Legal Information

Find all legal information about our services, including terms and conditions, privacy policy, and cookies policy.

Terms & Conditions of Use

SafeRec is designed for recruitment agencies, MSPs, and end clients who want clarity and confidence when working with umbrella companies. Everything in these Terms is there to keep your data protected, your reputation safe, and your compliance visible.

These Terms and Conditions, together with all schedules, the User Agreement posted on the Site, and any privacy-related documents (collectively, this "Agreement"), constitute a legally binding agreement made between you, whether personally or on behalf of an entity ("you," "user," or "Customer"), and SAFEREC GROUP LTD trading as SafeRec ("SafeRec," "we," "us," "Service Provider," or "our"). This Agreement governs your access to and use of the saferec.co.uk website, the SafeRec platform, and any related media forms, media channels, mobile websites, or mobile applications (collectively, the "Site").

SAFEREC GROUP LTD is a private limited company registered in England and Wales, with its registered office at 71-75 Shelton Street, London, WC2H 9JQ, United Kingdom. Our VAT number is 409453591.

By accessing the Site, you confirm that you have read, understood, and agree to be bound by this Agreement. If you do not agree with all terms and conditions contained herein, you are expressly prohibited from accessing or using the Site, and you must discontinue use immediately.

Supplemental terms and conditions or documents that may be posted on the Site from time to time are expressly incorporated into this Agreement by reference. We reserve the right, in our sole discretion, to amend or modify these Terms and Conditions at any time. Such changes will become effective immediately upon their posting on the Site unless otherwise stated. We will alert you to any such changes by updating the "Last Updated" date at the beginning of these Terms and Conditions. Your continued use of the Site following the posting of revised Terms and Conditions signifies your acceptance of those changes. It is your responsibility to review these Terms and Conditions periodically to ensure you are aware of any updates or changes.

You are permitted to purchase Services from the Site only if you meet the following eligibility criteria:

[1] You are legally capable of entering into binding contracts under applicable law.
[2] You are at least 18 years of age or the age of majority in your jurisdiction, whichever is greater.

If you do not meet these eligibility criteria, you are prohibited from accessing or using the Site or purchasing Services from SafeRec.

Definition
1. Platform: The "Platform" refers to the SafeRec.co.uk website and all associated software, applications, tools, and resources, including but not limited to features such as Umbrella Management, Payslip Audit, Key Information Document ("KID") generation, and the Umbrella Comparator. The Platform encompasses all current and future functionalities accessible through any form of electronic device, including desktop, mobile, or tablet, and is operated exclusively by SafeRec.
2. Services: "Services" refer to all functionalities and capabilities offered via the Platform, including but not limited to: The generation and calculation of compliance scores based on user interactions and document reviews;
  1. The auditing and verification of payslips;
  2. The creation and electronic delivery of KIDs, including associated pay illustrations;
  3. The ability to compare umbrella companies and configure parameters for margin comparisons;
  4. Any additional tools, integrations, or features provided as part of specific subscription plans or future updates to the Platform as outlined in this Agreement.
3. User: "User" means any individual or legal entity, including but not limited to recruitment agencies, umbrella companies, managed service providers, and end clients, who accesses or utilises the Platform for any purpose, whether as a subscriber, administrator, or recipient of information generated via the Platform.
4. Subscription: A "Subscription" constitutes a legally binding, time-limited arrangement requiring the payment of fees for access to specific Services as detailed in the subscription plan selected by the User. Subscriptions may include varying levels of access, features, and support depending on the plan. Subscriptions automatically renew unless explicitly cancelled as per the terms of this Agreement.
5. Compliance Score: The "Compliance Score" is a calculated metric provided by the Platform to assist Users in evaluating progress towards regulatory due diligence. The score is derived from task completions and document reviews within the Platform but is intended solely as a guidance tool. It does not serve as a certification or guarantee of regulatory compliance and must not be relied upon as such by Users or any third parties.
Scope of Services
1. Umbrella Management:
  1. The Platform enables Users to upload, review, and manage documents provided by umbrella companies, supporting compliance checks and due diligence processes. This feature facilitates the efficient organisation and evaluation of documentation to aid Users in meeting their regulatory and operational obligations.
  2. The Platform generates a "Compliance Score" to reflect the User's progress in completing assigned tasks and following established compliance workflows. This score serves as a guidance metric only and must not be relied upon as definitive proof or certification of legal or regulatory compliance. Users acknowledge and agree that the Compliance Score does not constitute legal advice or guarantee compliance with applicable laws or regulations.
  3. Users may customise their compliance checks by adding new document requirements, implementing additional review criteria, or updating existing processes to align with their specific needs. All customisation activities are the sole responsibility of the User, including ensuring the appropriateness and legality of the added requirements. SafeRec assumes no liability for any outcomes or implications arising from customisation conducted by the User.
  4. SafeRec provides its Services to deliver verified compliance data and transparency across the supply chain. The outputs generated through the Platform — including Compliance Scores, Reports, and Certifications — are designed to assist Users and their connected partners in meeting due diligence and regulatory obligations with confidence. While every effort is made to ensure the accuracy, integrity, and reliability of these outputs, SafeRec is not responsible for independent decisions or actions taken by Users or third parties based on them. Each party remains responsible for assessing the information in the context of its own legal and operational obligations.
2. Payslip Audit:
  1. The Platform provides Users with the capability to submit payslips for auditing to assess the accuracy and completeness of the information presented. This feature is designed to assist Users in identifying discrepancies or errors in payslip data as part of their due diligence and compliance efforts.
  2. Audit results are typically delivered within 24 hours of submission. However, this timeframe is an estimate provided as operational guidance only and shall not constitute a service-level commitment and may be extended in cases where additional investigation or review is required due to the complexity of the submitted data or other unforeseen factors. Users will be notified of any significant delays in the audit process.
  3. Payslip Audit Reports are generated to provide verified insight into payslip accuracy and compliance performance. While SafeRec exercises due care and proprietary verification methods, Users must interpret results in the context of their own obligations. SafeRec is not liable for independent decisions or actions based solely on the reports.
3. Key Information Document (KID) Generation:
  1. The Platform enables Users to generate Key Information Documents (KIDs) as required under applicable regulations. Each KID includes a pay illustration that provides an example of potential remuneration, assisting Users in fulfilling their informational obligations to workers and candidates.
  2. The pay illustration contained in the KID is intended solely for guidance purposes and may not reflect actual pay outcomes. Variables such as individual tax codes, National Insurance (NI) categories, applicable deductions, and other personal circumstances can significantly impact actual remuneration.
  3. By default, KIDs generated through the Platform are sent from the email address noreply@saferec.co.uk. However, Users can configure their own SMTP email settings to personalise the sending address for KIDs. This feature allows Users to maintain their branding or utilise preferred communication protocols.
  4. SafeRec is not responsible for any issues arising from misconfigured SMTP settings or any other situation, including but not limited to incorrect email formats, failed deliveries, or emails flagged as spam. Additionally, SafeRec disclaims any liability for emails not being delivered due to technical errors, third-party email server issues, or recipient-side settings. Users are solely responsible for verifying the KIDs are delivered.
4. Umbrella Comparator:
  1. The Platform allows Users to create and distribute a comparator of umbrella companies they wish to work with, enabling workers and candidates to view the information presented on a webpage via a unique URL generated by the Platform.
  2. To utilise this feature, Users must specify which umbrella companies will be included in the comparator and define the corresponding margins for each company to be displayed. The comparator is designed to assist Users in presenting options in a clear, structured, and easily accessible manner.
  3. Comparators generated through the Platform are strictly for reference purposes. They are not to be interpreted as endorsements, recommendations, or certifications of any umbrella company by SafeRec.
  4. Users bear sole responsibility for the accuracy, completeness, and validity of all data included in the comparator. SafeRec expressly disclaims liability for any inaccuracies or misrepresentations in the information provided by Users.
  5. The unique URL generated for each comparator is intended for distribution to workers and candidates solely for informational purposes. Users are prohibited from modifying the URL in ways that could misrepresent or miscommunicate the comparator's content or purpose.
5. Additional Features:
  1. Depending on the selected subscription plan, Users may gain access to additional features designed to enhance compliance and operational efficiency. These features may include, but are not limited to:
    1. Tracking Umbrella Company Accreditations: Tools to monitor and verify the accreditation status of umbrella companies, ensuring Users stay informed about regulatory compliance and industry standards.
    2. Crisis Support Services: Resources and assistance to address critical compliance issues or unexpected operational challenges involving umbrella companies.
    3. Compliance Trend Monitoring: Analytics and reporting tools that allow Users to track compliance trends over time, providing insights to improve due diligence and mitigate risks.
  2. The availability and scope of these additional features are dependent on the specific subscription plan selected by the User. Detailed descriptions, limitations, and conditions for accessing these features will be outlined in the applicable subscription terms and agreements.
6. Updates and Modifications:
  1. SafeRec retains the right, at its sole discretion, to update, modify, enhance, or discontinue any aspect of the Services provided through the Platform. Such changes may be implemented to:
    1. Ensure compliance with evolving legal or regulatory requirements;
    2. Improve or expand the functionality and performance of the Platform;
    3. Address identified security vulnerabilities or operational concerns; or
    4. Accommodate technological advancements or changes in industry standards.
  2. In the event of a material change to the Services that significantly impacts functionality, SafeRec will notify Users in advance through the Platform or other reasonable communication channels, such as email. Non-material updates or minor adjustments may be made without prior notification to ensure the continued improvement of the Platform.
  3. Users acknowledge and agree that continued access to or use of the Platform after the implementation of any updates or modifications constitutes their acceptance of the revised Services. Users are responsible for reviewing update notifications and familiarising themselves with any changes to ensure ongoing compliance with this Agreement.
  4. SafeRec is not liable for any disruption, loss, or inconvenience caused by updates or modifications to the Platform. Users are encouraged to contact SafeRec support if assistance or clarification regarding updates is required.
SafeRec Certification
1. Nature of Certification: The SafeRec Certification represents a verified standard of payroll and compliance integrity within the labour supply chain. It confirms that, at the time of assessment, the certified entity met SafeRec's audit and verification criteria and remains subject to ongoing real-time auditing.
2. Suspension and Revocation: SafeRec reserves the right to suspend or revoke a SafeRec Certification at any time if the certified entity fails to maintain required standards, breaches any SafeRec agreement, or if continued certification could reasonably mislead users or regulators.
3. Use of SafeRec Branding: Certified entities may reference the SafeRec Certification only in accordance with SafeRec's Branding and Usage Guidelines. All goodwill arising from such use will belong exclusively to SafeRec.
4. Consequences of Revocation: If certification is suspended or revoked, the affected entity must immediately remove all references to the SafeRec Certification and cease any use of SafeRec branding or marks.
5. Modification of Criteria: SafeRec reserves the right to amend, update, or replace the criteria, standards, or verification methods used for SafeRec Certification at any time, without prior notice, to reflect changes in law, regulatory guidance, or SafeRec's audit methodology. Continued certification is conditional upon compliance with the most recent applicable criteria.
SafeRec Ecosystem Data Connectivity
1. Purpose: Users acknowledge that participation in the SafeRec Ecosystem involves controlled data interconnectivity between Umbrella Companies, Recruitment Agencies, Managed Service Providers, and End Clients for compliance, audit, and transparency purposes only.
2. Lawful Basis and Controls: All such data flows take place within the SafeRec Platform under the governance of Schedule 1 (Data Sharing Agreement) and SafeRec's Privacy Policy. No personal or commercial data may be disclosed outside this controlled environment without a lawful basis under the UK GDPR.
3. Limitation: Users must not extract, export, or replicate any data from the SafeRec Ecosystem outside the Platform unless expressly authorised by SafeRec in writing or required by law.
Subscription Terms
1. Non-Refundable and Automatic Renewal:
  1. All subscriptions to the Platform are non-refundable, except where otherwise required by law. Once a subscription term begins, the associated fees are non-recoverable, regardless of whether the User chooses to utilise the Services.
  2. Subscriptions automatically renew at the end of the current term unless cancelled in accordance with this Agreement. Renewal ensures uninterrupted access to the Services.
2. Payment Obligations:
  1. Subscription fees are payable in advance and grant access to the Platform and its Services for the specified term associated with the selected subscription plan.
  2. If a User fails to pay the required subscription fees by the due date, SafeRec reserves the right to suspend or terminate the User's access to the Platform and Services without further notice. Any data or customisation associated with the User's account may also be restricted or deleted following termination due to non-payment.
3. Cancellation of Subscription:
  1. Users may cancel their subscription at the end of the current term by providing written notice to SafeRec at support@saferec.co.uk. The notice must be submitted before the renewal date to avoid the automatic renewal of the subscription.
  2. Cancellations become effective at the end of the current subscription term. Users will retain access to the Platform until the term concludes, after which all access will cease.
4. Subscription Fee Adjustments:
  1. SafeRec reserves the right to adjust subscription fees for future renewal periods. Users will be notified of any changes to subscription fees at least 30 days before the renewal date via email or the Platform.
  2. If a User does not agree to the adjusted fees, they may cancel their subscription in accordance with the cancellation process outlined in this Agreement. Continued use of the Platform following the renewal date constitutes acceptance of the revised fees.
Service Levels and Support
1. Service Availability: SafeRec will use commercially reasonable efforts to maintain Platform availability of at least 99% per calendar month, excluding scheduled maintenance, Force Majeure Events, or downtime caused by the User or third-party providers.
2. Scheduled Maintenance: SafeRec will provide at least 24 hours' notice of planned maintenance likely to cause material downtime. Maintenance will normally be performed outside of UK business hours.
3. Support Hours: SafeRec provides standard technical support Monday to Friday, 9:00–17:30 UK time (excluding public holidays) via support@saferec.co.uk
4. Response time targets: critical issues within 4 hours, general enquiries within one business day. Support outside these hours may be provided at SafeRec's discretion but is not guaranteed.
5. No Service Credit: These service objectives are for operational guidance only and do not constitute a warranty or give rise to financial remedies or service credits.
User Registration
1. Account Registration Requirements:
  1. To access the Platform and its Services, Users must complete the registration process by creating an account. Registration requires Users to provide accurate, complete, and up-to-date information, including but not limited to their name, email address, and any other details required by the Platform.
  2. Users warrant that all information provided during registration is truthful and free from misrepresentation. Failure to provide accurate information may result in the suspension or termination of access to the Platform.
2. Account Credentials and Security:
  1. Users are solely responsible for maintaining the confidentiality and security of their account credentials, including usernames and passwords. Account credentials must not be shared, disclosed, or otherwise made accessible to unauthorised parties.
  2. Users are fully responsible for all activities and actions taken under their account, regardless of whether such activities are authorised by the User. SafeRec disclaims all liability for any unauthorised use of an account caused by the User's failure to safeguard their credentials.
  3. If a User suspects any unauthorised access to or use of their account, they must notify SafeRec immediately at support@saferec.co.uk. SafeRec may require additional verification to secure and restore access to the account.
3. Account Suspension and Termination:
  1. SafeRec reserves the right, at its sole discretion, to terminate or suspend User accounts for any of the following reasons:
    1. Breach of this Agreement, including but not limited to non-compliance with terms, misuse of the Platform, or prohibited activities;
    2. Submission of false, incomplete, or fraudulent information during the registration process;
    3. Engagement in fraudulent, illegal, or harmful activities on or through the Platform.
  2. In the event of termination or suspension, Users may lose access to all Services, data, and customisation associated with their account. SafeRec is under no obligation to provide refunds or compensation for terminated or suspended accounts.
Prohibited Activities

