I.i UnityPath Staffing LTD (“the Company”) is committed to ensuring that all Personal Data is processed in accordance with the General Data Protection Regulation (GDPR), the UK GDPR, and the Data Protection Act 2018 (collectively referred to as “Data Protection Legislation”). The Company recognises its responsibility to protect the privacy, rights and freedoms of individuals whose Personal Data it processes.
I.ii Failure to protect Personal Data may result in legal and financial penalties imposed by the Information Commissioner’s Office (ICO), loss of client confidence, reputational harm and interruption to business continuity. The purpose of this Policy is to ensure that the Company processes Personal Data safely, lawfully and transparently at all times.
I.iii This Policy applies to all employees, temporary workers, contractors, candidates, clients and third parties who may have access to Personal Data processed by UnityPath Staffing LTD.
II.i Personal Data
Information relating to an identified or identifiable living individual, either directly or indirectly.
II.ii Special Category Personal Data
Personal Data requiring enhanced protection including, but not limited to: racial or ethnic origin, biometric data, health data, political views, religious beliefs, sexual orientation and trade union membership.
II.iii Processing
Any action taken in relation to Personal Data including, but not limited to, collection, recording, organisation, storage, retrieval, alteration, sharing, restriction, erasure or destruction.
II.iv Data Subject
Any living individual whose Personal Data is processed by the Company. This may include applicants, employees, temporary workers, candidates, clients and suppliers.
II.v Data Controller
UnityPath Staffing LTD determines the purposes and lawful basis for Processing Personal Data.
II.vi Data Processor
Any external organisation or individual engaged to process Personal Data on behalf of the Company.
II.vii Data Protection Officer (DPO)
The individual designated to oversee Data Protection compliance and respond to Data Subject requests. (Title only — no personal name listed.)
III.i This Policy applies to all forms of Personal Data processed by UnityPath Staffing LTD, whether stored electronically, on paper, in cloud systems or on portable devices.
III.ii This Policy applies to all work locations, including home-based working environments, client sites and mobile work settings.
III.iii All staff, contractors, consultants and temporary workers are required to comply with this Policy as a condition of continued engagement.
IV. Data Protection Principles
UnityPath Staffing LTD adheres to the seven core principles of Data Protection Legislation.
IV.i Lawfulness, Fairness and Transparency
Personal Data must be processed in a lawful manner and the Data Subject must be informed about how their data is used.
IV.ii Purpose Limitation
Personal Data must only be collected for clear and legitimate business purposes and must not be processed in a manner incompatible with those purposes.
IV.iii Data Minimisation
Only Personal Data that is strictly necessary for the intended purpose shall be collected and processed.
IV.iv Accuracy
Personal Data must be reviewed and updated where required. Reasonable steps shall be taken to ensure accuracy.
IV.v Storage Limitation
Personal Data must not be retained longer than necessary for operational, legal or regulatory purposes.
IV.vi Integrity and Confidentiality
Appropriate technical and organisational security measures must be implemented to prevent unauthorised access, alteration, disclosure or loss.
IV.vii Accountability
UnityPath Staffing LTD must document and demonstrate compliance through internal controls, staff training and recordkeeping.
UnityPath Staffing LTD processes Personal Data only where at least one lawful basis under Data Protection Legislation applies.
V.i Consent Where explicit and informed consent is required, the Data Subject shall be advised of the purpose of Processing and their right to withdraw consent at any time.
V.ii Contractual Necessity Processing is lawful where required to enter into or fulfil a contractual agreement, including employment contracts, payroll and temporary staffing assignments.
V.iii Legal Obligation Processing is lawful where necessary to comply with legal duties such as right-to-work verification, safeguarding, tax reporting or regulatory requirements.
VI.i UnityPath Staffing LTD recognises that Special Category Personal Data requires heightened protection due to its sensitive nature. Such data includes information relating to health, racial or ethnic origin, religious beliefs, biometric identifiers or sexual orientation.
VI.ii Special Category Personal Data shall only be collected where strictly necessary and where a lawful basis under Article 9 UK GDPR applies, such as explicit consent, legal obligations relating to employment, safeguarding requirements or substantial public interest.
VI.iii Access to Special Category Personal Data is strictly limited to authorised personnel and must be securely stored using appropriate encryption, access controls and confidentiality safeguards.
