Privacy Policy

Revision date: 01 March 2024

Gi Group want to protect the privacy of both our website visitors and our clients. This privacy policy will help you understand how we collect, use and process your personal data.

Data controller: Gi Group of companies, including Gi Group Recruitment Limited, Gi Group Recruitment Ltd, Draefern Ltd T/A Gi Group, Excel Resourcing Ltd, Gi Group Holdings Recruitment Gi Recruitment Limited, Draefern Limited, Gi Group Recruitment Ltd, INTOO (UK) Limited, Marks Sattin (UK) Limited, TACK TMI UK Limited, Grafton Professional Staffing Limited, Encore Personnel Services, and Kelly Services (UK) Ltd, registered at Unit A, The Glass Yard, Sheffield Road, Chesterfield, S41 8JY hereby referenced as “THE ORGANISATION”.

We are committed to protecting the privacy of all our candidates and clients. Following some recent changes to data protection laws we have updated our Privacy Policy.

The Data Protection Officer for Gi Group is P4I S.r.l. For any enquiries about this privacy policy or to exercise any rights under this policy please email

THE ORGANISATION collects and processes personal data relating to its candidates, temporary workers and employees to manage the employment relationship. THE ORGANISATION is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.

Whenever you give us personal data, it will be used in accordance with this privacy policy, including our use of cookies as explained below. This privacy policy also relates to our use of any personal information you provide to us by phone, SMS, email, in letters and other correspondence and in person.

Changes to The Organisation’s Privacy Policy

We may update or change our privacy policy at any time without giving you notice, so you may want to check it each time you submit personal information to THE ORGANISATION. The date of the most recent revisions will appear on this page. If you do not agree to these changes, please do not continue to supply your personal information to THE ORGANISATION. If material changes are made to the Privacy Notice, we will notify you by placing a prominent notice on the website.

Revision date: 21/12/2023

Why do we have a privacy notice?

Your privacy is important to us, and we are committed to protecting and safeguarding the data privacy rights of visitors to our website in accordance with applicable law and this Privacy Policy. Under the Data Protection Act 2018 we must comply with certain regulations which are designed to ensure that any data you provide to us is processed with due care and attention.

This Privacy Notice details the information we collect, how we use and process that information, and to whom it may be disclosed.

What information does the organisation collect?

THE ORGANISATION may collect and process a range of information about you. This includes:


  • Your name, address and contact details, including email address and telephone number, date of birth and gender;
  • Details of your qualifications, skills, experience and employment history, including start and end dates, with previous employers (including references, driving licences, etc) and with THE ORGANISATION and any other information contained in your application form, CV or covering letter;
  • Information about your nationality and entitlement to work in the UK;
  • General communication, including but not limited to, email, postal letters and text messaging
  • Any other information required for legal compliance

Temporary Workers and Employees

  • Your name, address and contact details, including email address and telephone number, date of birth and gender;
  • The terms and conditions of your employment or assignment, including information required by our clients for specific workplace requirements;
  • Details of your qualifications, skills, experience and employment history, including start and end dates, with previous employers (including references, driving licences, etc) and with THE ORGANISATION and any other information contained in your application form, CV or covering letter;
  • Information about your remuneration, including entitlement to benefits such as pensions or insurance cover;
  • Details of your bank account, national insurance number and bank details;
  • Information about your marital status, next of kin, dependants and emergency contacts;
  • Information about your nationality and entitlement to work in the UK;
  • Information about your criminal record (including any relevant DBS or equivalent checks);
  • Details of your schedule (days of work and working hours) and attendance at work;
  • Assignment details, including dates and locations of assignments and the work undertaken;
  • Timesheets;
  • Details of periods of leave taken by you, including holiday, sickness absence, family leave and sabbaticals, and the reasons for the leave and copies of related documents such as GP fit notes and MAT B1 forms;
  • Details of any disciplinary or grievance procedures in which you have been involved, including any warnings issued to you and related correspondence;
  • Assessments of your performance, including appraisals, performance reviews and ratings, training you have participated in, performance improvement plans and related correspondence;
  • Information about medical or health conditions, including whether or not you have a disability for which THE ORGANISATION needs to make reasonable adjustments;
  • Information about any work related accidents;
  • Details of trade union membership;
  • Equal opportunities monitoring information, including information about your ethnic origin, sexual orientation, health and religion or belief;
  • 48 Hour Working Time Directive;
  • PPE Deduction Forms and Confirmation;
  • Information about any Drug or Alcohol tests untaken as workplace requirements;
  • General communication, including but not limited to, email, postal letters and text messaging;
  • CCTV footage;
  • Information from fobs and key cards;
  • Any other information required for legal compliance

THE ORGANISATION collects this information in a variety of ways. For example, data is collected through application forms, CVs; obtained from your passport or other identity documents such as your driving licence; from forms completed by you at the start of or during employment (such as benefit nomination forms); from correspondence with you; or through interviews, meetings or other assessments or via our website.

