03333391192© 2026 Go Select Limited. All Right Reserved.
Data Protection Policy
DATA PROTECTION POLICY
Go Select Limited trading as Recruitment Monster
Last updated: March 2026
STATEMENT AND PURPOSE OF POLICY
Go Select Limited trading as Recruitment Monster (“the Employer”) is committed to ensuring that all personal data handled by us will be processed according to legally compliant standards of data protection and data security.
We confirm for the purposes of the data protection laws that the Employer is a data controller of the personal data in connection with your employment. This means that we determine the purposes for which, and the manner in which, your personal data is processed.
The purpose of this policy is to help us achieve our data protection and data security aims by:
— notifying our staff of the types of personal information that we may hold about them, our customers, suppliers and other third parties and what we do with that information;
— setting out the rules on data protection and the legal conditions that must be satisfied when we collect, receive, handle, process, transfer and store personal data and ensuring staff understand our rules and the legal standards; and
— clarifying the responsibilities and duties of staff in respect of data protection and data security.
This is a statement of policy only and does not form part of your contract of employment. We may amend this policy at any time, in our absolute discretion.
For the purposes of this policy:
Criminal records data means information about an individual’s criminal convictions and offences, and information relating to criminal allegations and proceedings.
Data protection laws means all applicable laws relating to the processing of personal data, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Data subject means the individual to whom the personal data relates.
Personal data means any information that relates to an individual who can be identified from that information.
Processing means any use that is made of data, including collecting, storing, amending, disclosing, or destroying it.
Special categories of personal data means information about an individual’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sex life or sexual orientation and biometric data.
DATA PROTECTION PRINCIPLES
Staff whose work involves using personal data relating to staff or others must comply with this policy and with the following data protection principles, which require that personal information is:
— processed lawfully, fairly and in a transparent manner. We must always have a lawful basis to process personal data. Personal data may be processed as necessary to perform a contract with the data subject, to comply with a legal obligation, or for the legitimate interest of the data controller. The data subject must be told who controls the information, the purpose for which it is being processed and to whom it may be disclosed.
— collected only for specified, explicit and legitimate purposes. Personal data must not be collected for one purpose and then used for another. If we want to change the way we use personal data, we must first tell the data subject.
— processed only where it is adequate, relevant and limited to what is necessary for the purposes of processing. We will only collect personal data to the extent required for the specific purpose notified to the data subject.
— accurate, and the Employer takes all reasonable steps to ensure that inaccurate information is rectified or deleted without delay.
— kept only for the period necessary for processing. Information will not be kept longer than it is needed and we will take all reasonable steps to delete information when we no longer need it. Contact the Director for guidance on retention periods.
— secure, and appropriate measures are adopted by the Employer to ensure as such.
WHO IS RESPONSIBLE FOR DATA PROTECTION AND DATA SECURITY?
Maintaining appropriate standards of data protection and data security is a collective task shared between us and you. This policy and the rules contained in it apply to all staff of the Employer, irrespective of seniority, tenure and working hours, including all employees, directors and officers, consultants and contractors, casual or agency staff, trainees, homeworkers, fixed-term staff and volunteers.
Questions about this policy, or requests for further information, should be directed to the Director.
All staff have personal responsibility to ensure compliance with this policy, to handle all personal data consistently with the principles set out here and to ensure that measures are taken to protect data security. Managers have special responsibility for leading by example and monitoring and enforcing compliance. The Director must be notified if this policy has not been followed, or if it is suspected this policy has not been followed, as soon as reasonably practicable.
Any breach of this policy will be taken seriously and may result in disciplinary action up to and including dismissal. Significant or deliberate breaches, such as accessing staff or customer personal data without authorisation or a legitimate reason to do so, may constitute gross misconduct and could lead to dismissal without notice.
WHAT PERSONAL DATA AND ACTIVITIES ARE COVERED BY THIS POLICY?
This policy covers personal data which: relates to a natural living individual who can be identified either from that information in isolation or by reading it together with other information we possess; is stored electronically or on paper in a filing system; is in the form of statements of opinion as well as facts; relates to staff (present, past or future) or to any other individual whose personal data we handle or control; and which we obtain, hold, store, organise, disclose or transfer, amend, retrieve, use, handle, process, transport or destroy.
WHAT PERSONAL DATA DO WE PROCESS ABOUT STAFF?
We collect personal data about you which: you provide or we gather before or during your employment or engagement with us; is provided by third parties, such as references or information from suppliers or another party that we do business with; or is in the public domain.
The types of personal data that we may collect, store and use about you include records relating to your: home address, contact details and contact details for your next of kin; recruitment (including your application form or CV, references received and details of your qualifications); pay records, National Insurance number and details of taxes and any employment benefits such as pension; telephone, email, internet or other communications use; performance and any disciplinary matters, grievances, complaints or concerns in which you are involved.
