Phone 0114 339 2026
info@uniqueschoolsolutions.co.uk Email
Payroll Portal
Email info@uniqueschoolsolutions.co.uk Phone 0114 339 2026
Hero Poster

Legal & Compliance

Data Protection and GDPR Policy

Last updated: May 26, 2026

Introduction

We hold personal data about our employees, clients, suppliers and other individuals for a variety of business purposes.

The policy sets out how we seek to protect personal data and ensure that staff understand the rules governing their use of personal data which they have access to during their work. This policy requires staff to ensure that the Data Protection Officer before any significant new data processing activity, is initiated so that all relevant compliance steps are addressed.

Unique School Solutions is registered with the Information Commissions Office (ICO) under reference ZA304371. Our Data Controller is Rebecca Dodd. The contact details for our Data Controller are info@uniqueschoolsolutions.co.uk

Definitions

Business Purposes

The purposes for which personal data may be used by us:

Personnel, administrative, financial, regulatory and business development purposes.

Business purposes include the following:

  • Compliance with our legal, regulatory and corporate governance obligations and good practice.
  • Gathering information as part of investigations by regulatory bodies or in connection with legal proceedings or requests.
  • Ensuring business policies are adhered to.
  • Operational reasons, such as recording transactions, training and quality control, ensuring the confidentiality of commercially sensitive information including security vetting.
  • Investigating complaints.
  • Checking references, ensuring safe working practices, monitoring and managing staff access to systems to systems and staff absences, administration and assessments.
  • Monitoring staff conduct including disciplinary matters.
  • Marketing the business.
  • Improving services.

Personal data

Information relating to identifiable individuals, such as job applicants, current and former employees, agency, contract and other staff, clients, suppliers and marketing contacts.

Personal data we gather may include individuals contact details, educational background, financial and pay details, details of certificates and diplomas, education and skills, marital status, nationality, job title and CV.

Sensitive and personal data

Personal data about an individual’s racial or ethnic origin, physical or mental health condition, criminal offences, or related proceedings should be strictly controlled in accordance with this policy.

Scope of this policy

This policy applies to all staff. You must be familiar with this policy and comply with its terms.

This policy supplements our other policies relating to internet and email use. We may supplement or amend this policy with additional policies and guidelines from time to time. Any new or modified policy will be circulated to staff before being adopted.

Our Procedures

Fair and lawful processing

We process personal data fairly and lawfully in accordance with individuals’ rights. This generally means that we should not process personal data unless the individual who details we are processing has consented to this happening.

The responsibilities of the Data Protection Officer

  • Reviewing all data protection procedures and policies on a regular basis.
  • Arranging data protection training for internal staff who will have access to data.
  • Responding to individuals who wish to know which data is being held on them by Unique School Solutions Ltd.

IT responsibilities

  • Ensuring all systems services and software meet acceptable security standards.
  • Checking and scanning security hardware and software regularly to ensure it is functioning properly.

Marketing responsibilities

  • Approving data protection statements attached to emails and other marketing copy.
  • Addressing data protection queries from target audiences and clients.

The processing of all data must be:

  • Necessary to deliver our services.
  • In our legitimate interests and not unduly prejudice the individual’s privacy.

Sensitive Personal Data

In most cases where we process sensitive personal data, we will require the individual’s explicit consent to do this unless exceptional circumstances apply, or we are required to by law (e.g. to comply with legal obligations to ensure health and safety at work). Any such consent will need to clearly identify what the relevant data is, why it is being processed and to whom it will be disclosed.

Data Security

You must keep personal data secure against loss or misuse. Where other organization process personal data as a service on our behalf we will establish, what, if any, specific data security arrangements need to be implemented in contracts with third-party organization.

Storing Date Securely

  • Where data is stored on printed paper, it should be kept in a secure place where unauthorized personnel cannot access it.
  • Printed data that is no longer needed should be shredded.
  • Data stored on a computer should be protected by strong passwords that are changed regularly. We encourage all staff to use a password manager and set up two factor authentication where available.
  • Data should be regularly backed up.
  • Data should never be saved directly to mobile devices such as laptops, tablets or smartphones unless it is password protected in line with policy and for the use only within the objectives.
  • All servers containing sensitive data must be approved and protected by security software and strong firewalls.

Data Retention

We retain personal data for no longer than is necessary and required by law. Details of our data retention process can be found within the data retention policy.

Subject access requests

Under the Data Protection Act 1998, individuals are entitled, subject to certain exceptions, to request access to information held about them.

If a subject access request is received this should be immediately referred to the Data Controller to action.

Please contact our Data Controller if you would like to correct or request information that we hold about you. There are restrictions on the information to which you are entitled under applicable law.

Processing data in accordance with individual rights

Any request from an individual not to use their personal data for direct marketing purposes should be adhered to. Please notify the Data Controller of such requests.

Training

All internal staff receive training in this policy. Further training will be provided whenever there is a substantial change in the law or to our internal policies.

GDPR Provision

Being transparent and providing accessible information to individuals about how we will use their personal data is important for our organization. The following are details on how we collect data and what we will do with it.

We collect personal details including phone numbers, email addresses and date of birth. When someone comes to register, we are obliged to collect safeguarding documents such as ID, proof of address, proof of national insurance, DBS and qualification certificates.

This information is collected by Unique School Solutions staff including Directors, Recruitment Consultants and Administrators through the following channels:

 

  • Website
  • Social Media
  • Phone enquiries
  • Job applications
  • CV watchdogs (when a CV is uploaded)

 

The data used is always with the goal of obtaining work for an individual, and with the permission of the individual, details of experience and work history will be passed to our clients.

Data will be stored on our secure internal systems which will always password encrypted, and all paper files will be kept in locked cabinets.

How data will be used

Contact via phone, email or social media to inform individuals of:

  • Job opportunities
  • Confirmation of work
  • CPD opportunities

Justification for personal Data

We will process personal data in compliance with all six data protection principles.

We will document the additional justification for the processing of sensitive data, and will ensure any biometric and genetic data is considered sensitive.

Consent

The data that we collect is subject to active consent by the data subject. This consent can be revoked at any time.

Data portability

Upon request, a data subject should have the right to receive a copy of their data in a structured format. These requests should be processed within a month, provided there is no undue burden and it does not compromise the privacy of other individuals.

Right to be forgotten

A data subject may request that any information held on them is deleted or removed, and any third parties who process or use that data must also comply with the request. An erasure request can only be refused if an exemption applies.

Reporting breaches

All members of internal staff have an obligation to report actual or potential data protection compliance failures. Any such concerns should be reported immediately to the Data Controller who will then conduct an investigation and report to the ICO where relevant.