STAFFSCANNER
PRIVACY POLICY

Last updated: July 2026

Staffscanner Ltd (“Staffscanner”, “we”, “us” or “our”) is committed to protecting your privacy and ensuring that your personal information is handled lawfully, fairly, securely and transparently.

This Privacy Policy explains how we collect, use, store and share personal information when you:

  • visit the Staffscanner website;
  • download or use the Staffscanner app or platform;
  • register with us as a care professional;
  • apply for or book shifts;
  • use Staffscanner as a care provider or business customer;
  • contact or communicate with us;
  • participate in surveys, referral schemes, competitions or promotions; or
  • receive marketing or other communications from us.

1. Who is the Data Controller?

Staffscanner Ltd is the Data Controller responsible for determining how and why your personal information is processed, unless we tell you otherwise.

Staffscanner Ltd

Company number: SC566169

Registered office: 125 West Regent Street, Glasgow, Scotland, G2 2SD

Operational address:

3rd Floor, Kirkstane House

139 St Vincent Street

Glasgow

G2 5JF

For privacy and data protection enquiries:

Email: [email protected]

Telephone: 0330 094 5922

2. Data protection principles

We process personal information in accordance with applicable UK data protection and privacy legislation, including the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 and the Privacy and Electronic Communications Regulations 2003 (PECR), as amended.

We follow the key principles of data protection. Personal information must be:

  • processed lawfully, fairly and transparently;
  • collected for specified, explicit and legitimate purposes;
  • adequate, relevant and limited to what is necessary;
  • accurate and kept up to date where necessary;
  • kept for no longer than necessary; and
  • processed securely and protected against unauthorised or unlawful processing, accidental loss, destruction or damage.

Staffscanner is responsible for demonstrating compliance with these principles.

3. The personal information we may collect

The information we collect depends on your relationship with Staffscanner and how you use our services.

Care professionals and candidates

We may collect and process information including:

  • your name and contact details;
  • home address;
  • date of birth;
  • identity documentation;
  • profile photographs;
  • employment history and work experience;
  • CV and application information;
  • professional qualifications and registrations;
  • training and development records;
  • right-to-work information;
  • references;
  • compliance documentation;
  • PVG, DBS or other background-checking information where applicable;
  • availability and shift preferences;
  • preferred working locations;
  • shift applications and booking history;
  • attendance and timesheet information;
  • payment and financial information;
  • communications with Staffscanner;
  • feedback, ratings or other information relating to assignments;
  • app and platform usage information; and
  • any other information reasonably required to assess your suitability and eligibility to undertake work.

Special category and criminal offence data

Some information we process may be considered special category personal data under data protection law. This may include information about your health where relevant to your work, reasonable adjustments or occupational requirements.

We may also process information relating to criminal convictions and offences where this is necessary and legally permitted, including information obtained through PVG or DBS processes.

Where we process this type of information, we will identify an appropriate lawful basis and any additional legal condition required by applicable data protection legislation.

Care providers, clients and business contacts

We may collect:

  • your name;
  • job title;
  • organisation;
  • business contact information;
  • account and login information;
  • staffing requirements;
  • shift and booking activity;
  • communications and enquiries;
  • contractual information;
  • billing and payment information;
  • feedback and service information; and
  • information about your use of Staffscanner services.

Website, app and platform users

We may collect technical and usage information including:

  • IP address;
  • device information;
  • browser type;
  • operating system;
  • app and website usage;
  • login information;
  • pages viewed;
  • interactions with our services;
  • cookie and similar technology identifiers;
  • approximate location information where appropriate and permitted;
  • communication preferences; and
  • information about how you interact with emails, SMS messages, notifications and other communications.

4. How we collect your information

We may collect personal information:

  • directly from you;
  • when you register or create an account;
  • when you use the Staffscanner website, app or platform;
  • when you apply for or undertake shifts;
  • when you communicate with us;
  • from care providers and organisations using Staffscanner;
  • from referees;
  • from professional or regulatory bodies;
  • from identity, compliance and background-checking providers;
  • from publicly available professional and business sources;
  • through cookies and similar technologies;
  • when you interact with our marketing communications;
  • through surveys, competitions, promotions or referral schemes; and
  • from third parties where we have a lawful basis to receive the information.

