Data Protection, Processing & Record Retention

Policy Review Date: October 2021
Next Review Date: October 2022


Clarus Education Ltd is committed to protecting the privacy and security of personal information. All information collected used during and after any working relationship with us is held in accordance with the General Data Protection Regulation. This applies to all employees, workers, contractors, candidates and individuals as clients or potential clients of ours.



Clarus Education Ltd processes personal data in relation to its own staff and individual client member/potential member contacts. It is vitally important that we abide by the principles of the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 set out below.


Clarus Education Ltd holds data on individuals for the following general purposes:

We may collect personal information about employees, workers, contractors, candidates and individuals at clients or potential clients of ours in a number of different ways. This includes through recruitment, directly from candidates or sometimes via another employment agency. We may sometimes collect information from third parties including former employers, credit reference agencies or other background check agencies. We may also collect personal data which is publicly available on websites.


The data will be processed compliant with the principles of fair processing in Article 5, GDPR. Clarus Education Ltd will:


Personal data means data, which relates to a living individual who can be identified from the data or from the data together with other information, which is in the possession of, or is likely to come into possession of, Clarus Education Ltd.  Data will only be processed in compliance with the following legal bases:



Data will be reviewed on a regular basis to ensure that it is accurate, relevant and up to date.


Employees are responsible for ensuring that any changes to old or inaccurate data takes place in a timely fashion. In addition, all employees should ensure that adequate security measures are in place. For example:


Data subjects, are entitled to obtain access to their data on request. All requests to access data by data subjects i.e. staff or members, should be referred to the Data Protection Officer, Ellen O’Shea. Where a request is granted, the information will be provided within 30 days of the date of the request.


Any requests for access to a reference given by a third party must be referred to ellen O’Shea and should be treated with caution even if the reference was given in relation to the individual making the request. This is because the person writing the reference also has a right to have their personal details handled in accordance with data protection laws, and not disclosed without their consent.