SENSITIVE PERSONAL DATA
We may from time to time need to process sensitive personal information (special categories of personal data). We will only process sensitive personal information if we have a lawful basis for doing so and one of the following special conditions applies: the data subject has given explicit consent; the processing is necessary for the purposes of exercising employment law rights or obligations; the processing is necessary to protect the data subject’s vital interests and the data subject is physically incapable of giving consent; the processing relates to personal data which are manifestly made public by the data subject; the processing is necessary for the establishment, exercise or defence of legal claims; or the processing is necessary for reasons of substantial public interest.
Before processing any sensitive personal information, staff must notify the Director so that an assessment can be made as to whether the processing complies with the criteria above.
CRIMINAL RECORDS INFORMATION
Criminal records information will be processed in accordance with our Criminal Records Information Policy.
HOW WE USE YOUR PERSONAL DATA
We will tell you the reasons for processing your personal data, how we use such information and the legal basis for processing in our privacy notice. We will not process staff personal information for any other reason.
In general we will use information to carry out our business, to administer your employment or engagement and to deal with any problems or concerns you may have, including: maintaining staff address lists and contact details; sickness records management; monitoring IT systems usage; disciplinary, grievance or legal matters; performance reviews; and equal opportunities monitoring.
ACCURACY AND RELEVANCE
We will ensure that any personal data processed is up to date, accurate, adequate, relevant and not excessive given the purpose for which it was collected. We will not process personal data obtained for one purpose for any other purpose unless you agree to this or reasonably expect this.
If you consider that any information held about you is inaccurate or out of date, please tell the Director. If they agree that the information is inaccurate or out of date, they will correct it promptly.
STORAGE AND RETENTION
Personal data will be kept securely in accordance with our Data Retention Policy. The periods for which we hold personal data are contained in our privacy notices.
INDIVIDUAL RIGHTS
You have the following rights in relation to your personal data.
Subject access requests — You have the right to make a subject access request. If you do so, we will tell you: whether or not your personal data is processed and if so why; the categories of personal data concerned and the source of the data; to whom your personal data is or may be disclosed; for how long your personal data is stored; your rights of rectification or erasure, or to restrict or object to processing; your right to complain to the Information Commissioner’s Office (ICO); and whether or not we carry out automated decision-making.
We will provide you with a copy of the personal data undergoing processing, normally in electronic form if you have made a request electronically. To make a subject access request, contact us at info@recruitmentmonster.co.uk. We may need to ask for proof of identification before your request can be processed. We will normally respond within 28 days of receipt of your request.
Other rights — You have the right to require us to: rectify inaccurate data; stop processing or erase data that is no longer necessary for the purposes of processing; stop processing or erase data if your interests override our legitimate grounds for processing; and stop processing data for a period if data is inaccurate or if there is a dispute about whether your interests override the Employer’s legitimate grounds for processing.
To request that we take any of these steps, please contact us at info@recruitmentmonster.co.uk.
DATA SECURITY
We will use appropriate technical and organisational measures to keep personal data secure, and in particular to protect against unauthorised or unlawful processing and against accidental loss, destruction or damage. Maintaining data security means ensuring that: only authorised people can access the information; where possible, personal data is pseudonymised or encrypted; information is accurate and suitable for the purpose for which it is processed; and authorised persons can access information when needed for authorised purposes.
Security procedures include: desks and cupboards containing confidential information must be kept locked; computers must be locked with a strong password when left unattended; data stored on portable media must be encrypted or password protected; the Director must approve any cloud storage used; data should never be saved directly to mobile devices; servers containing personal data must be kept in a secure location and protected by security software; data should be regularly backed up; and copies of personal information must be physically destroyed when no longer needed — paper documents should be shredded and physical storage devices rendered permanently unreadable.
DATA IMPACT ASSESSMENTS
Where processing would result in a high risk to staff rights and freedoms, the Employer will carry out a data protection impact assessment to determine the necessity and proportionality of processing, including the purposes for which the activity is carried out, the risks for individuals and the measures that can be put in place to mitigate those risks.
DATA BREACHES
If we discover that there has been a breach of staff personal data that poses a risk to the rights and freedoms of individuals, we will report it to the Information Commissioner’s Office within 72 hours of discovery. We will record all data breaches regardless of their effect. If the breach is likely to result in a high risk to your rights and freedoms, we will inform affected individuals and provide information about its likely consequences and the mitigation measures taken.
INDIVIDUAL RESPONSIBILITIES
Staff are responsible for helping the Employer keep their personal data up to date. Staff should let the Employer know if personal data changes, for example if you move house or change your bank details.
Individuals who have access to personal data are required to: access only personal data that they have authority to access and only for authorised purposes; not disclose personal data except to individuals with appropriate authorisation; keep personal data secure; not remove personal data or devices from the Employer’s premises without appropriate security measures; and not store personal data on local drives or personal devices used for work purposes.
TRAINING
We will provide training to all individuals about their data protection responsibilities as part of the induction process and at regular intervals thereafter. Individuals whose roles require regular access to personal data, or who are responsible for implementing this policy or responding to subject access requests, will receive additional training to help them understand their duties and how to comply with them.
Contact: info@recruitmentmonster.co.uk
Website: recruitmentmonster.co.uk