If you provide us with personal information about another person, you should ensure that you are authorised to provide that information and, where necessary, that the individual has been provided with appropriate privacy information.

5. How we use personal information

We may use your information to:

  • create and manage your Staffscanner account;
  • register and onboard care professionals;
  • verify identity, qualifications, experience and eligibility to work;
  • conduct appropriate compliance and background checks;
  • assess suitability for shifts and assignments;
  • connect care professionals with relevant shifts and care providers;
  • manage applications, shift bookings and cancellations;
  • administer attendance and timesheets;
  • process payments;
  • provide customer and user support;
  • communicate important information about your account or our services;
  • manage relationships with care providers and business customers;
  • administer contracts;
  • comply with legal, regulatory, safeguarding and compliance requirements;
  • prevent and investigate fraud, misuse and security incidents;
  • protect our users, customers, systems and services;
  • improve the Staffscanner app, platform and website;
  • analyse service performance and user experience;
  • conduct surveys and research;
  • manage referral schemes, competitions and promotions;
  • produce business reporting and insights;
  • develop new products, features and services; and
  • provide relevant marketing communications where permitted by law.

6. Our lawful bases for processing

We must have a lawful basis for processing your personal information.

Depending on the circumstances, we may rely on:

Contract

Where processing is necessary to enter into or perform a contract with you, including providing access to Staffscanner services and facilitating work or shift bookings.

Legal obligation

Where processing is necessary to comply with legal or regulatory requirements.

Legitimate interests

Where processing is necessary for our legitimate business interests or those of a third party, provided those interests are not overridden by your rights, freedoms and interests.

Our legitimate interests may include:

  • operating and improving our services;
  • managing relationships with care professionals and care providers;
  • ensuring the security of our services;
  • preventing fraud and misuse;
  • understanding how our services are used;
  • communicating with business contacts; and
  • carrying out appropriate marketing activities.

Consent

Where you have given clear permission for us to process your personal information for a specific purpose.

Where we rely on consent, you may withdraw that consent at any time.

Vital interests

In limited circumstances, we may process personal information where necessary to protect someone’s life.

7. Marketing communications

We may use your personal information to send relevant information about:

  • available opportunities and shifts;
  • Staffscanner services and features;
  • news and updates;
  • events;
  • surveys;
  • referral schemes;
  • competitions and promotions;
  • educational or professional content; and
  • other information that we believe may be relevant to you.

Depending on your relationship with Staffscanner and the type of communication, we may rely on your consent or, where legally appropriate, our legitimate interests.

For electronic marketing, including email, SMS and similar communications, we will comply with applicable PECR requirements.

Where consent is required, we will ask you to take a clear positive action to opt in.

You can change your marketing preferences or opt out at any time by:

  • clicking the unsubscribe link in a marketing email;
  • following the opt-out instructions in an SMS;
  • changing your communication preferences where this functionality is available; or
  • contacting Staffscanner.

We may retain limited information about your marketing preferences after you opt out so that we can respect your request and avoid sending unwanted marketing communications.

You have the right to object to the use of your personal information for direct marketing at any time.

8. Business-to-business marketing

We may contact existing and prospective care providers, organisations and relevant business contacts about Staffscanner products and services where permitted by law.

We may use professional contact information obtained:

  • directly from you;
  • through an existing business relationship;
  • from publicly available professional sources; or
  • from legitimate business data sources where legally permitted.

Where appropriate, we may rely on our legitimate interests to conduct business-to-business marketing.

Every direct marketing communication will provide an appropriate way to opt out or object to future marketing.

9. Service communications and marketing communications

Not every communication from Staffscanner is a marketing communication.

We may send essential operational and service communications relating to:

  • your account;
  • registration and onboarding;
  • compliance requirements;
  • document or qualification expiry;
  • shift availability relevant to the service you use;
  • shift applications and bookings;
  • cancellations or changes;
  • timesheets and payments;
  • account security;
  • changes to our services; and
  • important legal or regulatory information.

