Privacy Policy

Effective Date: 2025

JSC is committed to safeguarding the privacy and security of your personal data. This Privacy Policy outlines how we collect, use, store, and protect your personal information in compliance with the UK General Data Protection Regulation (UK GDPR).

Who We Are

JSC serves as a “data controller,” meaning we determine the purposes and methods of processing your personal data. We are responsible for ensuring that your information is handled securely and in compliance with applicable data protection regulations.

Data Protection Principles

We process your personal data in accordance with the following principles, ensuring it is:

  • Used lawfully, fairly, and transparently.
  • Collected for legitimate purposes we have communicated to you.
  • Relevant, limited, and accurate.
  • Updated as necessary.
  • Retained only for as long as needed for the stated purposes.
  • Secured against unauthorized access, loss, or misuse.

Information We Collect

We may collect and process the following types of personal data to carry out our business functions and obligations to you as an employee, worker, contractor, or client of JSC.

General Personal Data

  • Name, title, and contact information (address, email, phone number).
  • Date of birth, gender, and marital status.
  • National Insurance number, tax details, and bank account information.
  • Employment or contract start date, location, and job details.
  • Salary, benefits, holiday, and pension information.
  • Identification and right-to-work documents.
  • Emergency contact and next-of-kin information.

Special Categories of Data

  • Health information, including medical conditions or disabilities.
  • Racial or ethnic origin, religious beliefs, and sexual orientation (for equal opportunities monitoring).
  • Criminal records, where applicable and necessary.

How We Collect Your Data

We collect your personal information in several ways, including directly from you through application forms, contracts, or other communications. We may also receive data from recruitment agencies, previous employers, or background check providers.

How We Use Your Data

We use your data only when legally permitted. Examples of lawful purposes include, but are not limited to, the following scenarios:

  • To fulfil contracts we have entered into with you.
  • To comply with legal obligations (e.g., reporting taxes to HMRC).
  • To manage employment relationships, including payroll processing, benefits administration, leave tracking, and training.
  • To ensure health and safety compliance.
  • To prevent fraud or handle grievances and disciplinary processes.

Where necessary, we may also use your data for legitimate business interests, provided your rights and freedoms are not overridden by these interests.

Data Sharing

We may share your personal information with the following types of third parties to ensure the effective delivery of our services:

  • Pension providers, payroll administrators, and legal advisors.
  • IT service providers hosting our systems.
  • Government entities or regulatory authorities, as required by law.

We ensure all third parties processing personal data on our behalf adhere to strict data protection standards and use your data only per our instructions.

Data Security

We take the security of your data seriously. Appropriate measures are implemented to protect your personal data from loss, unauthorized access, or breaches. This includes regular system monitoring, encryption of sensitive data, and access restrictions based on need-to-know principles.

Data Retention

We retain your personal data only as long as necessary for the purposes for which we collected it. After your employment or contractual relationship with JSC ends, we may retain your data for the following periods unless otherwise required by law:

  • Six years: For records kept to comply with auditing or HMRC purposes.
  • Two years: For data that does not fall under strict retention obligations (e.g., communications or preferences).

Once the retention period expires, your data will be deleted or anonymized securely.

Your Rights

Under the UK GDPR, you have the following rights regarding your personal data:

  1. Access and Data Portability: Request access to the data we hold about you.
  2. Rectification: Request that we correct any inaccurate or incomplete data.
  3. Erasure: Request that we delete your personal data where no legal grounds exist to retain it.
  4. Restriction: Restrict certain data processing under specific conditions.
  5. Objection: Object to data processing for legitimate interests.
  6. Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.

To exercise your rights, please contact our Data Protection Officer at [Insert Contact Information].

Changes to This Privacy Policy

We may update this policy from time to time. Any substantial changes will be communicated to you and posted on our website. Please review this policy periodically to stay informed of how we protect your data.

If you are unsatisfied with how we handle your data, you also have the right to file a complaint with the UK Information Commissioner’s Office (ICO). Visit their website at https://ico.org.uk.