Introduction

Get Paid Payroll (GPP) Outsourcing is committed to protecting the privacy, confidentiality, and integrity of all personal and business data it handles. We recognise the importance of maintaining trust with our clients, employees, and partners, and we comply fully with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable data privacy laws.

This Data Protection Policy sets out how we collect, use, store, share, and protect personal data as part of our payroll, HR management, and outsourcing operations. Our goal is to ensure that all personal information is managed responsibly, securely, and lawfully.

1. Purpose

The purpose of this policy is to:

• Define GPP’s responsibilities under data protection laws.

• Protect the rights and privacy of individuals whose data we process.

• Provide a framework for the secure handling and processing of personal data.

• Ensure consistency and accountability in how data is managed across the organisation.

2. Scope

This policy applies to:

• All employees, contractors, consultants, and third-party service providers working with GPP.

• All forms of personal data collected, processed, or stored by GPP in both digital and physical formats.

• All services offered through our website, email, systems, and related business activities.

3. Principles of Data Protection

GPP adheres to the following key principles, as defined by the UK GDPR:

1. Lawfulness, Fairness, and Transparency – Data must be processed lawfully, fairly, and transparently.

2. Purpose Limitation – Data must be collected for specified, explicit, and legitimate purposes.

3. Data Minimisation – Only data that is necessary for stated purposes is collected.

4. Accuracy – Personal data must be accurate and kept up to date.

5. Storage Limitation – Data must be retained only for as long as necessary.

6. Integrity and Confidentiality – Data must be processed securely, protecting against unauthorised access or loss.

7. Accountability – GPP is responsible for demonstrating compliance with these principles.

4. Data We Collect

GPP may collect and process the following types of data:

• Employee and Payroll Data: Names, addresses, national insurance numbers, tax information, salary, and pension details.

• Client and Business Data: Company contact information, representative details, and payment data.

• Website and Communication Data: Visitor details, enquiry forms, email correspondence, and consent preferences.

We collect this data directly from individuals or organisations, or indirectly through third-party systems that were authorised by the client.

5. Legal Basis for Processing

We process personal data under one or more of the following lawful bases:

• Contractual necessity – To fulfil our obligations under service agreements.

• Legal obligation – To comply with UK laws on tax, employment, and payroll.

• Legitimate interest – To operate, improve, and secure our services.

• Consent – Where explicit permission is obtained for specific processing activities.

6. Data Storage and Security

GPP implements robust data protection measures to safeguard all information held within its systems. These include:

• Encryption of all sensitive digital data in transit and at rest.

• Secure physical storage and controlled access to hard-copy records.

• Regular system backups and disaster recovery protocols.

• Strict access control and authentication procedures.

• Ongoing employee training on data protection and information security.

7. Data Sharing and Disclosure

Personal data will only be shared where necessary and lawful, including:

• With authorised employees and consultants who need access to perform their duties.

• With regulatory bodies or law enforcement agencies when legally required.

• With approved third-party processors underwritten agreements ensuring compliance with UK GDPR.
  GPP will never sell or trade personal data under any circumstances.

8. Data Retention

Personal data is retained only for as long as necessary to meet the purposes for which it was collected or to comply with legal obligations. When no longer required, data is securely deleted or anonymised in accordance with GPP’s retention policy.

9. Rights of Individuals

Under UK GDPR, individuals have the following rights:

• The right to access their personal data.

• The right to request correction of inaccurate or incomplete data.

• The right to request erasure of data where appropriate (“right to be forgotten”).

• The right to restrict or object to processing.

• The right to data portability.

• The right to complain to the Information Commissioner’s Office (ICO).

Requests relating to these rights can be made in writing to GPP via email or post.

10. Data Breach Management

In the event of a personal data breach, GPP will:

• Immediately investigate the incident and take steps to contain it.

• Notify the ICO within 72 hours where required by law.

• Inform affected individuals if there is a high risk to their rights and freedoms.

• Document all breaches and corrective actions taken.

11. Training and Awareness

All GPP employees and contractors undergo data protection training to ensure awareness of responsibilities under this policy and UK GDPR. Regular refresher training and compliance audits are conducted.

12. Accountability and Review

The Directors of OPD Limited oversee compliance with this Data Protection Policy and ensure that GPP maintains an effective data protection framework.
This policy will be reviewed periodically to ensure it remains aligned with legal requirements and best practice standards.

Contact Information

For any data protection queries, access requests, or complaints, please contact:

Email: info@getpaidpayroll.com
Telephone: +44 208 145 3355
Address: Ability House, 121 Brooker Road, Waltham Abbey, EN9 1JH, United Kingdom

Data Protection Policy