Covid-19 Privacy Notice

This Covid-19 Privacy Notice (this “Notice”) serves as an addendum to the Impellam Privacy Policy available here (the “Privacy Policy”) and shall be deemed incorporated into the Privacy Policy up until further notice issued by us.

All terms and expressions used in this Notice shall have the same meaning as in the Privacy Policy, unless otherwise stated herein. Except as otherwise expressly modified herein, all other terms and conditions of the Privacy Policy shall remain in full force and effect.

In the event of any conflict between this Notice and the Privacy Policy, this Notice shall prevail.

1.Contact us

Data Controller: Impellam Group plc, 800 The Boulevard, Capability Green, Luton, Bedfordshire LU1 3BA


Tel: 01582 692726

Group Data Protection Officer: Laurel Taylor c/o 

2.Why have we issued this Notice?

This Notice is designed to advise you about how we may seek to collect and hold additional personal data about you in relation to the unprecedented challenges we are all facing during the Coronavirus pandemic (Covid-19).

We may seek to collect and process your personal data in response to the outbreak of Covid-19, which is above and beyond what would ordinarily be collected from you, to ensure the safety and well-being of our candidates, employees, contractors and representatives.

Such personal data processed will be limited to what is proportionate and necessary, taking into account, applicable laws and regulations, and the latest requirements and guidance issued by relevant Governments, Agencies, and Authorities, to manage and contain the virus.

We have issued this Notice so that you understand exactly why and how your personal data is processed in these circumstances.

3.What personal data may be collected and why?

In addition to the personal data we may collect about you as outlined in detail in our Privacy Policy, additional personal data may be collected by us to determine whether individuals have experienced or are experiencing Covid-19 symptoms or are in any of the high-risk categories which are most vulnerable to become infected and seriously ill - this may include health or other special category data.

We may also collect personal data about you in regards to your Covid-19 Testing and Vaccination status, where you may work for an organisation who has obligations to protect individuals working in health and social care settings, or somewhere they are likely to encounter those infected with Covid-19, and when you may work at a client site where there is a large workforce on premise.

We may collect information from you related to:

  • your health,
  • Covid-19 Test status,
  • Covid-19 Vaccination status

4.Data Sharing

Any sharing of your personal data will be strictly in adherence with our Privacy Policy.

5. What is our lawful basis for processing your personal data?

The UK & EU General Data Protection Regulations (GDPR) require specific conditions to be met to ensure that the processing of personal data is lawful. The relevant GDPR conditions that cover our lawful basis for processing your personal data under this Notice are the following:

  • Article 6(1)(f) – processing is necessary for the purposes of the Legitimate Interests  pursued by the controller or a third party.

Special Category Data:

Personal data provided by you and collected by us will be processed by us pursuant to the following:

  • Article 9(2)(i) – processing is necessary for reasons of public interest in the area of public health.

6.How we store your information

We will only keep your personal data related to this Notice for as long as it necessary. In this respect we will consider any and all applicable laws and regulations, and the latest requirements and guidance issued by relevant Governments, Agencies and Authorities.

When your personal data outlined in this Notice is no longer needed as set out in this Notice we will either delete it or anonymise it for statistical purposes.

7.Data subject rights

The UK & EU GDPR gives individuals eight data subject rights, which are explained for you below:

  • Right to be informed: organisations must tell individuals what data of theirs is being collected, how it’s being used, how long it will be kept and whether it will be shared with any third parties.
  • Right of access: individuals have the right to request a copy of the information that an organisation holds on them.
  • Right of rectification: individuals have the right to correct data that is inaccurate or incomplete.
  • Right to be forgotten: in certain circumstances, individuals can ask organisations to erase any personal data that’s stored on them.
  • Right of portability: individuals can request that organisation transfer any data that it holds on them to another company.
  • Right to restrict processing: individuals can request that an organisation limits the way it uses personal data.
  • Right to object: individuals have the right to challenge certain types of processing, such as direct marketing.
  • Rights related to automated decision-making including profiling: individuals can ask organisations to provide a copy of its automated processing activities if they believe the data is being processed unlawfully.

You are free to exercise any of these rights at any time – you can do this by emailing us at or requesting to exercise these orally. We are required to verify your identity before considering your request.