Privacy Policy

1. Introduction

PRL Site Solutions Ltd ("PRL", "we", "us") is committed to protecting the privacy and security of personal data belonging to our contractors, clients, suppliers, and website visitors.

This Privacy Policy explains how we collect, use, store, and protect your personal information in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

PRL Site Solutions Ltd is the data controller for the personal data described in this policy.

2. Personal Data We Collect

2.1 Contractor Data

• Full name, date of birth, and contact details (email, phone, address)
• National Insurance number and UTR number
• Emergency contact details
• CSCS card, DBS checks, right to work documentation, and qualifications
• IR35 status determination and assessment results
• Professional insurance certificates
• Timesheet data including hours worked and overtime
• Assignment history and performance records

2.2 Client and Supplier Data

• Company name, registration number, and address
• Contact person details and contract information
• Invoice and payment information

2.3 System Data

• Login credentials (email and encrypted password)
• System activity logs and audit trail data
• Session cookies (essential only)

3. Legal Basis for Processing

• Contract Performance (Article 6(1)(b)) — to fulfil contractual obligations
• Legal Obligation (Article 6(1)(c)) — required by employment law, tax regulations, and H&S legislation
• Legitimate Interests (Article 6(1)(f)) — for workforce planning, quality management, and fraud prevention
• Consent (Article 6(1)(a)) — where applicable, you may withdraw consent at any time

4. How We Use Your Data

• Contractor recruitment, onboarding, and placement management
• Compliance verification (right to work, CSCS, DBS, IR35)
• Timesheet processing, approval, and payroll/invoicing
• Health and safety management and emergency contact purposes
• Quality management and ISO 9001 compliance
• System security, audit, and fraud prevention

5. Data Sharing

We may share data with: client companies (for placements), umbrella companies (for payroll), HMRC (legal requirement), cloud service providers (hosting), and auditors (ISO compliance). We do not sell personal data to third parties.

6. Data Storage and Security

• All data encrypted in transit (TLS/SSL) and at rest
• Passwords stored using bcrypt hashing (industry standard)
• Role-based access control with unique credentials
• Full audit trail on all system actions
• Sensitive data (NI numbers, UTR) masked in display
• Medical data classified as special category with restricted access
• Cloud infrastructure on SOC 2-compliant platforms with automated backups
• Security headers enforced (HSTS, CSP, X-Frame-Options)
• Rate limiting on authentication endpoints

7. Data Retention

• Active contractor records — duration of engagement plus 6 years
• Compliance documents — 6 years after expiry
• Timesheet and payroll data — 6 years (HMRC requirement)
• Client and supplier records — 6 years after end of contract
• System audit logs — 3 years
• Unsuccessful applicant data — 12 months

8. Your Rights

Under UK GDPR, you have the right to:

• Access — request a copy of your personal data
• Rectification — request correction of inaccurate data
• Erasure — request deletion where no compelling reason to continue processing
• Restrict Processing — request limitation of data use
• Data Portability — receive your data in a structured format
• Object — object to processing based on legitimate interests

To exercise these rights, contact us at info@prlsitesolutions.co.uk or call 0800 772 3959. We will respond within one calendar month.

9. Cookies

We use essential cookies only for authentication and session management. No advertising or analytics cookies are used.

10. Contact & Complaints

Data Protection Contact: info@prlsitesolutions.co.uk | 0800 772 3959

If unsatisfied, you may lodge a complaint with the ICO: www.ico.org.uk | 0303 123 1113

11. Changes to This Policy

We may update this policy to reflect changes in practices or legal requirements. The current version is always available at this URL.