Data Protection Policy

GDPR Data Protection Policy

1.      Protecting personal data

1.1    Protecting personal data is very important. Whether it belongs to you or individuals we work with we take our responsibilities very seriously.

1.2    Not only do we need to ensure that we protect your personal data but you also need to help us to protect other personal data that we hold.

1.3    We have appointed a ’Data Protection Officer’ to ensure that this policy is implemented appropriately.  If you have any questions or concerns about this policy or the processing of personal data please speak with them first.

1.4    Our Data Protection Officer is Dominic Hunter, the Group Quality Manager. (

Protecting personal data

1.5    When dealing with personal data there are eight principles that you and we need to follow. The personal data needs to be:

(a)     Processed fairly and lawfully;

(b)     Relevant and not excessive;

(c)     Processed for limited purposes and in an appropriate way;

(d)     Accurate;

(e)     Not kept longer than necessary;

(f)      Processed in accordance with the laws dealing with personal data;

(g)     Kept secure;

(h)     Not transferred to people or organisations in countries without adequate protection.

There is a lot to understand in respect of these principles. This policy should help you to ensure that your and our treatment of personal data is appropriate and lawful. If you have any questions please direct them to the  ’Data Protection Officer’ by e mailing, or writing to the Data Protection Officer, Barker Ross Group, Mercury Place, 11 St George Street, Leicester, LE1 1QG.

A lawful purpose for processing your personal data

1.6    We process personal data fairly and lawfully. Grounds for processing personal data include: with your consent, to comply with a legal obligation, in your vital interests, in the performance of a contract with you or in our legitimate interests (or a third party processing your personal data). If the personal data is sensitive additional conditions will be met.

1.7    At the end of this policy we identify the categories of personal data that we collect and the reasons for processing it along with a privacy notice explaining more about what we do with your personal data.

1.8    Where we process the following data we will secure your consent before doing so:

(a)      personal data about your health to:

         (i)       monitor sick leave; and

         (ii)      take decisions as to your fitness for work;

(b)      processing personal data to meet with our legal obligations to third parties including pensions and insurance providers;

(c)      processing personal data to measure and manage equal opportunities;

(d)      transferring your personal data to a country outside of the European Economic Area provided that we are satisfied with the protections that they have in place to protect your data (unless it’s a one off transfer of data);

(e)       sharing your personal data with a company within our group (where applicable) or with any person or business that intends to buy us or take over control;

(f)        sharing your personal data with the Fit For Work Service, your doctor, consultant and/or occupational health specialist;

(g)       sharing your personal information with the Disclosure and Barring Service (or equivalent).

Requests to see your personal data

1.9      If you want us to show you personal data that we hold on you then you need to make a request in writing to the ‘Data Protection Officer’. We might ask you for more details about the request or give you a template letter to help with your request. Where the request isn’t made in person we will always ask for two forms of identity to confirm that it is you making the request.

1.10    We’ll always try and acknowledge your request when we receive it. We’ve got between 30 days and three months to respond in full to your request.

1.11    We may ask you to contribute towards the administration fee in processing your request.

1.12    If you are asked to disclose personal data you should notify the Data Protection Officer immediately and follow their instructions.

Your rights to deletion, freezing data processing and corrections

1.13   You can ask us to delete your personal data where:

(a)       Processing it is no longer necessary bearing in mind the reason it was collected;

(b)       It is being processed unlawfully;

(c)       You object to us processing your personal data (unless we have an over-riding legitimate interest for continuing to process it in which case we may continue to do so, for example we are required to retain this information as you have accepted work and completed a paid assignment with us).

1.14    Where information we hold on you is inaccurate or incomplete you can ask us rectify the data.

1.15    You can ask us to stop processing your data where:

(a)        Processing is unlawful;

(b)        You say that the information that we hold is inaccurate;

(c)        You don’t consider we have a ‘legitimate interest’ for processing the data (unless we have an over-riding legitimate interest for continuing to process it in which case we will continue to do so).

1.16     If we think that you’re abusing these rights and making unfounded or excessive requests we may refuse your request or may charge a reasonable administration fee for processing the request.

Limitations and obligations

1.17    We have processes in place to ensure that the accuracy of the personal data that we hold is up to date. Obviously, if personal data that we hold on you is out of date or inaccurate please notify the Data Protection Officer.  We will talk to you at least once a year about the personal data that we hold on you, whether it is still necessary to hold that data and whether any of it is inaccurate or out of date.

1.18    We will retain your personal data in accordance with published retention periods.  We have processes in place to ensure that personal data isn’t kept for longer than necessary. Once it’s no longer necessary for processing purposes we will delete it.

