GDPR Policy

Last updated: February 26, 2026

Demo Notice: This is a sample GDPR Policy for template demonstration purposes only.

1. Overview

This policy outlines how PeopleFirst Staffing complies with the UK General Data Protection Regulation (UK GDPR) as retained in UK law following the EU exit, and the Data Protection Act 2018.

2. Data Controller

PeopleFirst Staffing acts as the Data Controller for personal data collected through our website and recruitment activities. Our ICO Registration Number: ZB000000 (sample).

3. Lawful Basis for Processing

We process personal data under the following lawful bases:

Contract: Processing necessary to fulfil recruitment services
Legitimate Interest: Matching suitable candidates to roles
Consent: For marketing communications and optional data sharing
Legal Obligation: Compliance with employment law and right-to-work checks

4. Data Retention

Active candidate data is retained for up to 2 years from last activity. Placed candidates' records are retained for 6 years for audit purposes. You may request deletion at any time.

5. Data Subject Rights

You have the right to: access your data, rectify inaccurate data, erase your data, restrict processing, portability, and to object to processing. Contact us at dpo@peoplefirst.co.uk.

6. Supervisory Authority

You have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

Back to Home Privacy Policy Data Processing Agreement