Users must not engage in any activity that disrupts, misuses, or exploits the Platform or its Services. The following activities are strictly prohibited:
1. Data Extraction and Compilation: Systematically retrieve data, content, or any other material from the Platform to create or compile, directly or indirectly, a collection, compilation, database, directory, or derivative work without obtaining SafeRec's prior written consent.
2. Circumvention of Security Features: Circumvent, disable, tamper with, or otherwise interfere with the security-related features of the Platform, including but not limited to features designed to prevent or restrict the use, access, or copying of content or to enforce limitations on the use of the Platform.
3. Reputation Damage: Disparage, tarnish, or otherwise harm SafeRec, its reputation, or the integrity of the Platform through defamatory statements, false claims, or any other harmful conduct.
4. Harassment or Harm: Use any information, tools, or resources obtained from the Platform to harass, abuse, intimidate, defraud, or harm another person, entity, or organisation.
5. Malicious Software: Upload, transmit, or attempt to upload or transmit viruses, Trojan horses, worms, logic bombs, or any other material designed to disrupt the functionality, features, or operation of the Platform.
6. Automated System Use: Engage in any automated or unauthorised use of the system, such as deploying scripts, bots, data mining tools, web crawlers, or other data gathering or extraction tools.
7. Unauthorised Impersonation: Attempt to impersonate another user, person, or entity, or use the credentials or identity of another user without explicit authorisation.
8. Unauthorised Commercial Use: Exploit the Platform or its content for any unauthorised commercial purpose, including but not limited to resale, sublicensing, or the provision of services to third parties derived from the Platform's functionality or output.
9. Competitive Activities: Users are expressly and absolutely prohibited from using the Platform, any of its components, data, structures, logic, outputs, visual designs, methodologies, compliance processes, algorithms, or any other information, know-how, or materials derived—directly or indirectly—from the Platform or from SafeRec's Services, for any purpose that competes, or could reasonably be deemed to compete, with SafeRec, its Certification Framework, or its commercial interests.
  
  This prohibition includes (without limitation):
  1. Developing, operating, promoting, supporting, investing in, advising, or providing services to any product, platform, or business (including subsidiaries, affiliates, or joint ventures) that offers or intends to offer functionality, reporting, auditing, or certification comparable to SafeRec's Services.
  2. Reverse-engineering, disassembling, decompiling, analysing, translating, or otherwise attempting to reconstruct or replicate any aspect of the Platform, including SafeRec's scoring mechanisms, audit methodology, data structures, or API logic.
  3. Using, disclosing, or referencing any reports, compliance outputs, data analytics, screenshots, or visual representations from the Platform to inform the design, development, marketing, or sale of competing services.
  4. Engaging or assisting (whether directly or indirectly, whether as employee, consultant, contractor, director, shareholder, or advisor) any third party to perform any of the foregoing acts.
  5. For the purposes of this clause, "competing" shall be interpreted broadly and includes any service, software, or system offering features or outcomes that could reasonably substitute for, overlap with, or replicate any element of the SafeRec Platform, SafeRec Certification, or the SafeRec Ecosystem.
SafeRec reserves the right to immediately suspend or terminate access to the Platform where it reasonably suspects any breach or attempted breach of this clause. Any such breach shall constitute a material breach of this Agreement and entitle SafeRec, without prejudice to any other rights or remedies, to seek injunctive relief, damages, account of profits, and any other equitable or legal remedy available under English law.

Users acknowledge that the restrictions set out in this clause are fair, reasonable, and necessary to protect SafeRec's legitimate business interests, intellectual property, trade secrets, and confidential information, and that any breach would cause irreparable harm to SafeRec for which monetary damages alone would be inadequate.
1. Legal and Regulatory Violations: Use the Platform in any manner that violates applicable laws, regulations, or industry standards, including but not limited to laws governing data protection, intellectual property, and fraud prevention.
2. Interference with Platform Operations: Interfere with or disrupt the proper functioning, performance, or accessibility of the Platform through overburdening, denial-of-service attacks, or similar disruptive methods.
Users who engage in any prohibited activity outlined in this section may have their access to the Platform immediately terminated, and SafeRec reserves the right to pursue legal action to address any damages or violations.
Customer Obligations
1. Legal Compliance
  1. Users must utilise the Services in full compliance with all applicable laws, regulations, and their internal company policies. Users are solely responsible for ensuring that their use of the Services adheres to any industry-specific regulations or standards applicable to their operations.
  2. Users must not use the Services in a manner that imposes any industry-specific regulatory requirements, legal obligations, or liabilities on SafeRec that would not otherwise apply to SafeRec in the absence of such use.
  3. Users acknowledge and agree that SafeRec is not liable for any non-compliance arising from their use of the Services. Any liabilities or consequences resulting from violations of this clause shall remain solely the responsibility of the User.
2. Unacceptable Uses
  