1.19    We have put appropriate security measures in place to stop accidental loss of, or damage to personal data. Where we ask third parties to process your personal data we will ensure that they have appropriate security measures in place too and that they comply with data protection legislation.

1.20     A data breach is a breach of data security that leads to accidental or unlawful destruction, loss, alteration or unauthorised disclosure of personal data. It includes sending emails to the wrong person, carelessness with passwords and leaving personal data on desks. If you become aware of a data breach you should immediately notify the Data Protection Officer.

1.21     Usually, we will only process or share your personal data for the purpose it was collected. So, if it was gathered as part of a discussion about a medical condition that you have then generally we will not use the information for any other reason. Sometimes, in processing personal data we become aware of information that we cannot ignore, even if it means using it for a purpose beyond the reason it was collected. For example, if we use CCTV for health and safety reasons and happen upon misconduct we are not expected to ignore that. Where that is the case, we will confirm the extended use of the personal data.

1.22     If you become aware that personal data has become lost, stolen or otherwise transferred outside of Barker Ross Group accidentally or without authorisation, you need to report this immediately to the Data Protection Officer.

1.23     This policy may be changed from time to time. We will notify you of any changes.

Information about your data

Type of data

Relevant privacy notice

Reason for processing the data

Type of processing

Who processes the data

Where the data came from

Any recipients of the data

Your name




Barker Ross Group


Our client, where we place you in an assignment

Your address, bank account details, personal contact details




Barker Ross Group



Next of kin details


Information, health and safety

Health and safety

Barker Ross Group


In the event of an accident, we may need to share this with the client where you are working on assignment

Driving Licences


Confirmation of right to drive


Barker Ross Group


Shared with a client where you are placed in a Driver role

DVLA check


Confirmation of current licence status


Barker Ross Group


Shared with a client where you are placed in a Driver role

DBS check


Confirmation of acceptability for role


Barker Ross Group

You, U Check – DBS provider)

The actual DBS check is read then confidentially destroyed.  A note of the result is retained and will be shared with a client on request

DBS check that shows cautions or convictions


Confirmation of acceptability for role


Barker Ross Group

You, U check – (DBS provider)

DBS checks with cautions / convictions will be retained for the period of your ongoing registration

Professional qualifications


Confirmation of acceptability for role

Contractual / legislative

Barker Ross Group


Copies of professional qualifications may be required to be shared with our clients to demonstrate your ability to fulfil the role that you are being placed into

Worker compliance files


Confirmation of acceptability for the role


Barker Ross Group

You, your referees, U Check (where a DBS check applies)

Managed Service Providers (MSP clients) where your details are shared with a compliance portal managed by the MSP

Privacy notice

Our commitment to your privacy               

We’re serious about protecting your personal data. This note explains:

  • From where we secured your personal data
  • The personal data that we collect
  • How and when we use that personal data
  • Whether we share your personal data with anyone else

Further information about your personal data rights can be found within our data protection policy.

Personal data that we collect

The personal data that we collect includes your name, address, email address, telephone number,  IP address (the number that uniquely identifies a specific computer, Proof of right to work, National Insurance Number, next of kin, bank account details, driving licence, any relevant qualifications.

We collect your personal data from you.

We also collect the following personal data from third parties:

  • example – your reference was secured from your previous employer
  • example – medical information was provided to us from our health check providers
  • Example – DVLA checks, where you are authorised to drive a company supplied vehicle
  • Example – DBS checks, where you may come into contact with vulnerable adults or children as part of your role

We always ensure that we have a lawful basis for processing the personal data that we collect. In this case the lawful basis for processing is that we have a legal contract with you , as an employee, we are required to demonstrate that our employees have the right to work in the UK and that we hold the relevant insurance cover for you to carry out your appointed role.

How and when we use your personal data

We’re committed to using your personal data responsibly and lawfully. Here’s what we do with your personal data:

  • Your HR information is retained in line with your employment
  • Processing your salary

Your personal data is all stored within the UK.

To help us to maintain the accuracy of the personal data that we hold please notify the Human Resources Manager OR the Data Protection Officer if we hold out of date or inaccurate information about you.

Sharing your personal data

There are only a few occasions where we will share your personal data with a third party. They are:

  • example – where we’re required to disclose it by law – to government bodies for example
  • example - between ourselves – for example to deal with a query that you may have
  • example – with our professional advisers (who are required to keep confidential your data)

The data controller collecting your personal data for the purpose of this policy is Barker Ross Group and its subsidiary companies. We use accepted standards of technology and security to protect your personal data.

If you have any questions or queries about this notice please email the Data Protection Officer on