Logo

Terms and Privacy

Terms Of ServicePrivacy PolicyData ProtectionData Processing Statement

1 Data Protection Principles

Mployus commits to UK and EU GDPR principles by ensuring that:

Data Controller Details:

  • Data processing is fair, lawful, and transparent
  • Data is collected for specific, legitimate purposes only
  • Only necessary data is collected and kept accurate
  • Data is retained only as long as needed
  • Technical and organizational safeguards protect data
  • Any international data transfers comply with legal procedures

2 Categories of Personal Data Collected

To provide services, Mployus processes:

  • Contact details (names, addresses, phone numbers, job titles, emails for primary contacts and authorized personnel)
  • Usage data related to platform access and case management tools

3 How We Collect Personal Data

Personal data is collected:

  • Directly from you at contract signing
  • During onboarding
  • Throughout the service term and after termination
  • Via authorized Delegated Users

All data is stored securely within Mployus’ IT systems.

4 Legal Basis for Processing

We process personal data only where permitted by data protection legislation. The primary legal bases for processing your data are:

Purpose of ProcessingLegal Basis
Account setupPerformance of the contract
Service deliveryPerformance of the contract
Payment processingPerformance of the contract
Corporate status checksLegal obligation
Tax and regulatory compliance (e.g. VAT, IPT)Legal obligation
Contract-related financial decisionsLegitimate interest
Selection of service delivery methodsLegitimate interest
Contractual service administrationLegitimate interest
Monitoring service quality and entitlementsLegitimate interest
Maintaining accurate contact recordsLegitimate interest
Handling legal claimsLegitimate interest
Fraud preventionLegitimate interest
Securing IT and administrative systemsLegitimate interest

5 Consequences of Withholding Data

If you withhold requested personal data, Mployus may be unable to enter or perform the contract, which could lead to denial or disruption of services.

6 Data Sharing and Transfers

Mployus staff handling your data are trained in data protection laws. Third-party providers (e.g., IT services) are bound by formal data processing agreements ensuring GDPR compliance with safeguards and technical protections. Data may be transferred outside the European Economic Area (EEA) only when necessary to provide services, with equivalent protections in place, including secure systems within the Mployus group.

7 Data Security and Safeguards

Mployus is committed to protecting personal data from loss, misuse, unauthorized access, disclosure, alteration, or destruction. Appropriate technical and organizational measures are implemented to ensure security proportional to the risks, following applicable laws.

8 Data Retention Periods

Personal data is retained only as long as necessary to fulfill its purpose, including legal, regulatory, tax, or reporting needs. Typically, data is kept for the duration of the contract plus at least seven (7) years after termination, unless longer retention is legally required or justified.

Record TypeRetention Period
Health & Safety Assessments and Consultation RecordsPermanently
HMRC ApprovalsPermanently
Money Purchase Scheme Details6 years after transfer or value taken
Occupational Health Data30–50 years (depending on legal requirement)
Litigation-related Data7 years following conclusion of legal proceedings
All Other Client Data7 years from service termination date

9 Automated Decision-Making

Mployus does not make decisions about individuals solely by automated means without human involvement when such decisions have legal effects or significantly impact you. If this changes, you will be informed, and your rights under Article 22 of the UK GDPR will be respected.

10 Your Legal Rights

You have the following rights regarding your personal data processed by Mployus:

  • Right to be informed: Clear information on how your data is used;
  • Right of access: Request access to your personal data and processing details;
  • Right to rectification: Correct inaccurate or incomplete data;
  • Right to erasure: Request deletion of your data in certain cases (“right to be forgotten”);
  • Right to restrict processing: Limit how your data is used under specific conditions;
  • Right to data portability: Obtain and reuse your data across different services;
  • Right to object: Object to certain data processing, including direct marketing;

Rights related to automated decision-making: Object to decisions made without human involvement.

11 Withdrawing Consent

If we process your data based on consent, you may withdraw it at any time. This does not affect processing done before withdrawal. After withdrawal, we will stop processing your data unless there is another lawful basis.