  Users are responsible for their conduct and the conduct of their authorised users. Users must ensure that neither they nor their users engage in any of the following prohibited activities:
  1. Interference and Misuse: Interfering with the normal operation of the Services or attempting to access them through unauthorised methods, such as bypassing the interfaces and instructions provided by SafeRec.
  2. Circumventing Account Limitations: Circumventing or attempting to circumvent any limitations imposed by SafeRec on their account, including but not limited to user limits or feature restrictions specified in subscription terms.
  3. Unauthorised Security Testing: Probing, scanning, or testing the vulnerability of any SafeRec system, network, or component without SafeRec's prior written authorisation.
  4. Reverse Engineering: Deciphering, decompiling, disassembling, translating, creating derivative works, reverse-engineering, or attempting to reconstruct, identify, or discover any source code, algorithms, user interface techniques, or underlying ideas used to provide the Services, or encouraging others to do so.
  5. Privacy Violations: Directly or indirectly identifying any user or individual contrary to the terms of a Confidentiality Notice, privacy settings, or applicable law, or attempting to do so.
  6. Transmission of Malicious Software: Uploading, transmitting, or attempting to transmit viruses, malware, or any other harmful software, or links to such software, through the Services.
  7. Abusive or Excessive Use: Engaging in usage patterns that are significantly excessive or abusive compared to average usage. Such practices include activities that negatively affect the speed, stability, availability, or functionality of the Services for other customers or users. SafeRec will make reasonable efforts to notify Users of any abusive or excessive usage and provide an opportunity to reduce usage to acceptable levels.
  8. Intellectual Property Infringement and Unlawful Activity: Using the Services in a way that infringes upon the intellectual property rights of third parties or engaging in any unlawful or prohibited activities.
  9. Circumventing Restrictions: Attempting to bypass any built-in license, usage, or timing restrictions within the Services, including unauthorised extensions of access rights or features.
  10. Resale and Redistribution: Without explicit written authorisation from SafeRec, lending, reselling, leasing, sublicensing, or otherwise using the Services for the benefit of third parties, whether directly or indirectly.
  11. Prohibited Activities Referenced in Clause 16: Engaging in any additional activities prohibited under Clause 16 of this Agreement or any other referenced provisions.
3. Enforcement and Consequences:
  1. SafeRec reserves the right to monitor usage and enforce compliance with this section. Any violation may result in the suspension or termination of access to the Services, as well as legal action to recover damages or enforce restrictions.
  2. Users are solely responsible for any consequences, damages, or liabilities resulting from prohibited activities or their failure to comply with these obligations.
Intellectual Property
1. Ownership of Intellectual Property: All intellectual property rights, including but not limited to copyrights, database rights, trademarks, trade secrets, patents, design rights (whether registered or unregistered), and all other proprietary rights in and to the Platform and Services, including all content, software, tools, algorithms, text, graphics, user interfaces, data compilations, and documentation, are and shall remain the exclusive property of SafeRec or its licensors.
  
  Nothing in this Agreement shall operate to transfer any ownership rights in the Platform or Services to the User.
2. Limited Licence to Use the Platform: Subject to strict compliance with this Agreement, SafeRec grants Users a limited, revocable, non-exclusive, non-transferable, and non-sublicensable licence to access and use the Platform solely for their internal business operations and only in accordance with the features and permissions associated with their selected subscription plan. This licence is granted solely for the purpose of utilising the Services as expressly described in this Agreement and does not confer any rights to copy, modify, redistribute, or exploit the Platform in any other manner.
3. Restrictions on Use
  
  Users shall not, under any circumstances, directly or indirectly:
  1. Copy, reproduce, duplicate, republish, distribute, transmit, display, post, or make any part of the Platform available to any third party without prior written consent from SafeRec;
  2. Modify, adapt, translate, or create derivative works based on any part of the Platform or Services;
  3. Disassemble, decompile, reverse engineer, or attempt to discover the source code, object code, underlying structure, algorithms, or ideas of the Platform or any of its components;
  4. Use the Platform or Services to develop, operate, support, or assist in the development of any product or service that competes with, or is intended to compete with, SafeRec's offerings;
  5. Remove, alter, obscure, or deface any proprietary notices, labels, or marks on the Platform or any materials provided by SafeRec;
  6. Commercially exploit the Platform or Services in any manner not expressly authorised by this Agreement, including reselling access or using the Platform on behalf of third parties.
4. Reservation of Rights: All rights not expressly granted to the User under this Agreement are reserved by SafeRec and its licensors. Any use of the Platform or Services not expressly permitted under this Agreement constitutes an unauthorised use and a material breach of this Agreement. SafeRec reserves the right to take any legal or equitable action to protect its intellectual property rights, including seeking injunctive relief and pursuing damages.
Customisation Requests
1. Customisation Engagements and Fees: Customisation services offered by SafeRec, including but not limited to modifications, feature adaptations, bespoke configurations, or integrations with third-party systems, are not included within standard subscription plans and shall be subject to separate written agreements.
  
  Such agreements may include project specifications, timelines, deliverables, and applicable fees, all of which must be expressly agreed upon in writing by both parties prior to the commencement of any customisation work. SafeRec reserves the absolute right to accept or reject any customisation request and without obligation to provide justification for such decision.
2. Scope and Limitation of Customisation Work: Any customisation services undertaken by SafeRec shall be performed strictly in accordance with the agreed specifications and scope defined in the relevant customisation agreement. SafeRec shall not be required to provide any additional support, maintenance, updates, or warranties in respect of customisation work unless expressly agreed in writing. All customisations are provided strictly on an "as-is" basis. SafeRec disclaims any liability arising from or related to the functionality, compatibility, effectiveness, or outcomes of customisation work once delivered, except where otherwise required by law or explicitly agreed to in writing. SafeRec may, at its sole discretion, reuse, adapt, or commercialise any customisation, development, or configuration created during the engagement, provided such use does not disclose the User's confidential information.
3. Ownership and Intellectual Property in Customisations: Unless otherwise agreed in writing, all intellectual property rights in any customisation work shall remain the sole property of SafeRec. The User is granted a limited, non-exclusive, non-transferable licence to use the customisation solely in connection with their authorised use of the Platform and only for the duration of their valid subscription.
4. No Obligation to Develop or Maintain: SafeRec is under no obligation to continue developing, enhancing, or maintaining any custom feature or function unless explicitly included in a mutually executed agreement. Any future updates, modifications, or ongoing support related to customisations shall be subject to additional fees and separate terms.
Disclaimers
1. Provision of Services "As-Is" and "As Available": The Platform and all Services provided by SafeRec are made available to Users on an "as-is" and "as available" basis, without warranties or representations of any kind, whether express, implied, statutory, or otherwise. To the fullest extent permitted by applicable law, SafeRec expressly disclaims all warranties, conditions, and representations, including but not limited to:
  1. Any implied warranties of merchantability, fitness for a particular purpose, accuracy, title, and non-infringement;
  2. Any warranties arising out of course of dealing, usage, or trade.
2. Informational Nature of Platform Outputs: All outputs generated by the Platform—such as Compliance Scores, Payslip Audit Reports, Key Information Documents (KIDs), and Comparator tools—are provided to support Users' compliance assessments and decision-making, but not intended as financial or legal advice.
  
  Users are solely responsible for interpreting and applying these outputs in accordance with applicable legal and compliance frameworks and are strongly advised to seek independent professional advice where necessary. SafeRec accepts no liability for decisions or actions taken based on Platform outputs.
3. Service Availability and Performance: SafeRec does not warrant or guarantee that access to the Platform will be continuous, uninterrupted, timely, or error-free. Access may be temporarily suspended or restricted due to maintenance, updates, technical issues, Force Majeure Events (as defined in Clause 14), or other operational requirements. While SafeRec endeavours to provide reliable access to the Services, the Platform is provided on an "as is" and "as available" basis and SafeRec expressly disclaims any representation or warranty, express or implied, regarding any specific level of availability, uptime, or system performance, unless expressly agreed in a separate written service level agreement. SafeRec will make reasonable efforts to provide advance notice of scheduled maintenance or known disruptions, but does not accept any liability for service interruptions or data unavailability resulting from such events. Users are encouraged to maintain adequate internal backup systems and contingency plans for critical functions reliant on the Platform.
4. User-Generated Content: SafeRec disclaims all responsibility and liability for the accuracy, legality, reliability, or appropriateness of any content uploaded, submitted, or generated by Users on the Platform, including documents, payslips, KIDs, and other user-contributed data.
  
  Users remain solely responsible for ensuring that any content they provide is complete, lawful, non-infringing, and accurate. SafeRec does not pre-screen, review, or validate user-generated content and shall not be liable for any errors, omissions, or consequences arising therefrom.
5. Third-Party Integrations and External Links: To the extent the Platform offers integration with third-party systems or provides links to third-party websites or services, such integrations or links are provided solely for the User's convenience. SafeRec makes no representations or warranties regarding the functionality, accuracy, legality, or security of any third-party system, content, or service.
  
  Use of such third-party integrations or services is at the User's own risk and subject to the terms and conditions of the relevant third-party provider.
Liability Limitations
1. Exclusions of Liability: To the fullest extent permitted by law, SafeRec shall not be liable to any User, whether in contract, tort (including negligence), breach of statutory duty, or otherwise, for any loss, damage, costs, or expenses arising out of or in connection with the use of, or inability to use, the Platform or Services, including but not limited to:
  1. Loss of actual or anticipated profits, revenue, contracts, or business opportunities;
  2. Loss of use, loss of data, or corruption of data;
  3. Loss of goodwill, reputation, or anticipated savings;
  4. Business interruption or other commercial damages;
  5. Any indirect, incidental, special, exemplary, punitive, or consequential damages, even if such loss or damage was foreseeable or SafeRec had been advised of the possibility of the same.
2. User Negligence and Data Breaches: SafeRec shall not be held liable for any data breach, unauthorised access, loss, or corruption of data where such event is the result of the User's own act, omission, misconfiguration, negligence, or failure to maintain adequate security protocols, including failure to safeguard login credentials.
3. Limitation of Total Liability: In any event, SafeRec's total aggregate liability to a User for all claims, damages, losses, liabilities, and expenses arising under or in connection with this Agreement (whether in contract, tort, breach of statutory duty, or otherwise) shall be limited to the total amount of subscription fees actually paid by the User to SafeRec in the twelve (12) months immediately preceding the date on which the claim arose.
  
