Privacy,
plainly stated.

This Privacy Policy explains how TimeStaffer (“we”, “us”, “our”) collects, uses, and protects personal data when you use our platform and services.

We are committed to protecting your privacy and ensuring compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

TimeStaffer is a software platform providing tools to support businesses in managing sponsor licence compliance, workforce monitoring, and record keeping.

For the purposes of data protection law:

• Clients (business users) are the Data Controllers.
• TimeStaffer acts as a Data Processor.
• In limited cases (e.g. website enquiries), we may act as a Data Controller.

We may collect and process the following categories of data.

Personal data

• Name, email address, phone number.
• Job title and employer details.

Employee data (uploaded by Clients)

• Employee names and contact details.
• Immigration and employment-related information.
• Attendance, reporting, and compliance records.

Technical data

• IP address.
• Browser type and device information.
• Usage data and system logs.

We collect data:

• Directly from you (account registration, enquiries).
• From Clients who upload employee data.
• Automatically through system usage (cookies and logs).

We process data to:

• Provide and operate the Platform.
• Manage user accounts.
• Enable sponsor licence compliance tracking.
• Provide support and communication.
• Improve our services.
• Ensure system security.

Under UK GDPR, we rely on:

• Contractual necessity — to provide our services.
• Legitimate interests — to improve and secure the Platform.
• Legal obligations — where required by law.

We may share data with:

• Cloud hosting providers.
• IT and support service providers.
• Legal or regulatory authorities where required.

Where data is transferred outside the UK, we ensure appropriate safeguards are in place, such as:

• UK adequacy regulations.
• Standard contractual clauses.

We implement appropriate technical and organisational measures, including:

• Secure servers and encryption.
• Access controls.
• Regular system monitoring.

However, no system is completely secure, and we cannot guarantee absolute security.

We retain data:

• For the duration of the Client’s subscription.
• For a reasonable period thereafter.
• As required by law.

Clients are responsible for managing retention of employee data.

Under UK GDPR, individuals have the right to:

• Access their data.
• Request correction of inaccurate data.
• Request deletion (where applicable).
• Restrict or object to processing.
• Data portability.

Requests should be directed to the Client (data controller) where applicable.

We use cookies to:

• Improve user experience.
• Analyse website usage.

You can control cookies through your browser settings. See our Cookie Policy for details.

Our Platform may integrate with third-party services. We are not responsible for their privacy practices.

Our services are not intended for children, and we do not knowingly collect data from individuals under 18.

We may update this Privacy Policy from time to time. Continued use of the Platform indicates acceptance of any changes.

For any data protection queries, write to us.