In some cases, THE ORGANISATION collects personal data about you from third parties, such as references supplied by former employers, information available via online job boards, information from employment background check providers, information from credit reference agencies, job boards and information from criminal records checks permitted by law.

We automatically collect data about visitors to our website (for example on browsing patterns, demographic data, location, browser and devices used, pages visited, time spent on pages visited, referral source) by using cookies, explained below. This data is used only in an anonymous form; no individual is identified.

Data is stored in a range of different places, including in your personnel file, in THE ORGANISATION’s People management systems and in other IT systems (including THE ORGANISATION’s email system). Temporary Workers’ data is stored in our candidate management databases, which includes; Access, Agility, Spinner, Bullhorn.


A cookie is a small amount of data, which often includes a unique identifier that is sent to your computer, tablet or mobile phone web browser from a website’s computer and is stored on your device’s hard drive. A cookie cannot read data on your hard disk or read cookie files created by other sites. Cookies do not damage your system.

Each website can send its own cookie to your web browser if your browser’s preferences allow it. Many websites do this whenever a user visits their website in order to track online traffic flows. If you continue without changing your settings, we will assume that you are happy to receive all cookies on our website. You can set your browser so as to refuse any cookie or to alert you to when a cookie is being sent. If you choose not to accept our cookies, some of the features of our site may not function as intended.

We only use cookies for the purposes of website administration and to give us information about the number of visitors to different parts of our website.

Why does the organisation process personal data?

THE ORGANISATION needs to process data to enter into a contract for services or a contract of employment with you and to meet its contractual obligations. For example, it needs to process your data to provide you with the applicable contract to pay you and to administer benefit, pension and insurance entitlements.

In some cases, THE ORGANISATION needs to process data to ensure that it is complying with its legal obligations. For example, it is required to check all documents relating to entitlement to work in the UK, to deduct tax, to comply with health and safety laws and to enable workers and employees to take periods of leave to which they are entitled. For certain positions, it is necessary to carry out criminal records checks to ensure that individuals are permitted to undertake the role in question.

In other cases, THE ORGANISATION has a legitimate interest in processing personal data before, during and after the end of the assignment or employment relationship. Processing data allows THE ORGANISATION to:

  • run recruitment and promotion processes;
  • maintain accurate and up-to-date worker or employment records and contact details (including details of who to contact in the event of an emergency), and records of contractual and statutory rights;
  • Employees ONLY: operate and keep a record of disciplinary and grievance processes, to ensure acceptable conduct within the workplace;
  • Employees ONLY: operate and keep a record of employee performance and related processes, to plan for career development, and for succession planning and workforce management purposes;
  • Agency Workers ONLY: operate and keep a record of performance related processes and complaints, to ensure acceptable conduct in the workplace.
  • operate and keep a record of absence and absence management procedures, to allow effective workforce management and ensure that employees and agency workers are receiving the pay or other benefits to which they are entitled;
  • with consent, obtain occupational health advice, to ensure that it complies with duties in relation to individuals with disabilities, meet its obligations under health and safety law, and ensure that workers and employees are receiving the pay or other benefits to which they are entitled;
  • operate and keep a record of other types of leave (including maternity, paternity, adoption, parental and shared parental leave), to allow effective workforce management, to ensure that THE ORGANISATION complies with duties in relation to leave entitlement, and to ensure that employees are receiving the pay or other benefits to which they are entitled;
  • ensure effective general HR and business administration;
  • provide references on request for current or former employees;
  • respond to and defend against legal claims; and
  • maintain and promote equality.

Where THE ORGANISATION relies on legitimate interests as a reason for processing data, it has considered whether or not those interests are overridden by the rights and freedoms of employees or workers and has concluded that they are not.

Some special categories of personal data, such as information about health or medical conditions, is processed to carry out employment law obligations (such as those in relation to employees with disabilities and for health and safety purposes). Information about trade union membership is processed to allow THE ORGANISATION to operate check-off for union subscriptions.

Where THE ORGANISATION processes other special categories of personal data, such as information about ethnic origin, sexual orientation, health or religion or belief, this is done for the purposes of equal opportunities monitoring. Employees/Candidates are entirely free to decide whether or not to provide such data and there are no consequences of failing to do so.

Who has access to data?

Your information will be shared internally, including between companies in THE ORGANISATION’s group, members of the People and recruitment team, payroll, your line manager, managers in the business area in which you work and IT staff if access to the data is necessary for performance of their roles.

Data provided within our platform MyGiGroup will be made available to other Gi Group companies including, Wyser S.r.l, Gi Group Wyser Search and Selection, LDA, Excel Resourcing Ltd, Draefern Ltd, INTOO S.r.l, TACK International Ltd, TACK TMI Ltd, Marks Sattin (UK) Ltd, Grafton Recruitment Ltd UK, Grafton Recruitment Ltd ROI, INTOO UK Ltd  and Encore Personnel Services to allow candidates to speed up the registration procedure to the reserved areas of the respective portals of these companies who act as autonomous data controllers within the Gi Group of companies.

