GDPR Compliance

Last updated: 9 June 2026

Our commitment to data protection

Simply Staffed Ltd is committed to protecting and respecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page explains how we meet our obligations under these regulations.

Data controller

Simply Staffed Ltd is the data controller for the personal data we collect. Our registered address is 59 Castle Street, Reading, RG1 7SN. For all data protection matters, contact us at hello@simplystaffed.co.uk.

Lawful basis for processing

We only process personal data where we have a lawful basis to do so. The bases we rely on include:

  • Consent: you have given us explicit consent to process your data for a stated purpose. You may withdraw consent at any time.
  • Contract: processing is necessary to fulfil a contract with you, or to take pre-contractual steps at your request.
  • Legitimate interest: processing is necessary for our legitimate business interests, such as improving our services, provided your rights do not override those interests.
  • Legal obligation: processing is necessary to comply with UK law.

Data we collect

We collect only the minimum personal data necessary for the purpose intended. This typically includes:

  • Name, email address and phone number (via enquiry forms or direct contact)
  • Company name and job title
  • Technical data such as IP address and browser information (via cookies)

We do not collect sensitive personal data (special category data) unless explicitly required and with your consent.

Data minimisation & purpose limitation

We adhere to the principles of data minimisation and purpose limitation. Personal data is collected only for specified, explicit and legitimate purposes and is not processed in a manner incompatible with those purposes.

Data storage & security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure or destruction. These measures include:

  • Encryption of data in transit (SSL/TLS)
  • Access controls limiting data access to authorised personnel only
  • Regular review of data processing activities and security measures
  • Secure storage with reputable, GDPR-compliant hosting providers

International data transfers

Where personal data is transferred outside the UK (for example, to our remote staffing teams), we ensure adequate safeguards are in place. These include standard contractual clauses (SCCs) approved by the ICO, and we assess the data protection laws of the receiving country.

Data retention

We do not retain personal data for longer than necessary. Retention periods are determined by the nature of the data and the purpose for which it was collected. Client and enquiry data is typically retained for 24 months after the last meaningful interaction. You may request earlier deletion at any time.

Your rights under UK GDPR

You have the following rights regarding your personal data:

  • Right of access: request a copy of the personal data we hold about you
  • Right to rectification: request correction of inaccurate or incomplete data
  • Right to erasure: request deletion of your data where there is no compelling reason to continue processing
  • Right to restrict processing: request that we limit how we use your data
  • Right to data portability: request transfer of your data in a structured, machine-readable format
  • Right to object: object to processing based on legitimate interests or direct marketing
  • Rights related to automated decision-making: not to be subject to decisions based solely on automated processing

To exercise any of these rights, email us at hello@simplystaffed.co.uk. We will respond within one calendar month.

Data breaches

In the event of a personal data breach that poses a risk to individuals' rights and freedoms, we will notify the ICO within 72 hours of becoming aware of the breach and will inform affected individuals without undue delay where required.

Third-party processors

Where we use third-party services to process personal data on our behalf (e.g. hosting, CRM, analytics), we ensure they are GDPR-compliant and have appropriate data processing agreements in place.

Complaints

If you are unhappy with how we handle your personal data, please contact us first at hello@simplystaffed.co.uk. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Updates to this page

We may update this GDPR compliance statement from time to time. Changes will be posted on this page with an updated date.