Effective Date May 25, 2018, updated on 2 July, 2020 

Introduction and General Terms of this Privacy Policy

This privacy policy sets out the privacy practices for Staffmis Limited

Staffmis is committed to protecting your personal information when you are using services from us. We want our services to be a safe and enjoyable environment for our users. This Privacy Policy relates to our use of any personal information you provide to us.

Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

In order to provide you with the full range of services, we are sometimes required to collect information about you. This privacy policy explains the following:

  • What information Staffmis may collect about you;
  • How Staffmis will use information we collect about you;
  • Whether Staffmis will disclose your details to anyone else;
  • The use of cookies on the Staffmis website and how you can reject these cookies.

Whenever you provide personal information to us, we are legally obliged to use your information in line with all laws concerning the protection of personal data.


Data controller - a controller determines the purposes and means of processing personal data.

Data processor - a processor is responsible for processing personal data on behalf of a controller.

Data subject – natural person

Categories of data: Personal data and special categories of personal data

Personal data - any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier (for example name, passport number, home address or private email address. Online identifiers include IP addresses and cookies.

Special categories personal data – this refers to sensitive personal data as ‘special categories of personal data’. The special categories specifically include genetic data, and biometric data where processed to uniquely identify an individual. Other examples include racial and ethnic origin, sexual orientation, health data, trade union membership, political opinions, religious or philosophical beliefs.

Processing - means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Third party - means a natural or legal person, public authority, agency or body other than the data subject or, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

STAFFMIS – who we are

STAFFMIS is the data controller. This means we decide how your personal data is processed and for what purposes. Our contact details are: Staffmis, Station House, Station Approach, Newport Street, Swindon, SN1 3DU (tel: +44 (0)1793 614519). For all data matters contact the Compliance Manager at this address.

Information Staffmis may collect about you

We may collect and store any or all of the following types of information:

any personal data that is collected which you provide to Staffmis when contacting or corresponding with us or using our services

any personal data that is collected when you engage with Staffmis on any of its social media channels, including Facebook, Twitter, Instagram and Pinterest.

Information about the computer terminal you are on and about your use of our website including:

  • Your computer’s IP address,
  • Your worldwide geographical location,
  • Your Internet browser details,
  • The site which referred you to us,
  • How long you stayed on our site,
  • Which pages you viewed.

How Staffmis will use your personal data

Staffmis will use your personal data for several reasons including the following:

  • for website administration purposes, which means that Staffmis may contact you for reasons related to the service you have signed up for, (for example; to notify you that a particular service has been suspended for maintenance);
  • to personalise the way that content on the Staffmis website is presented to you;
  • to let you know about or provide the goods and/or services you have enquired about or contracted to have provided from Staffmis;
  • to allow the Staffmis website to enable any services you are registered with;
  • to provide, including sell, any goods or services purchased from Staffmis (this includes specialised, bespoke and personalised items);
  • to enable us to send to you any goods which have been purchased from Staffmis
  • to allow Staffmis to send you any paperwork related to purchase or dealings with Staffmis for example: statements & invoices;
  • to communicate with you about Staffmis, the website and to send you general notifications,
  • to communicate with you for the purposes of marketing our business;
  • to allow us to provide third parties with statistical information about our users (any information will be generic and not identifiable);
  • to allow us to deal with any enquiries and complaints made by or about you relating to Staffmis including its services and its web-site;
  • to manage our employees,
  • to maintain records and accounts;
  • to deal with regulatory, legal and administrative requirements and for these purposes;
  • to operate competitions, events and social media discussion, offers and promotions;
  • to invite you to and/or manage Staffmis events which you might attend;
  • and when you report a problem with our services, our website, or our social media channels.

We may share your personal information with our suppliers, service providers and other contractors to fulfil orders you place with us and to provide the services you request.

In particular, we may share your personal information with our third party marketing service providers who manage marketing communications on our behalf, including those sent by email. The information we share with them will include your contact details if you are currently subscribed to any of our marketing lists and may, for suppression purposes, also include your contact details if you have indicated that you do not wish to receive marketing communications from us.

Staffmis will never pass on your personal information to a third party for third party marketing purposes, unless you have consented to your personal information being shared in this way.

The categories of personal data concerned

We process the following categories of your data:

  • Personal data 
  • Special categories of data where this is relevant to employment or the services or products provided by Staffmis.

What is our legal basis for processing your personal data?

