GDPR Privacy Policy

Context and overview

Key Details:

Policy prepared by:	Lauren Monks, Group Operations Director
Approved by board/management on:	18^th January 2018
Policy became operational on:	1^st May 2018
Next review date:	1^st November 2026
Updated on:	1^st November 2025

Contractor Umbrella Ltd – Data Protection Policy

Introduction

Contractor Umbrella Ltd needs to gather and use certain information about individuals. These can include customers, suppliers, business contacts, employees and other people the organisation has a relationship with or may need to contact.

This policy describes how personal data must be collected, handled and stored to meet the company’s data protection standards, and to comply with the law.

Why this Policy Exists

This data protection policy ensures Contractor Umbrella Ltd:

Complies with data protection law and follows good practice.
Protects the rights of staff, customers and partners.
Is open about how it stores and processes individuals’ data.
Protects itself from the risks of a data breach.

Data Protection Law

The UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 describe how organisations must collect, handle and store personal information. These rules apply regardless of whether data is stored electronically, on paper or in other materials.

To comply with the law, personal information must be:

Processed lawfully, fairly and transparently.
Collected for specified, explicit and legitimate purposes.
Adequate, relevant and limited to what is necessary.
Accurate and kept up to date.
Retained only for as long as necessary.
Processed securely, with appropriate protection against unauthorised or unlawful use, loss, or damage.

People, Risks and Responsibilities

Scope: This policy applies to all employees, contractors, suppliers and others working on behalf of Contractor Umbrella Ltd. It covers all personal data relating to identifiable individuals, including (but not limited to):

Names, addresses, email addresses, phone numbers.
National Insurance details, payroll information, bank details.
Right to Work verification checks and associated documentation.

Key Responsibilities:

The Board of Directors is ultimately responsible for ensuring Contractor Umbrella Ltd meets its legal obligations.
The Data Protection Officer (DPO) is responsible for:
- Keeping the board updated about responsibilities, risks and issues.
- Reviewing data protection procedures and related policies.
- Managing training and handling data protection queries.
- Managing subject access requests.
- Approving contracts with third parties handling personal data.0
The Operations Director (with external IT support) ensures that systems, services and equipment meet acceptable security standards and oversees security checks.
The Sales and Marketing Director ensures communications and marketing activity comply with data protection law.

All staff handling personal data must ensure it is handled in line with this policy and data protection principles.

General Staff Guidelines

Access to personal data is limited to those who need it for their work.
Data must not be shared informally. Access requests should be directed to line managers or the DPO.
Employees must use strong, unique passwords and never share them.
Personal data must not be disclosed to unauthorised parties.
Data should be regularly reviewed, updated and securely disposed of when no longer required.

Data Use and Processing

Contractor Umbrella Ltd processes personal data for the following purposes:

Payroll and Employment Administration (lawful basis: contract, legal obligation).
Marketing Activities (lawful basis: legitimate interests, or consent where required).
Equal Opportunities Monitoring (lawful basis: consent, anonymised where possible).
Legal and Regulatory Compliance (lawful basis: legal obligation).

Lawful bases for processing are defined under Article 6 UK GDPR: contract, consent, legal obligation, legitimate interests, vital interests, and public task. Sensitive (special category) data is processed only where explicit consent is given or another lawful condition applies.

Data Storage and Security

Paper records must be stored securely in locked cabinets.
Electronic data must be password-protected, encrypted where appropriate, and stored only on approved systems/servers.
Data must not be saved to personal devices.
Regular backups are taken and tested.
Transfers of data outside the UK must comply with adequacy regulations or use approved safeguards such as International Data Transfer Agreements (IDTAs).

Data Retention

Data is retained only as long as necessary. Examples:

Payroll and tax records: 6 years.
Recruitment records: 12 months (unless consent is given to retain longer).
Marketing contact data: until consent is withdrawn or the individual opts out.
General correspondence: up to 2 years after last contact.

Data Accuracy

Employees handling data must ensure it is accurate and up to date. Inaccurate data must be corrected or deleted promptly.

Subject Access Requests (SARs)

Individuals have the right to request access to their personal data. Contractor Umbrella Ltd will:

Respond within one month of receiving the request (extendable by two further months if necessary).
Not charge a fee unless the request is manifestly unfounded or excessive.
Verify the identity of the requester before disclosure.

Requests should be submitted to the DPO at gdpr@contractorumbrella.com.

Individual Rights

Under UK GDPR, individuals also have rights to:

Rectification.
Erasure (“right to be forgotten”).
Restriction of processing.
Data portability.
Object to processing (including direct marketing).
Withdraw consent at any time.
Lodge a complaint with the ICO.

Data Breaches

Contractor Umbrella Ltd will report personal data breaches to the Information Commissioner’s Office (ICO) within 72 hours where legally required. Where a breach poses a high risk to individuals, those affected will be notified without undue delay.

Marketing and Communications

Marketing activity complies with UK GDPR and the Privacy and Electronic

Communications Regulations (PECR).

Individuals may opt out of marketing communications at any time.

Website, Cookies and Analytics

Contractor Umbrella Ltd uses a cookie banner to collect active user consent for non-essential cookies.
Google Analytics and other tools are used in compliance with privacy laws and without collecting identifiable personal data unless consented to.

Contact Us

For queries relating to this policy or personal data rights, please contact:

Data Protection Officer
Contractor Umbrella Ltd
Unit 36, Silk Mill Industrial Estate, Brook Street, Tring, HP23 5EF
Email: gdpr@contractorumbrella.com
Phone: 01206 761 326

Why Choose Contractor Umbrella?

Contractor Umbrella is the hassle-free, straight talking umbrella company that provides umbrella employment for UK based contractors and freelancers. Independently voted as the best umbrella company by the readers of Contractor UK.

As one of the most trusted umbrella companies in the UK, we guarantee our employees peace of mind, absolute compliance and complete security. We are one of the longest standing and most respected umbrella companies in the UK.

If you’d like to find out more, call us on 01206 591 000 or request a call back by completing our online form.

Benefits of working through Contractor Umbrella;

Fast and easy registration – be ready to work in 24 hours, simply register online and we’ll take care of the rest.
Calculate your take home pay – use our online calculator to find out how much you could be taking home through Contractor Umbrella.
Same day payments – We offer same day payments as standard providing funds are received into our account by 9am, for no additional fee.
Our Service Guarantee – is our guarantee that you will be looked after at every step of the way.
Flexible Limited Company accountancy – when you sign up to our sister company Dolan Accountancy, you can transfer to Contractor Umbrella when umbrella employment better suits or your assignment sits inside IR35.
Employee Benefits – at Contractor Umbrella there are many benefits available to you as our employee including Childcare Vouchers, our Employee Rewards Scheme, Group Pension Scheme, Foreign Currency Exchange, Contractor Accommodation, Contractor Mortgages and much more.
Expert Contractor Support Team – Every employee of Contractor Umbrella has access to our expert Contractor Support Team who are available to deal with any queries that you may have. You can get in touch with the Contractor Support Team, through the online chat, by email or by telephone.

Keep in Touch

We understand you might not be ready to make the move to Contractor Umbrella, but we’d love to stay in touch. Enter your email address and we will send you some useful guides to starting out as a contractor and working through an umbrella company.

Gender Pay Gap | Anti-Modern Slavery | Privacy Policy | Cookies | Complaints

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.