  This limitation shall apply even if the remedies provided in this Agreement fail of their essential purpose.
4. Indemnification by the User: Users agree to fully indemnify, defend, and hold harmless SafeRec, its directors, officers, employees, contractors, agents, licensors, and affiliates from and against any and all third-party claims, demands, actions, proceedings, losses, liabilities, damages, costs, or expenses (including reasonable legal fees) arising out of or in connection with:
  1. Any misuse, unauthorised use, or fraudulent use of the Platform or Services by the User or its authorised representatives;
  2. Any breach of this Agreement or violation of any applicable law or regulation by the User;
  3. Any content or data uploaded, submitted, or transmitted by the User through the Platform, including any violation of intellectual property, data protection, or confidentiality rights.
5. Survival
  1. The limitations and exclusions of liability and indemnification obligations set forth in this clause shall survive the termination or expiry of this Agreement and continue to apply indefinitely.
Termination
1. Termination by SafeRec: SafeRec reserves the right without liability, to immediately suspend, restrict, or permanently terminate a User's access to the Platform and Services in whole or in part, with or without notice, in any of the following circumstances:
  1. The User breaches any provision of this Agreement, including but not limited to prohibited activities, non-compliance with legal obligations, or intellectual property infringements;
  2. The User fails to pay any applicable subscription fees when due or otherwise defaults on any payment obligations;
  3. The User engages in conduct that, in SafeRec's reasonable opinion, poses a security risk, causes material harm to SafeRec's infrastructure or reputation, or endangers other users of the Platform;
  4. As required by law, regulatory authority, or pursuant to a court order.
2. Effect of Termination: Upon termination of a User's account for any reason:
  1. All rights granted to the User under this Agreement shall cease immediately, including access to the Platform and any Services, data, or outputs generated therein;
  2. The User must cease all use of the Platform and, if applicable, destroy or securely delete any content, documentation, or proprietary information obtained from or related to the Services;
  3. SafeRec may, but is not obligated to, retain any User data for legal, audit, or operational purposes in accordance with its Privacy Policy and applicable laws.
3. Termination by the User: Users may terminate their subscription and account by providing written notice to SafeRec via email to support@saferec.co.uk. The termination shall take effect at the end of the then-current subscription term. No refund or credit shall be issued for any unused portion of the subscription period, except where required by law or as otherwise agreed in writing.
4. Survival of Terms: Any provisions of this Agreement which by their nature should reasonably survive termination shall continue in full force and effect, including but not limited to intellectual property rights, confidentiality obligations, limitations of liability, indemnities, and governing law clauses.
Privacy and Data Protection
1. Compliance with Data Protection Laws: SafeRec processes personal data in strict accordance with its Privacy Policy, the UK General Data Protection Regulation ("UK GDPR"), the Data Protection Act 2018, and all other applicable data protection and privacy laws and regulations. The Privacy Policy forms an integral part of this Agreement and governs how personal data is collected, used, stored, and shared by SafeRec. By using the Platform, Users acknowledge and agree to the terms of the Privacy Policy.
2. User Responsibilities and Lawful Basis: Users are solely responsible for ensuring that any personal data they upload, input, or otherwise share via the Platform is lawfully collected and processed. This includes, but is not limited to:
  1. Ensuring that they have a valid lawful basis (e.g., consent, legitimate interest, contractual necessity) for processing personal data in accordance with the UK GDPR;
  2. Informing data subjects (e.g., employees, workers, candidates) of how their personal data will be used and stored through appropriate privacy notices; and
  3. Obtaining all necessary consents or authorisations required by law before transmitting or making personal data available via the Platform.
  SafeRec shall not be held responsible for any failure by the User to obtain appropriate consents or comply with their obligations under data protection laws.
3. Data Security and Safeguards: SafeRec implements appropriate technical and organisational measures designed to ensure a level of security including measures to protect against unauthorised access, accidental loss, destruction, or damage to personal data. While SafeRec employs safeguards to protect personal data, Users acknowledge that no system can be guaranteed to be completely secure. Accordingly, SafeRec shall not be liable for any unauthorised access, loss, or damage to personal data except to the extent caused by SafeRec's demonstrable failure to comply with applicable data protection laws.
4. Data Retention: Personal data collected or processed via the Platform will be retained only for as long as is necessary to fulfil the purposes for which it was collected, or as required by applicable laws, regulations, or contractual obligations. Specific retention periods may be further detailed in SafeRec's Privacy Policy or agreed with the User under a data processing agreement.
5. International Data Transfers: If any personal data is transferred outside of the United Kingdom in the course of providing the Services, such transfers shall be made in compliance with the UK GDPR, including the use of approved international transfer mechanisms such as Standard Contractual Clauses or adequacy decisions where applicable.
6. Data Subject Rights and Support: Where SafeRec acts as a data controller, it will comply with its obligations under applicable law to facilitate data subject rights such as access, rectification, erasure, and objection. Where SafeRec acts as a data processor on behalf of the User, the User shall remain responsible for fulfilling such requests. SafeRec will provide reasonable assistance to the User in responding to such requests, provided such assistance is legally permissible and subject to any applicable charges.
Creditsafe Data Terms
1. Introduction: Certain information, scores, and business credit reports available within the SafeRec Platform are sourced from Creditsafe Business Solutions Limited ("Creditsafe"). SafeRec acts as an authorised reseller and data intermediary for Creditsafe in the United Kingdom. By accessing or using any portion of the Platform that includes Creditsafe data, the User agrees to comply with this Section 16 in full.
2. Permitted Use
  1. Creditsafe data is provided exclusively for the User's internal business purposes, including credit checking, compliance monitoring, due-diligence assessments, and risk management within the recruitment supply chain.
  2. Users must not use Creditsafe data for marketing, prospecting, lead generation, or any other unsolicited commercial activity.
  3. The information must not be relied upon as the sole basis for commercial, financial, or compliance decisions and is supplied "as is," subject to the disclaimers set out below.
3. Authorised Access within the SafeRec Ecosystem
  1. When a Recruitment Agency subscribes to a paid plan on the Platform, it gains access to the Creditsafe business credit scores and reports of all SafeRec Certified Umbrella Companies for internal due-diligence purposes.
  2. That Agency's own Creditsafe score and report could, in turn, become automatically visible to its connected Managed Service Provider (MSP) clients and Umbrella Companies within the Platform.
  3. This data sharing occurs solely within the controlled SafeRec environment and forms part of SafeRec's compliance and transparency functionality.
  4. No party is granted direct access to the Creditsafe API or a Creditsafe account. All retrieval and presentation of data are performed through SafeRec's integration.
4. Restrictions on Use and Distribution
  1. Users must not copy, download, export, scrape, resell, sublicense, distribute, or otherwise make available any Creditsafe data outside the SafeRec Platform.
  2. Sharing Creditsafe data is permitted only between Recruitment Agencies, their connected MSPs, and Umbrella Companies through the Platform interface.
  3. No Creditsafe data may be incorporated into any external database, public website, marketing material, or automated decision-making system.
  4. Each recipient of Creditsafe data remains responsible for keeping the information confidential and for using it solely for legitimate compliance and due-diligence purposes.
5. Data-Protection Responsibilities
  1. SafeRec and each User act as independent data controllers when processing Creditsafe data.
  2. Each party must ensure it has a lawful basis under the UK GDPR and Data Protection Act 2018 for processing the data and must maintain appropriate technical and organisational measures to protect it against unauthorised access, loss, or misuse.
  3. Creditsafe data must not be transferred or made accessible outside the UK or EEA unless appropriate safeguards under Chapter V UK GDPR (such as Standard Contractual Clauses or adequacy decisions) are in place.
  4. Any actual or suspected unauthorised use, access, or disclosure of Creditsafe data must be reported to SafeRec without delay, and the User shall cooperate fully in any investigation or remediation.
6. Compliance by Connected Parties
  1. By participating in the SafeRec Platform, each Recruitment Agency, MSP, and Umbrella Company agrees to be bound by these Creditsafe Data Terms as if a direct party to them.
  2. Recruitment Agencies must ensure that their linked MSPs and Umbrella Companies comply with these obligations and do not misuse or export Creditsafe data.
  3. SafeRec may suspend or revoke a User's access to Creditsafe data at any time if it reasonably believes these terms have been breached or if required to do so by Creditsafe or law.
7. Audit and Oversight
  1. SafeRec, or Creditsafe acting through SafeRec, may request written confirmation, logs, or usage records from a User to demonstrate compliance with this Section 16. Users agree to cooperate with any such request and acknowledge that Creditsafe may, through SafeRec, conduct periodic audits to verify lawful use of Creditsafe data..
  2. Users must cooperate with any such request and provide information reasonably required to verify lawful and compliant use of Creditsafe data.
  3. Failure to cooperate may result in suspension or termination of access to Creditsafe data.
8. Intellectual Property
  1. All rights, title, and interest in and to Creditsafe data and associated materials remain the exclusive property of Creditsafe and its licensors.
  2. No intellectual-property rights are transferred to the User. Any unauthorised use of Creditsafe data constitutes a material breach of these Terms.
9. Termination of Access
  1. Access to Creditsafe data may be suspended or terminated without notice if:
    1. SafeRec's reseller agreement with Creditsafe expires or is terminated;
    2. the User breaches this Section 16; or
    3. such suspension or termination is required by Creditsafe, regulation, or law.
  2. Upon termination, the User must immediately cease using Creditsafe data and securely delete or irreversibly anonymise any copies within its control, unless retention is legally required.
10. Disclaimer and Limitation of Liability
  1. Creditsafe data is provided on an "as is" and "as available" basis. Neither SafeRec nor Creditsafe guarantees the accuracy, completeness, or timeliness of the information.
  2. To the fullest extent permitted by law, SafeRec's total aggregate liability to any User arising from the provision or use of Creditsafe data shall be limited to the amount of subscription fees paid by that User to SafeRec in the twelve (12) months preceding the event giving rise to the claim.
  3. Users shall indemnify and hold harmless SafeRec from any losses, claims, or liabilities resulting from their misuse of Creditsafe data or breach of this Section 16.
11. Survival: The obligations in this Section 16 shall survive termination or expiry of the User's subscription and continue for so long as the User retains or makes use of any Creditsafe data.
Governing Law and Dispute Resolution
1. Governing Law: This Agreement, and any dispute or claim (including non-contractual disputes or claims) arising out of or in connection with it, its subject matter, or its formation, shall be governed by and construed in accordance with the laws of England and Wales. The choice of law is made irrespective of any conflict of laws principles, and the parties expressly exclude the application of any foreign or international laws or treaties, including the United Nations Convention on Contracts for the International Sale of Goods (CISG).
2. Initial Dispute Resolution – Good-Faith Negotiations: In the event of any dispute, controversy, or claim arising out of or relating to this Agreement, the parties shall first attempt to resolve the matter amicably through prompt, good-faith negotiations. Each party shall designate a representative with authority to resolve the dispute and shall engage in direct discussions within fourteen (14) days of written notice of the dispute by one party to the other.
3. Binding Arbitration: If the parties are unable to resolve the dispute through negotiations within thirty (30) days of the initial notice, the matter shall be referred to and finally resolved by binding arbitration under the Arbitration Rules of the London Court of International Arbitration (LCIA), which are deemed to be incorporated by reference into this clause. The following terms shall apply:
  1. The seat, or legal place, of arbitration shall be London, United Kingdom;
  2. The arbitration proceedings shall be conducted in the English language;
  3. The arbitral tribunal shall consist of a sole arbitrator appointed in accordance with the LCIA Rules, unless otherwise agreed in writing;
  4. The decision of the arbitrator shall be final and binding on the parties and enforceable in any court of competent jurisdiction.
4. Injunctive Relief and Interim Measures: Notwithstanding the above, nothing in this Agreement shall restrict either party's right to seek urgent or injunctive relief in a court of competent jurisdiction where such relief is necessary to prevent irreparable harm or preserve the status quo pending the outcome of arbitration proceedings.
5. Costs of Arbitration: Each party shall bear its own legal and administrative costs in connection with the arbitration. The costs of the arbitrator and the arbitration proceedings shall be borne equally by the parties, unless the arbitrator determines otherwise in their final award.
Force Majeure
1. Definition: For the purposes of this Agreement, a "Force Majeure Event" means any circumstance beyond the reasonable control of the affected party, including but not limited to: natural disasters, flood, fire, earthquake, storm, or other adverse weather conditions; war, armed conflict, terrorist attacks or threats; civil unrest; industrial disputes or strikes (excluding those involving the affected party's workforce); epidemic, pandemic or communicable disease; governmental or regulatory actions; utility failures; cyberattacks; or interruption or failure of internet or hosting services not caused by the affected party.
2. Relief from Liability: Neither party shall be liable for any delay or failure in performing its obligations under this Agreement to the extent such delay or failure is directly caused by a Force Majeure Event.
3. Obligations During Force Majeure: The affected party must promptly notify the other party in writing upon the occurrence of a Force Majeure Event, detailing the nature of the event and its expected duration, and must use reasonable endeavours to mitigate its effects.
4. Termination for Extended Force Majeure: If a Force Majeure Event continues for more than thirty (30) consecutive days and substantially prevents performance of this Agreement, either party may terminate this Agreement with immediate effect by written notice to the other party, without liability for such termination.
5. Any provisions of this Agreement which by their nature should reasonably survive termination shall continue in full force and effect, including but not limited to clauses relating to intellectual property, confidentiality, data protection, indemnities, limitation of liability, and governing law.
General Provisions
1. Amendments and Modifications: SafeRec reserves the right to amend, modify, or update the terms of this Agreement at any time and at its sole discretion. Any such changes will take effect upon posting the revised Agreement on the Platform or as otherwise communicated to Users through reasonable means, such as email or Platform notifications. The "Last Updated" date at the beginning of this Agreement will reflect the date of the most recent revisions.
  