Our lawful basis for processing your general personal data includes:

  1. Consent of the data subject
  2. Processing is necessary for the performance of a contract with the data subject or to take steps to enter into a contract
  3. Processing necessary for compliance with a legal obligation
  4. Processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
  5. Processing necessary for the purposes of the legitimate interests of the data controller or a third party, except where such interests are overridden by the interests or fundamental rights or freedoms of the data subject

Our lawful basis for processing your special category personal data includes:

  1. Explicit consent of the data subject
  2. Processing necessary for carrying out obligations under employment, social security or social protection law, or a collective agreement
  3. Processing necessary to protect the vital interests of a data subject or another individual where the data subject is physically or legally incapable of giving consent
  4. Processing relates to personal data manifestly made public by the data subject
  5. Processing necessary for the establishment, exercise or defence of legal claims or where courts are acting in their judicial capacity
  6. Processing necessary for reasons of substantial public interest on the basis of EU or Member State law
  7. Processing necessary for reasons of preventative or occupational medicine, for assessing the working capacity of an employee, medical diagnosis, the provision of health or social care or treatment or management of health or social care systems and services on the basis of EU or Member State law or a contract with a health professional
  8. Processing necessary for the reasons of public interest in the area of public health
  9. Processing necessary for archiving purposes in the public interest, or scientific and historical research purposes or statistical purposes

Who Staffmis may disclose your personal information to

We shall treat your personal data carefully. However, we may disclose personal data to:

  1. any of our officers or employees with the applicable security clearance.
  2. our insurers, lawyers and accountants and book keeping service providers
  3. the police and any other regulatory or government authority when requested to do so
  4. third party cookies but please refer to our cookie policy
  5. to third party processors including:
  • Sendgrid for the purpose of sending out emails. We also collect data as to the details of the email notification's reach, whether the email was opened and other such information to measure its success. Sendgrid's privacy policy can be found here : 

We only share your personal data with other third parties where we have your consent to do so.

How long do we keep your personal data?

We keep your personal data for no longer than reasonably necessary. We only retain your data for one of the bases mentioned under what is our legal basis for processing your personal data. Your personal data shall be reviewed periodically to ensure that where it is no reasonably necessary to hold it, it is destroyed securely.

Providing us with your personal data

You are under no statutory or contractual requirement or obligation to provide us with your personal data. But failure to do so may mean Staffmis cannot provide you with the products or services it offers (including the loyalty scheme) or let you know about events or offers.

Your rights and your personal data

Unless there is a lawful exemption, you have the following rights with respect to your personal data:

  • the right to request a copy of the personal data which we hold about you;
  • the right to request that we correct any personal data if it is found to be inaccurate or out of date;
  • the right to request your personal data is erased where it is no longer necessary to retain such data;
  • the right to withdraw your consent to the processing at any time, where consent was the basis for processing your data;
  • the right to request that we provide you with your personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability), (where applicable i.e. where the processing is based on consent or is necessary for the performance of a contract with the data subject and where the data controller processes the data by automated means);
  • the right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
  • the right to object to the processing of personal data, (where applicable i.e. where processing is based on legitimate interests (or the performance of a task in the public interest/exercise of official authority); direct marketing and processing for the purposes of scientific/historical research and statistics).
  • Third party websites external to Staffmis

Our website may contain hyperlinks to websites owned and operated by third parties. These third party websites have their own privacy policies, including cookies, and we urge you to review them. They will govern the use of personal information you submit or are collected by cookies whilst visiting these websites. Staffmis accepts no responsibility or liability for the privacy practices of such third party websites and your use of such websites is at your own risk.

Transfer of Data Abroad

Sendgrid is based in the USA and complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Frameworks. More details can be found here: ttps://

Any personal information that is submitted to us may be stored and transferred between countries which do not have the same data protection laws as protecting as the EU. By providing us your information to us you agree to such international data transfer and storage.

Automated Decision Making

Currently, we do not use any form of automated decision making in our business.

Further processing

If we wish to use your personal data for a new purpose, not covered by our Privacy or Cookie Policies, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions.

Changes to our privacy policy

Any changes we may make to our privacy policy in the future will be posted on this page. Please check back frequently to see any updates or changes to our privacy policy. 

How to make a complaint

To exercise all relevant rights, queries or complaints please in the first instance contact our Compliance Manager at Staffmis, Station House, Station Approach, Newport Street, Swindon, Wiltshire, SN3 1DU.

Go To Top