Privacy Policy

At Steadfast, we value your privacy and have updated our Privacy Policy to provide greater clarity and to comply with the new European Union General Data Protection Regulation (GDPR). The GDPR, which took effect on May 25, 2018, gives individuals in the EU more control over how their data is used and our Privacy Policy takes into account the new requirements of the GDPR.


Steadfast Group Privacy Policy

Our policy will give you information about how, why and when we collect and use personal information and what we might do with it.

Whenever you are asked to provide personal information to us, we will always give you a specific privacy notice telling you exactly how that information will be used and who, if anyone, we’ll share it with. However, you should refer to this Privacy Policy for more detailed information.

This Privacy Policy is our overarching Privacy Notice.

What is personal information?

Personal information (sometimes called ‘personal data’) is any information that identifies and relates to a living person. This can include information that, when put together with other information, can then identify a person.

Because personal information allows people to know things about you, we need to protect this information and only use it for certain purposes.

Some information needs more protection. It might be information that you wouldn’t want widely known or that is very personal to you. This is sometimes also referred to as ‘sensitive personal data’ or ‘special categories of data’. This would include anything that relates to your:

  • Physical and sexual health
  • Religious or philosophical beliefs
  • Ethnicity
  • Physical or mental health
  • Trade union membership
  • Political opinion
  • Genetic/biometric data
  • Criminal history

What personal information do we collect about you and what do we do with it

Visitors to our websites

We collect standard internet log information and basic details of visitor behaviour so that we can work out the cause of any problems with our websites. We collect this information in a way that does not personally identify you, so it isn’t personal information.

If we do want to collect personal information through our website we will always tell you and will explain what we will do with the information you provide.

Links to other websites contains links to other websites, both those of government departments and of other organisations. This privacy policy only applies to our website.

When you are moving to another website you should read the privacy statement of any site which collects personal information. We do not pass on any of your personal information you have given us when you link to another site.

Security and performance

We use a third-party service to help maintain the security and performance of our website. To deliver this service it processes the IP addresses of visitors to our website.

If you contact us via social media

We process all our own social media interactions.

If you send us a private or direct message via social media the message will be stored for three months then deleted. This will give Steadfast time to respond. It will not be shared with any other organisations.

Please note that all comments and messages, including direct messages, posted to our social media sites Facebook, Twitter or LinkedIn belong to the person posting.

We do not own or hold any of the data that individual’s post. As a result, we are unable to delete this information. However, we do take steps to remove personal information so that it is not visible to the public.

If you email us

We use Microsoft anti-virus to encrypt and protect email traffic in line with government. If your email service does not support, you should be aware that any emails we send or receive may not be protected in transit.

We also use Firewall anti malware, which will block any viruses, intrusion Protection and detection system

We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.

If you phone us

When we receive phone calls we may record it for the purposes of quality monitoring only. We may also keep a written record of personal information you provide us over the phone and store it in your customer account or on our intelligence database.

If you make a complaint to us

When we receive a complaint about the Steadfast Group we make a file containing the details of the complaint. This normally contains the identity of the complainant and any other individuals involved in the complaint.

We will use the personal information we collect to process the complaint and to check on the level of service we provide.

We usually have to disclose the complainant’s identity to whoever the complaint is about. This is inevitable where, for example, the accuracy of a person’s record is in dispute. If a complainant doesn’t want information identifying him or her to be disclosed, we will try to respect that. However, it may not be possible to handle a complaint on an anonymous basis.

We will keep personal information contained in complaint files in line with our retention schedules. It will be retained in a secure environment and access to it will be restricted to those staff that require access for their role.

Job applicants

We collect personal information about applicants through the application and recruitment process, either directly from candidates or sometimes from an employment agency, previous employers or from organisations that assist us with our background checks.

Identity checks

  • We will photocopy of your Identification (Passport, Driving License), retaining securely in your Personal file
  • We will also check all SIA licenses are active and not revoked on a regular bases

Qualifications checks

We will check applicants have a valid qualification by checking our Qualifications matrix. When you obtain a qualification from a training provider it is their responsibility to let us know you hold this qualification by uploading your name, address, date of birth, photograph and qualification onto our Qualifications matrix.