  Continued use of the Platform or Services following the publication or notification of modifications constitutes the User's acceptance of the revised terms. Users are responsible for regularly reviewing the Agreement to remain informed of any updates.
2. Severability: If any provision of this Agreement is determined to be unlawful, void, or unenforceable for any reason by a court or tribunal of competent jurisdiction, such provision shall be deemed severed from this Agreement. The remaining provisions shall continue in full force and effect and shall be interpreted to give effect to the original intent of the parties to the maximum extent permitted by law.
3. Electronic Communications and Signatures: Users agree and consent to receive all communications, notices, agreements, and disclosures from SafeRec electronically, including via email or through Platform interfaces, and to the use of electronic signatures in place of physical signatures.
  
  Users acknowledge that such electronic communications satisfy any legal requirement that such communications be in writing and that electronic agreements and records shall be deemed legally binding and enforceable to the same extent as hard copy documents signed in ink.
4. Entire Agreement: This Agreement, together with any schedules, supplemental terms, policies, or documents expressly incorporated by reference, constitutes the entire agreement between the User and SafeRec in relation to its subject matter and supersedes all prior oral or written understandings, arrangements, or communications.
5. Waiver: No failure or delay by SafeRec in exercising any right, power, or remedy under this Agreement shall operate as a waiver thereof, nor shall any single or partial exercise of any such right, power, or remedy preclude any further exercise thereof or the exercise of any other right, power, or remedy.
6. Assignment: Users may not assign, transfer, or delegate any of their rights or obligations under this Agreement without the prior written consent of SafeRec. SafeRec may assign or transfer its rights and obligations under this Agreement at any time without restriction or the need for consent, including in connection with a merger, acquisition, sale of assets, or corporate reorganisation.
7. Document Precedence:In the event of any inconsistency or conflict between these Terms and any other agreement, schedule, or policy between the User and SafeRec, these Terms shall prevail unless a separate written agreement expressly states otherwise.
Contact Information

For any questions, concerns, requests, or notices relating to this Agreement, the Platform, or the Services provided by SafeRec, Users may contact us using the details below:

SAFEREC GROUP LTD
Registered Office: 71–75 Shelton Street,
Covent Garden, London, WC2H 9JQ,
United Kingdom

Email: contact@saferec.co.uk
Telephone: +44 (0) 20 8050 8775

SafeRec welcomes questions or partnership enquiries relating to these Terms or the SafeRec Ecosystem. For commercial matters, please contact us at contact@saferec.co.uk.

Schedule 1 - Data Sharing Agreement

Parties and Roles
1. This Data Sharing Agreement ("Agreement") forms part of the SafeRec Platform Terms & Conditions.
2. For the purposes of the UK GDPR and Data Protection Act 2018:
  1. The Umbrella Company acts as Data Controller in respect of worker personal data processed via the SafeRec platform.
  2. SafeRec acts as Data Processor when processing personal data on behalf of the Umbrella Company, in accordance with a separate Data Processing Agreement.
  3. Where SafeRec provides audit reports, compliance findings, or related outputs that contain personal data ("Reports") to a Recruitment Agency or other supply chain participant (each a "Recipient"), that Recipient acts as an Independent Data Controller in respect of the Reports it receives.
3. For the avoidance of doubt, this Agreement applies only to the sharing of Reports with Recipients. The controller–processor arrangements between SafeRec and Umbrella Companies are governed separately and are not covered here.
Purpose of Sharing
1. Reports are shared solely to enable compliance monitoring, transparency, and due diligence across the labour supply chain.
2. Recipients may use Reports only to:
  1. assess the compliance of Umbrella Companies,
  2. meet legal, regulatory, or contractual obligations, and inform decisions directly related to worker engagement and payroll compliance.
  3. Reports must not be used for marketing, profiling unrelated to compliance, or any other commercial purpose.
Categories of Data
1. The Reports may include (depending on scope):
  1. Worker identifiers (e.g. name, National Insurance number, employee reference),
  2. Payroll and payslip data (company receipt, gross pay, deductions, net pay, tax/NIC contributions, expenses),
  3. Umbrella Company identifiers,
  4. Audit outcomes, compliance flags, and related annotations.
Lawful Basis
1. Each party must ensure it has a lawful basis under Article 6 UK GDPR for its processing.
2. Lawful bases may include:
  1. legitimate interests in ensuring compliance in the labour supply chain, and legal obligations under tax, employment, or regulatory law.
  2. Where special category data is processed (e.g. trade union deductions), each Controller must identify and document a valid Article 9 condition.
Transparency and Fairness
1. The Umbrella Company, as originating Controller, must ensure workers are informed—via privacy notice or other appropriate means—that their data may be processed by SafeRec and shared with Recipients.
2. Recipients must ensure their own privacy notices clearly describe the receipt and use of Reports for compliance and due-diligence purposes.
Responsibilities of the Parties
1. Each party is responsible for:
  1. complying with UK GDPR and DPA 2018 as an independent Controller,
  2. maintaining records of processing,
  3. ensuring data subject rights (access, rectification, erasure, restriction, portability, objection) can be exercised, and
  4. responding to data subject requests relating to the data it controls.
2. SafeRec shall ensure Reports are transmitted securely, using encryption or equivalent measures.
3. Recipients shall apply security measures appropriate under Article 32 UK GDPR, including access controls, staff training, and secure storage.
Restrictions on Use
1. Recipients shall not:
  1. use Reports outside the scope set out in Clause 2,
  2. disclose Reports to third parties except where required by law or with the written consent of SafeRec and/or the relevant Umbrella Company,
  3. process Reports in a way incompatible with the original purposes of processing.
International Transfers
1. Recipients shall not transfer Reports outside the UK or EEA without implementing appropriate safeguards under Chapter V UK GDPR (e.g. adequacy decision, IDTA/Addendum, or SCCs).
2. Where reasonably requested, Recipients shall confirm to SafeRec in writing the safeguards relied upon.
Retention and Deletion
1. Recipients may retain Reports only for as long as necessary for the purposes in Clause 2.
2. At the end of that period, Recipients must securely delete or irreversibly anonymise Reports unless a longer retention is required by law.
Data Subject Rights
1. Each party is individually responsible for managing and responding to requests from data subjects in respect of the personal data it controls.
2. Where necessary, parties shall provide reasonable assistance to each other in fulfilling such requests.
Data Breach Notification
1. Each party shall notify the others without undue delay (and in any event within 48 hours) upon becoming aware of a personal data breach affecting Report data.
2. Parties shall co-operate in investigating, mitigating, and (where required) notifying the ICO or affected data subject.
Oversight
1. Each party shall maintain documentation sufficient to demonstrate compliance with this Agreement.
2. Upon reasonable written request, Recipients shall provide SafeRec with information necessary to demonstrate such compliance.
Liability
1. Each party acknowledges it is independently liable for its own processing as an Independent Controller.
2. No party shall be liable for another's breaches of data protection law, except to the extent it has contributed to or caused such breaches.
Term and Termination
1. This Agreement remains in force for as long as Reports are shared between the parties.
2. Upon termination of the SafeRec platform agreement, or upon request, Recipients shall securely delete or return Reports, unless retention is required by law.
Governing Law
1. This Agreement is governed by and construed in accordance with the laws of England and Wales.
2. The courts of England and Wales shall have exclusive jurisdiction over any dispute relating to this Agreement.

