Last Updated: 13.05.2025

Staffinity Ltd (“we”, “us”, or “our”) is committed to protecting your privacy and complying with the UK General Data Protection Regulation (GDPR) and Data Protection Act 2018. This policy explains how we collect, use, and safeguard your personal data when you use our website or services.
________________________________________

1. Data We Collect

We may collect and process:

• Candidate Data: Name, contact details, CV, work history, qualifications, right-to-work status, and references.
• Employer Data: Company name, job descriptions, contact details, and payment/billing information.
• Technical Data: IP address, browser type, device information, and cookies (see Cookie Policy).
• Sensitive Data: Only with explicit consent (e.g., disability status for reasonable adjustments).
________________________________________

2. How We Use Your Data

Lawful Basis Under GDPR:
• Consent: For marketing communications or sensitive data processing.
• Contractual Necessity: To fulfil recruitment services for employers or job-seeking services for candidates.
• Legitimate Interests: To improve our services, prevent fraud, or ensure network security.
• Legal Obligations: To verify right-to-work status or comply with HMRC requirements.
________________________________________

3. Data Retention

We retain personal data only as long as necessary:
• Candidates: Up to 6 months after your last interaction unless you consent to longer retention.
• Employers: For the duration of our contractual relationship + 7 years for tax/legal compliance.
• Job Applications: 12 months unless you request deletion.
________________________________________

4. Data Sharing

We may share your data with:
• Clients (Employers): To match candidates with job opportunities.
• Third-Party Providers: IT services, background-check agencies, or payroll processors (under strict GDPR-compliant agreements).
• Legal Authorities: If required by law (e.g., HMRC, law enforcement).
________________________________________
5. Your Rights Under GDPR

You have the right to:
• Access: Request a copy of your data.
• Rectification: Correct inaccurate information.
• Erasure: Request deletion of your data (where legally permissible).
• Restrict Processing: Limit how we use your data.
• Data Portability: Receive your data in a machine-readable format.
• Object: Opt out of direct marketing or processing based on legitimate interests.
• Withdraw Consent: At any time (where consent is the lawful basis).
To exercise these rights, contact us at [Email Address] or [Postal Address].
________________________________________

6. Data Security

We implement technical and organisational measures to protect your data, including:
• Encryption of sensitive data.
• Restricted access to personal information.
• Regular staff GDPR training.
• Immediate breach notification procedures.
________________________________________

7. International Transfers

If data is transferred outside the UK/EEA, we ensure safeguards such as:
• Adequacy decisions (e.g., EU-approved countries).
• Standard Contractual Clauses (SCCs).
________________________________________

8. Cookies

We use cookies to enhance website functionality. You can manage preferences via your browser settings. For details, see our Cookie Policy.
________________________________________

9. Updates to This Policy

We may update this policy periodically. Changes will be posted on this page, and significant updates will be notified via email.
________________________________________

10. Contact Us

Data Controller: Staffinity Recruitment Ltd
Registered Office: Unit 82a James Carter Road, Mildenhall, Bury St. Edmunds, England, IP28 7DE
Email: enquires@staffinity.co.uk
Phone: 0161 388 3660
For complaints, contact the Information Commissioner’s Office (ICO) at ico.org.uk.