GDPR Data Protection Policy

 

1. Introduction

Nexter Ltd ("we", "us", "our") is committed to protecting the privacy and security of personal data we collect and process in our capacity as a recruitment agency providing temporary and permanent staffing services to regulated childcare settings, including nurseries.

This GDPR Data Protection Policy outlines how we comply with the UK General Data Protection Regulation (GDPR) and Data Protection Act 2018 relating to the personal data of our candidates, clients, and employees.

2. Scope

This policy applies to all personal data processed by Nexter Ltd in connection with our recruitment activities and client services, including but not limited to:

  • Candidates seeking temporary or permanent assignments

  • Clients and nursery contacts

  • Our own employees and contractors

3. Data Protection Principles

We adhere to the following key principles when processing personal data:

  • Lawfulness, fairness, and transparency: We process data lawfully with clear, informed consent or alternative lawful basis, and communicate transparently about data use.

  • Purpose limitation: Data is collected for specified, explicit, and legitimate recruitment purposes only.

  • Data minimisation: We collect only the minimum necessary personal data to fulfil our recruitment and placement obligations.

  • Accuracy: We keep data accurate and up to date, correcting or deleting inaccurate information promptly.

  • Storage limitation: Data is retained only for as long as necessary and in accordance with legal and regulatory requirements.

  • Integrity and confidentiality: Data is securely stored and protected from unauthorised access or breaches.

4. Lawful Bases for Data Processing

We process personal data based on the following lawful grounds:

  • Consent: Where candidates voluntarily provide personal information for recruitment purposes.

  • Contractual necessity: Data processing necessary to perform contractual obligations with our clients and candidates.

  • Legal obligation: Compliance with regulatory requirements applicable to recruitment in childcare settings.

  • Legitimate interests: Where processing is necessary for legitimate business interests, balanced against data subject rights.

5. Types of Personal Data Collected

We collect and process the following types of personal data:

  • Identification and contact data (name, address, phone, email)

  • Employment history, qualifications, and references

  • Criminal record and DBS check information (as required by regulated childcare sector)

  • Health and disability information relevant to recruitment and reasonable adjustments

  • Equality monitoring data (collected and processed in compliance with equality legislation)

  • Client and nursery contact details

6. Data Subject Rights

Individuals whose data we process have the following rights under GDPR:

  • Right to be informed about how their data is used

  • Right to access their personal data

  • Right to rectification of inaccurate data

  • Right to erasure ("right to be forgotten") subject to legal retention requirements

  • Right to restrict processing

  • Right to data portability

  • Right to object to processing

  • Rights related to automated decision-making and profiling (not applicable in our operations)

Requests to exercise data rights should be directed to our Data Protection Officer (DPO) at [contact email].

7. Data Security and Confidentiality

We implement appropriate technical and organisational measures to safeguard data including:

  • Access controls, user authentication, and 2FA on digital systems (e.g., Zoho CRM)

  • Staff training on data protection and confidentiality obligations

  • Secure storage and transfer of sensitive documents

  • Regular review of security policies and incident response procedures

  • 24/7 IT support contract for swift management of any technical issues

8. Data Retention

We retain candidate and client personal data for as long as necessary to fulfil our recruitment obligations and legal compliance, typically:

  • Candidate data: for the duration of placement plus 6 years (to comply with tax, employment, and regulatory requirements)

  • Client data: for duration of business relationship plus 6 years
    We securely destroy or anonymise data that is no longer required.

9. Sharing Personal Data

We share personal data with:

  • Clients/nurseries for recruitment and placement purposes

  • Third party service providers involved in background checks (DBS, etc.)

  • Regulatory authorities, as required by law

  • Our appointed data processors (e.g., IT services, payroll) under strict confidentiality agreements

We do not sell or trade personal data.

10. Breach Notification

In the unlikely event of a personal data breach, we will:

  • Act promptly to contain and investigate the breach

  • Notify the Information Commissioner’s Office (ICO) within 72 hours if required

  • Inform affected individuals as soon as possible if there is a high risk to their rights and freedoms

  • Review and update our policies and controls to prevent recurrence

11. Training and Responsibility

All Nexter Ltd staff receive mandatory GDPR and data protection training and are required to comply with this policy. Our Data Protection Officer oversees ongoing compliance and reports to senior management.

12. Contact Information

For questions or data protection concerns, please contact:
Nick Breeze, Data Protection Officer
Email: marketing@nexter.co.uk
Phone: 01133280668 / 02033376363

Cookie Notice: This website does not store personal data in cookies. More info ...
I'm fine with this