Last Updated: 04/10/2025

Privacy Policy

This Privacy Policy sets out in detail how SAFEREC GROUP LTD, a company incorporated and registered in England and Wales under company number 12584207, with its registered office at 71–75 Shelton Street, London, WC2H 9JQ ("SafeRec", "we", "us", or "our"), processes personal data relating to users ("you" or "your") of the SafeRec Platform and the associated website, including any subdomains, web-based applications, or connected services made available by us (collectively referred to as the "Website" or "Platform").

This Privacy Policy explains, in accordance with the UK General Data Protection Regulation ("UK GDPR"), the Data Protection Act 2018, and any other applicable data protection and privacy laws in the United Kingdom:

What categories of personal data we collect from you or about you;
The legal bases upon which we rely to process your personal data;
The purposes for which we use personal data and the ways in which it is processed;
The circumstances in which we may share your personal data with third parties, including affiliated entities;
The technical and organisational safeguards we implement to protect your data;
Your rights in relation to the personal data we hold about you; and
How you can contact us or the Information Commissioner's Office in the event of a concern or complaint.

This Privacy Policy applies exclusively to data collected or processed by or on behalf of SafeRec in connection with your use of the Website and the Platform, and does not extend to third-party websites, software, or services that may be linked to or accessed via our Website.

By accessing or using the Website or the Platform, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. This Privacy Policy should be read in conjunction with our Terms and Conditions of Use, which set out the legal terms governing your use of our services.

Who We Are

SAFEREC GROUP LTD is a company incorporated and registered in England and Wales under company number 12584207, with its registered office located at 71–75 Shelton Street, London, WC2H 9JQ, United Kingdom. For the purposes of this Privacy Policy, any reference to "SafeRec", "we", "us", or "our" shall be construed as referring to SAFEREC GROUP LTD exclusively.

SafeRec is a provider of software-as-a-service (SaaS) solutions, specialising in compliance and audit services for the recruitment and umbrella company sectors via its proprietary platform and tools (the "Platform"). Depending on the specific circumstances of the processing activity and the nature of your interaction with the Platform or Website, SafeRec may act in the capacity of either a data controller or a data processor, as defined under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
- As a Data Controller: SafeRec acts as a data controller when it determines the purposes and means of processing personal data. This includes, but is not limited to, activities such as the registration and administration of user accounts, internal analytics, billing and payment processing, provision of customer support, direct marketing communications (where applicable), and usage monitoring to improve service delivery.
- As a Data Processor: SafeRec acts as a data processor when it processes personal data strictly on behalf of and in accordance with the instructions of a data controller client (typically, an Umbrella Company or similar organisation using the Platform). Examples of such processing include, but are not limited to:
  - The receipt and analysis of payslips submitted for audit by the client;
  - The automated generation of Key Information Documents (KIDs) on behalf of the client;
In all cases where SafeRec acts as a data processor, the client remains the data controller and is responsible for ensuring the lawful basis for processing, transparency, and fulfilment of data subject rights, unless otherwise expressly agreed in writing.

For the avoidance of doubt, in most cases where workers' or candidates' personal data (for example, within payslips, Key Information Documents (KIDs) or other payroll or compliance documentation) is processed through the Platform, SafeRec acts as a data processor on behalf of the relevant umbrella company, recruitment agency or other client organisation, who remains the data controller. Workers and candidates should normally direct any queries or requests in relation to their personal data (including subject access requests) to that organisation in the first instance.

SafeRec is registered with the Information Commissioner's Office (ICO) under registration number ZB331271 and is subject to the supervision of the ICO as the competent data protection authority in the United Kingdom.
What Data We Collect

SafeRec collects and processes a range of personal data to facilitate your use of the Platform and the Services it provides. The nature and scope of the data collected may vary depending on the specific services utilised, the functionality accessed, and the relationship between you (or your organisation) and SafeRec. Data may be collected either directly from you, indirectly through your organisation, or automatically via your interactions with the Website or Platform.

The categories of personal data that may be collected, stored, or processed include, but are not limited to, the following:
1. Identity and Contact Information
  - Full name
  - Email address
  - Telephone number
  - Company or organisation name
  - Job title and professional role
  This information is typically collected during user registration, subscription setup, support requests, or account management processes.
2. Account Credentials and Organisational Access
  - Username and password (hashed and stored securely)
  - Associated roles or permissions (e.g., admin, auditor, viewer)
  - Company-specific access rules or tiers
  - Subscription plan details and permissions granted under that plan
  This data enables controlled access to the Platform's core services and ensures that only authorised users operate within defined parameters.
3. Document and Compliance Data (Uploaded or Inputted)
  - Payslips submitted for audit
  - Umbrella company documentation
  - Compliance documentation (e.g. accreditation certificates, contracts)
  - Configuration data (e.g. audit rules, custom fields, comparator inputs)
  This category includes any files uploaded or data entered into the Platform by users in the context of utilising services such as the Payslip Audit, Compliance Score generation, KID creation, or Umbrella Comparator tools, as outlined in the Terms and Conditions.
  
  Note: In many cases, this information may relate to third-party individuals such as agency workers or candidates. Where such data is processed by SafeRec on your behalf, you are responsible for ensuring all necessary consents or legal bases are in place, in accordance with Clause 12.2 of the Terms and Conditions.
  
  SafeRec does not intentionally require the submission of special category personal data (such as health information or trade union membership) or criminal offence data. To the extent that such data may appear incidentally within documents uploaded to the Platform (for example, within payslips), SafeRec processes it only on behalf of the relevant client and in accordance with their documented instructions. Clients are responsible for ensuring they have an appropriate lawful basis and condition for processing such data and for providing appropriate transparency to affected individuals.
4. Payment and Billing Information
  - Company billing address
  - VAT number
  - Contact person for invoicing
  - Payment card or direct debit details (processed securely via third-party providers)
  Financial information is used solely to process payments for subscription plans and customisation services, in accordance with our contractual obligations.
5. Technical and Usage Data (Collected Automatically)
  - IP address
  - Browser type and version
  - Operating system and device identifiers
  - Referral URLs and exit pages
  - Pages viewed and time spent on the Platform
  - Feature usage statistics (e.g. number of audits run, documents uploaded)
  This data is collected through standard web server logs, internal telemetry tools, and third-party analytics to monitor Platform performance, improve user experience, detect security threats, and understand usage trends.
6. Cookies and Tracking Technologies
  
  We use cookies and similar tracking technologies to enhance user experience, remember preferences, and analyse website traffic. These may collect unique identifiers and behaviour-based data. Please refer to our Cookie Policy for a detailed breakdown of cookies used and your rights to opt in or out of specific categories.
  
  Non-essential cookies and similar technologies will only be used where you have provided your consent via our cookie banner or settings. You can withdraw your consent or change your cookie preferences at any time by adjusting your choices in the banner or through your browser settings.
7. Children and Our Services
  
  Our Platform and Website are intended for use by business users only and are not directed at children. We do not knowingly collect personal data relating to individuals under the age of 18. If you believe that a child has provided personal data to us, please contact us using the details in section 8, and we will take appropriate steps to delete such information where required.
How We Collect Your Data

SafeRec collects personal data through a combination of direct interactions, automated technologies, and third-party integrations. The method by which personal data is collected depends on your interaction with the Platform and the scope of services used. Data may be collected either directly from you, from your employer or associated organisation, or automatically through technical means.

We collect personal data in the following circumstances:
1. When You Register for an Account or Access the Platform
  
  When you, or a designated representative of your organisation, register for an account, we collect the personal data required to establish user credentials and assign access rights. This may include your name, email address, company name, job title, and account role (e.g., administrator, compliance officer, auditor).
  
  Additionally, when you log into the Platform, metadata related to access time, device type, and IP address is automatically logged to ensure secure access and to monitor potential misuse or unauthorised access attempts.
2. When You or your employer Upload Documents or Submit Information for Processing
  
  We collect personal data when you or your employer uploads content to the Platform for the purpose of using specific features, including but not limited to:
  - Payslips submitted for audit;
  - Worker-related information for Key Information Documents (KIDs);
  - Compliance-related documents for Umbrella Management or Accreditation Tracking;
  - Data inputs for the Umbrella Comparator.
  This content may include personal data relating to third parties (such as agency workers or candidates). Where such data is submitted, it is the responsibility of the submitting party (i.e., the controller) to ensure that it has an appropriate legal basis for doing so.
3. When You Contact Us Directly
  
  We collect personal data when you contact SafeRec through any communication channel, including:
  - Web forms available on the Website;
  - Email correspondence sent to contact@saferec.co.uk or support@saferec.co.uk;
    Telephone communications;
  - Postal correspondence addressed to our registered office.
  This information may include your contact details, the nature of your enquiry, any supporting documents or messages you provide, and metadata relating to the communication (e.g., date and time of contact). Such interactions may be recorded or logged for the purposes of audit, security, service delivery, and training.
4. When You Interact with the Website or Platform
  
  When you visit or interact with our Website or Platform, we may automatically collect certain information through cookies, tracking pixels, server logs, and other automated technologies. This data may include:
  - IP address and approximate location;
  - Device and browser specifications;
  - Referral URLs and site navigation behaviour;
  - Session duration and actions taken within the Platform;
  - Language and display preferences.
  This data enables us to maintain the performance and integrity of the Platform, identify usability issues, and improve the functionality of our services. Further details can be found in our Cookie Policy.
5. When You Subscribe to Newsletters or Marketing Communications
  
  If you opt in to receive newsletters, payslip audit, product updates, or marketing materials from SafeRec, we collect and store your contact details and communication preferences. Depending on your interactions, we may also track whether emails were delivered, opened, or clicked. You may unsubscribe at any time by following the opt-out instructions in any email or by contacting us directly.
Lawful Basis for Processing

Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, all processing of personal data by SafeRec must be based on one or more recognised lawful bases. The lawful basis applicable will depend on the nature of the processing activity and the relationship between SafeRec and the data subject or client.
SafeRec processes personal data under the following lawful bases:
1. Performance of a Contract
  
  We process personal data where it is necessary for the performance of a contract to which you or your organisation or your employer is a party, or in order to take steps at your request prior to entering into such a contract.
  