If we have a contractual relationship with you

We collect personal information about the staff of organisations we enter into agreements with, companies approved to use our services. Typically we collect the name and contact details of staff so we can undertake due diligence and effectively manage the contractual relationship. Details about how we manage the data collected under each specific contract are included in the clauses of each agreement.

Our staff

We collect a range of personal data about employee, agency and contract staff in order to manage their employment relationship with us during the recruitment process, while they are working for us, at the time their employment ends and after they have left. Staff should see our Internal Data Protection Policy for more information regarding how we handle their data.

Former staff should contact, to obtain a copy of our current Data Protection Policy.

Why we ask for your personal information

We will only ask you to provide personal information if we need it. Typically, when we collect the information we will tell you why we need it, what we will do with it and whether we will share it with anyone else.

In general, we collect and use personal information where:

  • It is required by law e.g. to comply with employment law or health and safety legislation.
  • We have a contract with you e.g. you work for us, you provide a service to us or we have approved you to do something i.e. offer licence linked qualifications or conduct approved contractor assessments.
  • You (or your legal representative) have given us your consent e.g. you signed up to receive marketing information from us, receive text messages from us or agreed to the use of cookies on our website.

We will never sell your personal information to anyone else.

Who we share your personal information with

We can only share information when the law tells us we can do so.

We share information with core service providers and third party platforms as required for our business to function e.g. IT providers, payroll providers, pension scheme providers, auditors, legal advisors etc.

We also share and receive information we collect for our statutory purposes with other government agencies in order to:

  • To check the accuracy of information we hold
  • To prevent or detect crime
  • As otherwise permitted by law.

The agencies we typically share and receive information with in order to manage our relationship with staff and prospective staff include:

  • Pay and Pension Providers (RSM, National Audit Office, HMRC, MyCSP, Opus Trust Marketing and, if appropriate, a Partnership Pension Scheme provider)

How we store your personal information

Most of the information we hold on you will be stored electronically. Even if you send us documents, we will usually scan these and then either return the originals to you or destroy them. Please see ‘How do we protect your information?’ for details of how we keep this safe.

How we protect your personal information

The security of your personal information is very important to us. There are a number of ways we make sure that the information we hold about you (on paper and electronically) is secure. We make sure that we only make this information available to those who have a legal right to see it.

Examples of our security include:

  • Securely storing electronic information with appropriate encryption or security controls where required, both at rest and in transit in accordance with industry best practice and available technologies.
  • Processing information in accordance with HMG IA policies and industry standard risk assessments.
  • Controlling access to systems and networks so that only those people who need to and are allowed to see your personal information and able to access it.
  • Training for our staff to make sure that they know how to handle personal information and how and when to report when something goes wrong.
  • Making sure we only discuss personal information with a data subject once we’ve confirmed their identity.
  • Regular independent testing of our technology is carried out through our 3rd party IT provider Innovtech (evolve Group).
  • Ensuring all information you give us relating to payment details is handled in a PCI DSS compliant way.

How long we store your personal information

How long we keep information you give to us depends on exactly what information it is, why we need it, and what we use it for.

If you would like to know exactly how long we will keep a particular piece of personal information, please contact us using the ‘Contact Us’ form on our website. Please select ‘General Enquiry’ as the category and ‘Freedom of Information/DPA subject access request’ as the topic. In your request, please make clear which types of information you are asking about.

Generally, If we don’t need your personal information it will be securely deleted.

What to do if you have questions or concerns

If you have questions about how we collect, use or store your personal information, or your rights, please contact our Data Controller at

If you have any CCTV Data Access requests please send to

For independent advice about data protection, privacy and data sharing issues, you can contact the Information Commissioner’s Office (ICO).

You can visit the ICO website at email them at

Telephone numbers for the ICO are 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number.

The address to write to is:

Information Commissioner’s Office
Wycliffe House
Water Lane