Where a communication is necessary to provide the Staffscanner service, you may continue to receive it even if you have opted out of general marketing communications.

10. SMS and mobile messaging

Where you opt in to receive SMS or other mobile marketing messages from Staffscanner, you may receive recurring messages relating to Staffscanner services, opportunities, updates or promotions.

Message frequency may vary depending on your relationship and interaction with Staffscanner.

Your usual mobile network message and data charges may apply.

You can opt out of marketing messages at any time by following the instructions provided in the message, which may include replying STOP or using another unsubscribe method provided.

Where supported, you may be able to request assistance by replying HELP or contacting Staffscanner directly.

Consent to receive marketing messages is not a condition of using the Staffscanner service.

If you change or transfer your mobile number, we recommend updating your Staffscanner account details or notifying us so that communications are not sent to the incorrect recipient.

Operational messages that are necessary to administer your account, registration or shift activity may be treated differently from marketing communications.

11. App and push notifications

The Staffscanner app may send push notifications and other in-app communications relating to:

  • available shifts;
  • applications and bookings;
  • changes and cancellations;
  • registration;
  • compliance requirements;
  • account activity;
  • service updates; and
  • other relevant information.

You may be able to manage push notification permissions through your device or app settings.

Where a push notification is used for direct marketing, we will comply with applicable privacy and marketing requirements.

12. Automated processing and matching

Staffscanner uses technology to help operate its platform and connect care professionals with available opportunities.

We may use information such as:

  • role and professional qualifications;
  • compliance status;
  • availability;
  • location;
  • shift preferences;
  • experience; and
  • care provider requirements

to support the identification, matching, prioritisation or presentation of relevant shifts and opportunities.

Where we use automated decision-making that produces legal or similarly significant effects, we will comply with applicable data protection requirements and provide appropriate information and safeguards.

13. Sharing your personal information

We may share personal information where necessary with:

  • care providers and organisations using Staffscanner;
  • professional and regulatory bodies;
  • identity-verification providers;
  • background-checking and compliance providers;
  • training providers where appropriate;
  • payment, payroll and financial service providers;
  • IT and cloud hosting providers;
  • communications providers;
  • CRM and software providers;
  • analytics and website service providers;
  • professional advisers;
  • auditors and insurers;
  • government bodies;
  • regulators;
  • law enforcement agencies; and
  • other organisations where required or permitted by law.

Where another organisation processes personal information on our behalf, we require appropriate contractual and security protections.

We do not sell your personal information.

14. Business changes and legal disclosures

We may disclose personal information:

  • if Staffscanner sells, buys or restructures a business or assets;
  • as part of a merger, acquisition or corporate transaction;
  • where required to comply with a legal obligation;
  • to enforce our contractual rights;
  • to protect the rights, property or safety of Staffscanner, our users, customers or others;
  • for fraud prevention or security purposes; or
  • where disclosure is otherwise permitted by law.

Where appropriate, we will ensure suitable protections are in place.

15. International transfers

Some organisations that provide services to Staffscanner may process personal information outside the United Kingdom.

Where personal information is transferred internationally, we will ensure that an appropriate legal mechanism and safeguards are in place as required by applicable data protection law.

These may include transfers to countries recognised as providing an adequate level of data protection or the use of approved contractual safeguards.

16. How long we keep your information

We retain personal information only for as long as reasonably necessary for the purposes for which it was collected and to meet our legal, regulatory, contractual and operational obligations.

Retention periods may depend on:

  • the type of information;
  • your relationship with Staffscanner;
  • legal and regulatory requirements;
  • employment and staffing requirements;
  • compliance and safeguarding obligations;
  • financial and tax requirements;
  • contractual obligations; and
  • the need to establish, exercise or defend legal claims.

When information is no longer required, we will securely delete, anonymise or otherwise dispose of it in accordance with our retention procedures.

17. Security of your information

We use appropriate technical and organisational measures designed to protect personal information against:

  • unauthorised access;
  • unlawful processing;
  • accidental loss;
  • destruction;
  • alteration; and
  • unauthorised disclosure.

These measures may include:

  • access controls;
  • encryption;
  • secure systems and infrastructure;
  • authentication controls;
  • monitoring;
  • staff training; and
  • internal data protection and security procedures.

