Data Protection & GDPR Statement

Our commitment to protecting your data

ProMedical Personnel Ltd (“ProMedical”, “we”, “our”, “us”) is committed to handling all personal data responsibly, securely, and in line with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable UK legislation. 

We believe in transparency, accountability, and ensuring the rights of all individuals whose data we process. 

Who we are

Data Controller: ProMedical Personnel Ltd

Registered address: Kings House, 101-135 Kings Road,

Brentwood, Essex, CM14 4DR

Company number: 06428549 (England & Wales)

Data Protection Officer: Ervin Cenmurati

ICO Registration Number: Z1508179

Contact email: gdpr@promedical.co.uk

Contact phone: 01277 583 850 

Scope of this statement

This statement applies to all personal data we process relating to: 

• Candidates and job applicants. 
• Workers engaged through ProMedical. 
• Clients and prospective clients. 
• Suppliers and business partners. 
• Website visitors and online users. 

Our data protection principles

We adhere to the seven principles of UK GDPR: 

1. Lawfulness, fairness, and transparency – we process data legally and explain clearly how we use it. 
2. Purpose limitation – we collect data for specified, legitimate purposes only. 
3. Data minimisation – we only collect the data we need. 
4. Accuracy – we keep data accurate and up to date. 
5. Storage limitation – we do not keep data longer than necessary. 
6. Integrity and confidentiality – we keep data secure. 
7. Accountability – we take responsibility for how we process data. 

Why we process personal data

We process data to: 

• Provide recruitment, staffing, and workforce solutions. 
• Verify identities, qualifications, and right to work. 
• Manage payroll, invoicing, and compliance records. 
• Communicate relevant opportunities and service updates. 
• Fulfil contractual and legal obligations. 
• Maintain quality, safety, and governance standards. 

Lawful bases for processing

Our processing is based on: 

• Consent – when you have given clear permission for a specific use. 
• Contract – where processing is necessary to perform or prepare a contract. 
• Legal obligation – to comply with UK law (e.g., employment, tax, safeguarding). 
• Legitimate interests – where processing is necessary for our operations and your interests are not overridden. 

Special category data (e.g., health or ethnicity) is processed under Article 9 UK GDPR, where necessary for employment, legal obligations, or with explicit consent.  

How we keep data secure

We apply a range of technical and organisational measures, including: 

• Encrypted systems and secure cloud storage. 

• Access restricted to authorised staff only. 

• Cyber Essentials Plus certification. 

• NHS Data Security & Protection Toolkit compliance. 

• Staff data protection training. 

• Secure disposal of data (digital and paper). 

Data sharing

We may share data with: 

• Clients (for work placement purposes). 

• Background check and compliance service providers. 

• Payroll processors and auditors. 

• Regulatory authorities (e.g., HMRC, NHS framework bodies, CQC). 

• Professional registration bodies. 

All third parties are contractually bound to process data securely and lawfully. 

International transfers

If we transfer data outside the UK/EEA, we ensure safeguards such as standard contractual clauses or equivalent protections approved by the ICO. 

Data retention

We retain personal data for six (6) complete years from your last recorded interaction, unless legal or contractual requirements require a longer retention period. Data is securely destroyed or anonymised when no longer needed. 

Your rights under UK GDPR

You have the right to: 

• Access your data. 

• Request correction of inaccurate data. 

• Request deletion of your data. 

• Restrict or object to processing. 

• Data portability (in some cases). 

• Withdraw consent at any time (where processing is based on consent). 

To exercise your rights, email gdpr@promedical.co.uk or write to us at the above address. 

How to complain

If you are unhappy with how we process your data, contact our Data Protection Officer.
You can also complain to the Information Commissioner’s Office: 

• Website: www.ico.org.uk 

• Tel: 0303 123 1113 

Review and Updates

This policy is subject to an annual review to ensure its ongoing relevance and compliance with current legislation, regulatory requirements, and organisational standards. Interim reviews may be undertaken if significant legislative, regulatory, or operational changes occur. 

 

Last reviewed: 28/08/2025