  This includes, but is not limited to:
  - Creating and managing user accounts;
  - Enabling access to subscription services and platform features;
  - Generating audit results, Key Information Documents (KIDs), Compliance Scores, or other platform outputs;
  - Managing billing and invoicing processes;
  - Responding to service-related queries or support tickets.
  Where your organisation is the primary subscriber and you are acting on its behalf, our lawful basis remains contractual, and your data is processed to enable your organisation to receive the services subscribed to.
2. Legitimate Interests
  
  We process personal data where it is necessary for the purposes of our legitimate business interests, provided those interests are not overridden by your fundamental rights and freedoms.
  
  Our legitimate interests include:
  - Monitoring and improving the performance, security, and functionality of the Platform;
  - Conducting internal analytics, diagnostics, and reporting to optimise service delivery;
  - Preventing fraud, misuse, or unauthorised access to the Platform;
  - Sending B2B service-related communications or product updates to users with an existing relationship to SafeRec (in compliance with PECR and soft opt-in principles);
  - Managing our corporate affairs, including compliance, audits, and business restructuring.
  Where we rely on legitimate interests, we ensure that such processing is proportionate, relevant, and respects your rights and expectations. You have the right to object to processing on this basis, as described in Section 9 of this Privacy Policy.
3. Consent
  
  We may process your personal data based on your consent in specific situations, such as when you opt in to receive marketing communications, participate in surveys, or accept non-essential cookies. Where processing is based on consent, you may withdraw that consent at any time by following the instructions provided in our communications or contacting us at contact@saferec.co.uk. Withdrawal of consent shall not affect the lawfulness of processing carried out before withdrawal.
4. Compliance with Legal Obligations
  
  We may process your personal data where it is necessary for compliance with a legal obligation to which SafeRec is subject.
  
  This may include:
  - Retaining transaction records for accounting or tax purposes;
  - Responding to lawful requests from regulatory bodies, government authorities, or courts;
  - Complying with anti-money laundering (AML) or fraud prevention obligations;
  - Fulfilling statutory obligations in relation to data protection, employment law, or contract enforcement.
  Where required, we will limit such processing to the minimum extent necessary and ensure that any disclosures are strictly in accordance with applicable legal requirements.
How We Use Your Data

SafeRec processes personal data strictly in accordance with applicable data protection laws and only for specific, legitimate, and explicitly defined purposes. The scope of processing is determined by the relationship between you (or your organisation) or employer and SafeRec, the services accessed, and the nature of your interactions with the Platform and Website.
We may use your personal data for one or more of the following purposes:
1. Provision of Services and Contractual Fulfilment
  
  We process personal data to:
  - Create, verify, and manage user accounts on the Platform;
  - Provide access to subscription-based services and features in accordance with the selected plan;
  - Enable functionality such as the Payslip Audit and access to payslip audits, Compliance Score, Key Information Document (KID) generation, and the Umbrella Comparator;
  - Deliver system notifications, compliance alerts, and service-related updates;
  - Generate and issue audit reports or KIDs based on user-submitted data;
  - Facilitate user access to previously uploaded documents and configurations;
  - Authenticate users and maintain platform session security.
  These activities are carried out on the basis of contractual necessity or, where applicable, legitimate interests in delivering services to an authorised user.
2. Platform Administration and Security
  
  We use technical, access, and session-related data to:
  - Monitor usage and ensure the availability, integrity, and performance of the Platform;
  - Detect and prevent unauthorised access, system misuse, fraud, or malicious activity;
  - Troubleshoot platform issues and provide user support;
  - Investigate and respond to system alerts, security events, or user-reported concerns.
  This processing is undertaken on the basis of legitimate interests and, in some cases, to fulfil our legal obligations under information security or regulatory frameworks.
3. Service Improvement and Analytical Purposes
  
  We may analyse aggregated or pseudonymised data to:
  - Understand how users engage with Platform features;
  - Measure and improve platform usability, performance, and efficiency;
  - Develop new tools, features, and service enhancements;
  - We may create and publish aggregated, fully anonymised statistics (for example, overall audit counts or industry compliance trends) on the SafeRec website, social channels, or within public reports. These statistics will never identify individual users, organisations, or data subjects.
  - Monitor compliance trends and usage patterns across our client base.
  Where possible, analytics are conducted on a non-personally identifiable basis. If personal data is used, the processing is based on legitimate interests in improving the quality and relevance of our services.
4. Marketing and Business Development
  
  Where permitted by applicable law, particularly in a business-to-business context, we may use your contact details to:
  - send promotional emails about new features, updates, events or third party services that we believe may be relevant to you in your professional capacity;
  - distribute newsletters or industry insights relevant to compliance and recruitment technology; and
  - invite you to participate in feedback surveys, product testing or service reviews.
  Where we have an existing client relationship with you or your organisation, we may send such communications on the basis of our legitimate interests and the "soft opt-in" provisions under the Privacy and Electronic Communications Regulations (PECR). In other situations, we will only send you marketing communications where you have provided your consent.
  
  You can opt out of receiving marketing communications from us at any time by using the unsubscribe link in any email, by updating your communication preferences (where available) or by contacting us using the details in section 8.
5. Legal, Regulatory, and Corporate Compliance
  
  We may process and, where necessary, disclose personal data:
  - To comply with legal or statutory requirements, including record-keeping and reporting obligations;
  - To respond to binding requests from courts, regulators, or enforcement bodies;
  - To protect our rights, interests, and legal position in the event of a dispute;
  - In the context of a merger, acquisition, corporate restructure, or business transfer, in accordance with Section 11 of this Privacy Policy.
  Such processing is carried out in accordance with our legal obligations or, where applicable, legitimate interests in protecting our business continuity and compliance posture.
Who We Share Data With

SafeRec only shares personal data where it is strictly necessary for the delivery of services, the performance of a contract, compliance with legal obligations, or the protection of our legitimate business interests. All third-party recipients are contractually bound to protect personal data in accordance with applicable laws and are only permitted to use the data for the specific purposes for which it is disclosed.

We may share personal data with the following categories of recipients:
1. Group Companies and Affiliated Entities
  
  We may share personal data with companies that are legally affiliated with SafeRec, including:
  - Subsidiaries, parent companies, or other corporate entities in which SafeRec holds a controlling interest or shareholding (collectively referred to as "Associated Companies");
  - Entities within our corporate structure that provide shared infrastructure, technology, or support services.
  Such sharing is undertaken for internal administrative purposes, service enablement, and to ensure continuity and consistency of service. Any such entities are bound by appropriate confidentiality and data protection obligations and may only process personal data as instructed by SafeRec.
2. Authorised Users within Your Organisation
  
  Where your access to the Platform is provided as part of a corporate subscription (e.g., a recruitment agency or managed service provider), we may share your usage data, audit submissions, or account activity with other authorised users from your organisation, including account administrators or compliance leads.
  This ensures that organisations can monitor internal use, coordinate workflows, and maintain oversight of compliance processes.
3. Third-Party Service Providers (Data Processors)
  
  We engage third-party service providers to support the operation, maintenance, security, and performance of our Platform. These may include providers of:
  - Cloud hosting infrastructure;
  - Document storage and backup services;
  - Email delivery platforms;
  - Usage analytics and telemetry tools;
  - Payment processors and invoicing systems;
  - Customer support ticketing systems.
  All such third parties act as data processors on our behalf, are bound by written data processing agreements in accordance with Article 28 of the UK GDPR, and are only permitted to access or process data for the specific tasks assigned to them.
  A list of current sub-processors is available upon request.
4. Professional Advisers and Consultants
  
  We may share personal data with external advisers where necessary for business operations or compliance, including:
  - Legal counsel;
  - Accountants and auditors;
  - Regulatory consultants;
  - Insurance providers.
  Such disclosure is limited to what is necessary for the relevant engagement and is subject to confidentiality agreements or professional duties of secrecy.
5. Regulators, Authorities, and Legal Disclosures
  
  We may disclose your personal data to public authorities, courts, or regulators in the following circumstances:
  - To comply with a legal obligation or binding request;
  - To respond to lawful instructions or investigative requests from regulators, HMRC, or law enforcement;
  - To exercise or defend legal claims;
  - To protect the rights, property, or safety of SafeRec, its users, or others.
  Such disclosures are made in accordance with applicable legal standards and only where strictly necessary.
6. Business Transfers and Corporate Transactions
  
  In the event of a merger, acquisition, corporate restructuring, or sale of all or part of our business or assets, personal data held by SafeRec may be transferred to the acquiring or successor entity. We will ensure that any such transfer is made in accordance with applicable data protection laws and that the receiving party is contractually obliged to continue processing the data in accordance with this Privacy Policy.
7. International Transfers of Personal Data
  
  Personal data processed by SafeRec is hosted, stored and processed only within the United Kingdom and the European Economic Area (EEA).
  
  If, in future, we propose to change this position, we will do so only in compliance with UK data protection law (for example, using an adequacy decision or approved transfer mechanism), update this Privacy Policy in advance and, where required, provide prior notice to affected clients.
Data Retention

SafeRec retains personal data only for as long as is necessary to fulfil the purposes for which it was collected, including for the delivery of services, the performance of contractual obligations, compliance with legal requirements, and the protection of our legitimate business interests.

The duration for which data is retained depends on the type of data, the context in which it was collected, and any applicable statutory or regulatory requirements. We regularly review our retention practices to ensure ongoing compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Retention for Contractual and Service Delivery Purposes
  
  We retain personal data provided by or on behalf of users for the duration of their subscription or service engagement with SafeRec, and for a reasonable period thereafter to:
  - Ensure continuity of service during renewals or reactivations;
  - Facilitate re-access to historical audits, KIDs, and compliance data;
  - Respond to post-contractual queries or disputes;
  - Maintain internal records of service delivery and contractual performance.
  In general, user account data, compliance records, and uploaded documentation will be retained for up to six (6) years.
  
