APP PRIVACY POLICY

This App Privacy Policy explains how GestioStaff Limited (“GestioStaff”, “we”, “us”, “our”) processes personal data when workers use our workforce management application provided via Ubeya.

This policy should be read together with our main Privacy Policy.

1. Who Is Responsible

GestioStaff Limited is the data controller for personal data processed through the app in connection with our staffing services.

Our workforce platform provider, Ubeya, acts as a data processor and processes personal data only on our documented instructions and in accordance with applicable data protection law.

2. Data Collected Through the App

When you use the app, we may collect and process the following categories of personal data:

  • Profile information (name, contact details, profile photo if uploaded)

  • Availability, role preferences and skills

  • Assignment details (location, time, role, rate)

  • Timesheets, attendance and approvals

  • Shift confirmations, cancellations and absence records

  • Client feedback relating to assignments

  • Payroll-related information necessary to calculate pay

  • In-app communications and operational messages

  • Device and log data (such as IP address, login records and usage logs)

We do not collect or use app data for purposes unrelated to staffing services.

Special category data (such as health information or criminal record data) is processed only where required for a specific role, permitted by law, and subject to additional safeguards.

3. How App Data Is Used

We use app data to:

  • Offer, allocate and manage shifts

  • Confirm attendance and time worked

  • Administer payroll and related payments

  • Communicate operational and assignment updates

  • Maintain compliance and audit records

  • Monitor system security and prevent misuse

  • Improve service reliability and platform performance

We do not make decisions about individuals based solely on automated processing that produce legal or similarly significant effects.

4. Lawful Basis for Processing

We process app data based on one or more of the following lawful bases under UK GDPR:

  • Contract – to provide staffing services and manage assignments

  • Legal obligation – to comply with employment, tax and regulatory requirements

  • Legitimate interests – for business operations, service delivery, fraud prevention and system security

  • Employment law conditions – where special category data is processed and permitted by law

Where we rely on legitimate interests, we ensure that your rights and freedoms are not overridden.

5. Data Sharing via the App

For operational purposes, certain information may be visible to clients engaging your services, including:

  • Your name

  • Role details

  • Assignment schedule

  • Attendance status

  • Timesheet approvals

Sensitive personal data (such as National Insurance numbers, bank details, health information or criminal record data) is not shared with clients.

We may also share data with trusted service providers (such as payroll or IT providers) where necessary and subject to contractual safeguards.

6. International Data Transfers

Some personal data processed via our platform provider may be transferred outside the United Kingdom.

Where international transfers occur, we ensure appropriate safeguards are in place, such as UK adequacy regulations, the UK International Data Transfer Agreement (IDTA), or approved contractual clauses.

7. Data Retention

Personal data processed through the app is retained in line with our main Privacy Policy, including:

  • Assignment and timesheet records: typically up to 6 years

  • Right to work documentation: duration of engagement plus 2 years

  • System and security logs: typically 3–12 months

Where data must be retained for longer due to legal claims, audits or regulatory requirements, it will be securely retained and then deleted when no longer required.

8. Security Measures

We implement appropriate technical and organisational measures to protect app data, including:

  • Role-based access controls

  • Secure hosting and encrypted connections

  • Monitoring for security incidents

  • Contractual security obligations with our platform provider

Access to personal data is restricted to authorised personnel on a need-to-know basis.

9. Your Data Protection Rights

You have the same data protection rights described in our main Privacy Policy, including the right to access, correct, delete or restrict the use of your personal data in certain circumstances.

As the data controller, GestioStaff Limited is responsible for responding to data protection rights requests. Our platform provider assists us in fulfilling such requests where required.

To exercise your rights, contact:
info@gestiostaff.com

You also have the right to complain to the Information Commissioner's Office if you are dissatisfied with our response.

10. Changes to This Policy

We may update this App Privacy Policy from time to time. The most recent version will always be available on our website.