How we use your data

We collect your data so that we can provide you with the service you’ve asked for, meet our legal obligations as an employer, run our business and manage our relationship with you effectively, lawfully and appropriately. We will use your data in the following ways:

1. To meet our legal, regulatory and statutory obligations

As your employer, we are required to carry out certain duties involving your personal data, including:

  • Verifying that you have the right to work in the UK prior to your employment commencing and in some cases, at set intervals thereafter
  • Providing you with a contract of employment
  • Making the correct tax and National Insurance deductions from your payments
  • Deducting student loan repayments from your payments, where applicable
  • Providing you with appropriate insurance cover
  • Enrolling you in a pension when certain criteria are met
  • Send you mandatory communications related to your enrolment in the pension
  • Providing you with statutory sick pay
  • Providing you with maternity/paternity/adoption/shared parental pay
  • Ensuring that you receive your rights under the Agency Workers Regulations 2010
  • Reporting any workplace accidents or injuries that you’re involved in
  • Ensuring that you receive the correct amount of holiday pay
  • Producing a P60 for you each year
  • Producing a P45 for you at the end of your employment
  • Run payroll for you and transfer payments to your bank account
  • To comply with court-ordered attachment of earnings orders or deductions of earnings orders (for example, if you owe child maintenance)


In order to meet these obligations, there are times when we need to share your data with third parties. These occasions are:

  • We have to share some of your data with a pension provider, to meet our automatic enrolment obligations under the Pensions Act 2008. This includes your contact details, date of birth and gender. Our pension provider is the National Employment Savings Trust (NEST) – a privacy policy is available on their website.
  • Upon their request, we may be required to share your data with the Pensions Regulator.
  • We have to share some of your income, personal and contact details with Her Majesty’s Revenue & Customs (HMRC) in order to meet our obligations as an employer. HMRC has a personal information charter on its website.
  • To comply with the Agency Workers Regulations 2010, we may need to share information with your recruitment agency about your assignments. This would be most likely to happen if you start an assignment at a workplace where you’ve worked before via a different agency or when you reach 12 weeks at a certain workplace. We recommend reading your agency’s privacy notice.
  • We would share information if requested to do so by a law enforcement agency or in response to a court order. Similarly, we have a duty to disclose information about possible criminal acts (for example money laundering) or security threats to the relevant bodies.
  • We may share your data with our insurers, Kingsbridge, in order to ensure that we have appropriate insurance cover for someone in your job role. We would also share data with them in the event that you make a claim, in order to resolve it. You can read Kingsbridge’s privacy notice on their website.
  • In certain circumstances, we may need to check your immigration status. For example, we would do this if you were in the process of applying for or renewing your work visa and didn’t yet have the necessary documentation to show us. We would ask for your permission to submit your details to the Employer Checking Service provided by the Home Office, so that we could confirm you had the right to work in the UK while your application was ongoing.
  • If a government body requests that we share confirmation of your earnings and/or employment, we will do so. Examples include the Department for Work and Pensions, Child Maintenance Service or the Home Office. The information requested often includes your National Insurance number, dates of employment, home address, copies of your pay advice slips/P45/P60 and a copy of your ID.

Our lawful basis for this processing is legal obligation.

2. To fulfil our contractual obligations to you

Before you become an employee, we tell you about all the things we would do for you if you joined. When you join, we’re making a promise to provide you with that service. This creates a contractual obligation. To meet this obligation, we use your personal data to achieve the following, where it’s applicable to the service you have joined:

  • Answer your queries
  • Communicate with you about your payroll, employment and career and to tailor our communications to your circumstances
  • Centralise your income for work through any number of recruitment agencies
  • Provide you with a package of perks and discounts, if you are eligible for this
  • Provide references for mortgages, jobs, loans, tenancies etc.
  • Assist with loss of earnings claims e.g. for jury service
  • Process your expense claims in line with our expense policy, if you are eligible to use it
  • Welcome you into our community of contractors
  • Provide you with a reliable, weekly payroll service
  • Provide an efficient, user-friendly, transparent service with exceptional customer care


We only share your data with third parties when it’s absolutely necessary. We only work with organisations that we trust, or who you have asked us to cooperate with. This is a list of the occasions when we would share your data with a third party in order to meet our contractual obligations:

  • In order to provide you with a reliable, predictable payroll service, we work very closely with your recruitment agencies. We will notify them when you join our service so they know you’re we’re ready to run payroll for you, and we’ll let them know when you leave our employment. We may also share your name and Employee ID to help us both identify you.
  • When you join Key Portfolio, you get a bunch of employee perks such as shopping discounts, cheap cinema tickets and prizes. Some of these perks are provided by a third party, LifeWorks. If you want to use these perks, you have to register with LifeWorks. We share your Key ID with LifeWorks so they can let us know when you’ve signed up. You can read LifeWorks’ privacy notice on their website.
  • You can view some of the personal data that we hold on you by logging into your account To do this you will need to enter your email address and password, and answer your security question. We may also refer to data that we hold about you in phone or email discussions with you, after completing our security checks.
  • If a non-government body requests that we share confirmation of your earnings and/or employment, we will ask for your permission to respond. Common examples include solicitors, banks and new employers.
  • We bank with Barclays (primarily) and RBS (as a back-up). All payments that we make to your bank account naturally involve a level of data sharing with our bank. Barclays has a privacy notice on their website, as does RBS.
  • There may be times when you ask us to share data – for example, if you’re applying for a mortgage and need us to provide your bank with details about your income or if you have nominated a third party to speak to us on your behalf about your pay or employment (e.g. your spouse or a conciliation service like Acas).

Our lawful basis for this processing is contract.

Learn more

3. So that we can run our business

There are certain activities that we undertake because they’re in the best interests of our business. When these activities involve your personal data, we first consider whether or not your interests outweigh our own. If they did, we wouldn’t do it. These activities include:

  • Should you raise or require support with a legal case, we may choose to share your personal data with a lawyer. In the event that it included ‘special category’ data, for example details relating to your health, trade union membership or religion, then we would be doing so on the basis that it is necessary for the establishment, exercise or defence of a legal claim.
  • From time to time we ask a professional auditor to conduct a non-statutory audit on our business to demonstrate that we are compliant with all relevant laws and regulations. This leads more contractors and recruiters to feel confident working with us.
  • Recruitment agencies must comply with various pieces of legislation, including the Agency Workers Regulations 2010, the Intermediaries’ Reporting Regulations and the Criminal Finance Act 2017. They may also have to comply with supply chain audits. They often need our support in order to do this, which involves us sharing data with them about you. If we didn’t do this, we wouldn’t be able to work with them. You can find a complete list of the information we’d ever share with your recruitment agency in our support centre.
  • If we ever had to take disciplinary action against you or if we were made aware of a safeguarding concern that involved you and was being investigated, we may decide to share that information with your recruitment agencies. We do this to protect our professional relationship with the agencies.
  • We may share your data with our carefully chosen data processors. These are trusted businesses who help us communicate with you, work more productively and keep your data secure.
  • During your employment, you might decide to write or contribute content for our website. This may involve us publishing your writing, name, bio, photographs, videos, comments or other work on our website. Before you agree to take part, we’d explain what was going to happen and make sure it was what you wanted. If you ever change your mind and want something removed or anonymised, please email
  • We may send you tailored communications based on information we have learned from publicly available sources. The most common example is if we find out from an employee’s social media profile that they have an interesting hobby or sideline, we may contact them to ask if they’d like to share their story on our blog. As we want to maintain a busy blog that appeals to contractors.

For the reasons explained in each paragraph, our lawful basis for all of the processing in this section is legitimate interests. You have the right to object to any processing that is based on legitimate interests. To let us know that you object, please email

Learn more

4. To improve our service

We are constantly looking for insights, trends and measurements that can help us improve our service or the way we communicate. To help with this, we may do some analysis on the data that we hold on you and other contractors. For example, if we wanted to hold a meet-up for contractors, we might analyse our employees’ addresses to identify where is likely to be a popular location for the event.

If you volunteer to take part in a survey that we run, we may combine your response with data that we already hold about you (like your age) and use it to build up a more complete picture of the results.

We will also use insights gained from your data to tailor our communication with you, so that we only contact you when it’s relevant. For example, if you only work with one recruitment agency then we might check in with you from time to time to see if you’re working with anyone new. Or if we know that you work as a supply teacher, we’d send you a link to a new resource we’d published for supply teachers but we won’t email you when there’s a new article about IT consulting.

Because it helps us to improve our service to you and to grow our business, our lawful basis for these activities is legitimate interests.

You have the right to object to any processing that is based on legitimate interests. To let us know that you object, please email

What we don’t do with your data
  • We will not pass your details to any third party not mentioned in this policy, unless we have your consent to do so. Should we need to introduce a new third party, for example because the law changes, we would update this privacy policy.
  • If we’re making a decision that could have a significant effect on you, we would not base it solely on automated processing. To clarify, decisions related to your employment status or disciplinary matters would all involve a human.
  • We will not transfer your personal data outside the European Union, except to countries that have been recognised by the European Commission as providing adequate protection for your data. Learn more: when would you transfer my data outside the EU?

Go to section 4 – storing your data >>