  As a guide, and subject always to applicable legal obligations and any client-specific arrangements, typical retention periods are:
  - User account and profile information: for the duration of the contract with your organisation plus up to six (6) years.
  - Payslips, worker-related compliance documentation and audit outputs: for the duration of the relevant engagement and typically up to six (6) years thereafter, to support audit, regulatory and tax enquiries.
  - System and security logs: typically between twelve (12) and twenty-four (24) months, unless a longer period is required in connection with an investigation or legal claim.
  - Billing and invoicing records: a minimum of six (6) years from the end of the financial year in which the transaction occurred.
2. Backup and Archival Copies
  
  Backup copies of personal data may be retained in encrypted, access-restricted archives beyond standard retention periods for:
  - Business continuity and disaster recovery purposes;
  - System integrity and rollback functionality;
  - Compliance with internal audit requirements.
  Such backups are subject to strict access controls and are automatically deleted or overwritten in accordance with SafeRec's internal policies.
3. Retention of Financial and Transactional Records
  
  Billing records, payment confirmations, VAT information, and financial correspondence will be retained for a minimum of six (6) years in accordance with accounting, tax, and corporate recordkeeping obligations under applicable UK legislation.
4. Legal Hold and Dispute Resolution
  
  Where data is required to be retained in connection with an actual or reasonably anticipated legal claim, regulatory investigation, audit, or enforcement action, SafeRec will suspend the routine deletion of relevant data until such matters are fully resolved and retention is no longer necessary. In such cases, processing may be limited to storage and security purposes only.
5. Anonymisation and Aggregated Data
  
  Where feasible and appropriate, SafeRec may convert personal data into anonymised or aggregated form for the purpose of generating statistical insights, benchmarking trends, or improving the Platform's functionality. Such data is no longer considered personal data and may be retained indefinitely.
6. User-Initiated Deletion
  
  Where users have the right to request erasure of their personal data under Article 17 UK GDPR, such requests will be honoured in accordance with applicable legal exemptions and retention requirements. See Section 9 for further details on your data subject rights.
Your Rights

Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, individuals whose personal data is processed by SafeRec have a number of legal rights concerning the way that data is collected, used, stored, and shared. The availability and applicability of these rights depend on the legal basis for processing and whether SafeRec is acting as a data controller or a data processor in a given context.

Where SafeRec acts as a data controller (e.g. for account management, billing, or marketing), you may exercise the following rights directly with us. Where SafeRec is acting as a processor on behalf of a client (e.g. when processing payslips or compliance data), we will refer your request to the relevant data controller for handling.

Where you are a worker or candidate whose payslip or other documentation has been processed through the Platform, SafeRec will usually be acting as a data processor on behalf of your umbrella company, recruitment agency or end client. In those circumstances, we may be required to refer your request to that organisation, who is responsible for responding to you as the data controller.

You have the following rights:
1. Right of Access
  
  You have the right to request confirmation as to whether we hold personal data about you and, if so, to receive a copy of that data, along with an explanation of:
  - The categories of data we hold;
  - The purposes for which it is being processed;
  - The recipients or categories of recipients with whom it is shared;
  - The envisaged data retention period;
  - The source of the data (if not collected directly from you);
2. Right to Rectification
  
  You have the right to request the correction of any personal data we hold that is inaccurate, out of date, or incomplete. Where data is subject to regular updates (e.g. user account information), you are encouraged to review and update this information within the Platform.
3. Right to Erasure ("Right to Be Forgotten")
  
  You may request that we delete your personal data where:
  - It is no longer necessary for the purposes for which it was collected;
  - You have withdrawn consent and there is no other legal basis for processing;
  - You have objected to processing and no overriding legitimate grounds remain;
  - The data was unlawfully processed or must be deleted to comply with legal obligations.
  Please note that this right is subject to important limitations, including where the data must be retained for contractual, legal, or audit-related purposes.
4. Right to Restrict Processing
  
  You may request that we temporarily suspend processing of your personal data under certain conditions, for example:
  - While we verify the accuracy of data you have contested;
  - Where processing is unlawful and you oppose deletion;
  - Where you have objected to processing and a decision is pending.
  During a restriction period, your data will not be used for any purpose other than storage or to establish or defend legal claims.
5. Right to Data Portability
  
  Where processing is based on your consent or a contract, and the data is processed by automated means, you may request a copy of your personal data in a structured, commonly used, and machine-readable format. Where feasible, you may also request that we transmit this data directly to another data controller of your choice.
  
  This right does not apply to data processed on the basis of legitimate interests or legal obligations.
6. Right to Object to Processing
  
  You have the right to object to processing of your personal data in the following situations:
  - Where the processing is based on legitimate interests, and you believe your rights and interests override ours;
  - Where your data is being used for direct marketing, in which case we will cease such processing immediately.
  We will assess each objection on a case-by-case basis and, where required, cease processing unless we can demonstrate compelling legitimate grounds or legal necessity.
7. Right to Withdraw Consent
  
  Where we rely on your consent to process personal data (e.g. for email marketing or non-essential cookies), you may withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out prior to the withdrawal.
8. How to Exercise Your Rights
  
  To exercise any of the rights described above, please submit your request in writing to:
  Data Protection Officer
  SAFEREC GROUP LTD
  71–75 Shelton Street
  London, WC2H 9JQ
  Email: contact@saferec.co.uk
  
  We will respond to all legitimate requests within one calendar month, or notify you if an extension is necessary due to complexity or volume. We may require proof of identity to confirm your entitlement to exercise rights before fulfilling the request.
  
  If you are not satisfied with our response to your request or believe that we are processing your personal data unlawfully, you have the right to lodge a complaint with the Information Commissioner's Office (ICO). You can contact the ICO via www.ico.org.uk, by telephone at 0303 123 1113, or by writing to: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom.
Data Security

SafeRec takes the security of personal data extremely seriously and implements a range of technical, organisational, and administrative measures to ensure that personal data is protected against unauthorised or unlawful access, alteration, disclosure, or destruction, as well as against accidental loss or damage.

These measures are designed to provide a level of security appropriate to the risks presented by the processing, in accordance with Article 32 of the UK General Data Protection Regulation (UK GDPR).

Measures we use include, amongst others:
- encryption of personal data in transit and at rest where appropriate;
- role-based access controls and the principle of least privilege for our staff and system accounts;
- regular backups and business continuity and disaster recovery arrangements; and
- ongoing monitoring, vulnerability management and security testing of our systems and infrastructure.
While SafeRec takes all reasonable steps to safeguard the personal data within its control, users also have a role to play in maintaining the security of their data. Users are responsible for:
- Keeping their account credentials (username, password, and MFA codes) secure and confidential;
- Not sharing access credentials with unauthorised individuals;
- Notifying SafeRec immediately at contact@saferec.co.uk if they suspect unauthorised access to their account or any other security concern;
- Ensuring that documents or data uploaded to the Platform do not contain malware or other harmful content.
In the unlikely event of a personal data breach, SafeRec will investigate the incident, take appropriate remedial action, and notify affected clients and/or individuals where required by law. Where SafeRec is acting as a data processor, we will inform the relevant data controller without undue delay and cooperate with them in meeting any applicable notification obligations.
Business Changes

SafeRec may, from time to time, undergo changes to its corporate structure or operations that involve the reorganisation, sale, acquisition, or transfer of assets, shares, or operational control of part or all of its business. These changes may affect the ownership and control of the personal data held or processed by SafeRec.

Where such changes occur, SafeRec will handle personal data in accordance with the principles of transparency, fairness, and continuity under applicable data protection law.
1. Transfer of Personal Data in a Business Transaction
  
  If SafeRec is involved in a merger, acquisition, sale of assets or business units, corporate restructuring, financing, insolvency, or any other form of transaction or reorganisation, personal data held by or on behalf of SafeRec may be transferred to a third party, such as a:
  - Purchaser or prospective purchaser of all or part of the business or its assets;
  - Successor entity resulting from a merger or corporate consolidation;
  - Investor or financing partner acquiring control or a material interest in SafeRec or its associated companies.
  Any such transfer will be carried out strictly in accordance with applicable data protection laws and, where required, subject to contractual commitments that ensure the receiving party continues to process the personal data in a manner that is compatible with the original purposes for which it was collected.
2. Use of Personal Data by Successors
  
  Where control of personal data is transferred as part of a business transaction, the receiving party will be permitted to use the data for the same purposes and under the same conditions as outlined in this Privacy Policy, unless otherwise notified or agreed. The data subjects' rights under the UK GDPR will remain unaffected.
  SafeRec will take reasonable steps to ensure that any successor or acquiring entity is made fully aware of its obligations with respect to the ongoing protection and use of personal data.
Links to Other Sites

The Website and Platform may, from time to time, contain hyperlinks, embedded content, or references to websites, applications, tools, or services that are operated by third parties ("Third-Party Sites"). These links are provided for convenience and informational purposes only and do not constitute an endorsement, approval, or recommendation by SafeRec of the content, services, or operators of those Third-Party Sites.
1. Independent Privacy Practices
  
  SafeRec has no control over the privacy policies, content, data handling practices, or security measures of any Third-Party Sites. If you choose to access such sites, you do so at your own risk. We strongly recommend that you review the applicable privacy policy, terms of use, and cookie policy of each Third-Party Site before submitting any personal data or using their services.
  
  SafeRec disclaims all liability arising from or in connection with your access to or use of any external website or service that is not owned or operated by us.
2. No Responsibility for Third-Party Compliance
  
  We are not responsible for any loss, damage, or misuse of your data that may occur as a result of your interaction with, or provision of personal data to, a Third-Party Site. The inclusion of a link or reference on our Website does not imply that the third party is compliant with applicable data protection or cybersecurity standards.
  
  Where any Third-Party Site is embedded within the Platform (e.g., for payment processing, identity verification, or analytics), it will be clearly identified, and you may be subject to their own terms and privacy policies, which operate independently of this Privacy Policy.
Updates to This Policy

SafeRec reserves the right to amend, update, or revise this Privacy Policy at any time to reflect changes in legal or regulatory requirements, business practices, technological developments, or the functionality of the Platform.

All modifications will be made in compliance with applicable data protection laws and will be published on this page with an updated "Effective Date" at the top of the policy.

We encourage you to review this Privacy Policy periodically to stay informed about how we collect, use, protect, and share your personal data. Your continued use of the Website or Platform following the publication of changes shall constitute your acceptance of the updated Privacy Policy, except where separate consent is required by law.

Last Updated: 04/10/2025

Cookies Policy

Below is a list of the cookies that we use. We have tried to ensure this is complete and up to date, but if you think that we have missed a cookie or there is any discrepancy, please let us know.

Strictly necessary

We use the following strictly necessary cookies:

Description of Cookie	Purpose
Session cookie	Used to maintain your session on the website

Analytical/performance

We use the following analytical/performance cookies:

Description of Cookie	Purpose
Google Analytics	Used to analyze website traffic and user behavior

Functionality

We use the following functionality cookies:

Description of Cookie	Purpose
Preferences	Used to remember your preferences on our website

Targeting

We use the following targeting cookies:

Description of Cookie	Purpose
Social Media Pixels	Used to track conversions from social media advertisements