Spinwell Startups
Legal

Privacy & Data Policy

How we collect, use, store and protect your personal data.

How we handle your information

Data Policy

General Statement

SPINWELL GLOBAL LTD may ask for some Personal Data from its staff, associates, clients or any other connected party. This ensures that we can provide services to the required level.

We take responsibility for looking after information seriously. SPINWELL GLOBAL LTD comply with the law and good practice and follow the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (and, where applicable, the EU GDPR) when asking for or handling your information. We are registered with the UK Information Commissioner's Office (ICO) as a data controller.

Lawful bases for processing

Under Article 6 of the UK GDPR we rely on the following lawful bases:

  • Contract - to take steps at your request prior to entering into a contract (e.g. processing your application or placement) and to perform our contract with you.
  • Legitimate interests - to run our recruitment business, match candidates to roles, contact clients about candidates, and keep our records accurate. You can object at any time.
  • Legal obligation - to comply with UK employment, tax, anti-money laundering, right-to-work and Conduct of Employment Agencies and Employment Businesses Regulations 2003 requirements.
  • Consent - for optional marketing communications, job alerts, and where we process special category data (e.g. health, ethnicity, criminal record information for vetting). You can withdraw consent at any time.

For special category data (Article 9) we additionally rely on your explicit consent or, where applicable, the substantial public interest condition under Schedule 1 of the Data Protection Act 2018 (e.g. equal opportunities monitoring, safeguarding, prevention of unlawful acts).

This policy sets out our commitment to protecting Personal Data. If applicable, a copy of this statement is brought to the attention of all employees, volunteers or any other connected party. Data Protection training is provided to all permanent employees.

SPINWELL GLOBAL LTD has an appointed Data Protection Officer (DPO).

In summary, we will cover:

  • Who is collecting your Personal Data
  • Why this is being collected
  • Who this will be shared with
  • How this is stored and protected
  • Your rights
  • Further contact information

Personal Data

As defined by the GDPR; ‘Personal Data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

The Personal Data processed by SPINWELL GLOBAL LTD causes a real risk for individuals to be harmed following a data breach defined by the GDPR as a ‘breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored or otherwise processed.’ This policy, in conjunction with relevant company documents (including the Data Protection Procedure and Internal Data Protection Training Manual) aims to minimise risk to Data Subjects and establishes reporting and complaint procedures.

Details of the Personal Data processed by SPINWELL GLOBAL LTD can be seen in our Information Audit. SPINWELL GLOBAL LTD collects ‘sensitive’ Personal Data for example medical information, criminal record details, religion, race and gender.

Processing Personal Data

Processing Personal Data allows SPINWELL GLOBAL LTD to provide services to the appropriate level. Personal Data is collected if there are one or more specific and lawful reasons. The Personal Data collected is relevant and kept to an absolute minimum to allow services to be adequately provided. Personal Data will be processed in a fair and transparent manner.

SPINWELL GLOBAL LTD has established policies and procedures to ensure Personal Data is processed in a secure manner. This includes IT and physical environmental factors.

SPINWELL GLOBAL LTD provides consultancy services and interim professionals to public, private and third sector Clients. We manage the full recruitment process, providing an exceptional, personal and bespoke service to both Clients and Associates alike.

SPINWELL GLOBAL LTD may ask for some Personal Data from its staff, associates, clients or any other connected party. This ensures that we can provide services to the requested and required level for compliance. We may therefore collect or receive Personal Data which includes, but is not limited to:

  • Personal Details; full names, date of birth, NI number, email address, place of birth, nationality, marital status
  • CV (often includes postal address)
  • Security clearance details (often includes clearance level, sponsor, issue and expiry dates)
  • Proof of ID - Passport / Driving Licence / VISA if applicable
  • Proof of Address - utility bill or bank statement
  • Limited Company Information
  • Insurance details
  • VAT
  • Declaration forms
  • References; past employment dates, client and location
  • Contracts
  • Invoices; account details

The Personal Data may be collected from a variety of sources, including, but not limited to:

  • Candidates
  • Client / Representatives / Company Associates
  • Umbrella Companies
  • Workers / Sub-Contractors

Should you wish to get further information about the safeguards applied to the transfer of your personal data, please contact the Spinwell Global Privacy Office for more information at DPO; info@spinwellrs.com / 0203 510 9454.

