Back to home

Privacy Policy

Last updated: March 2026

1. Who we are

FlexStaff Ltd ("FlexStaff", "we", "us", "our") is a UK-based employment platform that connects businesses with temporary workers. We are registered in England and Wales.

We take your privacy seriously. This policy explains what personal data we collect, why we collect it, and how we use it.

2. Data we collect

For workers: Full name, email address, phone number, home address and postcode, National Insurance number, nationality and right to work documents, bank account details, skills, work history, profile photo, HMRC tax declaration, and shift/earnings history.

For businesses: Company name, registration number, contact person details, billing address, VAT number, and payment method information (processed securely by Stripe — we never store full card numbers).

Automatically: IP address, browser type, pages visited, and cookies for authentication and analytics.

3. Why we collect it

We use your data to:
  • Create and manage your account
  • Match workers with shifts
  • Process payments and generate payslips and invoices
  • Comply with UK employment law and HMRC requirements
  • Send notifications about shifts, applications, and payments
  • Improve the platform and prevent fraud

4. Legal basis for processing

We process your data under the following lawful bases under UK GDPR:
  • Contract performance — to fulfil our agreement with you
  • Legal obligation — HMRC reporting, right-to-work checks
  • Legitimate interests — fraud prevention, platform security
  • Consent — marketing communications (you can opt out at any time)

5. Who we share data with

We share data with:
  • Businesses — your name, profile, and contact details when you are hired
  • Stripe — for payment processing
  • Novu — for sending email and in-app notifications
  • HMRC — as required by law
We do not sell your data to third parties.

6. How long we keep your data

We retain your account data for as long as your account is active. After deletion, we retain payroll records for 6 years as required by HMRC. Right-to-work documents are retained for 2 years after the end of an assignment.

7. Your rights

Under UK GDPR you have the right to:
  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data (subject to legal obligations)
  • Object to processing or request restriction
  • Data portability
  • Withdraw consent at any time
To exercise any right, contact us at privacy@flexstaff.co.uk.

8. Cookies

We use essential cookies for authentication (JWT tokens stored in localStorage). We use analytics cookies to understand how the platform is used. You can manage cookies through your browser settings.

9. Security

We use industry-standard encryption (TLS) for all data in transit. Payment data is handled exclusively by Stripe (PCI DSS compliant). Passwords are hashed and never stored in plain text.

10. Contact us

For privacy-related queries: privacy@flexstaff.co.uk
To report a data breach or make a complaint, you can also contact the ICO at ico.org.uk.