THE ORGANISATION shares your data with third parties to obtain references from other employers, obtain employment background checks from third-party providers and obtain necessary criminal records checks from the Disclosure and Barring Service. THE ORGANISATION may also share your data with third parties in the context of a sale of some or all its business or with THE ORGANISATION’s clients in relation to providing services related to finding suitable work. In those circumstances, the data will be subject to confidentiality arrangements.

THE ORGANISATION also shares your data with third parties that process data on its behalf, in connection with payroll, administering your pension, the provision of benefits and the provision of occupational health services.

We will only transfer data outside of the European Economic Area or EEA (i.e., the Member States of the European Union, together with Norway, Iceland, and Liechtenstein) where it is compliant with data protection legislation and the means of transfer provides adequate safeguards in relation to your data, for example:

  • by way of data transfer agreement, incorporating the current standard contractual clauses adopted by the European Commission for the transfer of personal data by data controllers in the EEA to data controllers and processors in jurisdictions without adequate data protection laws; or
  • by signing up to the EU-U.S. Privacy Shield Framework for the transfer of personal data from entities in the EU to entities in the United States of America or any equivalent agreement in respect of other jurisdictions; or
  • transferring your data to a country where there has been a finding of adequacy by the European Commission in respect of that country’s levels of data protection via its legislation; or
  • where it is necessary for the conclusion or performance of a contract between ourselves and a third party and the transfer is in your interests for the purposes of that contract (for example, if we need to transfer data outside the EEA in order to meet our obligations under that contract if you are a Client of ours); or
  • where you have consented to the data sharing.

How does the organisation protect data?

THE ORGANISATION takes the security of your data seriously. THE ORGANISATION has internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties.

Where THE ORGANISATION engages third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.

For how long does the organisation keep data?

To request THE ORGANISATION’S Data Retention Policy please email:

Will your data be used for Marketing Purposes?

THE ORGANISATION may from time to time send you emails, direct mail or otherwise contact you for marketing purposes, or to promote new services, activities or content where we believe there is a legitimate interest to you or where you have agreed to this. Where you have agreed to receive these communications, we may personalise the message content based upon any information you have provided to us and your use of THE ORGANISATION’s services.

You may at any time request us to stop using your personal data for direct marketing purposes, or unsubscribe from email communications. If you wish to do this please contact

Your rights

As a data subject, you have a number of rights:

  • Your right of access – You have the right to ask us for copies of your personal information.
  • Your right to rectification – You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
  • Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
  • Your right to restriction of processing – You have the right to ask us to restrict the processing of your information in certain circumstances.
  • Your right to object to processing – You have the right to object to the processing of your personal data in certain circumstances.
  • Your right to data portability – You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances.

In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

If you would like to exercise any of these rights, please email

You can make a subject access request by completing THE ORGANISATION’s SARs form. Please click here.

If you believe that THE ORGANISATION has not complied with your data protection rights, you can raise a complaint to the Information Commissioner.

What if you do not provide personal data?

You have some obligations under your contract for services or employment contract to provide THE ORGANISATION with data. In particular, you are required to report absences from work and may be required to provide information about disciplinary or other matters under the implied duty of good faith. You may also have to provide THE ORGANISATION with data in order to exercise your statutory rights, such as in relation to statutory leave entitlements. Failing to provide the data may mean that you are unable to exercise your statutory rights.

Certain information, such as contact details, your right to work in the UK and payment details, have to be provided to enable THE ORGANISATION to enter into a contract with you. If you do not provide other information, this will hinder THE ORGANISATION’s ability to administer the rights and obligations arising as a result of the worker, or employee relationship efficiently.

Offensive or Inappropriate Content

If you post or send offensive, inappropriate or objectionable content anywhere on any Gi Group or associated company platforms  or to THE ORGANISATION or otherwise engage in any disruptive behaviour on any of THE ORGANISATION’s services, THE ORGANISATION may use your personal information to stop such behaviour.

Where THE ORGANISATION reasonably believes that you are or may be in breach of any applicable laws (e.g. because content you have posted may be defamatory), the company may use your personal information to inform relevant third parties such as your employer, email/internet provider or law enforcement agencies about the content and your behaviour.


THE ORGANISATION’s website or other online services may contain hyperlinks to websites owned and operated by third parties. These third party websites have their own privacy policies, and are also likely to use cookies. They will govern the use of personal information you submit, which may also be collected by cookies whilst visiting these websites. We do not accept any responsibility or liability for the privacy practices of such third party websites and your use of such websites is at your own risk. This Privacy Notice applies only to personal data collected by THE ORGANISATION, and to how THE ORGANISATION processes personal data.

Automated decision-making

Employment decisions are not based on automated decision-making.


Registered office: Gi Group UK, The Glass Yard, Sheffield Road, Chesterfield, S41 8JY

Email contact:

Disclaimer: This policy is meant to provide general guidelines and should be used as a reference. It may not take into account all laws and is therefore not a legal document. The Company will not assume any legal liability that may arise from the use of this policy.

Signed: Paulo Canoa – Regional Head and Country Manager UK & Ireland
Date: December 2023