No electronic system can be guaranteed to be completely secure, but we regularly review our security arrangements and seek to apply appropriate protections.

18. IP addresses, cookies and similar technologies

When you use the Staffscanner website, app or platform, we may collect technical information such as:

  • IP address;
  • browser type;
  • operating system;
  • device information;
  • usage data;
  • website interactions; and
  • cookie identifiers.

We may use cookies and similar technologies to:

  • enable essential website functionality;
  • recognise returning users;
  • remember preferences;
  • understand how our services are used;
  • measure website and campaign performance;
  • improve our website and services; and
  • support marketing and advertising where permitted.

Where consent is required, we will not place or use non-essential cookies until you have made an appropriate choice.

More information should be provided through our Cookie Policy and cookie consent settings.

19. Links to other websites

The Staffscanner website, app or communications may contain links to websites or services operated by third parties.

These organisations have their own privacy practices and policies. Staffscanner is not responsible for the privacy practices or content of third-party websites.

We recommend reviewing the relevant privacy information before providing personal information to another organisation.

20. Your data protection rights

Depending on the circumstances, you may have the right to:

The right to be informed

You have the right to clear information about how your personal information is collected and used.

The right of access

You have the right to request confirmation of whether we process your personal information and to request access to that information.

This is commonly known as a Subject Access Request.

The right to rectification

You have the right to request correction of personal information that is inaccurate and completion of information that is incomplete.

The right to erasure

In certain circumstances, you may ask us to delete your personal information.

This right is not absolute, and we may need to retain information where there is a legal, regulatory or other lawful reason to do so.

The right to restrict processing

In certain circumstances, you may ask us to restrict how we use your personal information.

The right to data portability

In certain circumstances, you may have the right to receive personal information you have provided to us in a structured, commonly used and machine-readable format or request that it is transferred to another organisation.

The right to object

You may have the right to object to processing based on legitimate interests.

You have an absolute right to object to the use of your personal information for direct marketing.

Rights relating to automated decision-making

You may have rights relating to certain decisions made solely through automated processing where those decisions have legal or similarly significant effects.

The right to withdraw consent

Where we rely on consent, you can withdraw that consent at any time.

Withdrawing consent will not affect the lawfulness of processing carried out before consent was withdrawn.

21. Making a data protection request

To exercise your data protection rights, please contact Staffscanner using the contact details provided in this Privacy Policy.

We may need to take reasonable steps to verify your identity before responding.

We will respond within the timescales required by applicable data protection law.

Requests are generally free of charge. However, in certain circumstances permitted by law, we may charge a reasonable fee or refuse to act on a request that is manifestly unfounded or excessive.

22. Data protection complaints

If you have concerns about how Staffscanner has collected, used or handled your personal information, please contact us in the first instance so that we can investigate your concern.

We will handle data protection complaints in accordance with applicable legal requirements and our internal procedures.

You also have the right to raise a concern with the Information Commissioner’s Office (ICO), the UK’s independent data protection regulator.

23. Surveys, competitions, promotions and referral schemes

From time to time, Staffscanner may invite you to:

  • participate in surveys;
  • enter competitions;
  • take part in promotions;
  • provide feedback; or
  • participate in referral schemes.

We will explain how relevant personal information will be used where necessary.

Participation is voluntary unless otherwise clearly stated.

Additional terms and conditions may apply to individual competitions, promotions or referral schemes.

24. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect:

  • changes in the law;
  • regulatory guidance;
  • changes to our business;
  • changes to our technology or services; or
  • improvements to our privacy practices.

The latest version will be published on the Staffscanner website and the “Last updated” date will be amended accordingly.

Where appropriate, we may also notify users of significant changes through the Staffscanner platform, app, email or another suitable communication method.

25. How to contact us

If you have questions about this Privacy Policy, wish to exercise your data protection rights, change your marketing preferences or make a data protection complaint, please contact:

Staffscanner Ltd

3rd Floor, Kirkstane House

139 St Vincent Street

Glasgow

G2 5JF

Email: [email protected]

Telephone: 0330 094 5922