12 Complaints

If you believe Mployus has violated your data protection rights, you can file a complaint with the relevant supervisory authority:

United Kingdom Information Commissioner’s Office (ICO) Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF Phone: 0303 123 1113 or 01625 545 745 Website: https://www.ico.org.uk

Ireland Data Protection Commission (DPC) 21 Fitzwilliam Square South, Dublin 2, D02 RD28 Phone: +353 (0)761 104 800 or +353 (0)57 868 4800 Website: https://www.dataprotection.ie

13 Data Protection Contact

Mployus has appointed a Data Protection Officer responsible for policy compliance. You can contact the DPO at: Daniel Chapman Email: [email protected]

Privacy Notice for Users' Employees

This notice is provided in line with the UK GDPR and applies to employees of Mployus clients using our software services. Mployus acts solely as a Data Processor, while your employer remains the Data Controller. We process your personal data only as instructed by your employer or as required by law.

1 Data Protection Contacts

For any data protection queries, you may contact:

Mployus UK – Data Protection Officer Address: 82 Gorton Road, Stockport, Manchester Email: [email protected]

Mployus Ireland – Data Protection Officer Address: 7 Station Hill, Clongriffin, Dublin Email: [email protected]

2 Data Processing Principles

We handle personal data following the UK GDPR and EU GDPR (as applicable), ensuring that data is:

  • Processed lawfully, fairly, and transparently;
  • Collected only for specific, explicit, and legitimate purposes;
  • Adequate, relevant, and limited to what is necessary;
  • Accurate and kept up to date where needed;
  • Retained only as long as necessary;
  • Processed securely with appropriate safeguards;

Transferred internationally only with proper protections.

3 Categories of Data Processed

We may process:

  • Name, contact details, address, and date of birth;
  • Job title and employment records (e.g., leave, absences, shifts);
  • Immigration status (e.g., passport/visa information);
  • National Insurance number;
  • Emergency contact details;
  • Health and safety data (if applicable);
  • Other documents or data uploaded by your employer.

All data is securely stored within Mployus systems.

4 Legal Basis for Processing

We process your data on the lawful basis of legitimate interest to:

  • Provide access to our software;
  • Help your employer meet employment, health, and safety obligations;
  • Support contractual operations and legal defence if needed.

5 Data Sharing

Only Mployus staff with technical support duties access your data as necessary. All are trained in GDPR compliance. Data may also be shared with authorised third parties only under your employer’s instruction or legal requirement. Third-party providers are contractually bound to safeguard your data. We do not transfer personal data outside the European Economic Area.

6 Data Security

We use physical, technical, and procedural safeguards to prevent unauthorised access, loss, or misuse of your data.

7 Data Retention

Your personal data is retained for the duration of your employer’s contract with Mployus, and may be kept longer if required by law or your employer’s instructions.

8 Automated Decision-Making

Mployus does not use automated decision-making processes that significantly affect individuals without human involvement.

9 Your Rights as a Data Subject

Under UK and Irish data protection laws, you have rights including:

  • To be informed about how your data is used;
  • To access your personal data;
  • To request corrections;
  • To request deletion in certain cases;
  • To restrict processing;
  • To data portability;
  • To object to certain processing, including direct marketing;
  • To request human intervention for automated decisions.

Since your employer is the Data Controller, you should direct any such requests to them. If we receive a request, we will forward it to your employer promptly.

10 Withdrawal of Consent

If consent was the basis for any processing, you may withdraw it anytime. Processing will stop unless another lawful basis applies.

11 Lodging a Complaint

If you believe your data protection rights have been violated, you can complain to the relevant authority:

United Kingdom Information Commissioner’s Office (ICO) Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF Phone: 0303 123 1113 or 01625 545 745 Website: www.ico.org.uk

Ireland Data Protection Commission (DPC) 21 Fitzwilliam Square South, Dublin 2, D02 RD28 Phone: +353 (0)761 104 800 or +353 (0)57 868 4800 Website: www.dataprotection.ie