Data Processing
Agreement.

This Data Processing Agreement (“DPA”) applies to the use of the TimeStaffer platform and forms part of the contractual relationship between TimeStaffer and its Clients.

By using the Platform, Clients agree to this DPA.

• The Client acts as the Data Controller.
• TimeStaffer acts as the Data Processor.

The Client determines the purpose and means of processing personal data.

TimeStaffer processes personal data solely to provide its services, including:

• Sponsor licence compliance management.
• Employee monitoring and reporting.
• Record keeping and audit support.

Processing may include:

• Employee personal details.
• Employment and compliance data.
• Immigration-related information.
• Attendance and reporting records.

TimeStaffer will:

• Process data only on Client instructions.
• Maintain confidentiality.
• Implement appropriate security measures.
• Not use data for its own purposes.

We implement appropriate safeguards including:

• Access controls.
• Secure infrastructure.
• System monitoring.

We may use trusted third-party providers (e.g. cloud services) to deliver our services.

We ensure appropriate safeguards are in place.

TimeStaffer will assist Clients in responding to data subject requests where required.

Clients remain responsible for handling such requests.

We will notify Clients without undue delay in the event of a personal data breach.

Data is retained:

• During the service period.
• As required by law.

Data will be deleted or returned upon termination, subject to legal obligations.

Clients may request reasonable information to demonstrate compliance with data protection laws.

This DPA is governed by:

• UK GDPR.
• Data Protection Act 2018.

For any data protection queries, write to us.