How will Spinwell Global protect your personal data?

Spinwell Global and our clients are committed to protecting the security of your personal information. A variety of security technologies, contractual controls, industry leading standards (such as ISO27001), Cyber Essentials Plus, policies and procedures are used to help protect your personal information from unauthorised access, use, or disclosure.

Storing Personal Data

The Personal Data may be stored and processed by all SPINWELL GLOBAL LTD employees, who may need to ask for personal details from other staff, associates, clients, candidates or any other connected party. Employees are provided with training to ensure they understand the importance of protecting Personal Data, and to provide best practice guidelines. This includes, but is not limited to the following methods:

  • Email
  • Post
  • Telephone
  • Electronic Filing Storage (Cloud)
  • Electronic Filing Storage Backup
  • Online Portals
  • Hard Copy Documentation

Consent

Data subjects will be asked for consent to process their Personal Data. The form or level of this consent is different depending on the circumstance. No children are involved in the services provided by SPINWELL GLOBAL LTD, so all individuals give own consent (unless otherwise agreed). Consent can be given in writing or orally or returning a signed copy of the consent form.

Data subjects have the right to object to provide Personal Data. This may impact the services SPINWELL GLOBAL LTD can perform. In some instances, Personal Data is mandatory.

Personal Data is shared only with SPINWELL GLOBAL LTD employees and company representatives unless:

  • The Personal Data is provided with the intention to submit this information to client or third party (e.g. CV/Evidence submission, on-boarding paperwork, accountancy procedures).
  • The Personal Data is provided to enable submission to portals.
  • Job Alert Notification System - permission given / denied.
  • Otherwise agreed.
  • Required by law.

Data subjects have the right to delete or remove Personal Data and can withdraw consent at any point. On request all data is disposed of in a secure manner (unless SPINWELL GLOBAL LTD have communicated why they are lawfully unable to do) and confirmation is sent to the data subject. Where possible, if Personal Data has been disclosed to third parties, it will be requested that the Personal Data is also deleted or removed.

Your rights under UK GDPR

You have the following rights in relation to your personal data:

  • Right to be informed - about how we use your data (this notice).
  • Right of access - to a copy of the personal data we hold about you (Subject Access Request).
  • Right to rectification - to have inaccurate or incomplete data corrected.
  • Right to erasure ("right to be forgotten") - to ask us to delete your data, subject to legal retention requirements.
  • Right to restrict processing - to limit how we use your data in certain circumstances.
  • Right to data portability - to receive your data in a structured, commonly used, machine-readable format.
  • Right to object - to processing based on legitimate interests, and to direct marketing at any time.
  • Rights related to automated decision-making and profiling - we do not make decisions about you solely by automated means.
  • Right to withdraw consent - at any time, where we rely on your consent.
  • Right to lodge a complaint with the ICO - see "Complaints" below.

We will respond to requests without undue delay and within one calendar month (extendable by two further months for complex requests). There is no fee unless your request is manifestly unfounded or excessive. To exercise any right, contact our DPO: info@spinwellrs.com / 0203 510 9454.

Exceptions

In some circumstances, SPINWELL GLOBAL LTD will withhold information. This includes, but is not limited to:

  • the prevention, detection or investigation of a crime
  • national security or the armed forces
  • the assessment or collection of tax
  • judicial or ministerial appointments.

External Processors

SPINWELL GLOBAL LTD considers the data protection procedures of any other connected party and if necessary will request confirmation of GDPR compliance (if not evident in company contracts). This includes data processors or controllers.