UnityPath Staffing LTD ensures that all Data Subjects may exercise their rights under Data Protection Legislation.
VII.i Right to Access
Individuals may request a copy of their Personal Data held by the Company.
VII.ii Right to Rectification
Individuals may request correction of inaccurate or incomplete Personal Data.
VII.iii Right to Erasure (“Right to be Forgotten”)
Individuals may request deletion of their Personal Data where lawful grounds permit.
VII.iv Right to Restrict Processing
Processing may be limited where accuracy, necessity or lawfulness is contested.
VII.v Right to Data Portability
Individuals may request transfer of Personal Data to another service provider where applicable.
VII.vi Right to Object
Individuals may object to Processing based on legitimate interest or direct marketing.
VII.vii Requests shall be handled within one calendar month, unless extended for permitted reasons.
VIII.i UnityPath Staffing LTD provides clear privacy information to Data Subjects at the point of data collection.
VIII.ii Privacy information includes the lawful basis, purpose of processing, retention periods and Data Subject rights.
VIII.iii Where Personal Data is obtained indirectly, privacy information shall be issued within a reasonable timeframe.
UnityPath Staffing LTD implements security measures to prevent unauthorised access, alteration or loss of Personal Data.
IX.i Physical Security
Personal Data in paper format is stored in locked, restricted-access areas.
Documents must not be left on desks, printers or vehicles unattended.
Visitors to controlled environments must be supervised.
IX.ii Device and System Security
Only approved devices may access Company systems.
Strong Passwords and automatic screen-lock must be enabled.
Personal devices must not store Company data unless explicitly authorised and encrypted.
IX.iii Network and Transmission Security
Access to systems operates on a role-based need-to-know principle.
Personal Data transmitted electronically must be encrypted.
Personal email or consumer cloud services must not be used.
IX.iv Removable Media
Must be encrypted and used only when strictly necessary.
Lost removable devices must be reported immediately.
X.i UnityPath Staffing LTD retains Personal Data only as long as necessary for legal, operational, employment, tax or safeguarding requirements.
X.ii Disposal Methods
FormatDisposal Method
Paper RecordsSecure shredding / confidential waste
Electronic FilesPermanent deletion from systems & backups
Devices / DrivesCertified erasure or physical destruction
XI.i Definition
A data breach includes accidental or unlawful loss, destruction, disclosure or access to Personal Data.
XI.ii Reporting Requirement
Any suspected breach must be reported immediately to:
📧 info@unitypath.co.uk
XI.iii Response
The Company will:
Assess risk and scope
Determine whether notification to the ICO is required within 72 hours
Notify affected individuals where required
Failure to report a breach may result in disciplinary action.
XII.i The Company maintains encrypted backups and contingency plans to ensure continuity of operations in the event of IT failure, cyber incident or data corruption.
XII.ii Procedures are tested periodically and reviewed annually.
XIII. Subject Access Requests (SARs)
XIII.i Submitting a Request
Requests must be submitted in writing to:
📧 info@unitypath.co.uk
XIII.ii Response Time
The Company will respond within one calendar month, extendable where permitted.
XIII.iii Limitations
Access may be restricted where disclosure would affect rights of others or is prohibited by law.
XIV.i Data may be shared only where necessary and lawful, including:
Clients (for work placements)
Payroll, vetting and compliance services
Regulatory authorities
XIV.ii Third parties must sign binding data handling agreements and must not use data beyond agreed purposes.
XIV.iii UnityPath Staffing LTD does not sell Personal Data under any circumstances.
XV.i Transfers outside the UK will only occur where:
The destination is covered by Adequacy Regulations, or
Standard Contractual Clauses (SCCs) are in place.
XVI.i This Policy is reviewed annually and when legislation or business operations change.
XVII.i By working with UnityPath Staffing LTD, all individuals acknowledge their responsibility to comply with this Policy and understand that breaches may result in disciplinary, legal or regulatory action.
71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom
Connecting People. Empowering Workplaces.
We provide safe, reliable staffing across Social Care, SEN & Education, Logistics, Cleaning & Facilities, Construction, Hospitality, and Office Support roles.
James Miller
Recruitment Coordinator
James Miller
Hi! 👋 I’m James, Recruitment Coordinator If you’re exploring job opportunities, I’m here to help. How can I support you today?
Powered by Elementor
