personal Data

Data which relates to an individual’s:

  • Health information
  • Sex life and sexual orientation
  • Race and ethnic origin
  • Political opinions
  • Religious beliefs
  • Trade union membership
  • Genetic and biometric data (where used for identification purposes)

Criminal Offence Data

Data which relates to an individual’s criminal convictions and offences.

Data Processing

Any operation or set of operations performed on personal data, including:

  • Collection and recording
  • Organisation and structuring
  • Storage and adaptation
  • Retrieval and consultation
  • Use and disclosure
  • Alignment or combination
  • Restriction, erasure or destruction

Data Protection Principles

Under GDPR, all personal data obtained and held by us must be processed according to a set of core principles. In accordance with these principles, we will ensure that:

1. Lawfulness, Fairness and Transparency

  • Processing will be fair, lawful and transparent
  • We will provide clear information about how we use personal data
  • We will only process data where we have a lawful basis to do so

2. Purpose Limitation

  • Data will be collected for specific, explicit, and legitimate purposes
  • We will not use personal data for purposes incompatible with those for which it was collected

3. Data Minimisation

  • Data collected will be adequate, relevant and limited to what is necessary for the purposes of processing
  • We will not collect more data than we need

4. Accuracy

  • Data will be kept accurate and up to date
  • Data which is found to be inaccurate will be rectified or erased without delay
  • We will take reasonable steps to ensure accuracy

5. Storage Limitation

  • Data is not kept for longer than is necessary for its given purpose
  • We will regularly review and delete data that is no longer needed

6. Integrity and Confidentiality

  • Data will be processed securely using appropriate technical and organisational measures
  • We will protect against unauthorised or unlawful processing
  • We will guard against accidental loss, destruction or damage

7. Accountability

  • We will demonstrate compliance with all data protection principles
  • We will maintain records of our processing activities

How We Protect Your Data

Security Measures

We implement appropriate technical and organisational measures to protect personal data:

  • Secure IT systems and networks
  • Access controls and user authentication
  • Regular security assessments and updates
  • Staff training on data protection
  • Secure disposal of data and equipment

Data Breach Response

In the event of a data breach, we will:

  • Assess the risk to individuals’ rights and freedoms
  • Notify the Information Commissioner’s Office within 72 hours where required
  • Inform affected individuals without undue delay where there is high risk
  • Take immediate steps to contain and remedy the breach

Data Sharing and Transfers

Third Party Processing

We may share personal data with third parties only when:

  • We have a lawful basis for sharing
  • Appropriate safeguards are in place
  • The sharing is necessary for our legitimate business purposes

International Transfers

When transferring data outside the UK, we ensure:

  • Adequate protection through adequacy decisions
  • Appropriate safeguards such as standard contractual clauses
  • Compliance with all transfer requirements

Retention and Disposal

Retention Periods

We retain personal data only for as long as necessary:

  • Employee records: As required by employment law and HMRC requirements
  • Recruitment records: 12 months for unsuccessful candidates
  • Client data: As required for service provision and legal obligations

Secure Disposal

When data is no longer needed, we ensure:

  • Secure deletion from electronic systems
  • Confidential destruction of paper records
  • Verification of complete data removal

Training and Awareness

Staff Training

All staff receive training on:

  • Data protection principles and requirements
  • Their responsibilities under this policy
  • How to handle data protection requests
  • Recognising and reporting data breaches

Ongoing Education

We provide regular updates on:

  • Changes to data protection law
  • Best practices for data handling
  • New security threats and measures

Governance and Accountability

Data Protection Officer

Our designated Data Protection Officer is responsible for:

  • Monitoring compliance with data protection law
  • Conducting privacy impact assessments
  • Acting as point of contact for data protection authorities
  • Providing guidance on data protection matters

Regular Reviews

We conduct regular reviews of:

  • Our data processing activities
  • Security measures and controls
  • Staff training and awareness
  • Policy effectiveness and compliance

Contact Information

Data Protection Enquiries

For any questions about this policy or to exercise your data protection rights, please contact:

Data Protection Officer
Pro Staffing Group
Email: dataprotection@pro-staffing.co.uk

Complaints

If you are not satisfied with how we handle your personal data, you have the right to complain to:

Information Commissioner’s Office (ICO)
Website: ico.org.uk
Phone: 0303 123 1113

Policy Updates

This policy will be reviewed annually and updated as necessary to reflect:

    • Changes in data protection law
    • New business processes
    • Technological developments
    • Best practice guidance

At Pro Staffing Group, protecting your personal data is not just a legal requirement—it’s fundamental to maintaining the trust and confidence you place in us. We are committed to the highest standards of data protection and privacy.

How We Protect Your Data

Under GDPR, individuals have several rights regarding their personal data:

1. Right of Access

  • You have the right to request access to your personal data
  • We will provide a copy of your data and information about how it is processed

2. Purpose Limitation

  • Data will be collected for specific, explicit, and legitimate purposes
  • We will not use personal data for purposes incompatible with those for which it was collected

3. Data Minimisation

  • Data collected will be adequate, relevant, and limited to what is necessary for the purposes of processing
  • We will not collect more data than we need

4. Accuracy

  • Data will be kept accurate and up to date
  • Data which is found to be inaccurate will be rectified or erased without delay
  • We will take reasonable steps to ensure accuracy

5. Storage Limitation

  • Data is not kept for longer than is necessary for its given purpose
  • We will regularly review and delete data that is no longer needed

6. Integrity and Confidentiality

  • Data will be processed securely using appropriate technical and organisational measures
  • We will protect against unauthorised or unlawful processing
  • We will guard against accidental loss, destruction, or damage

7. Accountability

  • We will demonstrate compliance with all data protection principles
  • We will maintain records of our processing activities