SPINWELL GLOBAL LTD takes responsibility for securing the transfer of, or communication of Personal Data. Comprehensive security measures are taken.

Retention of Data

SPINWELL GLOBAL LTD take steps to ensure Personal Data is as accurate as possible and is kept up to date. Personal Data is not kept longer than necessary and is accounted for.

SPINWELL GLOBAL LTD takes responsibility for securing the storage and management of Personal Data. Comprehensive security measures are taken.

The Personal Data will be kept for a suitable amount of time, based upon several factors including, but not limited to; the amount, sensitivity, purpose, and any legal obligations.

International transfers of your personal data

Where your personal data is transferred outside the United Kingdom (or the European Economic Area), we ensure an adequate level of protection by relying on one or more of: (a) a UK adequacy regulation (or, for EEA transfers, an EU adequacy decision) in respect of the destination country; (b) the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses; or (c) another safeguard permitted under Article 46 of the UK GDPR. A copy of the safeguards used is available from our DPO on request.

You acknowledge that personal data that you submit for publication through our website or services may be available, via the internet, around the world. We cannot prevent the use (or misuse) of such personal data by others.

Complaints

If you are unhappy with how we have handled your personal data you have the right to complain to the UK Information Commissioner's Office (ICO) at any time. ICO, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF · Helpline: 0303 123 1113 · ico.org.uk. We would, however, appreciate the chance to address your concerns first - please contact our DPO at info@spinwellrs.com.

Cookies

Our website uses only strictly necessary cookies required for the site to function (e.g. session and security cookies). We do not set advertising, analytics or tracking cookies that require consent under the Privacy and Electronic Communications Regulations (PECR). If this changes in the future, we will display a cookie consent banner and update this policy accordingly.

Enforcement

SPINWELL GLOBAL LTD reviews data protection policies and procedures. This policy is implemented in line with other company policies including Data Protection Procedure and Internal Data Protection Training Guidance. SPINWELL GLOBAL LTD employees are suitably trained and potential Personal Data breaches are investigated and reported without delay. SPINWELL GLOBAL LTD take our responsibility for the protection of Personal Data seriously. Misconduct will be disciplined in line with our Disciplinary Action Policy.

SPINWELL GLOBAL LTD have the right to amend or modify this Privacy Statement.

Any problems or queries please contact our DPO or ask for our company complaints procedure. DPO; info@spinwellrs.com / 0203 510 9454.

If SPINWELL GLOBAL LTD are unable to settle your complaint, the Information Commissioner’s Office (ICO) can be contacted to make a complaint or ask for further advice; ICO helpline Telephone: 0303 123 1113.

Should you have any questions regarding the above please contact SPINWELL GLOBAL LTD.

Privacy Policy

Spinwell Global is committed to good practice, professionalism and integrity in our recruitment business. We protect the privacy of our clients and candidates and treat all dealings with us in the strictest confidence, whether through this website, on the telephone or through one of our branches.

Candidates who submit their details via this site are assured that we only gather information necessary to aid the recruitment process and to understand the profile of our customers and web site users to monitor and improve our service. By registering your details on this site you consent to us collecting personal information for the purpose of disclosing this information to potential employers and clients in our recruitment process, or to contact you with marketing and job alerts.

All personal data such as name, address, email address, work history and education are gathered purely for this purpose and held on secure servers. In order to comply with The Conduct of Employment Agencies and Employment Businesses Regulations 2003, we are obliged to hold relevant data for a period of one year after its creation or one year after the date on which we last provided our services to our clients or candidates. After a period of non-usage, we will contact you and ask you if you want to keep your details on our database.

We will not disclose your personal data for any reason other than that directly relevant to the recruitment process or as required by law, and in line with the UK GDPR and the Data Protection Act 2018.

Last updated: 21 June 2026.